Working for AMP
Working for AMP means being part of a company that values diverse thinking, encourages collaboration and promotes innovation. It’s an environment that offers challenging and exciting work as well as opportunities for professional growth. We’re flexible enough to allow you to make the most of your life, both professionally and personally.
We are looking for those that have the courage and agility to navigate changing and complex environments so that we can deliver the best solutions for our customers. We value people with integrity, an innate willingness to help others and an eagerness to perform to the best of their abilities.
We’re transforming our business, and we need people like you to join us on this journey.
About the role
The Protective Services function within AMP’s Cyber Defence Centre has two main roles: operation of security services to AMP, and the governance and oversight of security services delivered by responsible teams outside of the AMP Cyber team. As the senior member in the Cyber Protective Services team, you will have a broad range of knowledge to draw upon across all security domains to provide support, advice, oversight, and governance.
The Cyber Operations Specialist role is a mix of hands-on, and oversight, as you will be both supporting and operating the cybersecurity tools within the Cyber Defence Centre, but also ensuring other teams and managed services providers operate security services in line with cybersecurity best practice, as well as within the bounds of our policies and standards.
The role is ideal for someone with a specialist focus in one or two security domains, who also has good overall security knowledge in the other domains. The role includes mentoring of analysts and graduates in the team in your specialist area as well as in other general cyber security domains.
The key technical focus areas for the Cyber Operations Specialist role is ideally in two or more of the following areas:
- Application Security (including SAST / SCA tools)
- Cloud Security
- Network Security
- Infrastructure Security
Secondary focus areas will be across the other knowledge domains within the Cyber Protective Services team. Experience and exposure to these other areas are highly desirable.
The Cyber Protective Services team provides operation and oversight of tools in the following areas:
- Application Security: Operation of services to ensure that applications developed and deployed throughout the AMP are built and configured in a secure manner, and do not introduce unwanted information risks. Includes SAST & DAST tooling.
- Cloud Security: Interaction with cloud teams and service providers to ensure SaaS, PaaS, IaaS are being operated in line with policies, standards, and cyber best practices.
- Infrastructure Security: Interaction with traditional compute teams and service providers to ensure server infrastructure is operated in line with policies, standards, and cyber best practices.
- Network Security: Interaction with traditional networking teams and service providers to ensure network infrastructure is operated in line with policies, standards, and cyber best practices.
- End-User Device Security: Interaction with end-user teams and service providers to ensure end-user devices including computers and mobiles and the supporting infrastructure are operated in line with policies, standards, and cyber best practices.
- Vulnerability Management: Identification of security weaknesses in the organisation through automated scans of the network.
- Data Loss Prevention: Oversight of data loss prevention capabilities and data policies to monitor and/or prevent data loss through channels, such as removable media, endpoints, and cloud.
- Key Management & Certificate Management: Generation, storage, use, renewal, and destruction of keys for AMP. Additionally, includes certificate management.
Capabilities & Experience
- Extensive experience in cybersecurity with in-depth knowledge of security operations tools, processes, and procedures.
- Extensive experience in IT with in-depth knowledge of ITIL processes and best practices.
- Comprehensive understanding and experience in two of the following key focus areas: application security, infrastructure security, cloud security, or network security.
- Generalized understanding and experience in vulnerability management, key management and certificate management, data loss prevention, end-user device security.
- Experience with service management tools such as Service Now
- Experience working with managed services providers and consultancies.
- Relevant commensurate job experience or tertiary qualifications in engineering, IT, or a related discipline.
Wellbeing & Benefits
As a company that values wellbeing, we offer a range of great benefits to support you financially, professionally, and personally. These include access to a wide range of flexible working options including the ability to purchase extra leave, retail discounts, onsite wellbeing centre including a gym (Sydney Office), Employee Assistance Program, competitive home loan rates, leading superannuation contribution, discounted financial advice, and personal insurance.
Inclusion & Diversity
AMP recognises individual differences and welcomes people from a variety of life and work experiences. The diversity of our people is core to our ability to innovate, grow, and to fulfill our collective aspiration of helping people to own their tomorrow. A natural curiosity, a respect for differences and a growth mindset are valued at AMP.