Job Title
Cloud Engineer - Sentinel / XDR
Location: CyberCX Canberra, Australian Capital Territory, Australia
How You Will Make An Impact
Deliver and support cloud environments for CyberCX customers. This role focuses on engagement planning, stakeholder management, engagement governance, risk management, delivery management and quality assurance.
Day to day you will:
- Implement the deployment of Cloud Services in Microsoft Sentinel, EDR, and XDR solutions to enhance clients' security posture.
- Form KQL queries and functions for complex detection and monitoring requirements.
- Build custom analytical rules, tune analytical rules, and build automation through Azure logic apps.
- Have knowledge in MITRE attack framework and expertise in developing analytical rules and custom dashboards/workbooks across framework.
- Assist clients with migrating from existing SIEM solutions to Microsoft Sentinel.
- Implement Sentinel log collection mechanisms, deploy and maintain log forwarders, and maintain local agents.
- Manage the development, implementation, and refined automation playbooks in Microsoft Sentinel.
- Connect native and third‑party custom/SaaS applications with SIEM.
- Understand basic networking protocols such as TCP/IP, DNS, HTTP.
- Prepare and maintain policy and procedure documentation around SIEM technology, document life‑cycle management.
- Work with stakeholders to solve technical issues to support and deliver complex business, security and operational requirements.
- Work with vendor technical support group and drive issues towards effective and permanent closure.
Skills & Qualifications
- Bachelor level tertiary qualification in cyber security, forensics, or similar field.
- Minimum of 2 years of experience dealing with a diverse range of information / cyber security projects and challenges.
- Experience in building or delivering services based on Defender XDR or Microsoft Sentinel.
- A track record of successful and failed projects, product and professional service offerings in the domain of Azure and Microsoft Security.
- Cloud security certification and/or cloud vendor certifications preferred.
- Effective stakeholder engagement and communication skills.
- Good to have – knowledge in Microsoft Sentinel pricing, Microsoft defender products and Azure Arc.
- Good to have – knowledge and hands‑on experience in Microsoft Defender XDR stack including Defender for Endpoint, Defender for Office 365, Defender for Identity, Defender for Cloud and Defender for Cloud apps.
This role requires full working rights in Australia, without current or future sponsorship.
Outstanding advantages for great people
- Flexible working in a hybrid arrangement (a blend of office and WFH) with modern and comfortable workplaces that accommodate different working styles.
- All the usual leave entitlements plus additional paid leave options (including a day off for your birthday) and the chance to purchase extra leave each year.
- Salary packaging options (such as a novated car lease).
- Health & Wellbeing program including access to our employee assistance service, mental wellness leave, online CyberCX Wellbeing Centre and workplace mental health first aiders.
- Discounts on health insurance and gym membership plus savings on everyday groceries, electronics, technology, fuel, travel and more.
- Personalised development planning, access to training and membership to industry organisations.
- Employee interest groups and communities including a comprehensive Women in Cyber program.
- A comprehensive reward and recognition program – with a special thank you every year on your anniversary!
Be yourself
We embrace diverse perspectives, experiences, and backgrounds. Please let us know if you require support or adjustments to assist with your recruitment experience.
We take security seriously
We require all employees to complete background checks (including police and global sanction list checks) annually.
Please note that due to the nature of this role, it is a mandatory requirement
that all applicants are Australian citizens with the ability to hold an Australian Security Clearance.
Senior level: Associate
Employment type: Full‑time
Job function: Engineering and Information Technology
Industries: Computer and Network Security
#J-18808-Ljbffr