About AARNet
Australia’s Academic and Research Network (AARNet) was established in 1989 and is widely regarded as the founder of the Internet in Australia and renowned as the architect, builder and operator of world-class network infrastructure for research and education.
We are Australia’s National Research and Education Network (NREN). We connect over one million users—researchers, faculty, staff and students—at institutions across Australia, supporting education and research across a diverse range disciplines including high energy physics, climate science, genomics, radio astronomy and the arts.
Nationally, AARNet interconnects Australian universities, the CSIRO, and other organisations who have a research and education mission, or with whom the education and research sector interacts. These include hospitals, vocational training providers, schools and museums. Internationally, AARNet interconnects the Australian Research and Education (R & E) community to the world – and continuously develops new capabilities and partnerships to facilitate seamless data access and transfer.
AARNet also offers a suite of supporting applications to our customers. These include network and collaboration services such as Zoom, that enable innovation in the delivery of research and education.
We are an organisation of innovators, doers, and courageous thinkers. We are not constrained by traditional products and solutions and we constantly strive to build the solutions that our customers will need tomorrow – today. If you have the imagination, foresight and drive to build the future why not come and join us?
The Role
In the role of Detection and Security Operations and Response (SOAR) Engineer, your primary focus will be on the individual contributions you make to the advancement of our Security Operations Centre’s (SOC) capabilities, with a particular emphasis on how detections are actioned and responded to by the Analyst team.
Your specialised skills in the development of SOC detection rules will be instrumental in harnessing threat intelligence and conducting threat research to build and maintain a robust detection capability.
Your work will be a cornerstone in the constant evolution of our cyber defense strategies. A deep expertise in developing the response capability of the SOC is vital.
This role is a permanent full time role and we are unable to hire individuals on temporary visas.
Responsibilities
- Build and integrate automation playbooks to maintain SOC efficiency and expand capability.
- Be the primary engineer responsible for maintaining the XSOAR platform.
- Innovate and refine detection rules within our SOC, utilising both SIEM and UEBA principles to detect and respond to insider threats and external attacks effectively.
- Collaborate with the SOC and our customers to develop sector specific threat detections highly relevant to our sector’s threat landscape.
- Work with SOC analysts to analyse behavioural patterns and develop strategies that effectively counteract evolving cyber threats.
- Oversee the full lifecycle of SOC detection rules, from development through to implementation and ongoing management, constantly updating our threat detection capabilities.
Expertise, experience & qualifications
Must Have
- Extensive experience with a SOAR platform, particularly with platforms like XSoar, and a solid track record of engineering solutions to achieve outcomes.
- Demonstrated capability in managing and fine-tuning detection rules on SIEM platforms such as Splunk or ArcSight, with a preference for candidates with at least two to three years of experience.
- Proven analytical skills with the ability to conduct thorough threat research and intelligence analysis to inform detection rule development.
- Bachelor's degree in a relevant field or equivalent practical experience in cybersecurity and detection.
Nice to Have
- Cross-platform security threat knowledge including Windows, *nix, and Cloud environments.
- Familiarity with the integration of threat intelligence into various security tools and platforms.
- Industry-recognized certifications such as GSEC, GCIA, GPYC, or others relevant to security analysis and threat detection.
- Experience working in a Service Provider (SP) or Managed Security Services Provider (MSSP) environment.
Important skills
- Security oriented and problem solving mindset (why do hackers hack?)
- Leadership (taking ownership and accountability for designated activities)
- A passion for being the “cat” more than the “mouse”
- Embracing mentorship for those who wish to learn
- High level of attention to detail and configuration management practices
- Able to translate business concepts into the required technical system based events needed to support objectives
- Excellent communication and interpersonal skills
- Ability to work effectively with others and influence across all levels of the organisation
- Great presentation skills are highly desired
Conditions of employment
AARNet is committed to diversity and providing equal opportunity to all. We’re a great place to work if you want to make a difference.
AARNet provides competitive remuneration and a host of other benefits including:
• 17% superannuation;
• Flexible work options;
• Options to purchase additional Annual Leave;
• 2 days paid Women’s Wellness Leave per month;
• 24 weeks paid Parental Leave – Primary Carer;
• Welcome back to AARNet superannuation payment – on unpaid Parental Leave for Primary Carer;
• 4 weeks paid Birth Trauma Leave;
• 24 weeks paid - Adoption Leave;
• 16 weeks paid Parental Leave – Secondary Carer;
• 5 days paid – First Nations Cultural Leave;
• 2 days paid Family Wedding Leave;
• 24 weeks paid – Foster Carer Leave;
• 5 days paid – Fertility Leave;
• 8 weeks paid – Gender Affirmation Leave;
• Strong Equal Opportunity focus;
• Sector leader in Social Responsibility and Ethics; and
• A culture and company structure that allows your career to grow with access to leading edge technologies
- Published on 23 Apr 2024, 6:21 AM