Lead End to End Incident Response | Drive response, recovery improvementLong Term Fed Gov Contract | Canberra Based | NV1 Required No Payroll Fees | 2 Pay Runs Per Week | Easy Online TimesheetsBe a key contributor to the ongoing enhancement of the Department's security posture.
Your new companyOur client is a large Australian Federal Government department with responsibility for nationally significant systems and services. They are seeking a Lead Cyber Incident Responder (EL1) to support the detection, management and resolution of cyber security incidents across a complex enterprise environment.
This is a 12‑month initial contract, with the potential for up to two additional 12‑month extensions, offering long‑term engagement and exposure to high‑impact, business‑critical cyber events. The role is Canberra‑based, with flexible working arrangements available (up to two days per week working from home).
To be considered, candidates must be eligible to obtain a Negative Vetting Level 1 (NV1) security clearance.
Your new roleIn this EL1‑level position, you will take a lead role in managing cyber security incidents from identification through to recovery and post‑incident review. You will provide technical leadership during time‑critical situations, while ensuring clear, timely communication with both technical teams and senior stakeholders.
You'll also contribute to the ongoing maturity of incident response capability across the department, supporting process uplift, tooling optimisation and mentoring of other cyber security professionals.
Key responsibilities will include:
Leading and responding to cyber security incidents across the full incident lifecycleUsing Microsoft security tools to investigate, contain and remediate incidentsManaging incident communications and stakeholder engagement during active incidentsDeveloping and maintaining incident documentation, reports and briefsTranslating technical findings into clear advice for non‑technical audiencesFacilitating recovery activities and post‑incident reviewsImproving incident response processes, alerting and detection capabilitiesDeveloping, maintaining and testing cyber incident management plans and proceduresMentoring and supporting team membersParticipating in on‑call and out‑of‑hours response activities as requiredWhat you'll need to succeedTo be successful in this role, you will demonstrate:
Proven experience leading and responding to cyber security incidents end‑to‑endStrong technical expertise using Microsoft security technologies in an enterprise environmentThe ability to communicate clearly and confidently during and after cyber incidentsExperience producing high‑quality written outputs for technical and non‑technical stakeholdersA calm, structured approach to decision‑making under pressureEligibility to obtain Negative Vetting Level 1 (NV1) security clearanceWhat you'll get in return
A long‑term federal government contract with strong extension potentialExposure to complex and high‑profile cyber security incidentsFlexible working arrangements, including up to two days working from homeThe opportunity to operate at EL1 level in a mature cyber security environmentA competitive contract rate aligned to senior government cyber rolesWhat you need to do now
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.
If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion on your career.
Applications close Monday, 6 April 2026
Desired Skills and Experience
SECOPS OR \"SECURITY OPERATIONS\" OR SPLUNK OR SENTINEL OR DEFENDER OR SOC OR \"INCIDENT RESPONSE\" OR \"IR\" OR \"THREAT HUNTER\" OR SIEM