Incident Responder Specialist

A skilled and experienced System Security Expert is needed to support our IR capabilities in-country and oversee both our response to incidents as and when they occur, but also the growth and development of the capability to ensure it remains equipped and prepared to respond to incidents whenever and wherever they occur.

This role requires a government security clearance at NV1 (minimum), with potential expectation to undergo higher clearances.

• Lead the investigation of cyber-attacks against our customers as part of the global Incident Response team, with a particular focus on Australia-based customers.
• Monitor SIEM platforms for security concerns, provide tuning based on system performance, and develop new detection content based on changes in the threat environment.
• Develop tools, tradecraft, playbooks, and other materiel to support the response to, and investigation of, cyber security incidents.
• Support the triage and containment of cyber security incidents as and when they occur and support recovery and remediation efforts to restore systems to operational states.
• Conduct forensic analysis of Windows, Linux, and macOS devices. Gather and perform analysis of relevant log files such as operating system, firewall, proxy, and DNS logs.
• Provide assessment and analysis of attacker tools, techniques, and procedures of different actors from hacktivist to criminal to nation state.
• Supervise and mentor junior security consultants and support the development of their incident response skillsets.
• Help grow and evolve our delivery capability by documenting the delivery processes, feeding back lessons learned, and working with the wider team in establishing best practices and repeatable processes.

• Demonstrable experience in leading and supporting the response and investigation of cyber security incidents across a range of system and technology types.
• Experience working with Splunk, including platform configuration, event review, and detection content development.
• Experience using forensic tools such as EnCase, Axiom, and Cellebrite UFED and their use in gathering and preserving digital forensic artefacts to facilitate or support investigative activities.
• Awareness of EDR tools such as Crowdstrike, Carbon Black, Microsoft Defender for Endpoint, and Cylance.
• Ability to write Incident Response reports concisely and proficiently, as well as use (or generate) graphics to illustrate scenarios or datasets.
• Detailed knowledge of the cyber security product landscape, including familiarity with Azure and Amazon Web Services.
• Experience in developing, maintaining, and exercising incident response plans, playbooks, and other tradecraft.
• Familiarity with the Australian Government Information Security Manual (ISM).
• Experience working with large groups of varied stakeholders, coordinating resources, and achieving shared goals.
• Experience with working with end users and clients offering advice, guidance, and thought leadership. Ability to communicate complicated technical challenges in business language for a range of stakeholders from IT teams to C-level executives.
• Excellent verbal and written communication and client-facing skills, including Microsoft Office suite use (Word/Excel/PowerPoint/Visio), ensuring a clear and professional quality of written materials.
• Time management and organizational skills to independently manage multiple delivery projects concurrently.
• Detail-oriented approach.
• Self-starter with ability to identify problems early and come up with solutions using own initiative.
• Familiarity with the threat landscape and knowledge of threat actors and campaigns.

• Splunk Core Certified Power User
• SANS FOR508 Digital Forensics & Incident Response in person 6 days/or online
• Other certifications such as GIAC (GCFE, GCFA, GNFA, GCIH or GREM) or CREST (CCIM, CCHIA, CCNIA or CCMRE).