About the company
Our client is a large government agency that is currently undergoing a complex digital transformation. As part of this program, there is a multi-year cybersecurity uplift initiative in place to enhance cyber awareness across the country.

About the role
As a Senior Threat Intelligence Analyst / DFIR, you’ll lead the charge against sophisticated cyber threats, oversee technical incident response, and build the future of threat detection and forensics across the country. Whether you’re reverse engineering malware, guiding a SOC through a ransomware crisis, or presenting evidence in a courtroom your expertise will be felt at every level.

What you will be doing?

• Coordinate and manage complex cyber events, acting as both a technical expert and escalation point during major breaches, ransomware attacks, and advanced persistent threats (APTs).
• Design and execute purple team exercises that challenge our national cyber defence capabilities. Lead red/blue team engagements without disrupting operations.
• Mentor analysts, run technical workshops, and embed a culture of continuous learning and threat-informed defence across SOC.
• Lead post-incident reviews, document lessons learned, fine tune detection capabilities, and shape future response playbooks and tooling.
• Monitor global threat landscapes, evaluate emerging techniques, and adapt organisation’s response methodologies accordingly.

What do you need?

• 7+ years of cyber security experience, with 5+ years hands-on in high-severity incident response
• Deep knowledge of digital forensics practices and tooling (KAPE, Hayabusa, Chainsaw, etc.)
• Advanced skills in SIEM and EDR platforms (e.g., Splunk, Sentinel, Carbon Black)
• Expertise in APT tactics, attacker behaviours, and purple teaming methodologies
• Demonstrated ability to lead technical investigations and articulate findings clearly to execs and non-technical audiences
• Experience designing and running threat simulation exercises
• Ideally some relevant certifications like GCIH, GMON, GCED, BTLO (L1/L2), Sec+, CySA+

Due to the nature of this position, we're only accepting application from candidates who have existing New Zealand Residency or Citizenship. This position can be based in either Auckland, Wellington or Christchurch and it's mostly remote.
Need more information? Please contact yaman@84recruitment.co.nz