Digital Forensic Analyst

Triskele Labs are one of the leading providers of cybersecurity services in Australia. We assist clients to reduce their risk of a cyber compromise through the delivery of risk-considered controls.

Triskele Labs are one of the last remaining boutiques in Australia. We are currently the largest CREST Registered Penetration Testing company in Melbourne and one of the only boutiques to run a 24x7x365 Security Operations Team completely onshore.

The Triskele Labs Digital Forensics and Incident Response (DFIR) team assists clients of all sizes to prevent and respond to cyber-attacks. Our team has responded both in person and remotely to incidents across Australia and the world. We get clients back online quickly, determine the root cause of an incident and find out if data has been compromised.

As an end-to-end cyber security provider, the DFIR team can also draw on experts across the organisation including offensive and defensive cybersecurity specialists. We investigate and analyse breaches to determine the root cause and implement controls to contain the incident. All DFIR is backed by a professional report for clients that outlines all findings and recommendations.

Requirements

We are seeking a DFIR Analyst to lead and support incident response engagements from initiation to closure across legal, insurance, retainer, and SOC escalation channels. You'll provide expert advice to clients during high-pressure situations, prioritising workload based on incident criticality and team direction.

Key Responsibilities:

• Conduct Digital Forensics and Incident Response (DFIR) investigations across diverse environments, including crisis support outside normal hours.
• Present technical findings clearly to both technical and non-technical audiences.
• Perform forensic analysis on images, logs, and malware samples (static and dynamic analysis).
• Develop targeted threat hunts tailored to client industries.
• Document procedures, findings, and improve internal methodologies.
• Provide expert guidance and calm leadership during incidents.

What We're Looking For:

• 1+ years of DFIR experience.
• Proven understanding of the incident response lifecycle and attacker TTPs.
• Strong forensic investigation skills with experience in chain of custody, malware analysis, and investigation protocols.
• Excellent analytical, communication, and interpersonal skills.
• Ability to work independently, remotely, and collaboratively across teams.

Technical Skills:

• Experience with EDR tools: SentinelOne, Crowdstrike, Microsoft Defender, Carbon Black.
• Familiarity with SIEM platforms: Elastic, Rapid7, Microsoft Sentinel.
• Use of forensic tools like Magnet Axiom, KAPE, Velociraptor, HAWK, Volatility, Hayabusa, and Chainsaw.

Highly Regarded Certifications:

• GIAC Certified Forensic Examiner (GCFE)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Certified Incident Handler (GCIH)
• Magnet Axiom or equivalent tool certification
• SpectreOps Adversary Tactics: Detection

Benefits

Team culture is everything to Triskele Labs and it is the reason we exist. We are a forward-thinking company and always looking for ways to boost our team culture to ensure we are a destination employer. We continually undertake surveys to seek feedback from our team on ways we can improve our work environment and team member experience at Triskele Labs.

We provide our team a great range of additional benefits such as:

• Collaborate closely with C-Suite executives and gain insights from top industry leaders.
• Help influence the DFIR Team's direction while advancing your own career.
• Enjoy a brand-new office located in the heart of Melbourne CBD.
• Frequent events organised by our People & Culture Team.

Working Arrangements:

The role is fully remote, and are looking for someone located from any state with America.