Join Macquarie’s Cyber Threat Incident Response (CTIR) team based in our Sydney office as a Cyber Threat Defence Analyst.
In this role, you will be working alongside a diverse team in multiple offices around the globe and be responsible for detecting, identifying, triaging, and mitigating threats and risks in our global cyber environment. You will also act to ensure that Macquarie’s digital estate is protected from threats both known and unknown.
As our Cyber Threat Defence Analyst, your key responsibilities will include:
triage active alerts and campaigns for potential systemic threats to our global business
review daily intelligence determining its applicability to the organization and take necessary defensive actions
analyse latest malware discoveries/shifts to understand how/if it would be effective in the environment
create new alerts and investigation methods in relation to the ever-changing threat landscape
analyse attacks and trends facing the organization and industry to better define proactive defensive measures
attribute malicious activities targeting Macquarie to threat actors and groups
track, provide, and present analysis into observed attacks against Macquarie
investigate threat actors and discover their infrastructure, motivations, and potential future actions
take proactive actions to have observed brand impersonating and malicious sites removed
discover internal security concerns and raise findings with the appropriate internal teams
review processes, defence plane, technologies, and alerts in search of improvement
proactively seek out suspicious activity and threats within the environment, act appropriately to contain and mitigate them
analyse network traffic as a log at packet level
Perform real-time detection, analysis, and response to threats via an EDR tool
Ideally you will bring:
Splunk or other large log aggregation system
Endpoint detection and response (EDR) platform
a Security Orchestration, Automation, and Response platform (SOAR)
email gateway security controls
analysing Emails (e.g reading and understanding email headers, infrastructure)
knowledge and experience decoding and deciphering malicious code
how to chase actors beyond these tools
analytical mindset
offensive Security/Adversarial mindset
object oriented programming experience
scripting language understanding (Python, Powershell, etc.)