Cyber Incident Response Specialist

Stickman Consulting Pty Ltd – Sydney CBD NSW Join StickmanCyber: Pioneers in Cybersecurity as a Service and AI driven Cybersecurity Platform At StickmanCyber, our mission is more than a commitment – it's a guiding light: "We do everything in our power to protect our customers from cyber threats" Established in 2006, we've carved a niche in the cybersecurity landscape, demonstrating remarkable growth built on trust and commitment with our clientele, including several prestigious public listed companies. No Investors, No Debt, No Greed No Inflated Valuations, No Unrealistic Targets Just Pure, Uncomplicated Commitment We are accountable only to our staff and clients. This focus sets us apart. We're not just running a business; we're nurturing a philosophy. Every day, we commit to ensuring the security of our customers and the welfare of our staff. Growth is not our primary goal; we aim to maintain fairness in pricing, pay our staff well, and reinvest profits for staff training, new technology, and innovations targeted for our customers' success. We pride ourselves on being trailblazers in the Cybersecurity as a Service (CSaaS) domain, testament to our innovative spirit and commitment to excellence. Our business model generates robust recurring revenue and ensures profitability, showcasing operational strength and market resilience. Our most ambitious project yet is the development of an industry-first AI-based Cybersecurity platform. This cutting‑edge technology is a game‑changer, poised to revolutionize how we safeguard businesses from cyber threats. By joining our team, you'll be at the forefront, leveraging AI to enhance our capabilities and deliver unparalleled protection to our clients. We’re looking for passionate individuals who are eager to contribute to a global cybersecurity product/platform company. If you’re driven by innovation, excellence, and a desire to make a significant impact, StickmanCyber is your destination. Summary StickmanCyber is seeking a highly experienced Senior Incident Response Analyst with Digital Forensic expertise to direct and execute the company’s MSSP incident response capabilities. This individual will oversee complex investigations, own IR governance and playbooks, coordinate with cross‑functional stakeholders during live incidents, and lead the development and tuning of detection logic across Google SecOps, Sentinel, CrowdStrike and other related security technologies across all the customers within the MSSP SOC. This is a mid‑level leader, technical hands‑on position supporting StickmanCyber’s MSSP SOC. The role requires handling sophisticated threats, forensics and detection engineering in high‑velocity environments. As the Senior DFIR Expert, you will assist our analysts with daily investigations, evaluate emerging compromises and vulnerabilities, and help develop advanced use cases to detect active or attempted compromise on our client’s information systems. You are also required to be a personal motivator, working with analysts to develop their careers, skills, and overall team culture. You are expected to identify ways to positively impact team performance and encourage innovation, while displaying a positive customer service attitude to our partners and clients. Finally, you must review current SOC processes and work to improve them, offering our clients world‑class SOC services. Primary DFIR Responsibilities Lead and manage high‑impact cybersecurity incidents through all phases: detection, containment, eradication, and recovery, ensuring minimal business impact. Oversee detailed digital forensics investigations across endpoints, servers, and cloud platforms, maintaining evidence integrity, chain of custody, and comprehensive reporting. Conduct proactive threat hunting leveraging behavioral analytics, threat intelligence, and hypothesis‑driven techniques to identify stealthy adversaries and undetected compromises. Develop and enhance detection and hunting playbooks, focusing on MITRE ATT&CK‑aligned TTPs, anomaly detection, and continuous improvement of detection coverage. Perform root‑cause analysis and adversary profiling to uncover vulnerabilities, exploited vectors, and attacker TTPs; translate findings into actionable threat intelligence. Collaborate closely with SOC (L1–L3) teams, customers, law enforcement, and third‑party IR partners to coordinate containment and recovery activities. Provide executive‑level reporting and lessons learned to senior leadership, driving enhancements in controls, response workflows, and automation. Lead and facilitate incident response exercises, tabletop simulations, and threat‑of‑hunting sprints to validate readiness and strengthen operational resilience. Stay current with evolving threat landscapes, forensic methodologies, and detection technologies, integrating relevant advancements into SOC operations. Collaborate with the Security Engineering team to optimize SOAR automations that streamline incident responses and improve analyst efficiency. Coach and mentor junior analysts in incident handling, threat hunting, and forensic analysis to uplift team capability and maturity. Support critical incidents requiring after‑hours response when necessary. Qualifications Minimum 5‑8 years’ experience in cyber security with strong incident response and/or digital forensics focus. Hands‑on experience with forensic tools and techniques and log/event analysis. Proven experience investigating real‑world security incidents, including advanced threats, ransomware, cloud breaches, or APT activity. Proficiency with endpoint, server, network, and cloud (AWS/Azure/GCP) forensics and incident response. Strong analytical, investigative, and root‑cause skills. Ability to write clear incident reports and executive summaries. Solid understanding of security frameworks, incident response methodologies (e.g., NIST IR), and threat actor TTPs (e.g., MITRE ATT&CK). Experience developing incident response playbooks and forensics workflows. Excellent communication skills; able to engage technical teams, stakeholders and executive leadership. Relevant certifications (GCIH, GCFA, GREM, CHFI, etc.) are preferred but not mandatory. Experience in SOC environments, including L2/L3 escalation and working with SOC triage/hunting teams. Familiarity with automation/orchestration (SOAR tools), scripting forensics workflows. Exposure to regulated environments (e.g., finance, critical infrastructure, government) and handling sensitive data/incidents. Ability to coach and mentor other analysts and drive capability building within the team. Comfortable working occasional odd hours where incident coverage is required. #J-18808-Ljbffr