| |
WHAT IS THE PURPOSE OF MY ROLE? | This role exists to execute the cyber-security incident detection and response function within Security Services. The role is also responsible for contributing to the on-going maturity of the team, processes and frameworks. The role requires strong technical skills and experience in incident detection and response. |
Accountabilities | - Respond to cyber-security threats, vulnerabilities, events and incidents
- Act as technical contributor during major security incidents
- Contribute to improvement in the team’s capability, including:
- Operational maturity, including processes/methodologies, playbooks, automation, efficiency, quality
- Detection strategies, including attack models, use cases, tuning, R&D
- Mitigation strategies, including proactive planning, new controls, optimising existing controls
- Participate and contributing to the planning and executing of purple teaming activities
- Meet team operational metrics
- Maintain an up-to-date knowledge of cyber threats
- Drive continuous learning and knowledge sharing within the team
- As required, support internal stakeholders and projects
- Work in a ‘business hours + rostered on-call’ environment
- Other related activities as required by Management or Cyber Response Leads
|
DBACKGROUND INFORMATION ABOUT MY ROLE: | Who does my role report to? Manager, Cyber Response Do I lead a team in this role? NO |
COMMON NEXT CAREER MOVES: | Coming into this role: Experience Please include See Essential Capabilities Essential capabilities Good understanding and experience with: - Incident response methodologies and techniques
- Detection and mitigation strategies for a broad range of cyber threats, including malware, DDOS, hacking, phishing, lateral movement and data exfiltration
- Common cloud platforms/technologies, such as Azure, AWS and Google cloud
- Common enterprise technologies, such as Windows, Linux, Active Directory, DNS, DHCP, web proxies, SMTP, TCP/IP
- Malware analysis and reverse engineering, including dynamic and static analysis
- Operational usage of common analysis and response tooling, including Splunk, Crowdstrike, Microsoft Defender, FireEye, Akamai, etc
- Performing vulnerability assessments and penetration testing, including network, infrastructure and application exploitation
- The Lockheed Martin Cyber Kill Chain™ or similar methodologies
Essential non-technical skills: - Demonstrated ability to stay calm and lead under pressure
- Experience working in a CSOC / CIRT performing 2 and/or level 3 support
- Experience in a complex enterprise environment
- Demonstrated willingness to engage in self-learning or security research outside of standard business hours
- Good analytical, problem solving and lateral thinking skills
- Good verbal and written communication skills
- Good time management and prioritisation skills
- Basic consulting and stakeholder management
Qualification Requirements Tertiary qualifications preferably in technology and cyber-security subjects. Preferably: - SANS GIAC Certified Incident Handler (GCIH) or similar
- SANS GIAC Certified Forensic Analyst (GCFA) or similar
- SANS GIAC Reverse Engineering Malware (GREM) or similar
- SANS GIAC Penetration Tester (GPEN) or Offensive Security Certified Professional (OSCP) or similar
Common next career moves (please list and include roles in T&EO outside of Security if applicable): Senior Consultant (Lead) Cyber Response Analysts Senior Consultant (Lead) Cyber Threat Intelligence |
A TYPICAL DAY FOR ME INVOLVES: | Please include - Respond to cyber-security threats, vulnerabilities, events and incidents
- Act as technical contributor during major security incidents
- Contribute to improvement in the team’s capability, including:
- Operational maturity, including processes/methodologies, playbooks, automation, efficiency, quality
- Detection strategies, including attack models, use cases, tuning, R&D
- Mitigation strategies, including proactive planning, new controls, optimising existing controls
- Participate and contributing to the planning and executing of purple teaming activities
- Meet team operational metrics
- Maintain an up-to-date knowledge of cyber threats
- Drive continuous learning and knowledge sharing within the team
- As required, support internal stakeholders and projects
|