About the Team The Digital Forensics and Incident Responders team (DFIR) has a National footprint investigating cyber incidents across all sectors of government and industry. DFIR investigates cyber-incidents based on intelligence and victim self-identification of possible malicious cyber activity. DFIR uses a range of tools and methods, has engagement across ASD and close relationships with external domestic and foreign partners. About the Role Incident Responders (IRs) perform digital forensics to collect data that is analysed to identify malicious activity, discover adversary tradecraft and provide remediation actions. Incident Responders record and communicate their investigative activities to both technical and non-technical stakeholders via verbal briefs and contributing to investigation reports. Incident Responders must be able to build and maintain positive working relationships with internal and external parties. We are looking for candidates who are motivated, seek to develop their skills and further support ASD's mission. We will support your development by providing a range of learning opportunities, including mentoring and training, both on and off the job. The duties of an ASD Incident Responder include: Investigate information security incidents in line with broad direction by senior staff. Prepare and deploy tools to capture network traffic for decryption and analysis. Contribute to digital forensic investigations by processing and analysing evidence and artefacts in line with policy, standards and guidelines to support production of forensics findings and reports. Utilise a diverse set of capabilities, including various SIEM and Host Based investigation techniques to investigate cyber security incidents. Be able to develop skills in new capabilities as required as part of investigations. Provide assistance with the development of a technical remediation plan and deliver findings to system owners and stakeholders. Communicate technical findings and recommendations through formal reporting, briefs, emails and verbal advice in accordance with the ASD writing standards. Collaborate with organisations and stakeholders to provide remediation advice to system owners and managers in order to improve system security posture. Build and sustain effective working relationships with team members and actively participate in teamwork and group activities. Facilitate appropriate direction, including technical direction, for their employees by clearly communicating goals and objectives. At ASD 6 level, develop junior incident responders through mentoring, identification of knowledge gaps and training opportunities. Further information can be found at: I'm changing my career | Australian Signals Directorate (asd.gov.au). The key duties of the position include DFIR are seeking people who are technically adept, effective communicators, motivated, critical and creative thinkers who are keen to learn in a changing environment. Ideal candidates will be able to work in a team and independently while embracing team values of diversity, making a difference, curiosity, teamwork, professionalism and growth. You will have: A solid understanding of cyber security concepts and/or enterprise IT systems. Excellent written and verbal communication skills. A critical and analytical mind-set. Demonstrable success in problem solving. Sound stakeholder relationship skills. You will also have the ability to acquire an understanding of: Cyber security concepts relating to the current threat environment, vulnerabilities, exploits, and security controls. Cyber security investigation techniques (acquisition and analysis of incident data). Software development concepts. Computer networking fundamentals (IP addressing, network address translation). Common malware and hacker frameworks (exploit, remote access tool, key logger, phishing). Concepts of incident response PICERL- Prepare, Identify, Contain, Eradicate, Recover and Lessons Learned), industry frameworks and standards i.e. MITRE ATT&CK framework. Common network architecture and context of systems within that architecture (DMZ, jump host, management zone, cloud services). A concept of investigative hypothesis will be highly regarded. ASD is seeking applicants to fill current and anticipated vacancies and to create a merit pool for future vacancies. In line with the Australian Public Service Commissioner's Direction 2022, upon completion of the recruitment activity, the merit pool will be available to locations across Australia.
