EY Digital Forensics and Incident Response Analyst in Australia

Digital Forensics and Incident Response Analyst

Core Business Services

Requisition # AUS0019V

Post Date 5 days ago

Join our Core Business Services (CBS) team and you will help support the important business enablement functions that keep our organization running strong. As a CBS professional, you will work across teams to provide the knowledge, resources and tools that help EY deliver exceptional quality service to our clients, win in the marketplace and support EY’s growth and profitability. Major teams within CBS include Finance, Information Technology, Human Resources, Enterprise Support Services, Brand Marketing and Communications, Business Development, Knowledge and Risk Management.

With so many offerings, you have the opportunity to develop your career through a broad scope of engagements, mentoring and formal learning. That’s how we develop outstanding leaders who team to deliver on our promises to all of our stakeholders, and in so doing, play a critical role in building a better working world for our people, for our clients and for our communities. Sound interesting? Well this is just the beginning. Because whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

Job summary:

The Digital Forensics & Incident Response (DFIR) Analyst will work to address security incidents, hunt down security risks or incidents within the environment, and act as a supporting team member in Cyber Defense. This position requires a thorough understanding of technology, tools, policies, and standards related to security systems and incident response. The incumbent must be competent to work at a high technical level of digital forensic, security incident response, and malware analysis, capable of identifying vectors of threats and security incidents, able to remediate or coordinate remediation efforts of a security incident, and develop documentation to support the security incident response process. Risk assessment techniques and good communication skills are a plus.

Key responsibilities:

Essential Functions of the Job:

  • Investigate, coordinate, bring to resolution, and report on security incidents as they are escalated or identified

  • Forensically analyze end user systems and servers found to have possible indicators of compromise

  • Analysis of artifacts collected during a security incident/forensic analysis

  • Interface and communicate with server owners, system custodians, and IT contacts to pursue security incident response activities, including: obtaining access to systems, digital artifact collection, and containment and/or remediation actions

  • Provide consultation and assessment on preserved security threats

  • Maintain, manage, improve and update security incident process and protocol documentation

  • Regularly provide reporting and metrics on case work

Analytical/Decision Making Responsibilities:

  • Resolution of security incidents by identifying root cause and solutions

  • Analyze findings in investigative matters, and develop fact based reports

Knowledge, skills, and Experience requirements:

  • Demonstrated integrity in a professional environment

  • Knowledgeable in business industry standard security incident response process, procedures, and life-cycle

  • Excellent teaming skills

  • Good social, communication and writing skills

Qualifications, Certifications, and Education requirements:


  • Bachelors or Masters Degree in Computer Science, Information Systems, Engineering or a related field


  • 5+ years experience in one or more of the following:

  • Deep understanding of security threats, vulnerabilities, and incident response

  • Understanding of electronic investigation, forensic tools, and methodologies, including: log correlation and analysis, forensically handling electronic data, knowledge of the computer security investigative processes, malware identification and analysis

  • Be familiar with a basic understanding of legalities surrounding electronic discovery and analysis

  • Experience with SIEM technologies (i.e. Splunk)

  • Deep understanding of both Windows and Unix/Linux based operating systems

Certification Requirements:

  • Candidates must hold or be willing to pursue related professional certifications such as GCFE, GCFA, GCIH, CISM, or CISSP

Who we are

EY is committed to being an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service while allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.