Job Description

If you enjoy being in a highly specific, locked down IR role where your tasks are narrowly defined, this probably isn’t the right role for you.

You don’t need to be super senior, but if you’re independent, don’t rely heavily on third-party services, take ownership, and don’t always fall back on escalation points, this could be a great fit.

You’ll work within an internal Defence team, giving you the freedom to lead investigations end-to-end. You’ll be part of a single, unified team that covers both engineering and the full incident response lifecycle — from detection and proactive threat hunting to forensics, root cause analysis, remediation, and continuous improvement of playbooks and processes.

You’ll gain hands-on experience with a wide range of incidents not always seen in corporate settings: ransomware, keyloggers, and APT activity, all in an environment where the team manages the controls directly. You’ll have the opportunity to drive meaningful changes and update processes, and playbooks without the usual bureaucracy.

Proactive hunting and offensive thinking are highly valued, leveraging threat intelligence to identify patterns, anticipate threats, and improve defence mechanisms.

If your IR skills are solid but need some rounding out, that's ok, but strong forensic capabilities and the ability to analyse OS artefacts and evidence are essential for this role.

Russell@theonset.com.au / 0438984265