Reports to: Manager, Security Operations Center
Location: Remote Australia
Compensation Range: $165,000 to $185,000 AUD base plus bonus and equity. This role may be eligible for on-call/call-in pay in addition to base pay.
What We Do:
Founded in 2015 as a fully remote company by former NSA cyber operators, Huntress was built on a simple premise: to force hackers to earn every inch of their access.
Today’s cyber-attacks aren’t limited to large organizations with the security tools that can ward off threats. Hackers don't discriminate and will find a way to penetrate any vulnerability in any size business, which is why Huntress focuses on protecting those small to midsize businesses that make up the backbone of our economy.
Huntress stops hidden threats that sneak past preventive security tools by utilizing our award-winning security platform and expert human threat hunters through dynamic products, including Managed EDR, MDR for Microsoft 365, and Managed Security Awareness Training.
Join the hunt and help us stop hackers in their tracks!
What You’ll Do:
Huntress is seeking a Senior SOC Analyst to join our rapidly growing Australia-based SOC team. This is a unique opportunity to be part of our mission to build the premier investigative team in Australia, protecting businesses from cyber threats while actively shaping the future of cybersecurity in the region.
At Huntress, we’re looking for passionate security practitioners who thrive on detecting and responding to cybercrime. If you love triaging pre-ransomware intrusions, tracking attackers through a network, and kicking them out before they achieve their objectives, this role is for you. Our analysts excel in triaging alerts, contextualising endpoint telemetry, analysing logs, leveraging forensic artifacts, and understanding malware, to unravel the full scope of an intrusion. You’ll also have the freedom to push your own detections and spend time hunting for novel attack activity, ensuring you’re always at the cutting edge of cybersecurity.
As a Senior Analyst, in addition to triaging alerts and responding to intrusions, you’ll lead key efforts, mentor junior team members, and collaborate closely with our Product team to help shape Huntress’ MDR service and platform. This role offers hands-on opportunities across Incident Response, Security Operations, Threat Hunting, and Detection Engineering, empowering you to grow your skills and make a real impact on the world.
At Huntress, we don’t just want you to succeed—we want you to thrive. This is why we prioritize helping our team members grow their personal brands in the broader security community. Whether it’s through blogs, conference talks, webinars, or research publications, we’ll support you in sharing your work with the world. We believe this not only elevates Huntress but also enhances your career development, building your reputation as a leading voice in cybersecurity.
Responsibilities:
- Investigate and Respond: Triage, investigate, respond to, and remediate alerts generated by the Huntress platform
- Timeline Analysis: Leverage forensic artifacts, and host telemetry, to timeline and uncover threat actor activity on a system whilst developing effective remediation plans
- Malware Analysis: Perform static and dynamic analysis of malware where required to extract indicators of compromise or determine malicious intent of a file
- Threat Detection: Contribute to and refine detection capabilities by crafting and tuning alerts to address emerging threats
- Microsoft 365 Security: Investigate Microsoft 365 activity and deliver actionable remediation advice for compromised tenants
- Team Mentorship: Help guide and develop junior analysts through mentorship and knowledge sharing
- Content Creation: Regularly contribute to external-facing content such as blogs, webinars, conference talks, and thought leadership pieces
- Continuous Improvement: Continue to regularly grow your skills and knowledge by using our real world intrusion data and paid training opportunities on a regular basis
What You Bring To The Team:
- Security Enthusiasts: Practitioners with 4+ years of experience in SOC, Incident Response, Managed Detection and Response, or Digital Forensics roles
- Technical Expertise:
- In-depth knowledge of Windows OS attack surfaces, malware analysis, and basic threat actor tools and techniques
- An understanding of common system administration skills and how they are abused by threat actors to achieve their goals (Active Directory, PowerShell, Group Policies, Local Account Creation, etc)
- Familiarity with the underlying techniques in tactics in MITRE ATT&CK such as credential dumping, lateral movement, persistence mechanisms, exfiltration techniques, etc.
- Passion for Forensics: A love for digging into logs, processes, and artifacts to understand intrusions and outmaneuver attackers
- Mentorship Mindset: Proven ability to coach and uplift junior team members.
- Communication Skills: Strong verbal and written communication, capable of simplifying complex technical findings for diverse audiences
- Self-Motivation: Demonstrated self-guided learning or relevant academic background (Bachelor’s degree in IT, Computer Science, Cybersecurity, or equivalent)
Your Required Technical Experience:
- Familiarity with SIEM technologies e.g. Splunk, ELK, etc to query logs and answer investigative questions
- Experience extracting indicators of compromise to determine malicious intent of a binary or script through tools such as e.g. CAPE, x64dbg, CFF Explorer, Detect-It-Easy (DiE), Procmon, Autoruns, Process Explorer etc
- Advanced experience applying the MITRE ATT&CK Framework, and understanding the techniques and tools used by financially motivated threat actors or Advanced Persistent Threats
- Basic experience developing detection rules with at least one of the following: Sigma, Yara, Snort, Suricata, etc
- Ability to identify commonly exploited services exposed such as RDP through services or tools such, Shodan, Censys, etc
- Intermediate experience with Active Directory and administration tools on Windows, and how this can be leveraged to facilitate lateral movement in an environment
- Knowledge of common forensic artifacts such as SRUM, Prefetch, BAM, Jump Lists, etc and how these can be applied to investigating a potential intrusion
- Experience investigating web application compromises, including the ability to identify Web Shells through log or host artifact review
- Understanding of fundamental OS components of at least one of the following:
- Windows OS such as processes, threads, memory, the registry, scheduled tasks, services, COM objects, Alternate Data Streams etc
- MacOS such as processes, launch daemons, launch agents, extended attributes, Gatekeeper, SIP, etc
Other Desired Technical Experience:
- Basic scripting language experience to solve common problems or investigative questions e.g. Python, PowerShell, Ruby, etc
- Understanding of common Windows Event logs used for investigations, and relevant tools to parse this data such as Hayabusa, Chainsaw, EvtxECmd, etc
- Experience with using tools to investigate user browsing history including reviewing and reading sqlite database files
- Working knowledge of common attacks targeting Microsoft 365 including rogue applications, BEC, AiTM, token theft, inbox rules, etc
- Ability to talk with others during an incident and convey technical concepts to non-technical stakeholders
What We Offer:
- Fully remote work
- 1-2 trips to the US annually for events such as Sales Kick-Off and Summer Summit!
- New starter home office set up reimbursement ($731 AUD)
- Generous personal leave entitlements
- Digital monthly reimbursement ($169 AUD)
- Superannuation
- Healthcare Benefits
- Access to the BetterUp platform for coaching, personal, and professional growth
Huntress is committed to creating a culture of inclusivity where every single member of our team is valued, has a voice, and is empowered to come to work every day just as they are.
We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, disability, veteran status, genetic information, marital status, or any other legally protected status.
People from all culturally diverse backgrounds, including Aboriginal & Torres Strait Islander Peoples, are encouraged to apply.
We do discriminate against hackers who try to exploit small businesses.
Accommodations:
If you require reasonable accommodation to complete this application, interview, or pre-employment testing or participate in the employee selection process, please direct your inquiries to accommodations@huntresslabs.com. Please note that non-accommodation requests to this inbox will not receive a response.
If you have questions about your personal data privacy at Huntress, please visit our privacy page.