ACS职业评估新增评估十个职业,详细职责描述在这里!

飞出国2025澳大利亚ACS Skills Assessment职业评估介绍 说起,

按照ACS最新官方指南,新增评估以下十个职业,飞出国在此说明新增职业的职责描述。

Data Science数据科学类职业

  • 224999 其他未分类的信息和组织专员(数据科学家) Information and Organisation Professionals NEC (Data Scientist):开发机器学习模型,并具备数据挖掘,数据分析,数据可视化和报告的技能,以及与数据库技术,编程和高级分析(如预测和规范性分析以及其他人工智能技术)相关的技能,职责包括:

    • 应用分析技术,包括统计学,统计模型,编程和数据库技能 Applies analytics techniques that incorporate statistics and statistical models, programming and database skills
    • 识别并解决数据异常 Recognises and overcomes data anomalies
    • 为决策提供见解 Develops insights for decision-making
    • 审查和监控正在使用的模型,并根据需要进行调整 Reviews and monitors models-in-use and adjusts as required
    • 为公司数据科学计划提供战略投入和创新 Provides strategic input and innovation to organisational data science initiatives
  • 224114 数据分析师 Data Analyst:适用数据分析工具收集,处理,分析和解释数据,通过报告和数据可视化(例如图表和信息图表)传达调查结果,职责包括:

    • 设置流程以安全地收集,存储,处理和验证数据 Sets up processes to securely collect, store, process and validate data
    • 评估数据的准确性和可靠性 Evaluates the accuracy and reliability of data
    • 分析和解释数据以生成相关统计数据,以描述和推断趋势和模式,解决问题并回答与数据相关的查询 Analyses and interprets data to produce relevant statistics to describe and infer trends and patterns, solve problems and answer data-related queries
    • 应用数据分析和可视化技术来获得业务洞察 Applies data analytics and visualisation techniques to gain business insights
    • 准备演示文稿或撰写报告以传到调查结果并支持战略决策Prepares presentations and/or writes reports to communicate findings and support strategic decision-making
    • 实施和遵循数据管理流程,从而确保以合乎道德的方式使用数据并符合数据治理标准和策略 Implements and/or follows data management processes to ensure data is used ethically and in compliance with data governance standards and strategies
    • 可能用编程语言编写自定义脚本和代码来执行分析任务 May write custom scripts and code in programming language to conduct analytical tasks
  • 224115 数据科学家 Data Scientist:通过创建算法和使用统计模型,将分析技术和科学程序应用于数据集,构建和部署分析框架(计入机器学习),以获取英语战略规划和决策的信息,职责包括:

    • 准备数据进行分析,清理数据,并识别和解决数据异常 Prepares data for analysis, cleans data, and recognises and overcomes data anomalies
    • 应用包括数学,统计,编程和数据科技能的分析技术 Applies analytics techniques that incorporate mathematical, statistical, programming and database skills
    • 构建和部署机器学习和人工智能框架 Builds and deploys machine learning and artificial intelligence frameworks
    • 将模型应用于数据,并评估和调整模型以发现趋势并提取见解 Applies models to data, and evaluates and adjusts models to discover trends and extract insights
    • 向关键决策者和利益相关者展示数据驱动的调查发现和结果Presents data-driven findings and outcomes to key decision-makers and stakeholders
    • 为公司数据科学计划提供战略投入和创新 Provides strategic input and innovation to organisational data science initiatives

Cyber Security网络安全类职业

  • 261313 网络安全工程师 Cyber Security Engineer:设计,开发,修改,记录,测试,实施,安装和支持网络安全软件应用程序和系统,以确保他们完成集成,职责包括:

    • 开发,实施和集成安全编码实践,并对软件和系统进行安全测试和漏洞评估 Develops, implements and integrates secure coding practices, and conducts security testing and vulnerability assessments for software and systems
    • 与开发人员协作以识别和修复安全问题 Collaborates with developers to identify and remediate security issues
    • 开发和实施安全地软件开发生命周期流程和方法 Develops and implements secure software development lifecycle processes and methodologies
    • 将安全控制集成到开发流程中 Integrates security controls into development processes
    • 参与代码审查并提供安全指导 Participates in code reviews and provides security guidance
    • 评估软件和应用程序中使用的第三方软件组件和库的安全性 Assesses security of third-party software components and libraries used in software and applications
    • 开发和实施用于软件和应用程序的安全应用程序编程接口和库 Develops and implements secure application programming interfaces and libraries for use in software and applications
    • 对软件二进制文件执行代码分析扫描 Performs code analysis scans on software binaries
  • 261317 渗透测试员 Penetration Tester:通过对风险和典型漏洞的深入技术分析来创建测试用例,并生成测试脚本,材料和包来测试新的及现有的软件或服务。计划,协调和开展网络威胁模拟活动,以支持认证,鉴定和运用优先事项,从而验证技术安全控制中的缺陷,职责包括:

    • 开发并执行渗透测试方法和策略,以识别安全控制中的弱电 Develops and executes penetration testing methodologies and strategies to identify weaknesses in security controls
    • 通过对风险和典型漏洞的深入技术分析创建测试案例 Creates test cases using in-depth technical analysis of risks and typical vulnerabilities
    • 制作测试脚本,材料和包,以测试新的和现有的软件或服务是否存在漏洞 Produces test scripts, materials and packs to test new and existing software or services for vulnerabilities
    • 规划,协调和开展网络威胁模拟活动,以验证技术安全控制中的缺陷,并提供补救建议 Plans, coordinates and conducts cyber threat emulation activities to verify deficiencies in technical security controls, and provides recommendations for remediation
    • 识别系统中的漏洞利用和潜在攻击媒介,并分析漏洞扫描件结果以评估安全漏洞和威胁 Identifies vulnerability exploitations and potential attack vectors into a system, and analyses vulnerability scan results to assess security loopholes and threats
    • 可能会进行网络钓鱼攻击或其他测试,以评估安全意识培训的有效性 May conduct phishing attacks or other tests to evaluate the effectiveness of security awareness training
  • 262114 网络治理风险和合规专员 Cyber Governance Risk and Compliance Specialist:领导网络安全的治理,风险和合规性,职责包括:

    • 制定,实施和衡量网络安全政策,程序和指南,以符合监管要求和行业最佳实践 Develops, implements and measures cyber security policies, procedures and guidelines to comply with regulatory requirements and industry best practices
    • 管理风险管理计划,包括风险评估,风险环节计划和风险报告 Manages a risk management program, including risk assessments, risk mitigation plans and risk reporting
    • 定期进行安全审计,以识别潜在的安全漏洞和需要改进的领域Conducts regular security audits to identify potential security gaps and areas for improvement
    • 为员工提供有关网络安全意识,最佳时间和时间相应程序的指导和培训 Provides guidance and training to employees on cyber security awareness, best practices and incident response procedures
    • 制定和定义系统分类要求,以确保优先实施安全控制和风险缓解工作 Develops and defines system classification requirements to ensure implementation of security controls and risk mitigation efforts are prioritised
    • 进行合规性评估,以确保满足于网络安全相关的法规与法律要求 Conducts compliance assessments to ensure that regulatory and legal requirements related to cyber security are being met
  • 262115 网络安全建议及评估专员 Cyber Security Advice and Assessment Specialist:进行风险和安全控制评估,解释安全策略,协助制定标准和准则,审查信息系统设计,提供有关安全策略的指导以管理已识别的风险,提供专家建议并解释系统安全性,优势和劣势,职责包括:

    • 进行风险和安全控制评估以及漏洞测试,以识别公司网络安全策略中的潜在安全风险和弱点 Conducts risk and security control assessments and vulnerability testing to identify potential security risks and weaknesses in an organisation’s cyber security policies
    • 提供有关安全策略的专家建议和指导,以管理已识别的风险和漏洞 Provides specialist advice and guidance on security strategies to manage identified risks and vulnerabilities
    • 制定和实施安全策略,程序,标准和指南,以帮助公司保持强大的安全地位 Develops and implements security policies, procedures, and standards and guidelines to help organisations maintain a strong security position
    • 对安全事件进行调查和报告,并指导改进实践和流程,以提高对安全相关事件的检测 Undertakes investigations and reports on security incidents, and guides the refinement of practices and processes that increase the detection of security related incidents
    • 协助对安全事件和违规行为进行根本原因分析,以确定损害程度,并建议补救措施 Assists in root cause analysis of security incidents and breaches to determine the extent of the damage, and recommend remedial actions
    • 制定指标以突出网络安全风险对业务流程和信息资产的影响 Develops metrics to highlight the impact of cyber security risks on business processes and information assets
    • 协调内部和外部审计活动和安全评估活动 Aligns and coordinates internal and external audit activities and security assessment engagements
  • 262116 网络安全分析师 Cyber Security Analyst:分析和评估基础设施(软件,硬件和网络)中的漏洞,调查可用的工具和对策以补救检测到的漏洞,并推荐解决方案和最佳实践,分析和评估安全事件对数据/基础设施造成的损害,检查可用的恢复工具和流程,并推荐解决方案,职责包括:

    • 对系统,网络和应用程序进行评估,以识别潜在安全风险并确定其优先级 Performs assessments on systems, networks and applications to identify and prioritise potential security risks
    • 协调,分析和调查安全风险事件和违规行为,以确定根本原因,并制定缓解控制和策略 Coordinates, analyses and investigates security risk incidents and breaches to determine the root cause, and develops mitigation controls and strategies
    • 对网络威胁和弱点进行研究,以发展和保持对网络威胁形势的了解 Conducts research on cyber threats and weaknesses to develop and maintain knowledge of the cyber threat landscape
    • 针对未来威胁制定和执行威胁情报策略,并防范潜在攻击 Develops and executes threat intelligence strategies for future threats and protects against potential attacks
    • 进行风险评估以识别IT系统的安全漏洞和弱点 Conducts risk assessments to identify security loopholes and weaknesses in IT systems
    • 执行恶意软件分析,以识别和缓解对系统和网络的潜在威胁 Conducts malware analysis to identify and mitigate potential threats to systems and networks
    • 分析来自安全产品,Web代理,网络安全设备以及易受攻击的扫描和管理系统的警报和数据 Analyses alerts and data from security products, web proxies, network security devices, and vulnerable scan and management systems
  • 262117 网络安全架构师 Cyber Security Architect:设计安全系统或安全系统的主要组件,可能领导一个安全设计团队构建一个新的安全系统,职责包括:

    • 制定和实施网络安全战略和架构设计 Develops and implements cyber security strategy and architecture
    • 设计和维护安全控制和流程以保护系统,网络和数据 Designs and maintains security controls and processes to protect systems, networks and data
    • 审查系统安全措施,并推荐和实施增强功能 Reviews system security measures, and recommends and implements enhancements
    • 与其他ICT和业务部门合作,使安全措施和安全标准,政策和法规保持一致 Collaborates with other ICT and business departments to align security measures with security standards, policies and regulations
    • 随时了解网络安全威胁,并推荐新的安全技术和策略改进 Stays updated on cyber security threats, and recommends new security technology and strategy improvements
    • 实施新的网络安全解决方案和技术 Implements new cyber security solutions and technologies
    • 为ICT员工提供有关安全最佳实践的指导 Provides guidance to ICT staff on security best practices
    • 开发和维护网络安全参考架构以实现一致的安全控制 Develops and maintains cyber security reference architecture for consistent security controls
    • 实施事件相应和灾难恢复计划 Implements incident response and disaster recovery plans
  • 262118 网络安全运营协调员 Cyber Security Operations Coordinator:领导对复杂网络安全时间和威胁狩猎调查的协调和响应,并管理各个团队的时间响应和狩猎操作任务,就当前的运营协作向领导层提供建议,并为战略规划做出贡献,促进时间响应参与,并评估技术信息以制定关键信息,职责包括:

    • 领导对网络安全事件和狩猎的调查和响应,包括遏制,缓解和恢复活动 Leads the investigation and response to cyber security incidents and hunts, including containment, mitigation and recovery activities
    • 分析安全风险和漏洞,并实施安全计划 Analyses security risks and vulnerabilities, and implements security plans
    • 执行威胁管理和建模,以识别威胁向量并开发安全建模案例 Performs threat management and modelling to identify threat vectors and develop cases for security modelling
    • 与其他团队协调以维护系统和信息的安全 Coordinates with other teams to maintain the security of systems and information
    • 协助对员工进行安全意识培训 Assists in security awareness training for staff
    • 管理取证的收集,保存和分析 Manages the collection, preservation and analysis of forensic evidence
    • 实施与安全策略和安全架构相一致的技术控制 Implements technical controls that align with security strategies and security architecture