Incident Response Specialist - Systems Integrator

Are you ready to work with a recognised leader in cybersecurity that is redefining how organisations manage risk and build digital resilience?

Join a highly respected Australian cybersecurity firm with more than 15 years of industry expertise, trusted by over 200 enterprises to strengthen their security posture and reduce cybersecurity spend by up to 50 percent, delivering a comprehensive Cybersecurity as a Service platform backed by a 24/7 managed Security Operations Centre; accredited by CREST International for incident response, security operations, and penetration testing, ISO 27001 certified for its global SOC, partnered with major technology distributors across Australia and New Zealand, and widely recognised for helping organisations accelerate compliance, enhance threat detection, and achieve measurable security maturity.

Apply now to be part of a team that transforms complex cybersecurity challenges into strategic advantages in an increasingly digital world.

Responsibilities:

• Lead and manage high-impact cybersecurity incidents through all phase detection, containment, eradication, and recovery, ensuring minimal business impact.
• Oversee detailed digital forensics investigations across endpoints, servers, and cloud platforms, maintaining evidence of integrity, chain of custody, and comprehensive reporting.
• Conduct proactive threat hunting leveraging behavioral analytics, threat intelligence, and hypothesis-driven techniques to identify stealthy adversaries and undetected compromises.
• Develop and enhance detection and hunting playbooks, focusing on MITRE ATT&CK-aligned TTPs, anomaly detection, and continuous improvement of detection coverage.
• Perform root-cause analysis and adversary profiling to uncover vulnerabilities, exploited vectors, and attacker TTPs; translate findings into actionable threat intelligence.
• Collaborate closely with SOC (L1–L3) teams, customers, law enforcement, and third-party IR partners to coordinate containment and recovery activities.
• Provide executive-level reporting and lessons learned to senior leadership, driving enhancements in controls, response workflows, and automation.
• Lead and facilitate incident response exercises, tabletop simulations, and threat of hunting sprints to validate readiness and strengthen operational resilience.
• Stay current with evolving threat landscapes, forensic methodologies, and detection technologies, integrating relevant advancements into SOC operations.
• Collaborate with the Security Engineering team to optimize SOAR automations that streamline incident responses and improve analyst efficiency.
• Coach and mentor junior analysts in incident handling, threat hunting, and forensic analysis to uplift team capability and maturity.
• Support critical incidents requiring after-hours response when necessary.

Skills/Must have:

• Minimum 5-8 years’ experience in cyber security with strong incident response and/or digital forensics focus.
• Hands-on experience with forensic tools and techniques and log/event analysis.
• Proven experience investigating real-world security incidents, including advanced threats, ransomware, cloud breaches, or APT activity.
• Proficiency with endpoint, server, network, and cloud (AWS/Azure/GCP) forensics and incident response.
• Strong analytical, investigative, and root-cause skills. Ability to write clear incident reports and executive summaries.
• Solid understanding of security frameworks, incident response methodologies (e.g., NIST IR), and threat actor TTPs (e.g., MITRE ATT&CK).
• Experience developing incident response playbooks and forensics workflows.
• Excellent communication skills; able to engage technical teams, stakeholders and executive leadership.
• Relevant certifications GCIH, GCFA, GREM, CHFI etc. are preferred but not mandatory.

Salary:

• up to 140k + super