Cyber incident response specialist (melbourne)

About the role

Reporting to the Cyber Defence Leader, the role will strengthen EnergyAustralia's cyber defence capability by assisting and coordinating the investigation and response to complex security incidents across IT and OT environments.

Responsibilities

• Monitor, triage, and investigate security events and alerts determining severity and coordinating appropriate response actions.
• Perform analysis across logs, endpoint telemetry, and network data to identify indicators of compromise and scope the impact of security events.
• Produce accurate and well‐structured incident records, investigation notes, and closure reports in line with established processes and documentation standards.
• Contribute to the improvement of detection rules, response playbooks, cyber controls, and operational processes based on the threat landscape and lessons learned from incidents.
• Support the development and tuning of SIEM detection use cases to improve alert fidelity and reduce false positives.
• Contribute to post‐incident reviews, root cause analysis, and lessons learned documentation to support continuous improvement of the incident response function.

Qualifications

Be Impactful when you are applying...

You will have some threat detection or incident response experience across a similar complex corporate landscape, with a desire to learn and uplift your security knowledge and prowess.

Additionally, you will also have most of the following:

• Bachelor's degree in Cybersecurity or CompSci and/or relevant certifications such as GCIH, GCFA or CompTIA highly regarded.
• 3+ years of hands‐on experience in security incident response or security operations, including experience leading investigations in complex environments.
• Experience with SIEM platforms (Microsoft Sentinel, Splunk, or similar), EDR/XDR solutions, and security orchestration tooling.
• Demonstrated ability to detect and respond security incidents across complex enterprise IT and OT environments.
• Demonstrated understanding of cyber control frameworks and the ability to assess and contribute to control alignment against an evolving threat landscape.

Working knowledge of some of the following

• Cyber‐attack frameworks (e.g. MITRE ATT&CK, Cyber Kill Chain) and the current threat landscape, applied to lead investigations, detection engineering, and defensive improvements.
• Systems and networks including Windows, Linux, Active Directory, Entra ID, Linux, TCP/IP, firewalls, VPNs, and IDS/IPS.
• Conducting and monitoring investigations across cloud platforms (AWS, Azure, GCP, SaaS platforms).
• Transparent and structured written communication skills, including the ability to produce accurate incident documentation.
• Willingness and availability to participate in a 24/7 on‐call roster.

Benefits

• Employee discounts on electricity and gas, plus savings on major brands and products.
• 20 weeks' paid parental leave – completely gender‐equal.
• Energise Program – flexible working that's team‐centric, enabling teams to agree and succeed together.
• Performance recognition and incentive programmes – tailored to different roles and teams to reward great work throughout the year.
• Supportive leaders and a down‐to‐earth culture where you can be your authentic self.