Threat Intelligence Engineer

About AARNet

Australia’s Academic and Research Network (AARNet) was established in 1989 and is widely regarded as the founder of the Internet in Australia and renowned as the architect, builder and operator of world-class network infrastructure for research and education. 

As Australia’s National Research and Education Network (NREN). We connect over one million users — researchers, faculty, staff, students, hospitals, vocational training providers, schools and museums — across Australia.

We are an organisation of innovators, doers, and courageous thinkers. We don’t settle for the status quo; instead, we anticipate the future needs of our customers and build solutions today. If you share our imagination, foresight, and drive to shape the future, why not come and join us?

https://www.aarnet.edu.au/

Role Purpose

As a Threat Intelligence Engineer within our Security Services division, you will play a pivotal role in safeguarding our research and education community against malicious actors on the Internet. Situated in our Data Insights team, you’ll collaborate closely with data scientists, SOC Engineers, and SOC analysts to design and deliver actionable threat intelligence solutions. This includes building dashboards, performing data enrichment, and mining large volumes of Internet traffic and customer log data to identify, analyse, and respond to emerging cyber threats.

You will be responsible for developing threat analysis and hunting insights, creating novel data-driven solutions, and sharing insights that reinforce the defensive capabilities of both our SOC and our customers. Drawing on threat intelligence feeds from higher education, government, and commercial partners, you will craft threat insights and tools that not only illuminate current risks but also anticipate the unexpected. Your contributions will enhance our collective visibility into the cybersecurity landscape and help protect Australia’s academic and research institutions.

Key Accountabilities

At AARNet, all employees are accountable for:

• Actively promoting safe work practices in the workplace during all activities consistent with AARNet’s policies and comply with all WH&S legislation, policies and procedures.
• Actively contributes to a safe and supportive working environment that is inclusive of all staff through celebrating their nationality, cultural background, LGBTI status, abilities, gender and age.

In this role, your main responsibilities are:

Threat Insights and Dashboards

• Design and implement threat insights, dashboards, and automated enrichments for cyber threat intelligence.
• Leverage SOC data feeds and third-party threat intelligence from government and commercial providers to derive actionable insights.

Threat Analysis Program

• Develop and continuously evolve our threat analysis strategies to proactively identify malicious activities within our customers’ environments based on observed data insights.
• Collaborate with the larger SOC team and customers to investigate and report malicious cyber activities, providing in-depth analysis for stakeholders.

Data Analysis & Visualisation

• Work alongside data scientists, analysts, and the reporting manager to build prototypes, reports, and visualisations that illuminate emerging threats for the SOC and customers.
• Mine AARNet’s unique position as an ISP to analyse large-scale Internet data and identify key trends, themes, and anomalies impacting the higher education sector.

Tooling & Automation

• Contribute to the development of software and scripts that integrate and operationalise SOC datasets for threat hunting, vulnerability discovery, and other security missions.
• Expand our library of datasets (including new customer log sources, additional threat intelligence) and integrate new capabilities into existing tools and analytics platforms.

Collaboration & Mentorship

• Partner with SOC analysts, detection and automation engineers, and data parsing teams to ensure seamless data ingestion, normalisation, and correlation.
• Mentor junior staff members, sharing best practices and technical expertise, and foster a collaborative, knowledge-sharing culture.

Research & Innovation

• Investigate and explore emerging technologies, methodologies, and approaches for advanced threat detection and response.
• Cultivate a mindset of discovery to uncover the cyber threat landscape’s “emergent properties” so we can better predict and prepare for future threats.

About you in the role

You will celebrate diversity, inclusion, belonging and welcome all people regardless of lifestyle choices, ethnicity, faith, sexual orientation or gender identity.

Your directorate: Cyber Security

You’ll report to: General Manager, Security Services

Your expertise, experience & qualifications

• Solid understanding of cyber threats and the threat intelligence lifecycle, with proven experience in identifying, analysing, and mitigating malicious online activities.
• Experience working with security-oriented data sources (e.g., SIEM logs, threat intelligence platforms) and familiarity with data normalisation and correlation techniques.
• Hands-on experience in building or contributing to threat analysis and/or hunting programs, ideally within a SOC environment.
• Demonstrated proficiency with industry-standard TI frameworks and transport protocols—STIX/TAXII, MITRE ATT&CK and NIST CSF 2.0—using them as a common language for analytics and reporting.
• Strong communication skills and an ability to collaborate effectively across multidisciplinary teams.
• Bachelor’s, Master’s, or equivalent in Computer Science, Data Science, Cybersecurity, UX Design, or a related field, or 4+ years’ work experience within a SOC or Security Threat Research environment
• Must be an Australian Citizen or Permanent Resident.

Even better

Although not essential to the role, it would be even better if you had any of the following experience/skills:

• Exposure to big data tools and platforms (e.g., Hadoop, Spark, Elasticsearch, or Kafka) for large-scale data analysis.
• Security-oriented and Problem-Solving Mindset – An innate curiosity for understanding why hackers hack, paired with a determined approach to preventing and detecting threats.
• Knowledge of machine learning or data mining techniques (anomaly detection, clustering, time-series analysis) to enhance threat detection.
• Leadership & Ownership – Ability to take accountability for designated tasks and guide initiatives from inception through to completion.
• Familiarity with data visualisation tools (e.g., Kibana, Grafana, Tableau) for surfacing insights tailored to various stakeholders.
• Mentoring – Willingness to share knowledge, coach junior team members, and inspire continuous learning within a cross-functional team.
• Prior experience in a research or academic environment, with an understanding of higher education cybersecurity challenges.
• Translation of Business Needs – Skilled at converting strategic or business objectives into technical requirements that drive impactful data and threat intelligence solutions.
• Proficiency in programming or scripting (e.g., Python, Shell scripting, or similar) to automate data analytics, parsing, and enrichment tasks.
• Attention to Detail – High level of diligence and consistency in handling configuration management, data quality, and process improvements.
• Collaboration & Influencing – Excellent interpersonal skills to work effectively across all levels of the organisation, with the capacity to communicate and present findings in a clear, succinct manner.
• NV1 or above Security Clearance

Benefits at AARNet

AARNet is committed to diversity and providing equal opportunity to all. We’re a great place to work if you want to make a difference.

AARNet provides a host of other benefits in line with our HR policies which include:

• Competitive remuneration;
• 17% superannuation; 
• Flexible work options including a hybrid work model;
• Focus on wellbeing – year-round initiatives and social engagement activities;
• Ethical Leadership: A sector leader in cyber security, social responsibility, and equal opportunity;
• Options to purchase additional Annual Leave; 
• 2 days paid Women’s Wellness Leave per month; 
• 24 weeks paid Parental Leave – Primary Carer; 
• Welcome back to AARNet superannuation payment – on unpaid Parental Leave for Primary Carer; 
• 4 weeks paid Birth Trauma Leave; 
• 24 weeks paid - Adoption Leave; 
• 16 weeks paid Parental Leave – Secondary Carer; 
• 5 days paid – First Nations Cultural Leave; 
• 2 days paid Family Wedding Leave; 
• 24 weeks paid – Foster Carer Leave; 
• 5 days paid – Fertility Leave; 
• 8 weeks paid – Gender Affirmation Leave; 
• Strong Equal Opportunity focus;  
• Modern office environment: Hotdesking system and new facilities;
• Support your success: A culture and company structure that allows your career to grow with access to leading edge technologies;
• An opportunity to give back to the academic and research sector.