Senior Incident Response Analyst - Digital Forensics (MSSP Environment)
Location: Sydney
Work rights: Must be authorised to work in Australia - no visa sponsorship available
Overview
A leading Australian cyber security services provider is seeking a highly experienced Senior Incident Response Analyst with strong Digital Forensics expertise to lead and execute incident response capabilities within a managed SOC environment.
Key Responsibilities
* Lead and manage high-impact cybersecurity incidents through all phases - detection, containment, eradication and recovery
* Conduct detailed digital forensic investigations across endpoints, servers and cloud platforms while maintaining chain of custody
* Perform proactive threat hunting using behavioural analytics, threat intelligence and hypothesis-driven techniques
* Develop and enhance detection and hunting playbooks aligned to MITRE ATT&CK
* Conduct root cause analysis and adversary profiling
* Collaborate with SOC teams (L1-L3), customers and third parties during live incidents
* Deliver executive-level incident reports and lessons learned
* Facilitate tabletop exercises and incident response simulations
* Partner with engineering teams to optimise SOAR automations
* Mentor and coach junior analysts
* Support critical incidents, including occasional after-hours response
Essential Experience
* 5-8+ years in cyber security with a strong focus on incident response and/or digital forensics
* Hands-on forensic investigation experience (endpoint, server, network and cloud - AWS, Azure, GCP)
* Experience investigating ransomware, advanced threats, cloud breaches or APT activity
* Strong log analysis and detection engineering capability
* Solid understanding of NIST IR methodology and MITRE ATT&CK
* Experience writing incident reports and executive summaries
* Experience developing IR playbooks
* Strong stakeholder communication skills
Certifications such as GCIH, GCFA, GREM or CHFI are advantageous but not mandatory.
Desirable
* Experience within an MSSP or SOC environment (L2/L3)
* SOAR/automation experience
* Exposure to regulated industries
* Experience mentoring analysts
#J-18808-Ljbffr