Senior Incident Response Analyst (Cybersecurity)

TL;DR

Senior Incident Response Analyst (Cybersecurity): Lead end-to-end digital forensics and incident response investigations for insureds facing business email compromise, ransomware, and data theft with an accent on evidence collection, attacker activity reconstruction, and remediation guidance. Focus on analyzing endpoints, cloud environments, and networks, producing forensic reports, and facilitating client briefings.

Location: Any location, Australia

Company

World's first Active Insurance provider combining comprehensive insurance coverage and cybersecurity tools to prevent digital risks for businesses.

What you will do

• Lead end-to-end incident response engagements from intake and scoping to evidence collection, analysis, containment, remediation, and closure.
• Perform digital forensics across endpoints, email, networks, websites, and cloud services to reconstruct attacker activity and assess impact.
• Investigate Microsoft 365 and cloud environments for account compromises, data access, and configuration weaknesses.
• Produce forensic reports and executive summaries with clear findings and recommendations.
• Facilitate client calls, briefings, and post-incident discussions with counsel and stakeholders.
• Contribute to Australia-specific IR processes, playbooks, and global follow-the-sun coverage.

Requirements

• Substantial hands-on DFIR experience leading complex investigations as primary analyst and client contact.
• Strong Windows and Linux forensics skills including acquisition, timeline analysis, and attacker techniques.
• Proven Microsoft 365 forensics experience with email, audit logs, OAuth, and phishing/BEC scenarios.
• Ability to investigate web compromises, especially WordPress/CMS platforms.
• Experience with network, perimeter, authentication logs, EDR, and security tools.
• Excellent communication to translate technical findings for non-technical stakeholders.
• Comfort in fast-paced environment handling multiple concurrent cases.

Nice to have

• Familiarity with Australian privacy and regulatory requirements for breach handling.
• Programming/scripting in Python or PowerShell for automation.
• Experience in insurance, MSSP, or DFIR consulting in Australia.
• Prior work in globally distributed follow-the-sun IR teams.
• Exposure to AWS, Google Cloud, and SaaS forensics.
• Experience with proactive IR like tabletop exercises or playbooks.

Culture & Benefits

• Remote-first, inclusive culture focused on protecting businesses from digital risks.
• 100% medical coverage including outpatient and emergency care.
• 20+ paid holidays and 12% employer pension contribution.
• Annual home office stipend and mental/physical wellness programs.
• Competitive compensation and advancement opportunities.