Mid Level Incident Response Manager

Triskele Labs are one of the leading providers of cybersecurity services in Australia. We assist clients to navigate the uncertainty of cyber incident response in order to ensure the safe recovery of their business.

Triskele Labs’ Digital Forensics and Incident Response (DFIR) team works across Australia / New Zealand to respond to ransomware, data breach, insider threats and denial of service attacks. Your roles serves as a primary point of coordination between technical teams, clients, and external stakeholders for effective incident response.

In addition, Triskele Labs works with clients on preparedness programs to mature documentation, knowledge and capability that contributes to effective technical and strategic indident response. This involves the preparation and review of incident response documentation and the development of customized tabletop exercise.

This role is externally facing and will require regular engagement of C Level executives and Board members.

**Requirements**:
This is a unique opportunity to join a specialized Cybersecurity organization, ideal for someone with a strong Incident Response background. You will serve as a key contact for external providers and internal clients, triaging incidents and leading responses across the DFIR team while advising clients throughout the process.

The role emphasizes proactive preparedness, helping organizations develop and test incident response plans through tabletop exercises that assess various response capabilities. You'll identify insights and provide recommendations to improve incident response readiness.

Occasionally, you will present findings to diverse stakeholders, tailoring information to suit technical teams and executives.

Specific activities, duties and deliverables include but are not limited to the following:

- Establish close working relationships with third party providers in order to coordinate the initial incident response.
- Assist with triaging and scoping new incidents to identify the nature of investigation required.
- Attend ongoing client calls, develop incident response documents and assist with the presentation of findings to clients that have suffered a breach. Assist with the creation, review and distributation of documentation, findings and statistics captured during incident response.
- Develop and conduct incident response wargames in close liaison with the DFIR team. This includes developing the scenario, leading the wargame on the day, identifying recommendations, and developing a report.
- Development / Uplift of Incident Response plans and playbooks for clients.
- Develop materials and share observations and learnings identified during incident responses with internal Triskele Labs team members and external partners.
- Prior demonstrated experience in an Incident Response capacity
- Experience working with and presenting to C level executives and Board members.
- Extensive knowledge of the cybersecurity landscape, and common incident types (I.E. ransomware, BEC, data breach) affecting Australian businesses.
- Strong awareness of cyber security controls associated with the detection and response to cyber events (I.E. SOC, EDR / MDR, SIEM)
- Experience with implementing preparedness activities outside of incident response (I.E. tabletops, Incident Response Plannning, Playbook development).
- Technical knowledge of cyber incident response, including threat actor tactics, techniques and procedures.
- Familiarity with Business Continuity Management Systems concepts, including Business Continuity Plans, Disaster Recovery Plans and Incident Response Plans.
- Familiarity of the regulatory environment and Australia’s cyber security landscape, including Notifiable Data Breaches, ACSC, OAIC, APRA.

**Benefits**
- Market rate salary
- Up to 12 weeks paid parental leave for primary or secondary care giver
- Additional paid leave - 1 day of Birthday Leave and 1 day of 'Doona Day' leave each year
- Access to Free Employee Assistance Program
- Access to our Perks program offering rewards, recognition and discounts.

We are a balanced employer and this role is open to flexible working. You will however be required to attend client sites and face to face meetings.