Incident Response Analyst (Hybrid)

Senior Incident Response Analyst - Digital Forensics (MSSP Environment)
Location: Sydney 

Work rights: Must be authorised to work in Australia - no visa sponsorship available

Overview: A leading Australian cyber security services provider is seeking a highly experienced Senior Incident Response Analyst with strong Digital Forensics expertise to lead and execute incident response capabilities within a managed SOC environment.

This is a hands-on technical leadership role. You will oversee complex investigations, own IR governance and playbooks, coordinate cross-functional stakeholders during live incidents, and contribute to detection engineering across modern security platforms. The role supports a high-velocity MSSP SOC environment across multiple customers.
You will also mentor analysts, uplift team capability, and continuously improve SOC processes to deliver world-class services.

Key Responsibilities

• Lead and manage high-impact cybersecurity incidents through all phases - detection, containment, eradication and recovery
• Conduct detailed digital forensic investigations across endpoints, servers and cloud platforms while maintaining chain of custody
• Perform proactive threat hunting using behavioural analytics, threat intelligence and hypothesis-driven techniques
• Develop and enhance detection and hunting playbooks aligned to MITRE ATT&CK
• Conduct root cause analysis and adversary profiling
• Collaborate with SOC teams (L1-L3), customers and third parties during live incidents
• Deliver executive-level incident reports and lessons learned
• Facilitate tabletop exercises and incident response simulations
• Partner with engineering teams to optimise SOAR automations
• Mentor and coach junior analysts
• Support critical incidents, including occasional after-hours response

Essential Experience

• 5-8+ years in cyber security with a strong focus on incident response and/or digital forensics
• Hands-on forensic investigation experience (endpoint, server, network and cloud - AWS, Azure, GCP)
• Experience investigating ransomware, advanced threats, cloud breaches or APT activity
• Strong log analysis and detection engineering capability
• Solid understanding of NIST IR methodology and MITRE ATT&CK
• Experience writing incident reports and executive summaries
• Experience developing IR playbooks
• Strong stakeholder communication skills

Certifications such as GCIH, GCFA, GREM or CHFI are advantageous but not mandatory.
Desirable

• Experience within an MSSP or SOC environment (L2/L3)
• SOAR/automation experience
• Exposure to regulated industries
• Experience mentoring analysts