The occupations in this unit group have a skill level corresponding to the qualifications and experience below.

• Skill Level 1: Bachelor Degree, higher qualification, or at least five years of relevant experience

• Develops, implements and measures cyber security policies, procedures and guidelines to comply with regulatory requirements and industry best practices
• Manages a risk management program, including risk assessments, risk mitigation plans and risk reporting
• Conducts regular security audits to identify potential security gaps and areas for improvement
• Provides guidance and training to employees on cyber security awareness, best practices and incident response procedures
• Develops and defines system classification requirements to ensure implementation of security controls and risk mitigation efforts are prioritised
• Conducts compliance assessments to ensure that regulatory and legal requirements related to cyber security are being met

• Cyber Security Adviser
• Cyber Security Consultant
• ICT Security Adviser
• ICT Security Consultant

• Conducts risk and security control assessments and vulnerability testing to identify potential security risks and weaknesses in an organisation's cyber security policies
• Provides specialist advice and guidance on security strategies to manage identified risks and vulnerabilities
• Develops and implements security policies, procedures, and standards and guidelines to help organisations maintain a strong security position
• Undertakes investigations and reports on security incidents, and guides the refinement of practices and processes that increase the detection of security related incidents
• Assists in root cause analysis of security incidents and breaches to determine the extent of the damage, and recommend remedial actions
• Develops metrics to highlight the impact of cyber security risks on business processes and information assets
• Aligns and coordinates internal and external audit activities and security assessment engagements

• ICT Security Analyst
• Information Security Analyst

• Cyber Security Researcher or Vulnerability Researcher
• Cyber Security Vulnerability Assessor
• Cyber Threat Analyst
• Malware Analyst

• Performs assessments on systems, networks and applications to identify and prioritise potential security risks
• Coordinates, analyses and investigates security risk incidents and breaches to determine the root cause, and develops mitigation controls and strategies
• Conducts research on cyber threats and weaknesses to develop and maintain knowledge of the cyber threat landscape
• Develops and executes threat intelligence strategies for future threats and protects against potential attacks
• Conducts risk assessments to identify security loopholes and weaknesses in IT systems
• Conducts malware analysis to identify and mitigate potential threats to systems and networks
• Analyses alerts and data from security products, web proxies, network security devices, and vulnerable scan and management systems

• Enterprise Security Architect
• ICT Security Architect

• Develops and implements cyber security strategy and architecture
• Designs and maintains security controls and processes to protect systems, networks and data
• Reviews system security measures, and recommends and implements enhancements
• Collaborates with other ICT and business departments to align security measures with security standards, policies and regulations
• Stays updated on cyber security threats, and recommends new security technology and strategy improvements
• Implements new cyber security solutions and technologies
• Provides guidance to ICT staff on security best practices
• Develops and maintains cyber security reference architecture for consistent security controls
• Implements incident response and disaster recovery plans

• ICT Security Engineer
• Information Security Engineer

• Develops, implements and integrates secure coding practices, and conducts security testing and vulnerability assessments for software and systems
• Collaborates with developers to identify and remediate security issues
• Develops and implements secure software development lifecycle processes and methodologies
• Integrates security controls into development processes
• Participates in code reviews and provides security guidance
• Assesses security of third-party software components and libraries used in software and applications
• Develops and implements secure application programming interfaces and libraries for use in software and applications
• Performs code analysis scan on software binaries

• Cyber Security Operations Manager
• ICT Security Administrator

• Cyber Security Incident Responder

• Leads the investigation and response to cyber security incidents and hunts, including containment, mitigation and recovery activities
• Analyses security risks and vulnerabilities, and implements security plans
• Performs threat management and modelling to identify threat vectors and develop cases for security modelling
• Coordinates with other teams to maintain the security of systems and information
• Assists in security awareness training for staff
• Manages the collection, preservation and analysis of forensic evidence
• Implements technical controls that align with security strategies and security architecture

• Ethical Hacker

• Develops and executes penetration testing methodologies and strategies to identify weaknesses in security controls
• Creates test cases using in-depth technical analysis of risks and typical vulnerabilities
• Produces test scripts, materials and packs to test new and existing software or services for vulnerabilities
• Plans, coordinates and conducts cyber threat emulation activities to verify deficiencies in technical security controls, and provides recommendations for remediation
• Identifies vulnerability exploitations and potential attack vectors into a system, and analyses vulnerability scan results to assess security loopholes and threats
• May conduct phishing attacks or other tests to evaluate the effectiveness of security awareness training

The occupations in this unit group have a skill level corresponding to the qualifications and experience below.

• Skill Level 1: Bachelor Degree, higher qualification, or at least five years of relevant experience

Database developers are excluded from this occupation. Database developers are included in Occupation 273333 Software Engineer.

• DBA
• ICT Database Manager

• ICT Database Analyst

• Designs and implements database structures to optimise system performance and data storage efficiency
• Monitors and optimises database performance using various techniques such as indexing and fine-tuning queries
• Implements and maintains security protocols to protect databases from unauthorised access or breaches
• Performs regular data backups and recovery tasks to ensure data integrity and availability
• Coordinates database updates and migrations, including database software installation, configuration and patch management
• Develops disaster recovery plans to protect data from any potential loss or corruption

• ICT Systems Manager

• Installs, configures and maintains server hardware, software, operating systems and databases infrastructure
• Diagnoses and resolves hardware, software and network connectivity issues to ensure uninterrupted system operation
• Conducts regular system backups and recovery procedures, ensuring data safety and integrity
• Facilitates IT infrastructure changes through change management processes, in accordance with organisational protocols
• Provides system related technical support and guidance to end users
• Manages user accounts, permissions and security policies to ensure data security and compliance with regulations