WHAT IS THE PURPOSE OF MY ROLE?

This role exists to execute the cyber-security incident detection and response function within Security Services. The role is also responsible for contributing to the on-going maturity of the team, processes and frameworks.

The role requires strong technical skills and experience in incident detection and response.

Accountabilities

• Respond to cyber-security threats, vulnerabilities, events and incidents
• Act as technical contributor during major security incidents
• Contribute to improvement in the team's capability, including:
• Operational maturity, including processes/methodologies, playbooks, automation, efficiency, quality
• Detection strategies, including attack models, use cases, tuning, R&D
• Mitigation strategies, including proactive planning, new controls, optimising existing controls
• Participate and contributing to the planning and executing of purple teaming activities
• Meet team operational metrics
• Maintain an up-to-date knowledge of cyber threats
• Drive continuous learning and knowledge sharing within the team
• As required, support internal stakeholders and projects
• Work in a 'business hours + rostered on-call' environment
• Other related activities as required by Management or Cyber Response Leads

• Incident response methodologies and techniques
• Detection and mitigation strategies for a broad range of cyber threats, including malware, DDOS, hacking, phishing, lateral movement and data exfiltration
• Common cloud platforms/technologies, such as Azure, AWS and Google cloud
• Common enterprise technologies, such as Windows, Linux, Active Directory, DNS, DHCP, web proxies, SMTP, TCP/IP
• Malware analysis and reverse engineering, including dynamic and static analysis
• Operational usage of common analysis and response tooling, including Splunk, Crowdstrike, Microsoft Defender, FireEye, Akamai, etc
• Performing vulnerability assessments and penetration testing, including network, infrastructure and application exploitation
• The Lockheed Martin Cyber Kill Chain™ or similar methodologies

• Demonstrated ability to stay calm and lead under pressure
• Experience working in a CSOC / CIRT performing 2 and/or level 3 support
• Experience in a complex enterprise environment
• Demonstrated willingness to engage in self-learning or security research outside of standard business hours
• Good analytical, problem solving and lateral thinking skills
• Good verbal and written communication skills
• Good time management and prioritisation skills
• Basic consulting and stakeholder management

• SANS GIAC Certified Incident Handler (GCIH) or similar
• SANS GIAC Certified Forensic Analyst (GCFA) or similar
• SANS GIAC Reverse Engineering Malware (GREM) or similar
• SANS GIAC Penetration Tester (GPEN) or Offensive Security Certified Professional (OSCP) or similar

• Respond to cyber-security threats, vulnerabilities, events and incidents
• Act as technical contributor during major security incidents
• Contribute to improvement in the team's capability, including:
• Operational maturity, including processes/methodologies, playbooks, automation, efficiency, quality
• Detection strategies, including attack models, use cases, tuning, R&D
• Mitigation strategies, including proactive planning, new controls, optimising existing controls
• Participate and contributing to the planning and executing of purple teaming activities
• Meet team operational metrics
• Maintain an up-to-date knowledge of cyber threats
• Drive continuous learning and knowledge sharing within the team
• As required, support internal stakeholders and projects