Description:Respond to cyber-security threats, vulnerabilities, events and incidentsAct as technical contributor during major security incidentsContribute to improvement in the team's capability, including:Operational maturity, including processes/methodologies, playbooks, automation, efficiency, qualityDetection strategies, including attack models, use cases, tuning, R&DMitigation strategies, including proactive planning, new controls, optimising existing controlsParticipate and contributing to the planning and executing of purple teaming activitiesMeet team operational metricsMaintain an up-to-date knowledge of cyber threatsDrive continuous learning and knowledge sharing within the teamAs required, support internal stakeholders and projectsWork in a 'business hours + rostered on-call' environmentOther related activities as required by Management or Cyber Response LeadsEssential capabilitiesGood understanding and experience with:Incident response methodologies and techniquesDetection and mitigation strategies for a broad range of cyber threats, including malware, DDOS, hacking, phishing, lateral movement and data exfiltrationCommon cloud platforms/technologies, such as Azure, AWS and Google cloudCommon enterprise technologies, such as Windows, Linux, Active Directory, DNS, DHCP, web proxies, SMTP, TCP/IPMalware analysis and reverse engineering, including dynamic and static analysisOperational usage of common analysis and response tooling, including Splunk, Crowdstrike, Microsoft Defender, FireEye, Akamai, etcPerforming vulnerability assessments and penetration testing, including network, infrastructure and application exploitationThe Lockheed Martin Cyber Kill Chain or similar methodologiesEssential non-technical skills:Demonstrated ability to stay calm and lead under pressureExperience working in a CSOC / CIRT performing 2 and/or level 3 supportExperience in a complex enterprise environmentDemonstrated willingness to engage in self-learning or security research outside of standard business hoursGood analytical, problem solving and lateral thinking skillsGood verbal and written communication skillsGood time management and prioritisation skillsBasic consulting and stakeholder managementQualification RequirementsTertiary qualifications preferably in technology and cyber-security subjects.Preferably:SANS GIAC Certified Incident Handler (GCIH) or similarSANS GIAC Certified Forensic Analyst (GCFA) or similarSANS GIAC Reverse Engineering Malware (GREM) or similarSANS GIAC Penetration Tester (GPEN) or Offensive Security Certified Professional (OSCP) or similarSummary of role requirements:Flexible hours availableMore than 4 years of relevant work experience required for this roleWork visa can be provided for this roleExpected start date for role: 13 November 2024
#J-18808-Ljbffr