The Reserve Bank of Australia (RBA) is hiring for a Manager – Cyber Hunt & Incident Response to join a skilled team on a permanent basis. In this role, you will lead and mature the RBA’s cyber hunt and incident response capability, ensuring alignment with the organisation’s cybersecurity strategy. You will provide expert technical leadership and subject matter expertise, managing a high-performance team responsible for detecting, investigating, containing and responding to cyber threats across the organisation.
About the team
The Cyber Hunt & Incident Response Team (HIRT) forms a critical part of the RBA’s cyber defence capability and works closely with the Cyber Security Operations Team (CSOT), Cyber Security Engineering Team (CSET), Cyber Threat Intelligence Centre (CTIC) and Offensive Security functions. The team is responsible for proactive threat hunting, responding to suspected and confirmed cyber security incidents, and continually improving the RBA’s detection and response posture in the face of evolving threats.
The team operates in a highly collaborative, intelligence-led and technically deep environment, focused on protecting the RBA and the critical infrastructure it operates.
Key responsibilities
Lead and mature the RBA’s Cyber Hunt & Incident Response capability, including the development and execution of a long-term strategy, operating model, playbooks and roadmap aligned to the organisation’s overall cybersecurity strategy.
Provide technical leadership over threat hunting activities, applying adversary-focused methodologies to identify malicious activity that may bypass traditional security controls, with a focus on threats relevant to Government, Central Banks, the financial sector and critical infrastructure
Lead and coordinate the technical response to cyber security incidents, working closely with other stakeholders, providing expert technical guidance, management and analysis through all stages of a cyber security incident.
Oversee digital forensics and incident investigation activities, ensuring high-quality evidence collection, analysis and documentation to support root cause analysis, lessons learned, regulatory obligations, and where required, law enforcement engagement.
Contribute to the development and maintenance of the RBA Cyber Incident Response Plan, playbooks and procedures, and ensure they are regularly tested and exercises through simulations, tabletop exercises and purple team activities.
Support staff training initiatives, mentoring team members to foster a culture of growth and accountability, and closely monitor their progress to bring out their best potential
Support cross‑functional responsibilities and other duties as directed by the Chief Information Security Officer (CISO).
About You
We are looking for a candidate that is passionate about cyber security and technology, and who enjoys leading and developing technically strong teams. You thrive in high-pressure environments, can balance hands-on technical depth with strategic oversight, and communicate clearly with both technical and non-technical stakeholders.
To be successful in this role you will possess:
At least 5 years' experience in a dedicated cyber security role with significant hands-on and leadership experience in incident response, threat hunting or DFIR functions. Alternatively, a minimum of 7 years' experience in an adjacent (cyber security or information technology) discipline will be highly regarded
Demonstrated experience leading incident response and investigation activities, including malware analysis, endpoint and network forensics, log analysis and attacker lifecycle reconstruction.
Strong technical understanding of modern cyber threats and adversary behaviour, including tactics, techniques and procedures (TTPs) relevant to Government, the financial sector and critical infrastructure.
Familiarity with key analytical and operational frameworks, including (but not limited to): MITRE ATT&CK, Lockheed Martin Cyber Kill Chain, incident response and digital forensics methodologies, intelligence-led defence and purple team concepts.
A broad understanding of enterprise security architecture, operating systems, networking, cloud platforms, identity, and common enterprise technologies.
Strong written, verbal and presentation skills, with the ability to clearly explain complex technical findings, risks and response actions to senior leaders and stakeholders.
Demonstrable experience managing stakeholder relationships during high‑impact incidents, including the ability to influence outcomes and coordinate complex response efforts.
Experience using relevant incident response and digital forensics tooling such as Magnet Axiom, Velociraptor, Flare VM, SIEM (Sentinel), SOAR, and XDR (Defender)
A continuous-improvement mindset, with a keen eye for opportunities to enhance detection, response, speed, automation and operational resilience.
It is desirable that the ideal candidate have undertaken, or is undertaking, one or more of the following (or similar):
Tertiary qualification in a relevant field, or equivalent practical experience
Vendor specific certifications
Security Blue Team Level 2
SANS/GIAC Incident Response, Digital Forensics, Threat Hunting certifications
Certified Information Systems Security Professional (CISSP) or Certified Information Systems Manager (CISM)
A security clearance will be necessary for this role, as a result we can only accept applications from Australian Citizens.
Be More
Working for an organisation that truly makes a difference to the people of Australia, we can offer development and career opportunities in a collaborative environment that supports your growth and wellbeing and promotes flexibility. Your individual growth and success drive the RBA forward as an organisation. Be more means you can do more, for yourself and for Australia.
Why RBA?
The RBA makes an important contribution to the Australian economy through the pursuit of national economic policy objectives and associated activities in financial markets and banking. We also issue Australia's banknotes and operate infrastructure critical to the payments system, all of which contribute to the welfare of the Australian people. Made up of specialists across a wide range of fields, our people, values, and culture play a critical role in achieving our objectives. Striving to be Open & Dynamic, we consider and incorporate different perspectives, work across teams, and are transparent with each other whilst delivering quality together effectively and focusing on outcomes by prioritising, testing, learning, and refining as we go. Our people conduct themselves with a high degree of integrity while striving for excellence in the work they perform and the outcomes they achieve. We encourage intelligent inquiry and we treat one another with respect while promoting the public interest through our efforts. We know it is the growth and success of our people that drives the RBA forward. Come and make a bigger contribution while you build and develop your own skills too, because being more means you can do more, for yourself and for Australia.
The Reserve Bank of Australia is committed to equity, diversity, and inclusion through key initiatives. We welcome and encourage applicants from diverse backgrounds to apply, including Aboriginal and Torres Strait Islander peoples, culturally and linguistically diverse backgrounds, those living with a disability, and from the LGBTQ+ community. We are committed to making the recruitment process fair and equitable for all our candidates.
Application Close :
April 28, 2026.