Senior / Cybersecurity Incident Responder

Our purpose

Here at Datacom, we connect people and technology in order to solve challenges, create opportunities and discover new possibilities for the communities we live in.

Our team

Our Cyber Defence Operation Centre (“CDOC”) runs across Auckland, Wellington and Brisbane from where we provide our full stack of Cybersecurity Managed services.

The CDOC is a well-established team made up of Cybersecurity Analysts, Engineers, Dev Engineers , and Incident Responders who have been managing customers, both commercial and government, for over 10+ years. We are a matured operational team that not only responds to security events, incidents, and triggers, but also hunts for anomalous, suspicious, and potentially unwanted activities within our customers environments.

We Partner with industry leaders to provide our services and to provide you with a broad technical skillset, certifications, and experience.

This is an exciting time of growth, and our driven team need to grow to meet the increased demand and activity.

About the Role

This role can be worked in any one of our New Zealand offices across the North and South Island please apply to find out more

The Cybersecurity Incident Responder is a key part of Datacom's Incident Response Team (CSIRT) within the Cyber Defence Operations Centre (CDOC). You will be responsible for supporting the delivery of Cybersecurity Incident Response client engagements, as well as helping to develop and grow the CSIRT capability.

No two incidents are the same and your work will cover all aspects of the incident response lifecycle, from initial identification and first response through to post incident reviews and incident close-out.

What you’ll do

You will respond to Cybersecurity Incidents across our Customers and the Datacom Group. This work will involve incident handling activities (such as data collection, analysis and event correlation) and incident management tasks depending on the nature and severity of the incident.

Typical activities include:

• Production and maintenance of Incident Action Plans, Reports and SITREPS in support of the response activities.
  
• Support / coordination of containment, eradication and recovery efforts based on available information and established processes.
• Facilitation of communication between stakeholders and external parties, including updating stakeholders on the status of the containment, eradication, and recovery efforts.
• Identification of intrusion vectors / root causes and develop recommendation actions to prevent similar incidents.
• Analysis of incident response effort, with feedback from the customer and third parties as part of Post Incident Reviews (PIRs) and Lessons Learned.
• Delivery of Proactive Incident Response Services which include Table-Top Exercises, Threat Hunting and Incident Preparedness Reviews.
• Work with other members of the CSIRT team, to help to continue to develop the technical capabilities of the CSIRT - including improving the processes and technology to deliver successful outcomes to clients and stakeholders.

What you’ll bring

• A genuine passion for Cyber Security including ability and willingness to learn, self-manage, be proactive, and demonstrate empathy towards fellow team members, customers, and stakeholders during Incident Response engagements.
• Confidence in communicating with a variety of stakeholders, including Senior Management in difficult / tense situations.
• An understand of the tools, techniques, and procedures that modern attackers use to compromise organisations.
• An understanding of various security frameworks and methodologies such as NIST CSF, MITRE ATT&CK and D3FEND, Unified Kill Chain and OWASP Top 10.
• Understanding of key system / digital forensics artifacts and how they are useful in a cyber security investigation.

Proven experience in a cyber security or technical IT role such as the below are highly desirable:

• Digital Forensics / Incident Response
• Cyber Threat Intelligence / Cyber Threat Hunting
• Penetration Testing / Red-team
• Security Operations

• Security Architecture
• IT Operations / Networks
• Basic scripting or programming skills are desirable (for example PowerShell, Bash, Python, Ruby, etc)

The Nitty Gritty

We have over 6,200 people across our global offices, and generate an annual revenue of over $1.2 billion, this makes us one of Australasia’s largest professional IT services companies. We have extensive expertise in operating data centres, providing IT services, software engineering and application management, as well as payroll and customer service design and operations. With this comes a long list of significant clients Datacom is committed to hiring, developing, and promoting the best talent from a diverse range of backgrounds. We are local at heart, yet world-class in capability.

If you are keen to be part of a great team, please apply online! All applications will be treated in the strictest confidence.

Due to the Nature of the Clients you will be working with you will need to be an NZ Citizen/Permanent Resident and have the ability to pass additional security clearances which will require you to have lived in a 5 eyes country for the last 5 years. We do however consider work visas for other opportunities across Datacom so please keep an eye on our careers page for any roles of interest.

Datacom is committed to the health and safety of its people and the wider community. Based on our site access requirements for this role, and/or potential customer site and customer’s vaccination requirements which are constantly developing, the successful applicant will need to be able produce evidence of being fully vaccinated against COVID-19, or a valid exemption. Datacom will consider whether any accommodations can be made for candidates who are partially vaccinated (with remaining vaccine doses booked), or who are unable to be vaccinated against COVID-19 and hold a valid exemption.