Senior Incident Response Analyst - Digital Forensics (MSSP Environment) Location: Sydney Work rights: Must be authorised to work in Australia - no visa sponsorship available Overview: A leading Australian cyber security services provider is seeking a highly experienced Senior Incident Response Analyst with strong Digital Forensics expertise to lead and execute incident response capabilities within a managed SOC environment. This is a hands-on technical leadership role. You will oversee complex investigations, own IR governance and playbooks, coordinate cross-functional stakeholders during live incidents, and contribute to detection engineering across modern security platforms. The role supports a high-velocity MSSP SOC environment across multiple customers. You will also mentor analysts, uplift team capability, and continuously improve SOC processes to deliver world-class services. Key Responsibilities Lead and manage high-impact cybersecurity incidents through all phases - detection, containment, eradication and recovery Conduct detailed digital forensic investigations across endpoints, servers and cloud platforms while maintaining chain of custody Perform proactive threat hunting using behavioural analytics, threat intelligence and hypothesis-driven techniques Develop and enhance detection and hunting playbooks aligned to MITRE ATT&CK Conduct root cause analysis and adversary profiling Collaborate with SOC teams (L1-L3), customers and third parties during live incidents Deliver executive-level incident reports and lessons learned Facilitate tabletop exercises and incident response simulations Partner with engineering teams to optimise SOAR automations Mentor and coach junior analysts Support critical incidents, including occasional after-hours response Essential Experience 5-8 years in cyber security with a strong focus on incident response and/or digital forensics Hands-on forensic investigation experience (endpoint, server, network and cloud - AWS, Azure, GCP) Experience investigating ransomware, advanced threats, cloud breaches or APT activity Strong log analysis and detection engineering capability Solid understanding of NIST IR methodology and MITRE ATT&CK Experience writing incident reports and executive summaries Experience developing IR playbooks Strong stakeholder communication skills Certifications such as GCIH, GCFA, GREM or CHFI are advantageous but not mandatory. Desirable Experience within an MSSP or SOC environment (L2/L3) SOAR/automation experience Exposure to regulated industries Experience mentoring analysts
