Job Description

Job Title: Lead Cyber Incident Responder

Security Clearance: Negative Vetting Level 1 (NV1)

Duration: Initial 12 months with 2 x 12-month extensions

Industry: Information Technology

Functional Expertise: Cyber Security

Sub-functional Expertise: Cyber Security Incident Response

Location of work: QLD, ACT, VIC, NSW

Working arrangements: Hybrid. Candidates based in Canberra, ACT are highly preferred, however strong candidates from other locations may be considered. Working from home arrangements may be considered for up to 2 days per week on a case-by-case basis. Candidates may be required to be on call outside standard hours and perform out-of-hours, weekend and public holiday work.

Closing date: 9AM Wednesday, 27 May 2026

Description:

Our client is seeking an experienced Lead Cyber Incident Responder to join their Cyber Security Incident Response Team (CSIRT). The successful candidate will contribute to responding to cyber security incidents and enhancing the security posture of the organisation.

This role requires hands-on technical cyber security incident response expertise, including performing technical analysis during cyber security incidents. The position also requires strong communication skills to collaborate with internal and external stakeholders across all levels.

Responsibilities:

• Investigate and respond to potential and actual cyber security incidents end-to-end across the cyber security incident response lifecycle.
• Use provided tools and technologies to perform cyber security incident response.
• Drive cyber security incident communications, ensuring all parties are aware of incidents and their role in the process.
• Develop and maintain records and documentation related to cyber security incidents.
• Communicate and document technical findings and recommendations to technical and non-technical stakeholders through formal reporting, briefs, emails, and verbal advice.
• Facilitate recovery including post incident review, following resolution of cyber security incidents.
• Develop, maintain, and test the cyber security incident management policy and plan/procedures while ensuring compliance with regulatory requirements and best practice.
• Identify and drive technical improvements including but not limited to alert tuning.
• Maintain and optimise cyber security incident response processes.
• Mentor and upskill other team members.
• Other duties as directed.

Requirements:

• Minimum of 3 years of hands-on technical experience in a cyber security incident responder role.
• Strong technical expertise using Microsoft security tools.
• Ability to perform technical analysis during cyber security incidents.
• Strong stakeholder engagement and communication skills.

Key Capabilities:

• Technical cyber security incident response expertise.
• Strong analytical and problem-solving skills.
• Ability to communicate technical findings to technical and non-technical stakeholders.
• Ability to work collaboratively across teams and stakeholders.
• Ability to mentor and support team capability uplift.

Essential Criteria:

• Proven hands-on technical cyber security incident response expertise and responding to cyber security incidents from end-to-end.
• Strong technical expertise using Microsoft security tools related to cyber security incident response.
• Excellent verbal and written communications during and after cyber security incidents including technical findings and recommendations to technical and non-technical stakeholders across all levels.

Desirable Criteria:

• GIAC certifications such as GCIH and GCFA.
• Microsoft security certifications.

How to apply:

Please submit your application including your resume and a completed application form addressing the essential and desirable criteria. Ensure your application highlights your experience and any relevant certifications.