Principal Incident Response Analyst

• Employment type, full time role, continuing role within UNSW IT
• Principal Incident Response Analyst with an excellent salary package including superannuation
• Location: UNSW Kensington Campus (Hybrid Working Opportunities), 2-3 days on site in the office

About UNSW:

UNSW isn't like other places you've worked. Yes, we're a large organisation with a diverse and talented community, a community doing extraordinary things. Together, we are driven to be thoughtful, practical, and purposeful in all we do. Taking this combined approach is what makes our work matter. If you want a career where you can thrive, be challenged and do meaningful work, you're in the right place.

The role of Principal Incident Response Analyst will serve as a senior technical authority within the UNSW CSIRT team, providing deep expertise across threat intelligence, incident response, digital forensics, and threat hunting. In this capacity, you will be responsible for leading and orchestrating responses to complex and high-impact security incidents, leveraging expert knowledge of industry-leading frameworks and methodologies from SANS, MITRE Corporation, and NIST to ensure comprehensive, structured, and effective incident management and response. You will work collaboratively within a hybrid operating model, actively coordinating and communicating with key internal stakeholders which include IT, Legal, and HR as well as with external partners, particularly our Managed Security Service Providers (MSSPs). The role reports to the Manager, Cyber Security Incident Response and has no direct reports.

Specific accountabilities for this role include:

• Serve as the primary technical contact for cyber security incidents impacting UNSW, coordinating response activities with operational teams, and keeping key stakeholders informed of critical developments.
• Conduct and lead advanced technical investigations into complex security incidents, utilising in depth expertise in digital forensics, malware analysis, and network analysis to identify root causes, trace threat actor activities, and contain threats.
• Provide expert guidance and technical oversight to the CSIRT team in delivering advanced incident response, threat hunting, threat intelligence, and digital forensics services.
• Drive the development, enhancement, and continuous refinement of incident response processes, ensuring they are robust, technically precise, and aligned with industry best practices. Leverage AI, machine learning, and cutting-edge technologies to enhance our capabilities.
• Facilitate technical collaboration between internal UNSW teams and external MSSP partners, ensuring the alignment of threat detection, analysis, and response activities to maintain an integrated and efficient incident response capability.
• Document and report on critical incidents, producing in-depth technical post-incident review (PIR) reports that detail the root cause, attack vectors, impacted infrastructure, and actions taken.
• Ensure reports align with established processes, standards, and frameworks, providing comprehensive insights and recommendations.
• Prepare and deliver strategic security reports, analysing trends, patterns, and insights to provide actionable recommendations that strengthen the organisation's security posture, and sharing findings with relevant stakeholders
• Proactively analyse and apply cyber threat intelligence to strengthen organisational defences, supporting mitigation of cyber threats targeting the organisation.
• Lead the generation and refinement of actionable threat intelligence, analysing data from internal and external sources to identify emerging threats, attack trends, and adversary behaviours.
• Integrate intelligence into playbooks, operating procedures, and the knowledge base to enhance our security capabilities.
• Conduct proactive threat hunting to detect malicious actors and anomalies, leveraging advanced analytical techniques to uncover potential security threats in real time.
• Contribute to the development, implementation, and optimisation of security controls, services, and technologies to mitigate risks working closely with the Security Engineering team
• Adhere to IT Service Management practices across UNSW IT, Faculties, Divisions, and Affiliates
• Oversee and finalise effective communications with key stakeholders, both internal and external and provide influential input with stakeholders to achieve business outcomes.
• Align with and actively demonstrate the Code of Conduct and Values
• Ensure hazards and risks psychosocial and physical are identified and controlled for tasks, projects, and activities that pose a health and safety risk within your area of responsibility.
• You will be required to participate in a rotating on-call roster.

Skills and Experience:

• A relevant tertiary qualification with extensive experience or equivalent competence gained through any combination of education, training, and experience.
• Minimum ten years of industry experience in cyber security incident response, with a minimum five years of management experience in a cyber security environment or in a senior support role.
• Strong technical skills and operational experience in the management, configuration, and support of security controls including network security, endpoint security, application security, data protection, and/or identity and access management.
• Comprehensive analytical and problem-solving skills and proven capacity to exercise initiative, flexibility and to be proactive in development of robust solutions to problems.
• Strong consultation, influencing and negotiation skills and proven ability to engage effectively with diverse stakeholders to achieve successful outcomes.
• Strong written and verbal communication skills, with a high level of attention to detail for deliverables produced.
• Demonstrated success working effectively and collaboratively on initiatives with a range of people at different levels within an organisation.
• Excellent time management skills, with a demonstrated ability to respond to changing priorities, manage multiple tasks and meet competing deadlines by using judgement and initiative.
• An understanding of and commitment to UNSW's aims, objectives and values in action, together with relevant policies and guidelines.
• Knowledge of health & safety (psychosocial and physical) responsibilities and commitment to attending relevant health and safety training.
• Relevant industry certifications such as GCFA, GREM, OSCP and CCSP are highly desirable but not required.

To submit an application please apply online and submit your CV, Cover Letter and responses to the Skills and Experience outlined above and in the position description.

More Information: visit

Contact

Jen MacLachlan, email:

Applications close: Tuesday 30th of September at 11.30pm

Benefits and Culture

• Flexible hybrid working
• An additional 3 days of leave over the Christmas Period
• Access to lifelong learning and career development
• Progressive HR practices
• Discounts and entitlements

UNSW is committed to equity diversity and inclusion. Applications from women, people of culturally and linguistically diverse backgrounds, those living with disabilities, members of the LGBTIQ+ community; and people of Aboriginal and Torres Strait Islander descent, are encouraged. UNSW provides workplace adjustments for people with disability, and access to flexible work options for eligible staff.

The University reserves the right not to proceed with any appointment.