Security (Information & Communication Technology)Full timeBastion is a growing security group, now bringing together ZX Security, Quantum Security, Helix Security, Cassini, and our latest addition, Cythera, as we continue to expand and strengthen our expertise.
We offer a wide range of cyber security consulting and managed security services to a variety of New Zealand, Australian and international businesses.
The work we do helps secure critical infrastructure, banks, telcos, the energy sector, and technology companies.We're looking for technically savvy, motivated Digital Forensics and Incident Response (DFIR) Analysts or Senior Analysts to join our Investigations team and support the growth of our DFIR practice.
We're equally interested in talking to you whether you have an interest in joining our team in a junior or senior capacity.The roleYour responsibilities will span from scoping security incidents through to the delivery of a high-quality product.
Given your technical prowess, you will ensure appropriate work-streams are implemented during customer engagements and can complete these work-streams, or you can effectively delegate to others and take ownership of their output.
You'll be working closely with an exciting range of clients across New Zealand and Australia, from small kiwi-owned businesses to well-known public sector organisations to NZX/ASX listed enterprises and everything in between.Key tasks and responsibilities:Supporting customers with their security incidents from helping to scope enquiries through to reporting outcomes.Proactively preserving key evidence sources at the earliest opportunity and identifying likely security control weaknesses and recommendations.Hunting at scale using appropriate toolsets (i.e., Velociraptor) for evidence of malicious activity and understanding what to look for, why, and how.Analysing logs for suspicious activity and correlating findings against other evidence sources.Piecing together all findings to determine what happened and whether additional investigative avenues are required.Providing updates to your team lead and/or customers on current findings as matters progress.Leveraging EDR toolsets to support identification, containment, and eradication efforts of malicious activity.
Determine EDR configuration improvements early-on.Leveraging your exceptional knowledge to undertake targeted host-based analysis to determine what happened, knowing what to look for, why, and how.Working with others and collectively taking responsibility in producing high-quality work.Supporting tabletop exercises and playbook development for customers.Supporting compromise evaluation technical work-streams.Ensuring retainer customers' escalations are responded to, audited, and closed.Identifying any process gaps or improvements and ensuring continual development of these.About youThese are the main attributes we're looking for, and a role with Bastion might be a good fit for you if you have some or most of these.
Don't worry if you don't tick all the boxes; for the right candidates, we'll provide training and on-the-job learning in a supportive team environment:Experience:2+ years' experience in a DFIR or SOC role, specifically with demonstrable knowledge with responding to security incidents (i.e., BEC's, ransomware, malware, insider threat) preferably across large and complex environments.Exceptional understanding and experience with IR, EDR, and Forensic tooling (i.e., Velociraptor, CrowdStrike, MDfE, X-Ways, and Axiom) – with preference to acquired certifications (i.e., CCFA, CCFR, CCFH, SC200, X-PERT, MCFE).Experience working with Cyber Insurers, Legal Counsels, and C-Suite.Qualifications:Industry-recognized IR qualifications (i.e., GCFA, GCFE / CFCE, GREM, GCFR), or alternative relevant certification(s) would be considered.Cybersecurity knowledge:You have a passion for cybersecurity, and you're able to explain security fundamentals and appropriate security controls to address shortcomings within impacted environments early on.Understanding of an investigation lifecycle and adept at all phases: scoping, data identification – collection and preservation, analysis, and reporting.Scripting/programming knowledge would be desirable.You are familiar with common attack scenarios but equally keep abreast of evolving threats.You understand what to look for, why, and how, when considering a range of attack scenarios and can overlay this with appropriate frameworks.Critical thinking skills:You're good at analysing information, asking questions, and solving problems.Have a natural ability to apply an investigative mindset to security incidents and can manage/co-ordinate these investigative tasks.You manage your time effectively, can take ownership of engagements or tasks to deliver work on time, and can take the initiative to get tasks done.You ensure the accuracy of deliverables to a high standard and can effectively quality check others' work.Ability to be flexible and adaptive to the evolving needs of our DFIR customers.You can effectively communicate your knowledge to a range of people, whether that's giving a presentation, talking on the phone, or writing a document or email.
You will pick the right message for the right audience, be that C-suite or end-user.Security clearance:You must be able to obtain and maintain a NZ Government National Security clearance (TS/TSS).
It would be advantageous if you are a New Zealand Citizen, or from a Five Eyes country.Benefits of working for Bastion:Competitive remuneration package and quarterly profit share scheme.Supportive and fun work environment, great team culture, and regular social events.Substantial training budget, study time allowance, regular team training sessions, and internal mentor programme.Additional long-service leave.Flexible working hours and options to work from home 1-2 days per week.Large waterfront offices in Wellington CBD, and large city centre Auckland offices, both within a 10-minute walk of our major clients.Fruit and soft drinks at the office, and access to an employee gym.Interested?If this sounds like you, please apply below and include a CV and cover letter.
Successful candidates will be required to complete a criminal record check during the onboarding process.Please note that this mailbox will not be monitored for the period 21st December 2024 – 5th January 2025.To learn more about us, visit Bastion Security.Your application will include the following questions:Which of the following statements best describes your right to work in New Zealand?What's your expected annual base salary?How much notice are you required to give your current employer?Do you hold New Zealand security clearance?
#J-18808-Ljbffr