Lead Incident Responder

• You are a problem solver with a strong technical background in Incident Responds (IR) and or Security Operations Centre (SOC).
• We are one of the largest Cyber Security Practices in the Southern Hemisphere.
• Together we can contribute to protecting the Group, Customers and Community.

Do work that matters:

We're building tomorrow’s bank today, which means we need creative and diverse engineers to help us redefine what customers expect from a bank. Envisioning new technologies that are still waiting to be invented and reimagining products that support our customers and help build Australia’s future economy.

CommBank is recognised as leading the industry in IT and operations with its world-class platforms and processes, agile IT infrastructure, and innovation in everything from payments to internet banking and mobile apps. Cyber Security protects the bank and our customers from theft, losses and risk events, through effective and proactive management of cyber security, privacy and operational risk.

See yourself in our team:  

The CBA technology unit delivers the best digital banking services to Commonwealth Bank customers and to do so is responsible for digital delivery, group data and analytics, technology and technology infrastructure, cyber, fraud, physical security and business resilience for all divisions across CBA. It is also dedicated to delivering the best workplace technology experience for our over 53.000 people across CBA and focused on providing the latest tools, technology, and resources to enhance the way we work together and empower our people to achieve more for our customers.

The mission of the Group’s Cyber Detection and Response team is to provide a high-performing, reliable, and sustainable assurances to detect, contain, and remediate attacks from cyber threats against the Group’s digital ecosystem.

As an Incident Responder or Lead Incident Responder, you will be part of a highly skilled and experienced team of specialists within the organisation's Cyber Attack Response Perth Team. You will be a hands on technical specialist responding to cyber attacks and managing proactive initiatives.

While having no direct reports you will be guiding and mentoring Analysts across your crew and consulting key stakeholders on technical and functional solutions and initiatives.

Your impact and contribution:

• Analyse data and logs to establish context and scope the full attack path of cyber-attacks in a methodical, accurate and descriptive manner.
• Command high priority incidents, including the driving of technical tasks to team members, development of remediation planning, working with the business on implementing the remediation plan through to the full recovery of systems impacted.
• Maintain incident response documentation, lead post incident review activities, and write incident reports.
• Partake in an “on-call” roster where required to ensure out-of-hours incident response coverage.
• Demonstrate thought leadership in the enhancement of incident response capabilities, including the running of brown bags and liaison with other teams.
• Participate in threat hunt and purple team activities to identify areas for improvement.
• Develop and implement AI-driven strategies and tools to detect, analyse, and respond to cyber threats. 
• Manage a variety of projects and initiatives.

We’re interested in hearing from people who are: 

You will bring:

• Proficient and highly experience in Incident Response (IR) or Security Operations Centre (SOC) essential.
• Highly technical across a broad set of systems and infrastructure.
• Able to articulate technical concepts while catering to different audiences is essential.
• Able to deal with pressure and be adaptive to change during major incidents.
• Expert in Splunk or similar SIEM technologies.
• A proficiency in Microsoft Defender for Endpoints (MDE) or other Endpoint Detection and Response (EDR) tools
• Experience with cloud security and knowledge of cloud platforms such as AWS or Azure.
• Experience with automation and scripting languages such as Python, PowerShell, or Bash.
• Possess the knowledge and skills to reverse-engineer malicious software (malware).