Cyber Security Incident Responder

Cyber Security Incident Responder


Cyber Security Incident Responder

Details of the offer

About the role: We are looking for an Incident Responder to join our growing Cyber Security team, with a passion for customer-focused, holistic security outcomes that bridge the gap between cybersecurity and business outcomes. This role is suited to those with 3+ years in a similar role. In this role you will be responsible for responding to cyber incidents, performing forensic investigations and threat hunting for both Interactive's internal environment and managed cybersecurity customers. Your key responsibilities include:

Responding to security incidents: Contain, eradicate and recover systems with infections, ranging from phishing to complex malware/ APT campaigns
Develop and use Digital Forensic Investigation Tools (DFIT), Endpoint Detection and Response (EDR) and sandboxes to analyze and eradicate malicious programs and behaviors
Acquire, analyze and preserve digital evidence from a variety of workstation, server, and mobile platforms
Generate high-quality forensic examination reports to communicate findings clearly and concisely to technical and non-technical business unit managers
Develop security incident playbooks, cyber incident response tools, techniques and procedures
Identifying Indicators of compromise and work with our security operations centre to improve our detection capability
To be successful in this role, you will have:

Experience investigating security incidents
Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
Understanding of offensive security methodologies and tools including Kali Linux, Metasploit, Nmap, BurpSuite
Knowledge of Malware Triage, Reverse Engineering, and YARA tools and rulesets
Expert understanding of computer/network forensics tools (e.g. Encase, FTK)
Experience in SIEM platforms and attack detection tools. IBM QRadar experience preferred
Understanding of infrastructure-level technologies (Firewalls, Networks, Windows Server, Linux, VMware, Azure, AWS)

In addition, the following experience is not essential, but nice to have:

Experience with cybersecurity tools including Qualys, Carbon Black, Fortinet, ForcePoint DLP, Mimecast
Understanding of scripting languages (Powershell, Python)
Understanding of security control frameworks including ISO27001, NIST 800-53, Australian Signals Directorate Top 35, PCI-DSS and risk management frameworks

Source: Jobsjobsjobs


  • Other Jobs / Other Jobs - Crafts