Security Incident Responder

This role exists to execute the cyber-security incident detection and response function within Security Services.  The role is also responsible for contributing to the on-going maturity of the team, processes and frameworks.

The role requires strong technical skills and experience in incident detection and response.

Respond to cyber-security threats, vulnerabilities, events and incidents

Act as technical contributor during major security incidents

Contribute to improvement in the team’s capability, including:

Operational maturity, including processes/methodologies, playbooks, automation, efficiency, quality

Detection strategies, including attack models, use cases, tuning, R&D

Mitigation strategies, including proactive planning, new controls, optimising existing controls

Participate and contributing to the planning and executing of purple teaming activities

Meet team operational metrics

Maintain an up-to-date knowledge of cyber threats 

Drive continuous learning and knowledge sharing within the team

As required, support internal stakeholders and projects

Work in a ‘business hours + rostered on-call’ environment

Other related activities as required by Management or Cyber Response Leads

Who does my role report to? 
Manager, Cyber Response

Do I lead a team in this role? NO

Essential capabilities

Good understanding and experience with:

Incident response methodologies and techniques

Detection and mitigation strategies for a broad range of cyber threats, including malware, DDOS, hacking, phishing, lateral movement and data exfiltration 

Common cloud platforms/technologies, such as Azure, AWS and Google cloud

Common enterprise technologies, such as Windows, Linux, Active Directory, DNS, DHCP, web proxies, SMTP, TCP/IP

Malware analysis and reverse engineering, including dynamic and static analysis

Operational usage of common analysis and response tooling, including Splunk, Crowdstrike, Microsoft Defender, FireEye, Akamai, etc

Performing vulnerability assessments and penetration testing, including network, infrastructure and application exploitation

The Lockheed Martin Cyber Kill Chain™ or similar methodologies

Essential non-technical skills:

Demonstrated ability to stay calm and lead under pressure

Experience working in a CSOC / CIRT performing 2 and/or level 3 support

Experience in a complex enterprise environment

Demonstrated willingness to engage in self-learning or security research outside of standard business hours

Good analytical, problem solving and lateral thinking skills

Good verbal and written communication skills

Good time management and prioritisation skills

Basic consulting and stakeholder management

Qualification Requirements

Tertiary qualifications preferably in technology and cyber-security subjects.

Preferably:

SANS GIAC Certified Incident Handler (GCIH) or similar

SANS GIAC Certified Forensic Analyst (GCFA) or similar

SANS GIAC Reverse Engineering Malware (GREM) or similar

SANS GIAC Penetration Tester (GPEN) or Offensive Security Certified Professional (OSCP) or similar

Common next career moves (please list and include roles in T&EO outside of Security if applicable): 
Senior Consultant (Lead) Cyber Response Analysts
Senior Consultant (Lead) Cyber Threat Intelligence

Please include

Respond to cyber-security threats, vulnerabilities, events and incidents

Act as technical contributor during major security incidents

Contribute to improvement in the team’s capability, including:

Operational maturity, including processes/methodologies, playbooks, automation, efficiency, quality

Detection strategies, including attack models, use cases, tuning, R&D

Mitigation strategies, including proactive planning, new controls, optimising existing controls

Participate and contributing to the planning and executing of purple teaming activities

Meet team operational metrics

Maintain an up-to-date knowledge of cyber threats 

Drive continuous learning and knowledge sharing within the team

As required, support internal stakeholders and projects