Principal Security Analyst

Responsibilities

• Lead investigation and response to complex or high-severity security incidents, acting as the senior escalation point for SOC analysts.
• Conduct advanced threat hunting across enterprise, endpoint, identity, network, and cloud environments.
• Develop, tune, and improve detections across SIEM, EDR/XDR, cloud security, and identity platforms.
• Support digital forensic investigations, including endpoint, disk, memory, network, identity, and cloud evidence analysis.
• Develop automation and identify practical AI-assisted improvements across SOC workflows, including alert enrichment, triage, containment, reporting, and knowledge management.
• Improve incident response playbooks, runbooks, escalation criteria, and operating procedures.
• Build and maintain effective working relationships with Group GRC, supporting governance, compliance, and control validation activities as they relate to security operations.
• Produce clear investigation notes, incident reports, root cause analysis, and executive-ready summaries.
• Mentor junior and mid-level analysts through coaching, peer review, and knowledge sharing.
• You Will Bring
• Significant hands-on experience in cyber security operations, SOC analysis, incident response, threat hunting, detection engineering, or a closely related field, operating at a senior analyst or L3 escalation level.
• Strong incident response experience across detection, containment, eradication, recovery, and lessons learned.
• Practical experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, or equivalent) and EDR/XDR platforms (e.g., CrowdStrike Falcon, Microsoft Defender XDR, or equivalent).
• Experience investigating activity across at least one major cloud platform (AWS, Azure, or GCP).
• Strong understanding of networking, common protocols, Windows and Linux operating systems, identity, and Active Directory environments.
• Experience using scripting or automation (e.g., Python, PowerShell, Bash, or similar).
• Familiarity with MITRE ATT&CK and its application in detection engineering, investigation, and threat hunting.
• Strong written and verbal communication skills, including the ability to produce clear technical reports and stakeholder updates.
• Relevant certifications are desirable but not mandatory where equivalent practical experience can be demonstrated. Examples include:
• Incident Response & Forensics: GCIA, GCIH, GCFA, GCFE, GNFA, GSOM, CySA+
• Security Management & Architecture: CISSP, CCSP, CISM, Security+
• Cloud & Platform Security: Microsoft SC-200, AZ-500, AWS Security Specialty, Google Professional Cloud Security Engineer, or relevant DevSecOps, automation, or AI certifications
• Tertiary qualifications in cyber security, information technology, computer science, engineering, or a related discipline are also desirable but not mandatory.
• What Success Looks Like
• Complex investigations are handled thoroughly, accurately, and in a timely manner.
• Detection coverage, alert quality, and investigation context improve over time.
• Automation and AI-assisted workflows reduce manual effort, improve consistency, and support faster analyst decision-making - adopted responsibly with appropriate validation and human oversight.
• Playbooks, runbooks, and reporting artefacts are practical, current, and useful.
• Analysts benefit from your mentoring, technical review, and knowledge sharing.
• Stakeholders, including Group GRC, have confidence in the quality of your technical advice and operational communication.
• Personal Attributes
• Makes calm, evidence-based decisions during high-pressure incidents.
• Takes ownership of complex problems and drives them through to resolution.
• Communicates clearly with technical, business, and exe

Additional Information

We are seeking a Principal Security Analyst to join our cyber security operations team in a senior hands-on role focused on advanced detection, investigation, incident response, automation, AI-enabled SOC uplift, and continuous improvement. This role operates at a senior or L3 capability level within the Security Operations Centre. You will act as a key escalation point for complex security events, lead high-impact investigations, improve detection and response capability, and provide technical guidance to analysts across the team. You will report to the Cyber Operations Team Lead and work closely with analysts at all levels, incident response leads, and cross-functional stakeholders including Group GRC. A key part of the role is identifying opportunities to use AI, automation, and improved tooling to reduce manual effort, improve investigation quality, accelerate triage, and support consistent analyst decision-making while maintaining appropriate human oversight and security governance.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Ncsaustralia? Share your experience