About AARNet
Australia’s Academic and Research Network (AARNet) was established in 1989 and is widely regarded as the founder of the Internet in Australia and renowned as the architect, builder and operator of world-class network infrastructure for research and education.
We are Australia’s National Research and Education Network (NREN). We connect over one million users—researchers, faculty, staff and students—at institutions across Australia, supporting education and research across a diverse range disciplines including high energy physics, climate science, genomics, radio astronomy and the arts.
Nationally, AARNet interconnects Australian universities, the CSIRO, and other organisations who have a research and education mission, or with whom the education and research sector interacts. These include hospitals, vocational training providers, schools and museums. Internationally, AARNet interconnects the Australian Research and Education (R & E) community to the world – and continuously develops new capabilities and partnerships to facilitate seamless data access and transfer.
We are an organisation of innovators, doers, and courageous thinkers. We are not constrained by traditional products and solutions and we constantly strive to build the solutions that our customers will need tomorrow – today. If you have the imagination, foresight and drive to build the future why not come and join us?
The Role
In this key position, you will be given the responsibility and freedom to drive the AARNet SOC’s detection engineering and SOAR operations. You will oversee and participate in the development of threat detection strategy, rules, the optimisation of User and Entity Behaviour Analytics (UEBA) tooling, the creation of Security Orchestration, Automation and Response (SOAR) playbooks, and the effective integration of threat intelligence across SOC platforms.
This role requires close collaboration with our SOC analysts – the front line staff for investigating and responding to threats in an evolving adversary landscape. You will also have opportunities to co-design threat and automation content with both our vendors and our higher eductation customers. This is a unique opportunity to make a significant contribution to our ongoing security efforts and build a strong professional legacy in the cybersecurity field.
Responsibilities
- Contribute to the development and maintenance of AARNet SOC’s Detection Strategy, and corresponding engineering/technology strategies
- Utilise assigned SOC platforms effectively, ensuring their capabilities are fully leveraged in alignment with our detection and security objectives.
- Develop threat hunting strategies in collaboration with our SOC analyst team, facilitating actor-centric research, producing threat intelligence, and integrating data elements to assist in the identification of malicious activity.
- Lead the development and fine-tuning of detection rules and models for the AARNet SOC.
- Drive the identification, prioritisation and standardisation of data source onboarding, enhancing our detection and threat hunting capabilities.
- Work closely with both internal and external teams to develop orchestration and automation content
- Stay abreast of emerging technologies and cyber threats, advising on market research and product evaluations, and leading the integration of new technologies into our SOC infrastructure.
Expertise, experience & qualifications
Must Have
- Proven experience in hands-on threat detection, with a strong understanding of the cyber threat landscape and the ability to translate threat intelligence into actionable steps.
- Solid understanding of Security Orchestration, Automation, and Response (SOAR) platforms, with experience in utilising such systems for threat detection and mitigation.
- Track record of leading successful SOC development initiatives, demonstrating project management skills beyond mere task tracking.
- Fluent in threat intelligence creation, sharing, and integration; able to interpret and apply intelligence feeds effectively to bolster security posture.
- Bachelor's degree in a relevant field or equivalent practical experience.
Nice to have
- Good understanding of security threats across multiple platforms/environments (e.g., Windows/*nix/Cloud)
- Expertise on Windows Operating system, Active Directory
- Opensource system engineering related industry recognised certifications would be advantageous, such as RHCE, RHCSA
- Telecommunications and/or Education and Research industry experience would be advantageous
- Securty related industry recognised certifications would be advantageous, such as GSEC, GCIA, GPYC.
- Prior experience in working Service provider (SP) or Managed Security Services Provider (MSSP)
Important skills
- Security oriented and problem solving mindset (why do hackers hack?)
- Leadership (taking ownership and accountability for designated activities)
- A passion for being the “cat” more than the “mouse”
- Embracing mentorship for those who wish to learn
- High level of attention to detail and configuration management practices
- Able to translate business concepts into the required technical system based events needed to support objectives
- Excellent communication and interpersonal skills
- Ability to work effectively with others and influence across all levels of the organisation
- Great presentation skills are highly desired
Conditions of employment
AARNet is committed to diversity and providing equal opportunity to all. We’re a great place to work if you want to make a difference.
AARNet provides competitive remuneration and a host of other benefits including:
· 17% superannuation;
· Flexible work options;
· 24 weeks paid - Parental Leave for primary caregiver;
· 24 weeks paid - Adoption Leave;
· 16 weeks paid – Parental Leave for secondary caregiver;
· 5 days paid – Natural Disaster Leave;
· Strong Equal Opportunity focus;
· Sector leader in Social Responsibility and Ethics; and
· A culture and company structure that allows your career to grow with access to leading edge technologies
- Published on 11 Jul 2025, 5:00 AM