Senior Cybersecurity Incident Responder
Quick Overview
Job Description
Here at Datacom we connect people and technology in order to solve challenges, create opportunities and discover new possibilities for the communities we live in.
Our TeamDatacom's Cybersecurity Defence Operations Centre (CDOC) operates across Australia & New Zeland where we provide a full stack of cybersecurity services including managed SOC/SIEM/EDR/XDR, threat intelligence, and digital forensics & incident response (DFIR). Our Cybersecurity Defence Operations Centre is a well established team made up of Cybersecurity Analysts, Platforms Engineers, Automation Specialists, Solutions Delivery Engineers, Threat Intel Analysts, Threat Hunters, & Incident Responders who have been managing customers, both commercial and government, for over 10+ years.
We partner with industry leaders to provide our services and to provide you with a broad technical skillset, certifications, and experience.
About The RoleWe are currently looking for a highly skilled and motivated individual to join our Cybersecurity Incident Response Team (CSIRT) as a Senior Cybersecurity Incident Responder. CSIRT provide proactive and reactive expertise to help organisations respond to major cybersecurity incidents.
In this role you will be responsible for the delivery of digital forensics & incident response (DFIR) engagements, and proactive advisory engagements such as the delivery of tabletop exercises, compromise assessments & threat hunting, breach readiness assessments, threat intelligence briefings, & threat modelling. You will be expected to lead DFIR engagements across either Australia or New Zeland.
We are seeking a candidate who has extensive experience investigating and responding to major cybersecurity incidents, and possesses excellent communication, analytical, and problem solving skills.
What You'll DoAs a Senior Cybersecurity Incident Responder, you will:
- Conduct thorough investigations into major security incidents, determining root causes, impact, and mitigation strategies. Providing expertise and support to contain, eradicate, and recover from such security incidents.
- Conduct analysis of affected systems utilising forensic techniques to thoroughly examine system events and adversary activities.
- Utilise security tooling such as EDR, SIEM, XDR, & Identity technologies to assist your investigation of confirmed or suspected compromises.
- Undertake log & correlation analysis and construct a timeline of adversary activities.
- Identify intrusion vectors & root causes and develop recommendation actions to prevent similar incidents.
- Collect digital forensics evidence from affected systems in accordance with industry standards for image acquisition and preservation of digital evidence.
- Produce comprehensive, detailed DFIR reports outlining the investigative steps undertaken, your findings, and recommendations.
- Support the coordination of containment, eradication and recovery efforts based on available information and established processes.
- Analysis of incident response effort, with feedback from the customer and third parties as part of Post Incident Reviews (PIRs) and Lessons Learned.
- Deliver proactive incident response services which include tabletop exercises, threat hunting, compromise assessments, breach readiness assessments, threat intelligence briefings, and threat modelling.
- Communicate with senior stakeholders within Datacom and our customers.
- Work with other members of the CSIRT team, to develop the technical capabilities of the CSIRT - including improving the processes and technology to deliver successful outcomes to customers and stakeholders.
- Participate in an on call roster for major incident response.
- Occasional planned or last minute/urgent travel to customer sites will be required for certain customer facing engagements. This may include a customer site in your home city, or travel to other customer sites within Australia and New Zeland.
- Confidence in communicating with a variety of senior stakeholders, including Senior Leadership teams in difficult / tense situations.
- Proven experience in responding to high profile cybersecurity incidents that have had significant operational or privacy impacts to the affected organisation such as ransomware & data breaches.
- Experience in digital forensics & incident response (DFIR) with an understanding of key system & digital forensic artifacts and how they are useful in a cybersecurity investigation.
- Experience using DFIR tools such as EnCase, X Ways, Magnet Axiom, Velociraptor, KAPE, & THOR.
- Proven knowledge and experience of efficiently searching large datasets across multiple log sources and underlying platforms including XDR/EDR and SIEM products such as CrowdStrike, Microsoft Defender, Splunk, or Sentinel.
- A strong understanding of current and emerging attacker behaviours, tools, tactics, and techniques.
- An understanding of various security frameworks and methodologies such as NIST CSF, MITRE ATT&CK and D3FEND, Unified Kill Chain and OWASP Top 10.
- Basic scripting or automation skills are desirable (for example PowerShell, Bash, Python, or Ruby).
- SANS GCFA, GCFE, GCIH, or relevant DFIR certifications are desirable.
Skills
Similar jobs
Software Solutions Architect
Aroha Technologies · Lansing, United States
1 minute agoPolyglot Software Developer Azure (AI focus)
Aroha Technologies · Warren, United States
2 minutes agoSenior Product Security Engineer
Airwallex- · Sydney, Australia
3 minutes agoAPI Engineer
Booz Allen Hamilton · Scott Air Force Base, United States
4 minutes ago$86.8k - $198k/yrAI Engineer
Booz Allen Hamilton · Fort Belvoir, United States
4 minutes ago$99k - $225k/yrPAM Senior Developer (Delinea)
Accenture · Brisbane, Australia
8 minutes ago