Senior Digital Forensics & Incident Response Analyst

Job Description

Gridware Sydney, New South Wales, Australia Chief of Staff @ Gridware | Cybersecurity | Strategy, Operations & Special Projects Become a part of Gridware's DFIR team and help investigate and respond to cybersecurity incidents impacting Australian organisations. About the role: Your role will be communicating with clients during and after a cybersecurity incident. You’ll be required to assess the extent of the incident, provide expert advice, assist with containment, collect and lead the analysis of relevant evidence and artefacts (e.g.: log files, disk images, malware samples, phishing emails etc…), determine root cause, and provide high quality post-incident forensic reports. The bulk of the incidents that you will be investigating include: Business Email Compromises (BECs), ransomware attacks and web application/server breaches, however you will occasionally be dealing with insider threats, expert witness requests and website defacements. You will be reporting directly to the Chief Executive Officer, you’ll be working with a small team of Digital Forensics & Incident Response Analysts, and occasionally interns, with the expectation that as a senior analyst, you’ll be coordinating and managing some of the team’s resources and maintaining a general oversight of all active incidents. Key Responsibilities: Leading incident engagements: Coordinating the cyber incident response for external clients, including, containment, monitoring and forensic data collection efforts. Collect and analyse all available evidence and provide a written forensic report for our clients. Investigating and coordinating multiple and competing complex incidents at any given time. Monitor organisations' environments using our XDR and SIEM platforms. Peer review reports written by other analysts. Provide clients with advice on improving their cybersecurity posture (post-incident). About you: 2-3 years of experience in incident response/digital forensics. Passion for information systems and cyber security. Good communication, documentation, and interpersonal skills. Proven experience in working both autonomously and as part of a team. Desire to be part of a small but highly-skilled team. Bachelor’s degree or other relevant tertiary education or industry experience in cyber security or information technology field. Be willing to undertake occasional travel to client sites, or interstate for training, conferences etc… Key Competencies / Qualifications: Adept at analysing artefacts from Microsoft Windows-based workstations and servers. (e.g.: Registry entries, AmCache/Shimcache, Jump lists). Experience with commercial digital forensics tools (Magnet AXIOM, Cellebrite UFED, X-Ways Forensics, Cellebrite Digital Collector, etc…). Experience with open source digital forensics tools (KAPE, Eric Zimmerman’s tools, etc…). Understanding of cloud environments; Extracting and analysing logs from Microsoft 365 and Google Workspace. Understanding of file systems, file signatures and hashing. Fundamental understanding of networking (TCP/IP, DNS, DHCP, port forwarding etc…). Advanced verbal and written communication skills; Ability to clearly communicate with clients (including non-technical audiences and C-level personnel) and prepare detailed technical/forensic reports. Adept at Business Email Compromise (BEC) and Ransomware investigations. High Desirable Competencies / Attributes: Experience in threat actor/ransom negotiations and sanction checks. Ability and willingness to mentor junior analysts and interns. Experience with programming or scripting languages (e.g.: Python, SQL or PowerShell). Knowledge of threat actor tactics, techniques, and procedures (TTPs). Experience with Linux and/or Apple macOS-based systems. Current holder of (or ability to obtain) a Negative Vetting 2 (NV2) Australian security clearance. What Gridware can offer you: Gridware is a Great Place to Work certified and Top 10 Best Workplace in Australia 2023 and 2024. High growth company means you will play a pivotal role in the Digital Forensics & Incident Response (DFIR) team. Gain experience and exposure to investigating sophisticated cyber breaches. Learning and development programs to help you further your career in cybersecurity. Flexible, remote-working environment. Mental health training and leave. The opportunity to join Australia’s first Carbon Neutral cyber security company. Seniority level Mid-Senior level Employment type Full-time Job function Information Technology #J-18808-Ljbffr