Threat Analyst

Role overview

This opportunity is posted on behalf of a partner organization that handles the application review and next steps. The company is seeking a Threat Analyst located in Australia.

The role is a practical cybersecurity operations position centered on identifying, analyzing, and responding to sophisticated threats in complex enterprise environments. You will be part of a 24/7 managed detection and response operation, working across endpoints, networks, cloud services, and identity platforms. The work includes deep-dive incident investigation, malware review, log analysis, and threat hunting to expose attacker activity and reduce operational impact. You will work closely with senior analysts and security teams around the world, with exposure to advanced intrusion patterns such as ransomware, credential misuse, persistence, and lateral movement. The environment is collaborative, fast-moving, and focused on ongoing improvement and learning.

Key accountabilities

• Review and prioritize security alerts and incidents that have been escalated from endpoint, network, cloud, and identity sources within an MDR setting.
• Perform detailed investigations to identify the root cause, scope, attacker methods, and business impact of each incident.
• Analyze malware and scripts, including removing obfuscation and recognizing malicious patterns and behaviors.
• Assist with ransomware and advanced intrusion cases, including credential theft, persistence, and lateral movement analysis.
• Proactively search for threats using hypothesis-driven hunting and current intelligence.
• Combine data from EDR, SIEM, cloud logs, Windows, Linux, and identity platforms to reconstruct incident timelines and narratives.
• Look into suspicious authentication events, privilege escalation attempts, and possible identity compromise.
• Write clear investigation notes and provide practical containment and remediation guidance to clients and internal stakeholders.
• Help improve detections and refine response playbooks based on findings from investigations.
• Work with senior analysts on major incidents and contribute to a rotating 24/7 on-call schedule.

Requirements

• Between 4 and 6 years of experience in SOC, MDR, incident response, or broader cybersecurity operations roles.
• Hands-on experience with security alert investigation using EDR and SIEM tools.
• Good understanding of ransomware behavior, intrusion techniques, and adversary tradecraft.
• Practical experience with Windows and Linux investigation work, including logs, processes, and system artifacts.
• Ability to deobfuscate scripts and examine malware to determine malicious activity.
• Working knowledge of the MITRE ATT&CK framework and common attack techniques.
• Ability to interpret Windows Event Logs, Linux logs, and Active Directory data.
• Experience in cloud and identity-focused investigations, including unusual authentication activity and privilege misuse.
• Understanding of network fundamentals such as TCP/IP, DNS, and HTTP/S, plus traffic analysis methods.
• Strong scripting ability, especially in PowerShell, with Python or a similar language also required.
• Excellent analytical thinking, troubleshooting, and investigation documentation skills.
• Comfortable managing several investigations at once in a high-pressure environment.
• Strong written and verbal communication skills.
• Security certifications such as Security+, CySA+, GCIH, or equivalent, along with a relevant degree, are considered an advantage.

Benefits

• Competitive compensation aligned with experience.
• Remote-first working style with flexibility depending on role needs.
• Chance to work on meaningful cybersecurity incidents with global impact.
• Ongoing learning and professional growth in advanced threat detection and response.
• Exposure to modern MDR, XDR, and threat intelligence tools and practices.
• Inclusive, collaborative, and globally connected security operations culture.
• Access to wellbeing initiatives, wellness days, and employee engagement activities.
• Opportunities for career progression within a leading cybersecurity organization.

Additional information

Applications and later-stage hiring steps are managed by the partner company rather than the listing platform. The employer uses an AI-supported matching process to shortlist applicants against the role requirements, after which the candidate list is shared with the hiring company. Final interviews, assessments, and hiring decisions are handled by the employer's internal team.

Data privacy notice

By applying, you agree that your personal information may be processed to assess suitability for the role and shared with the hiring employer. This processing is based on legitimate interest and pre-contractual steps under applicable data protection laws, including GDPR. You may request access, correction, deletion, or objection at any time.

AI tools may be used to support parts of recruitment, such as reviewing applications, analyzing resumes, or checking responses for inconsistencies or verification signals. These tools assist the recruitment team but do not replace human judgment, and final hiring decisions are made by people.