Digital Forensics

THE COMPANY

This large and well-known organisation employs more than 70,000 staff in 100+ countries around the globe.

They are a creative and innovative business that are expanding their Cyber Security capabilities in Australia by establishing a new DFIR function in the region.

What's on offer:

- Join a newly established CSIRT team in Sydney.
- Ongoing training by dedicated cyber trainers.
- Flexible hybrid working options.
- Collaborate with a tenured team of passionate IR and DF professionals.
- Involvement in interesting projects across cloud security & Cloud IR, SOAR playbook development, IR framework improvement.

THE ROLE & RESPONSIBILITIES

Newly created Digital Forensics & Incident Response (DFIR) Specialist position to build out capability in the APAC region.

The role focuses on incident investigation & response, digital forensics, and uplift/automation.

You will work alongside various global teams (SOC, Threat Intelligence, CSIRT etc) operating in a follow-the-sun model.

Key elements include:

- Monitor, detect, and respond to InfoSec threats
- Lead & support security incident investigations - data breaches, malware infections, insider threats, APTs etc.
- Triage, contain and remediate cybersecurity incidents and threats.
- Root cause analysis and develop IR reports with actionable recommendations.
- Collect, preserve, and analyse evidence from endpoints, networks, and cloud environments.
- Undertake memory forensics, disk forensics, and network packet analysis.
- Identify IOCs and TTPs used by threat actors.
- Work with SIEM, EDR and threat intelligence tools.
- Continuously identify improvements to Incident Management and Incident Response processes.
- Research and investigate new and emerging threats.
- Integrate information from disparate sources and create tactical intelligence to better protect organisational assets.
- Collaborate and communicate with various internal teams including SOC, IT teams, Internal Audit, Legal, and various business stakeholders.
- Work alongside local and global teams in a "follow-the-sun" model.

REQUIRED EXPERIENCE / BACKGROUND / KNOWLEDGE

Suitable for a Senior SOC or CSIRT Analyst with proven experience responding to multi-level cyber incidents in enterprise environments.

Ideal for someone with a digital forensics background who can confidently communicate and 'see the big picture'.

The following is required:

- Proven Cyber Security Incident Response experience.
- Background in digital forensics.

Experience using SIEM, EDR, and digital forensics tools.

Threat hunting skills and ability to create queries to detect incidents.

Ability to translate orchestration design documents into SOAR playbooks.

- Scripting experience is beneficial - e.g. Python, PowerShell, etc
- Cloud security knowledge is beneficial - including techniques to secure cloud environments & cloud Incident Response.
- Background inside enterprise environments, preferably with globally dispersed teams.
- Strong attention to detail, problem-solving & analytical skills
- Clear & confident communication & stakeholder management abilities.
- Australian Citizenship and ability to obtain NV1 clearance is essential.

This is a full-time permanent role with hybrid working offering circa $140,000 - $150,000 (plus super) - depending on experience.

Note: Australian Citizenship and ability to obtain NV1 clearance is essential for this position and successful applicants will be contacted.

This is a hybrid position.

By clicking 'apply', you give your express consent that Robert Half may use your personal information to process your job application and to contact you from time to time for future employment opportunities. For further information on how Robert Half processes your personal information and how to access and correct your information, please read the Robert Half privacy notice: https://www.roberthalf.com/au/en/privacy. Please do not submit any sensitive personal data to us in your resume (such as government ID numbers, ethnicity, gender, religion, marital status or trade union membership) as we do not collect your sensitive personal data at this time.

#J-18808-Ljbffr

---