Principal Security Analyst

NCS Australia -
Melbourne VIC

Quick Apply

Job Details

Full-time
7 hours ago

Benefits

Parental leave
Insurance services

Qualifications

Azure
CISSP
Disaster recovery
Google Cloud Platform
CISM
AWS
Incident response
Network protocols
Splunk
Scripting
SIEM
Cybersecurity
AI
CompTIA Security+
Communication skills
GCIH

Full Job Description

Company Description

At NCS Australia, we believe in doing technology services better. Our commitment to quality, focus on people, and willingness to challenge traditional thinking set us apart. Our team brings this belief to life by partnering with our clients and communities to make tomorrow together.

We are committed to creating an environment that prioritises innovation, collaboration, and purposeful work. Our diverse team is empowered to make a meaningful impact with curiosity, creativity and resilience to shape better outcomes. Join us and accept the challenge of creating a better tomorrow.

Job Description

We are seeking a Principal Security Analyst to join our cyber security operations team in a senior hands-on role focused on advanced detection, investigation, incident response, automation, AI-enabled SOC uplift, and continuous improvement.

This role operates at a senior or L3 capability level within the Security Operations Centre. You will act as a key escalation point for complex security events, lead high-impact investigations, improve detection and response capability, and provide technical guidance to analysts across the team. You will report to the Cyber Operations Team Lead and work closely with analysts at all levels, incident response leads, and cross-functional stakeholders including Group GRC.

A key part of the role is identifying opportunities to use AI, automation, and improved tooling to reduce manual effort, improve investigation quality, accelerate triage, and support consistent analyst decision-making while maintaining appropriate human oversight and security governance.

What You’ll Do

Lead investigation and response to complex or high-severity security incidents, acting as the senior escalation point for SOC analysts.
Conduct advanced threat hunting across enterprise, endpoint, identity, network, and cloud environments.
Develop, tune, and improve detections across SIEM, EDR/XDR, cloud security, and identity platforms.
Support digital forensic investigations, including endpoint, disk, memory, network, identity, and cloud evidence analysis.
Develop automation and identify practical AI-assisted improvements across SOC workflows, including alert enrichment, triage, containment, reporting, and knowledge management.
Improve incident response playbooks, runbooks, escalation criteria, and operating procedures.
Build and maintain effective working relationships with Group GRC, supporting governance, compliance, and control validation activities as they relate to security operations.
Produce clear investigation notes, incident reports, root cause analysis, and executive-ready summaries.
Mentor junior and mid-level analysts through coaching, peer review, and knowledge sharing.

You are an experienced cyber security operations professional who takes ownership of complex investigations, makes sound decisions under pressure, and guides others during incidents. You are comfortable working across technical domains and can translate detailed findings into clear, actionable outcomes.

You Will Bring

Significant hands-on experience in cyber security operations, SOC analysis, incident response, threat hunting, detection engineering, or a closely related field, operating at a senior analyst or L3 escalation level.
Strong incident response experience across detection, containment, eradication, recovery, and lessons learned.
Practical experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, or equivalent) and EDR/XDR platforms (e.g., CrowdStrike Falcon, Microsoft Defender XDR, or equivalent).
Experience investigating activity across at least one major cloud platform (AWS, Azure, or GCP).
Strong understanding of networking, common protocols, Windows and Linux operating systems, identity, and Active Directory environments.
Experience using scripting or automation (e.g., Python, PowerShell, Bash, or similar).
Familiarity with MITRE ATT&CK and its application in detection engineering, investigation, and threat hunting.
Strong written and verbal communication skills, including the ability to produce clear technical reports and stakeholder updates.

Qualifications

Relevant certifications are desirable but not mandatory where equivalent practical experience can be demonstrated. Examples include:

Incident Response & Forensics: GCIA, GCIH, GCFA, GCFE, GNFA, GSOM, CySA+
Security Management & Architecture: CISSP, CCSP, CISM, Security+
Cloud & Platform Security: Microsoft SC-200, AZ-500, AWS Security Specialty, Google Professional Cloud Security Engineer, or relevant DevSecOps, automation, or AI certifications

Tertiary qualifications in cyber security, information technology, computer science, engineering, or a related discipline are also desirable but not mandatory.

What Success Looks Like

Complex investigations are handled thoroughly, accurately, and in a timely manner.
Detection coverage, alert quality, and investigation context improve over time.
Automation and AI-assisted workflows reduce manual effort, improve consistency, and support faster analyst decision-making — adopted responsibly with appropriate validation and human oversight.
Playbooks, runbooks, and reporting artefacts are practical, current, and useful.
Analysts benefit from your mentoring, technical review, and knowledge sharing.
Stakeholders, including Group GRC, have confidence in the quality of your technical advice and operational communication.

Personal Attributes

Makes calm, evidence-based decisions during high-pressure incidents.
Takes ownership of complex problems and drives them through to resolution.
Communicates clearly with technical, business, and executive audiences.
Supports and develops others through coaching, review, and knowledge sharing.
Curious about emerging technologies with a practical eye for applying AI and automation to improve security operations.
Handles sensitive information with discretion, professionalism, and integrity.
Works constructively across teams and contributes to a collaborative culture.

Additional Information

Why join us:

NCS Australia is where you can feel at home, nurturing your talents and skills as we make tomorrow together, one day at a time. Our benefits include paid parental leave, initiatives focused on your well-being and discounted health insurance. You will also enjoy discounts on various products and services and be regularly recognised and rewarded for high performance. We are committed to your career development through our Capability Fingerprint, industry and partner training programs, special interest groups, and an AI-driven learning platform. No matter where you are in your career, we offer meaningful work and opportunities for growth.

NCS Australia is an equal-opportunity employer, and we take pride in our commitment to valuing and supporting our people and the communities we serve.We are dedicated to attracting, retaining and developing our people regardless of gender identity, ethnicity, sexual orientation, disability and age. Applications are encouraged from all sectors of the community and we strongly encourage applications from the Veterans, Aboriginal and/or Torres Strait Islander community.

At NCS Australia, we are committed to supporting adjustments throughout the recruitment and selection process, as well as during employment. We actively support and encourage people with disability to apply.

Agencies:

We’ve got this. We request that you do not contact NCS employees outside of the Talent Acquisition team. NCS exclusively accepts resumes from agencies on our preferred supplier panel through the NCS Agency Portal. Agencies that submit resumes must have a valid fee agreement and be assigned to the particular requisition by the Talent Acquisition team. Any resumes that are submitted outside of this process will become the sole property of NCS. If a candidate is hired outside of this process, no fee or payment will be given.

Work rights and background checks:

To be eligible for a position with us, applicants will need to have valid work rights for Australia and be willing to undergo a comprehensive background checking process, including probity and police checks

Quick Apply

Job Seeker Tools

Employer Tools

Browse

Stay Connected