Threat Analyst

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Threat Analyst based in Australia.

This is a hands-on cybersecurity operations role focused on detecting, investigating, and responding to advanced threats across complex enterprise environments. You will play a key part in a 24/7 managed detection and response (MDR) function, working on real-world security incidents affecting endpoints, networks, cloud platforms, and identity systems. The role involves deep technical investigation work, including malware analysis, log correlation, and threat hunting, helping uncover attacker behavior and minimize business impact. You will collaborate closely with senior analysts and global security teams, gaining exposure to sophisticated intrusion techniques such as ransomware, credential abuse, and lateral movement. The environment is fast-paced, highly collaborative, and driven by continuous learning and improvement. This position offers the opportunity to strengthen defensive security capabilities while contributing directly to the protection of organizations worldwide.

• Investigate and triage escalated security alerts and incidents across endpoint, network, cloud, and identity environments within an MDR framework.
• Perform in-depth analysis to determine root cause, attack scope, adversary techniques, and overall impact of security incidents.
• Conduct malware and script analysis, including deobfuscation of suspicious code and identification of malicious behavior patterns.
• Support ransomware and advanced intrusion investigations, including credential abuse, persistence mechanisms, and lateral movement analysis.
• Carry out proactive threat hunting based on hypotheses and emerging threat intelligence.
• Correlate security data across EDR, SIEM, cloud logs, Windows, Linux, and identity systems to build complete incident narratives.
• Investigate authentication anomalies, privilege escalation, and potential identity compromise scenarios.
• Document findings clearly and provide actionable remediation and containment recommendations to clients and stakeholders.
• Contribute to detection engineering improvements and refinement of response playbooks based on investigation outcomes.
• Collaborate with senior analysts on high-severity incidents and participate in a 24/7 rotating on-call schedule.

Requirements:

• 4–6 years of experience in SOC, MDR, incident response, or cybersecurity operations roles.
• Strong experience investigating security alerts using EDR and SIEM platforms.
• Solid understanding of ransomware tactics, intrusion patterns, and adversary behaviors.
• Hands-on experience analyzing Windows and Linux systems, including logs, processes, and system artifacts.
• Experience deobfuscating scripts and analyzing malware behavior to identify malicious activity.
• Familiarity with MITRE ATT&CK framework and common adversary techniques.
• Ability to analyze Windows Event Logs, Linux logs, and Active Directory environments.
• Understanding of cloud and identity security investigations, including suspicious authentication and privilege misuse.
• Knowledge of network protocols (TCP/IP, DNS, HTTP/S) and traffic analysis techniques.
• Strong scripting skills, particularly PowerShell, with Python or similar language experience required.
• Excellent analytical, troubleshooting, and investigative documentation skills.
• Ability to manage multiple concurrent investigations in a fast-paced environment.
• Strong communication skills, both written and verbal.
• Security certifications (Security+, CySA+, GCIH, or equivalent) and a relevant degree are a plus.

Benefits:

• Competitive salary package aligned with experience
• Remote-first working model with flexibility depending on role requirements
• Opportunity to work on real-world, high-impact cybersecurity incidents globally
• Continuous learning and professional development in advanced threat detection and response
• Exposure to cutting-edge MDR, XDR, and threat intelligence technologies
• Inclusive, collaborative, and globally connected security operations environment
• Participation in wellbeing initiatives, wellness days, and employee engagement programs
• Career growth opportunities within a leading cybersecurity organization