Senior Cyber Threat Defence Analyst

• Company Macquarie Group
• No. of Openings 10+
• Salary Not Disclosed
• Work Type on-site

Job Description :

Join Macquarie’s Cyber Threat Incident Response (CTIR) team based in our Sydney office as a Cyber Threat Defence Analyst.

In this role, you will be working alongside a diverse team in multiple offices around the globe and be responsible for detecting, identifying, triaging, and mitigating threats and risks in our global cyber environment. You will also act to ensure that Macquarie’s digital estate is protected from threats both known and unknown.

As our Cyber Threat Defence Analyst, your key responsibilities will include:

• triage active alerts and campaigns for potential systemic threats to our global business
• review daily intelligence determining its applicability to the organization and take necessary defensive actions
• analyse latest malware discoveries/shifts to understand how/if it would be effective in the environment
• create new alerts and investigation methods in relation to the ever-changing threat landscape
• analyse attacks and trends facing the organization and industry to better define proactive defensive measures
• attribute malicious activities targeting Macquarie to threat actors and groups
• track, provide, and present analysis into observed attacks against Macquarie
• investigate threat actors and discover their infrastructure, motivations, and potential future actions
• take proactive actions to have observed brand impersonating and malicious sites removed
• discover internal security concerns and raise findings with the appropriate internal teams
• review processes, defence plane, technologies, and alerts in search of improvement
• proactively seek out suspicious activity and threats within the environment, act appropriately to contain and mitigate them
• analyse network traffic as a log at packet level
• Perform real-time detection, analysis, and response to threats via an EDR tool

Ideally you will bring:

• Splunk or other large log aggregation system
• Endpoint detection and response (EDR) platform
• a Security Orchestration, Automation, and Response platform (SOAR)
• email gateway security controls
• analysing Emails (e.g reading and understanding email headers, infrastructure)
• knowledge and experience decoding and deciphering malicious code
• how to chase actors beyond these tools
• analytical mindset
• offensive Security/Adversarial mindset
• object oriented programming experience
• scripting language understanding (Python, Powershell, etc.)
• malware analysis (manual, static, and dynamic)
• familiarity with cloud architectures
• Identity and Access Management (IAM)
• User and Entity Behavior Analytics (UBA/UEBA)
• familiarity with the MITRE Att&ck framework