Join this large & recognisable global firm in a newly created role to lead the execution & coordination of IR processes, automation, and cloud IR.
- Newly created role in a well-known global firm
- Lead CSIRT activities in the region
- Full time permanent role | Hybrid working
**THE COMPANY**
This large and well-known organisation employs more than 70,000 staff in 100+ countries around the globe.
They are a creative and innovative business that are expanding their Cyber Security capabilities in Australia.
**THE ROLE & RESPONSIBILITIES**
Newly created Cyber Security Incident Response Team Lead role working alongside the global SOC and Threat Intelligence teams to act as a regional incident coordinator during events that require orchestrated responses.
You will be responsible for ensuring the organisations IT & cyber assets are monitored, improved, documented, automation, and protected to the highest standard.
**Key elements include**:
- Lead & manage the execution of Incident Response processes in the region.
- Design, develop & provide ongoing improvement to Incident Response processes.
- Prepare metrics to track & improve Incident Response processes.
- Lead the development of SOAR playbooks & become the SME for automated workflows and processes that adhere to compliance requirements (ISO 27001, GDPR etc).
- Lead the development of cloud-focused Incident Response processes.
- Assist in maintaining & improving the Incident Response framework.
- Act as the liaison between Senior Executives, Internal Audit & Legal teams, and business unites during major incidents and post incident investigations.
- Contribute to building out the security strategy.
- Lead & mentor junior CSIRT Analyst's.
- Work alongside a global team in a 'follow-the-sun' model.
**REQUIRED EXPERIENCE / BACKGROUND / KNOWLEDGE**
Suitable for a Lead/Senior CSIRT Analyst with proven experience executing & coordinating multi-level Incident Response processes as well as leading automation initiatives.
Ideal for a natural collaborator with excellent communication & stakeholder management abilities who can 'see the big picture' and think strategically.
**The following is required**:
- Proven Senior CSIRT exp and SME knowledge executing & coordinating Incident Response processes.
- SIEM threat hunting exp & ability to create queries to detect incidents.
- Endpoint & network analysis background identifying threats.
- Ability to translate orchestration design documents into SOAR playbooks.
- Cloud security knowledge, including techniques to secure cloud environments & cloud Incident Response.
- Scripting experience - e.g. Python, JavaScript, PowerShell,.Net etc
- MITRE ATT&CK; framework experience.
- IT security framework knowledge - e.g. ISO 27001, COBIT, NIST etc
- Background inside enterprise environments working with globally dispersed teams.
- Robust attention to detail, problem-solving & analytical skills
- Excellent communication & stakeholder management abilities.
**This is a full-time permanent role located in Sydney with hybrid working available.**
- _Please note, unrestricted permanent Australian working rights are required to be considered for this position and successful applicants will be contacted. _
📌 Lead Cyber Security Incident Response Analyst
🏢 Robert Half
📍 Sydney