Cyber Security Lead - Digital Forensics - Sydney
The Role
The DFIR Lead, as part of the Cyber Security Incident Response Team (CSIRT), is responsible for safeguarding personal information and company assets while ensuring compliance with policies and standards. They collaborate with the Security Operations Center (SOC) to manage operational procedures and risk mitigation for both physical and digital environments.Utilizing tools such as SIEM, threat intelligence, network and host protection, and threat management practices, the DFIR Lead conducts cybersecurity incident handling, including event analysis, incident containment, and remediation. Additionally, they play a key role in cyber threat and vulnerability analysis and response coordination.
Hybrid working - 3 days in office, 2 day WFH.
Responsibilities- Lead regional DFIR team members to ensure timely and effective monitoring, detection and response to information security threats
- Guide and mentor junior team members in digital forensic techniques, incident handling, and investigative methodologies
- Foster a knowledge-sharing culture by leading technical discussions, debriefs, and post-incident reviews
- Lead and support security incident investigations, including data breaches, malware infections, insider threats, and advanced persistent threats (APTs)
- Perform triage, containment, and remediation of cybersecurity incidents
- Collect, preserve, and analyze digital evidence from endpoints, networks, and cloud environments.
- Conduct memory forensics, disk forensics, and network packet analysis.
- Identify indicators of compromise (IOCs) and assess threat actors' tactics, techniques, and procedures (TTPs).
- Utilize SIEM, EDR, and threat intelligence platforms for incident detection and response.
- Collaborate with internal and external stakeholders to align security measures with business objectives and advise on mitigation strategies during incident response.
- Work closely with the Security Operations Center (SOC) to assess alerts and determine appropriate actions.
- Subject Matter Expertise in IT Risk and Cyber Security
- One or more of the following certifications: ISO 27001, CompTIA Security+, SANS GCFA, GNFA, GCIH, CHFI, CEH, SSCP, CISSP, CSSLP, CISA, CISM
- Minimum of 3-5 years' experience working within a SOC/Incident Response environment
- Experience of working with enterprise endpoint security platforms
- Knowledge of common CSIRT technologies (ex., EDR, SIEM, SOAR)
- In-depth knowledge of the Cyber Kill-Chain, Intelligence-driven defense and security architectures.
- Ability to help write concise reports based on complex data with accuracy, brevity, and speed
- Australian Citizens only (Must have NV1 or be eligible for NV1 clearance)
Apply Today
Please send your resume by clicking on the apply button.
Learn more about our Sydney recruitment services: http://www.roberthalf.com.au/recruitment-agency-sydney
By clicking 'apply', you give your express consent that Robert Half may use your personal information to process your job application and to contact you from time to time for future employment opportunities. For further information on how Robert Half processes your personal information and how to access and correct your information, please read the Robert Half privacy notice: https://www.roberthalf.com/au/en/privacy. Please do not submit any sensitive personal data to us in your resume (such as government ID numbers, ethnicity, gender, religion, marital status or trade union membership) as we do not collect your sensitive personal data at this time.