Share this Job

Security Operations Centre Engineer


Sydney, NSW, AU


Flexibility, opportunity and incredible experiences reward the hard work required to succeed at Deloitte. We champion and support our talented people in achieving their career goals and collectively celebrate success.


About our team

Our Cyber Intelligence Centre (CIC) provides 24x7 cyber monitoring, threat intelligence, cyber analytics, threat hunting, cyber incident response, and a number of other managed security services.  The Sydney CIC is part of a global network of over 30 Deloitte cyber intelligence centres globally.


About the Role

As a Senior Security Operations Centre (SOC) Engineer, you will be responsible for architecture, implementation, continuous improvement, and day to day management of our CIC toolset and managed security solutions for our clients.


This role will be focused on the development of security tools and platforms used by the various CIC teams in day to day monitoring and response activities. Over the next 12 months, we will be working through some major platform improvement initiatives with SOAR, SIEM, EDR, OT/ICS monitoring, DevSecOps and Cloud Security.  Plenty of challenging project opportunities!


We’re looking for someone with strong analytical and problem-solving skills who can deliver effective solutions in a timely manner. The candidate will have previous hands-on experience working in engineering roles and should bring an open mind to take on business problems and develop technical solutions.


About your experience


Successful applicants will have experience in as many of the areas below as possible, starting at the top of the list and working down in terms of priority:


  • Minimum of 5 years’ experience in the security industry ideally with some experience in SOC engineering roles.
  • A strong understanding of security event investigation, incident management and SOC operating models.
  • Experience with SIEM and data lake platforms such as Splunk, Elasticsearch, QRadar, ArcSight ESM, and Azure Sentinel.
  • Experience with stream processing and data transform solutions such as Nifi, Kafka and Logstash.
  • Experience with SOAR solutions such as Palo Alto XSOAR (Demisto) and Phantom.
  • Experience with native cloud security controls and security best practices for AWS, Azure and GCP.
  • Strong understanding of cyber-attack tactics, techniques and procedures, threat modelling and development of detection use cases mapped to MITRE ATT&CK. 
  • Experience building analytics and machine learning models to detect cyber threats.
  • Experience with threat intelligence solutions such as MISP and ThreatConnect.
  • Experience integrating security tools into DevOps pipeline (Azure, Jenkins, Bamboo, etc).
  • Experience with EDR solutions such as CarbonBlack, Crowdstrike and Palo Alto XDR.
  • Experience with OT monitoring solutions such as Claroty and Dragos.
  • Advanced scripting (Bash, Python, Groovy, JS) skills, etc.
  • Appropriate professional certifications such as CISSP, CISM, CEH, GCIH, GCIA, and vendor technology certifications like CCNP.
  • Technical experience in general information security best practices, TCP/IP networking and routing fundamentals, unix/linux system administration, network troubleshooting, intrusion detection/prevention.
  • An individual with excellent written and verbal communication skills.
  • An individual willing to taking on new challenges, gain new skills and work collaboratively in a dynamic and rapidly growing team.


Next steps

If you're interested in this role, please 'apply now'.  If you require more information you can contact Katya Nemirovich on knemirovich@deloitte.com.au for a confidential discussion.