Cyber Security Threat Defence Manager

At Water Corporation we're shifting our focus to the next phase of our strategic plan - building on strong foundations to strengthen capabilities, modernise systems, and accelerate innovation across the business. This phase is about elevating how we deliver technology services: making them faster, more responsive, and more closely aligned to the needs of our people, our operations, and our customers. To support this evolution, we're recruiting for key roles that will be pivotal in strategically shaping a modern, collaborative, and customer‑centric Information & Technology Group. If you're excited about leading innovation, finding smarter ways of working, and making a meaningful impact, now is the perfect time to join us.

About the role:

For a Cyber Security Threat Defence Manager, it’s an exciting time to join Water Corporation.  

If you’re someone who’s looking for an opportunity to lead and develop a team of cyber security analysts, leading the uplift of SIEM, threat hunting and detection activities and co-ordinating incident response, all in critical infrastructure, read on. 

Real benefits that matter

• Real flexibility with options to work from home or negotiate flexible work hours
• An additional 2 well-being days each year
• Access to long service leave pro rata after 3 years of service
• Generous co-contribution superannuation scheme, which offers up to 16%. This includes an 12% standard employer contribution, plus an additional 2% employer co-contribution that matches your own 2% contribution
• Purchase additional leave of up to 12 weeks or work 4 years at a reduced salary and take the fifth year off as paid leave

Discover more benefits we offer to support the unique and individual ways our employees live.

What the role will involve

As Cyber Security Threat Defence Manager, you’ll lead Water Corporation’s cyber threat defence capability across both Information Technology (IT) and Operational Technology (OT) environments. You’ll be accountable for day-to-day security operations as well as the continuous uplift of our detection, response and threat management maturity.

Key responsibilities include:

• Lead and develop a team of cyber security analysts responsible for threat monitoring, investigation and response across IT and OT.
• Oversee the operation and performance of the Security Operations Centre (SOC), including service performance, escalation pathways and continuous improvement.
• Own and uplift our SIEM and detection engineering capability, including use-case development, alert tuning, analytics rule improvements, log source onboarding and detection coverage reporting.
• Lead incident response management, including triage, coordination, stakeholder communications, post-incident reviews and driving remediation to closure.
• Establish and run a threat hunting program across IT and OT to identify abnormal or malicious activity and improve detection content.
• Manage vulnerability management in partnership with technology owners, including prioritisation, exception handling, remediation tracking and reporting.
• Provide threat intelligence leadership: ingestion, analysis, dissemination, and translating intel into actionable detections and risk-reducing controls.
• Work closely with OT, infrastructure, applications, and risk stakeholders to align threat defence priorities to operational needs and critical infrastructure obligations.

Key skills and experience

To be successful in this role, you’ll bring strong people leadership plus deep operational cyber security experience in threat defence.

You’ll have:

• Demonstrated experience leading a SOC / cyber defence function, including incident management and operational uplift.
• Hands-on understanding of SIEM operations and detection engineering (e.g., onboarding data sources, building and tuning rules, improving signal-to-noise, and measuring detection coverage).
• Proven capability in incident response coordination and investigations, including stakeholder management and driving remediation outcomes.
• Experience running or contributing to vulnerability management programs (prioritisation, remediation tracking, risk acceptance, reporting).
• Experience with threat hunting techniques and using threat intelligence to inform detections and defensive priorities.
• Strong communication skills with the ability to explain cyber risk and operational impact to technical and non-technical stakeholders.

Highly desirable:

• Exposure to OT/industrial environments (e.g., SCADA/ICS) and an understanding of IT/OT security differences.
• Experience working in a critical infrastructure environment and familiarity with relevant Australian regulatory expectations and frameworks.
• Relevant certifications (e.g., CISSP, CISM, GIAC/SANS, or equivalent).

What the role will offer: 

This isn’t a stop-start program of work. Water Corporation’s cyber strategy is already under way and is delivered through continuous improvement—continually uplifting the capabilities, practices and tools that protect the organisation. That means steady progress, clear priorities and meaningful outcomes. 

You’ll have a strong pipeline of planned improvements to deliver, helping evolve and uplift the organisation’s capability and maturity to deal with potential threats and attacks. It’ll also give you plenty of scope to learn and sharpen your skills. 

The work will be varied and challenging, as it’ll sit across 2m customers and 3,500 employees with an exposure to a full tech stack.  

You’ll be joining a supportive and diverse team, who’ll have your back from day one.  

And it’s your work that’ll continue to help future generations get access to clean, running water every day.   

What you’ll bring to this role: 

Ideally, you’ll have a tertiary qualification or a degree in a technology-related discipline or extensive experience in the IT sector, ideally with CISSP/CISM or equivalent qualifications. 

You’ll have considerable experience leading a team of people to carry out cyber security analysis, cyber frameworks, risk mitigation strategies and governance.  

On top of this, you’ll also have considerable experience in cyber security audit, enterprise risk management, and penetration testing. 

Apply: If you are interested in the above opportunity, please submit a covering letter and resume that best demonstrates your ability to meet the requirements of the role.

As part of the recruitment process you may be required to complete pre-employment screening which may include a medical, qualification check, police clearance and Australian working rights check.

Applications close Friday 22^nd May 2026

Our commitment to a diverse and inclusive workplace

Diversity and inclusion are more than words. They guide us on building a thriving workforce that reflects the diversity of our customers and our community. 

We encourage applications from every background, including Aboriginal and Torres Strait Islander people, people with disability, women, youth, LGBTQIA+ folks and people from culturally and linguistically diverse backgrounds. 

We are committed to ensuring an accessible and inclusive work environment to enable people with disability to participate fully in all aspects of employment. 

Applicants with disability who require adjustments during the recruitment process including an alternative format of the application form, can contact a Recruitment Officer at recruitment@watercorporation.com.au or 08 9420 2000.  

To read our diversity and inclusion statement, please visit our website