About the role: Cyber Incident Response Specialist

Reporting to the Cyber Defence Leader, the role will strengthen EnergyAustralia's cyber defence capability by assisting and coordinating the investigation and response to complex security incidents across IT and OT environments. Responsibilities include:

• Monitor, triage, and investigate security events and alerts determining severity and coordinating appropriate response actions.
• Perform analysis across logs, endpoint telemetry, and network data to identify indicators of compromise and scope the impact of security events
• Produce accurate and well-structured incident records, investigation notes, and closure reports in line with established processes and documentation standards
• Contribute to the improvement of detection rules, response playbooks, cyber controls, and operational processes based on the threat landscape and lessons learned from incidents
• Support the development and tuning of SIEM detection use cases to improve alert fidelity and reduce false positives
• Contribute to post-incident reviews, root cause analysis, and lessons learned documentation to support continuous improvement of the incident response function

Be Impactful when you are applying…

You will have some threat detection or incident response experience across a similar complex corporate landscape, with a desire to learn and uplift your security knowledge and prowess. Additionally, you will also have most of the following:  

• Bachelor’s degree in Cybersecurity or CompSci and/or relevant certifications such as GCIH, GCFA or CompTIA highly regarded   
• 3+ years of hands-on experience in security incident response or security operations, including experience leading investigations in complex environments.
• Experience with SIEM platforms (Microsoft Sentinel, Splunk, or similar), EDR/XDR solutions, and security orchestration tooling.
• Demonstrated ability to detect and respond security incidents across complex enterprise IT and OT environments.
• Demonstrated understanding of cyber control frameworks and the ability to assess and contribute to control alignment against an evolving threat landscape.
• Working knowledge of some of the following:
• Cyber-attack frameworks (e.g. MITRE ATT&CK, Cyber Kill Chain) and the current threat landscape, applied to lead investigations, detection engineering, and defensive improvements.
• Systems and networks including Windows, Linux, Active Directory, Entra ID, Linux, TCP/IP, firewalls, VPNs, and IDS/IPS.
• Conducting and monitoring investigations across cloud platforms (AWS, Azure, GCP, SaaS platforms).
• Clear and structured written communication skills, including the ability to produce accurate incident documentation.
• Willingness and availability to participate in a 24/7 on-call roster.

How to Apply:

If you’re ready to ‘light the way’ towards your next career move, click the 'Apply’ button to submit a confidential application. For any questions reach out to Jock Clydesdale, Talent Partner – Technology @ jock.clydesdale@energyaustralia.com.au  

Why Us?

EnergyAustralia is a place where all employees are genuinely valued, supported, and free to be themselves — because we believe that’s when we’re at our best.

We embrace diversity of background, experience, and perspective, and we encourage applications from Aboriginal and Torres Strait Islander peoples, people with disability, and those from the LGBTQ+ community.

Here’s what you can look forward to:

• Employee discounts on electricity and gas, plus savings on major brands and products
• 20 weeks’ paid parental leave – completely gender-equal
• Energise Program – flexible working that’s team-centric, enabling teams to agree and succeed together
• Performance recognition and incentive programmes – tailored to different roles and teams to reward great work throughout the year
• Supportive leaders and a down-to-earth culture where you can be your authentic self