About the position
Join our Australian SOC team as a SOC Analyst. In this role, you will be the "engine room" of our security operations, moving beyond basic alert monitoring to lead deep investigations across a diverse range of client environments in Asia Pacific (APAC). You will work with a world-class security stack and have the autonomy to hunt for threats and recommend custom detections.
Responsibilities
• Lead investigations into complex security alerts utilising Splunk, Microsoft Sentinel, and SentinelOne SIEMs.
• Execute rapid containment and remediation actions using CrowdStrike Falcon, Microsoft Defender for Endpoint, and SentinelOne EDR.
• Optimise detection rules using KQL and SPL to enhance our proactive defence posture.
• Support regular threat hunting activities based on the MITRE ATT&CK framework to uncover hidden malicious activity.
• Produce detailed incident reports for technical and executive stakeholders.
• Understand data-loss prevention in the context of Security Operations.
• Participate in paid on-call roster every 3 weeks.
Requirements
• 2–4 years in a SOC or high-pressure security operations environment.
• Hands-on proficiency in Splunk, Sentinel, CrowdStrike, and Microsoft Defender.
• Strong understanding of TCP/IP, Windows/Linux internals, Cloud Security and common attack vectors (Phishing, Ransomware, Living-off-the-Land).
• One or more of the following: SC-200, Splunk Core Certified Power User, CompTIA CySA+, or SANS GCIH.
• Ability to clearly articulate technical risks to non-technical client stakeholders verbally and/or via email and ticketing system.
Nice-to-haves
• Experience with other SIEM and EDR technologies highly regarded.
Benefits
• wellness programs
• flexible working arrangements