Description: Respond to cyber-security threats, vulnerabilities, events and incidents
Act as technical contributor during major security incidents
Contribute to improvement in the team's capability, including:
Operational maturity, including processes/methodologies, playbooks, automation, efficiency, quality
Detection strategies, including attack models, use cases, tuning, R&D
Mitigation strategies, including proactive planning, new controls, optimising existing controls
Participate and contributing to the planning and executing of purple teaming activities
Meet team operational metrics
Maintain an up-to-date knowledge of cyber threats
Drive continuous learning and knowledge sharing within the team
As required, support internal stakeholders and projects
Work in a 'business hours + rostered on-call' environment
Other related activities as required by Management or Cyber Response Leads
Essential capabilities Good understanding and experience with:
Incident response methodologies and techniques
Detection and mitigation strategies for a broad range of cyber threats, including malware, DDOS, hacking, phishing, lateral movement and data exfiltration
Common cloud platforms/technologies, such as Azure, AWS and Google cloud
Common enterprise technologies, such as Windows, Linux, Active Directory, DNS, DHCP, web proxies, SMTP, TCP/IP
Malware analysis and reverse engineering, including dynamic and static analysis
Operational usage of common analysis and response tooling, including Splunk, Crowdstrike, Microsoft Defender, FireEye, Akamai, etc
Performing vulnerability assessments and penetration testing, including network, infrastructure and application exploitation
The Lockheed Martin Cyber Kill Chain or similar methodologies
Essential non-technical skills: Demonstrated ability to stay calm and lead under pressure
Experience working in a CSOC / CIRT performing 2 and/or level 3 support
Experience in a complex enterprise environment
Demonstrated willingness to engage in self-learning or security research outside of standard business hours
Good analytical, problem solving and lateral thinking skills
Good verbal and written communication skills
Good time management and prioritisation skills
Basic consulting and stakeholder management
Qualification Requirements Tertiary qualifications preferably in technology and cyber-security subjects.
Preferably:
SANS GIAC Certified Incident Handler (GCIH) or similar
SANS GIAC Certified Forensic Analyst (GCFA) or similar
SANS GIAC Reverse Engineering Malware (GREM) or similar
SANS GIAC Penetration Tester (GPEN) or Offensive Security Certified Professional (OSCP) or similar
Summary of role requirements: Flexible hours availableMore than 4 years of relevant work experience required for this roleWork visa can be provided for this roleExpected start date for role: 13 November 2024 #J-18808-Ljbffr