Cyber Security Occupations and ANZSCO codes

Designs, develops, modifies, documents, tests, implements, installs and supports cyber security software applications and systems to ensure they are fully integrated.

Description of employment duties:

• Develops, implements and integrates secure coding practices, and conducts security testing and vulnerability assessments for software and systems

• Collaborates with developers to identify and remediate security issues

• Develops and implements secure software development lifecycle processes and methodologies

• Integrates security controls into development processes

• Participates in code reviews and provides security guidance

• Assesses security of third-party software components and libraries used in software and applications

• Develops and implements secure application programming interfaces and libraries for use in software and applications

• Performs code analysis scans on software binaries

Note: Occupation description derived from Occupation 271135 Cyber Security Engineer | Australian Bureau of Statistics

Creates test cases using in-depth technical analysis of risks and typical vulnerabilities, and produces test scripts, materials and packs to test new and existing software or services. Plans, coordinates and conducts cyber threat emulation activities in support of certification, accreditation and operational priorities to verify deficiencies in technical security controls.

Description of employment duties:

• Develops and executes penetration testing methodologies and strategies to identify weaknesses in security controls

• Creates test cases using in-depth technical analysis of risks and typical vulnerabilities

• Produces test scripts, materials and packs to test new and existing software or services for vulnerabilities

• Plans, coordinates and conducts cyber threat emulation activities to verify deficiencies in technical security controls, and provides recommendations for remediation

• Identifies vulnerability exploitations and potential attack vectors into a system, and analyses vulnerability scan results to assess security loopholes and threats

• May conduct phishing attacks or other tests to evaluate the effectiveness of security awareness training

Note: Occupation description derived from Occupation 271137 Penetration Tester | Australian Bureau of Statistics

Leads governance, risk and compliance for cyber security.

Description of employment duties (ABS):

• Develops, implements and measures cyber security policies, procedures and guidelines to comply with regulatory requirements and industry best practices

• Manages a risk management program, including risk assessments, risk mitigation plans and risk reporting

• Conducts regular security audits to identify potential security gaps and areas for improvement

• Provides guidance and training to employees on cyber security awareness, best practices and incident response procedures

• Develops and defines system classification requirements to ensure implementation of security controls and risk mitigation efforts are prioritised

• Conducts compliance assessments to ensure that regulatory and legal requirements related to cyber security are being met

Note: Occupation description derived from Occupation 271131 Cyber Governance Risk and Compliance Specialist | Australian Bureau of Statistics

Conducts risk and security control assessments, interprets security policies, contributes to the development of standards and guidelines, reviews information system designs, provides guidance on security strategies to manage identified risks, provides specialist advice and explains systems security, strengths and weaknesses.

Description of employment duties:

• Conducts risk and security control assessments and vulnerability testing to identify potential security risks and weaknesses in an organisation's cyber security policies

• Provides specialist advice and guidance on security strategies to manage identified risks and vulnerabilities

• Develops and implements security policies, procedures, and standards and guidelines to help organisations maintain a strong security position

• Undertakes investigations and reports on security incidents, and guides the refinement of practices and processes that increase the detection of security related incidents

• Assists in root cause analysis of security incidents and breaches to determine the extent of the damage, and recommend remedial actions

• Develops metrics to highlight the impact of cyber security risks on business processes and information assets

• Aligns and coordinates internal and external audit activities and security assessment engagements

Note: Occupation description derived from Occupation 271132 Cyber Security Advice and Assessment Specialist | Australian Bureau of Statistics

Analyses and assesses vulnerability in infrastructure (software, hardware and networks), investigates available tools and countermeasures to remedy detected vulnerabilities, and recommends solutions and best practices. Analyses and assesses damage to data/infrastructure resulting from security incidents, examines available recovery tools and processes, and recommends solutions.

Description of employment duties:

• Performs assessments on systems, networks and applications to identify and prioritise potential security risks

• Coordinates, analyses and investigates security risk incidents and breaches to determine the root cause, and develops mitigation controls and strategies

• Conducts research on cyber threats and weaknesses to develop and maintain knowledge of the cyber threat landscape

• Develops and executes threat intelligence strategies for future threats and protects against potential attacks

• Conducts risk assessments to identify security loopholes and weaknesses in IT systems

• Conducts malware analysis to identify and mitigate potential threats to systems and networks

• Analyses alerts and data from security products, web proxies, network security devices, and vulnerable scan and management systems

Note: Occupation description derived from Occupation 271133 Cyber Security Analyst | Australian Bureau of Statistics

Designs a security system or major components of a security system. May head a security design team building a new security system.

Description of employment duties:

• Develops and implements cyber security strategy and architecture

• Designs and maintains security controls and processes to protect systems, networks and data

• Reviews system security measures, and recommends and implements enhancements

• Collaborates with other ICT and business departments to align security measures with security standards, policies and regulations

• Stays updated on cyber security threats, and recommends new security technology and strategy improvements

• Implements new cyber security solutions and technologies

• Provides guidance to ICT staff on security best practices

• Develops and maintains cyber security reference architecture for consistent security controls

• Implements incident response and disaster recovery plans

Note: Occupation description derived from Occupation 271134 Cyber Security Architect | Australian Bureau of Statistics

Leads the coordination and response to complex cyber security incidents and  threat  hunting investigations, and manages tasks across various teams for incident response and hunt operations. Advises leadership on current operational collaborations and contributes toward strategic planning, facilitates incident response engagements, and assesses technical information to develop key messaging.

Description of employment duties:

• Leads the investigation and response to cyber security incidents and hunts, including containment, mitigation and recovery activities

• Analyses security risks and vulnerabilities, and implements security plans

• Performs threat management and modelling to identify threat vectors and develop cases for security modelling

• Coordinates with other teams to maintain the security of systems and information

• Assists in security awareness training for staff

• Manages the collection, preservation and analysis of forensic evidence

• Implements technical controls that align with security strategies and security architecture

Note: Occupation description derived from Occupation 271136 Cyber Security Operations Coordinator | Australian Bureau of Statistics