Cyber Incident Response Specialist

About the role

The Cyber Incident Response Specialist will strengthen EnergyAustralia's cyber defence capability by investigating and responding to complex security incidents across IT and OT environments. Reporting to the Cyber Defence Leader, you will play a critical role in protecting the organisation's digital assets.

Key responsibilities

• Monitor, triage, and investigate security events, determine severity, and coordinate response actions.
• Analyse logs, endpoint telemetry, and network data to identify indicators of compromise and assess impact.
• Produce accurate incident records, investigation notes, and closure reports following established standards.
• Improve detection rules, response playbooks, and cyber controls based on threat landscape insights.
• Support development and tuning of SIEM detection use cases to reduce false positives.
• Participate in post‑incident reviews, root‑cause analysis, and lessons‑learned documentation.

Required profile

• Bachelor’s degree in Cybersecurity, Computer Science or related field; relevant certifications (e.g., GCIH, GCFA, CompTIA) are highly regarded.
• 3+ years of hands‑on experience in security incident response or security operations, including leading investigations in complex environments.
• Experience working with SIEM platforms, EDR/XDR solutions, and security orchestration tools.
• Ability to work a 24/7 on‑call roster and produce clear, structured written documentation.

Required skills

• SIEM platforms such as Microsoft Sentinel or Splunk.
• EDR/XDR solutions and security orchestration tooling.
• Knowledge of cyber‑attack frameworks (MITRE ATT&CK, Cyber Kill Chain).
• Proficiency with Windows, Linux, Active Directory, Entra ID, TCP/IP, firewalls, VPNs, IDS/IPS.
• Experience with cloud platforms (AWS, Azure, GCP, SaaS).