This is an opportunity to be a part of a Security Operations Centre of excellence from the start — designing modern ways of working rather than inheriting legacy processes. You will help shape how modern security operations work, using leading‑edge technology, strong executive support and a genuine automation‑first mindset.
You will be part of the team setting the standard for how threats are detected, prioritised and responded to at scale. Working closely with senior stakeholders and technology partners, this position will drive an automation‑first SOC model, setting the strategy that materially reduces risk and manual effort.
Key Responsibilities
* Design and implementation of the detection engineering framework across the next‑generation SOC
* Architect advanced, multi‑stage detection rules correlating endpoint, network, cloud and identity data
* Define and implement the automation strategy, including SOAR playbooks for enrichment, containment and notification
* Establish alert quality metrics and drive continuous improvement to optimise signal‑to‑noise
* Advanced threat hunting and validate detections through adversary emulation
* Take technical leadership during major incidents, coordinating automated response activities
* Drive post‑incident detection engineering to permanently close detection gaps
* Translate threat intelligence into a threat‑informed detection strategy
* Mentor and develop junior operators, setting the technical standard
What we are looking for
You’re naturally curious, thriving on untangling issues and finding better ways to do things. You enjoy engaging with others, whether it’s building relationships, simplifying a technical concept, or contributing to team problem-solving.
* We’re especially keen to hear from people with:
* Extensive experience in detection engineering and SOC operations (5+ years)
* Expert capability writing advanced detection rules (XQL, SPL, KQL, YARA‑L)
* Proven experience in SOAR automation and detection‑as‑code frameworks
* Strong understanding of modern SOC platforms (SIEM, SOAR, EDR, ASM, TI)
* Deep knowledge of MITRE ATT&CK, NIST CSF, Essential 8 and CPS 234
* Strong scripting capability (Python, PowerShell or similar)
* Demonstrated technical leadership, mentoring and decision‑making under pressure
* You’re comfortable balancing open discussion with decisive action — moving work forward while bringing others with you.
What can you expect from us?
Our benefits are designed to help you thrive — in and out of work. Think health and wellbeing support like Fitness Passport, corporate health insurance and annual flu vaccinations, plus lifestyle perks including hotel discounts and flexible work arrangements. We also back what matters most with 18 weeks paid parental leave, recognition programs, an employee referral program, and dedicated time to give back (two community volunteer days and three recreational leave days each year).
Why join us?
* Growth & opportunities – Build your capability, stretch into new challenges and shape what’s next with development support behind you.
* Culture & connection – Be part of a team that’s inclusive, down-to-earth and genuinely connected, where collaboration is how we get things done.
* Meaningful work – Do work you can feel proud of, making a real difference for customers and communities every day.
About us
As one of Australia’s largest customer-owned banks, we’re a driving force in customer owned banking, operating under the trusted brands Greater