This organisation runs a large, always-on technology environment where availability, trust, and resilience are critical to them Australia Wide.
This role can be based in Sydney, Melbourne, Brisbane or Adelaide. It requires 3 days in an office location.
Incidents here have real-world impact, and this role is absolutely crucial to the development of the team and their Security Operations team.
Cyber security is already established in a mature environment, but the reality is this; when things go wrong, the organisation wants deeper technical authority, clearer decisions under pressure, and faster learning loops after the event.
You’ll sit at the sharp end of serious incidents, leading the technical truth-finding when it counts, and lifting the standard of the entire response capability over time.
On top of that you’ll help to bring up the skills of the team and be looking into the optimization and automation of the SOC in DFIR.
The Role:
- Act as the final technical authority during high-severity cyber incidents, owning root cause, impact assessment, and evidence integrity end-to-end
- Lead deep forensic investigations across hosts, memory, network traffic, and cloud platforms - not just triage and containment
- Set the technical bar for incident response, mentoring analysts and shaping how the team operates during pressure events
- Evolve incident response playbooks, tooling, and investigative techniques based on real incidents, not theory
- Translate complex technical findings into clear, calm direction for senior stakeholders when decisions need to be made quickly
Experience Required:
- Proven hands-on leadership in major cyber incidents, including live breach response and post-incident forensics
- Deep practical experience with digital forensics (disk, memory, network) across modern enterprise environments
- Strong grounding in attack chains, adversary behaviour, and modern intrusion techniques - beyond checkbox frameworks
- The judgement to make high-stakes decisions with incomplete information, without panic or ego
- The credibility to influence teams and leaders through technical clarity, not hierarchy
This is not for people who prefer advisory roles, policy ownership, or second-line oversight. If you haven’t personally led investigations under real pressure, this will be uncomfortable.
For a confidential conversation discussion: cwhyte@decipherbureau.com.
We cannot sponsor for this role. PR and Citizens only.