Senior Incident Responder Job Description
We are seeking a highly skilled and motivated individual to join our Cybersecurity Incident Response Team (CSIRT) as a Senior Cybersecurity Incident Responder. CSIRT provides proactive and reactive expertise to help organisations respond to major cybersecurity incidents.
Key Responsibilities
* Investigations and Response: Conduct thorough investigations into major security incidents, determining root causes, impact, and mitigation strategies. Provide expertise and support to contain, eradicate, and recover from such security incidents.
* Digital Forensics: Conduct analysis of affected systems utilising forensic techniques to thoroughly examine system events and adversary activities.
* Security Tooling: Utilise security tooling such as EDR, SIEM, XDR, & Identity technologies to assist your investigation of confirmed or suspected compromises.
* Log Analysis: Undertake log & correlation analysis and construct a timeline of adversary activities.
* Intrusion Vectors: Identify intrusion vectors & root causes and develop recommendation actions to prevent similar incidents.
* Digital Forensics Evidence: Collect digital forensics evidence from affected systems in accordance with industry standards for image acquisition and preservation of digital evidence.
* Reporting: Produce comprehensive, detailed DFIR reports outlining the investigative steps undertaken, your findings, and recommendations.
* Crisis Management: Support the coordination of containment, eradication and recovery efforts based on available information and established processes.
* Post-Incident Reviews: Analysis of incident response effort, with feedback from the customer and third parties as part of Post Incident Reviews (PIRs) and Lessons Learned.
* Proactive Services: Deliver proactive incident response services which include tabletop exercises, threat hunting, compromise assessments, breach readiness assessments, threat intelligence briefings, and threat modelling.
* Communication: Communicate with senior stakeholders within Datacom and our customers.
* Team Collaboration: Work with other members of the CSIRT team, to develop the technical capabilities of the CSIRT - including improving the processes and technology to deliver successful outcomes to customers and stakeholders.
* On-Call Roster: Participate in an on-call roster for major incident response.
* Travel: Occasional planned or last-minute/urgent travel to customer sites will be required for certain customer facing engagements.
Required Skills and Qualifications
* Experience: Proven experience investigating and responding to high-profile cybersecurity incidents that have had significant operational or privacy impacts to the affected organisation such as ransomware & data breaches.
* Digital Forensics & Incident Response: Experience in digital forensics & incident response (DFIR) with an understanding of key system & digital forensic artifacts and how they are useful in a cybersecurity investigation.
* DFIR Tools: Experience using DFIR tools such as EnCase, X-Ways, Magnet Axiom, Velociraptor, KAPE, & THOR.
* Log Analysis: Proven knowledge and experience of efficiently searching large datasets across multiple log sources and underlying platforms including XDR/EDR and SIEM products such as CrowdStrike, Microsoft Defender, Splunk, or Sentinel.
* Security Frameworks: A strong understanding of current and emerging attacker behaviours, tools, tactics, and techniques.
* Scripting: Basic scripting or automation skills are desirable (for example PowerShell, Bash, Python, or Ruby).
* Certifications: SANS GCFA, GCFE, GCIH, or relevant DFIR certifications are desirable.
Benefits
You will have the opportunity to learn, develop your career, connect and bring your true self to work. You will be recognised and valued for your contributions and be able to do your work in a collegial, flat-structured environment.
Datacom is one of Australia and New Zealand's largest suppliers of Information Technology professional services. We have managed to maintain a dynamic, agile, small business feel that is often diluted in larger organisations of our size.
About Us
We care about our people and provide a range of perks such as social events, chill-out spaces, remote working, flexi-hours and professional development courses to name a few.