About AARNet

Australia’s Academic and Research Network (AARNet) was established in 1989 and is widely regarded as the founder of the Internet in Australia and renowned as the architect, builder and operator of world-class network infrastructure for research and education. 

We are Australia’s National Research and Education Network (NREN). We connect over one million users—researchers, faculty, staff and students—at institutions across Australia, supporting education and research across a diverse range disciplines including high energy physics, climate science, genomics, radio astronomy and the arts.

Nationally, AARNet interconnects Australian universities, the CSIRO, and other organisations who have a research and education mission, or with whom the education and research sector interacts. These include hospitals, vocational training providers, schools and museums. Internationally, AARNet interconnects the Australian Research and Education (R & E) community to the world – and continuously develops new capabilities and partnerships to facilitate seamless data access and transfer. 

AARNet also offers a suite of supporting applications to our customers. These include network and collaboration services such as Zoom, that enable innovation in the delivery of research and education.

We are an organisation of innovators, doers, and courageous thinkers. We are not constrained by traditional products and solutions and we constantly strive to build the solutions that our customers will need tomorrow – today. If you have the imagination, foresight and drive to build the future why not come and join us?

The Role

This position serves as a senior analyst (Tier 2) within the AARNet Security Operations Centre (SOC), responsible for investigating complex security incidents and coordinating response efforts for SOC and MDR (Managed Detection and Response) customers. You will act as the escalation point for Tier 1 analysts, leading the technical investigation and coordinating stakeholder communication during high-severity incidents. This role bridges technical analysis with incident coordination, requiring both deep technical expertise and strong communication skills to manage incidents through to resolution while keeping customers informed.

You will receive comprehensive training on the Falcon Complete platform and work extensively with endpoint detection and response tools to deliver world-class incident response services.

During identified severity 1 and 2 critical security incidents, you will lead the end-to-end technical response and coordinate with customer stakeholders in line with agreed service level objectives.

This role suits a candidate who thrives on solving complex security problems under pressure and can confidently lead incident response while maintaining clear communication with both technical and non-technical audiences.

Responsibilities

Incident Response & Investigation (Core Focus)

- Serve as escalation point for complex security events requiring senior-level analysis

- Lead technical investigation of high and critical severity security incidents

- Perform log-based forensic analysis to determine root cause, scope, and impact of security breaches

- Map attack chains and document threat actor TTPs (Tactics, Techniques, and Procedures)

- Determine containment, eradication, and recovery strategies based on investigation findings

Incident Coordination

- Coordinate incident response activities across SOC analysts, engineers, and customer stakeholders during severity 1 and 2 incidents

- Serve as primary point of contact for customers during active security incidents

- Facilitate communication between technical teams and non-technical stakeholders

- Manage incident timeline and ensure adherence to service level objectives

- Lead coordinated crisis response efforts for critical security incidents

Documentation & Reporting

- Prepare clear, actionable incident reports for both technical and executive audiences

- Provide timely, detailed incident status updates throughout active response

- Create comprehensive post-incident reports covering risk, impact, containment, remediation, and threat actor details

- Document lessons learned and contribute to post-incident reviews

- Maintain accurate incident records throughout the response lifecycle

Process Improvement & Knowledge Sharing

- Develop and maintain incident response playbooks incorporating automation and orchestration capabilities

- Mentor and coach Tier 1 SOC analysts on investigation techniques, escalation criteria, and best practices

- Collaborate with Security Engineers to refine SIEM detection use cases and reduce false positives

- Contribute to automation and orchestration workflows in SOAR platforms

Operational Support

- Participate in on-call rotation for critical security incidents (24x7 support as required)

- Perform real-time monitoring and analysis of security events and threats from multiple sources during assigned shifts

- Understand customer environments across both SOC and MDR service offerings to effectively prepare and implement incident response measures

Required Qualifications & Experience

Education

- Diploma or Degree in Computer Science, Cyber Security, or equivalent practical experience

Experience

- 3-5 years of hands-on experience in security operations, incident response, or digital forensics

- Proven track record of investigating and resolving complex security incidents

- Demonstrated experience with security incident management standards and best practices

- Deep understanding of incident response and handling methodologies (NIST, SANS)

- Experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar) and EDR solutions

- Practical knowledge of Windows and Linux system forensics

- Experience analyzing logs from various sources including cloud environments (Azure, AWS)

Essential Technical Skills

- Deep understanding of attack vectors, threat actor TTPs, and the cyber kill chain

- Proficiency with digital forensic tools and methodologies

- Network protocol analysis and packet capture investigation

- Log analysis across multiple sources (endpoints, network devices, cloud services)

- Scripting for data analysis and automation (Python, PowerShell, or Bash)

- Strong knowledge of security technologies: SIEM, EDR, SOAR, UEBA, IDS/IPS, firewalls, proxies

- Understanding of common security threats and penetration techniques

Communication & Leadership

- Strong oral and written communication skills with ability to present to both technical and non-technical audiences

- Proven stakeholder management skills for interacting with internal and external stakeholders at varying levels

- Demonstrated leadership through taking ownership and accountability for incident response activities

- Ability to translate technical concepts into actionable recommendations for diverse audiences

Preferred Qualifications

- Relevant security certification (GCIH, GCFA, GCIA, ECIH, CHFI, or equivalent)

- Experience in a customer-facing SOC, MSSP, or MDR environment

- Hands-on experience with CrowdStrike Falcon and/or Microsoft Defender XDR platforms

- Familiarity with SOAR platforms and security automation tools

- Knowledge of threat intelligence platforms and threat hunting methodologies

- Experience with Breach Attack Simulation (BAS) tools

- Existing Security Clearance or ability to obtain Security Clearance (as an Australian Citizen)

Key Attributes

We're looking for someone who demonstrates:

- Security-oriented problem-solving mindset - enjoys solving complex puzzles and investigating how attacks succeeded

- High attention to detail - meticulous in forensic analysis, documentation, and configuration management

- Passion for "finding evil" and "doing good" - driven by protecting customers and preventing future incidents

- Composure under pressure - able to lead effective response during high-stress critical incidents

- Collaboration skills - works effectively with diverse teams including analysts, engineers, and customers

- Continuous learning - stays current with emerging threats, tools, and techniques