Senior Incident Response Analyst

About the role

Responsibilities

• Lead end-to-end incident response engagements, from intake and scoping through evidence collection, analysis, containment, remediation guidance, and closure.
• Perform digital forensics across endpoints, email platforms, networks, websites, and cloud services to reconstruct attacker activity and determine scope and impact.
• Investigate Microsoft 365 and other cloud environments for account compromise, data access, mail flow abuse, and configuration weaknesses.
• Produce clear, defensible forensic reports and executive-ready summaries that describe what happened, how it happened, and what to do next.
• Facilitate client and counsel calls, including findings briefings, remediation recommendations, and post-incident lessons-learned discussions.
• Contribute to Australia-specific IR processes, playbooks, and active services (such as tabletop exercises), and participate in our global follow-the-sun coverage model.

Skills and Qualifications

• Substantial hands-on DFIR experience, including leading complex investigations as the primary analyst and client point of contact.
• Strong technical foundation in Windows and Linux forensics, including acquisition, timeline analysis, and investigation of common attacker techniques (macOS experience a plus).
• Proven experience with Microsoft 365 email and cloud forensics, including mailbox and audit log review, OAuth and mailbox rule abuse, and common phishing/BEC scenarios.
• Ability to investigate web and application compromises, with particular familiarity with WordPress or similar CMS platforms.
• Experience working with network, perimeter, and authentication logs, as well as EDR and related security tooling, to identify and track malicious activity.
• Excellent written and verbal communication skills, with a track record of translating complex technical findings into clear guidance for non-technical stakeholders, including executives and legal counsel.
• pythongorustawsaiiosdatadesign