* Security Architecture | Endpoint Security | Purview DLP | Splunk | Network Security
* $624.00 AUD/day
* Applicants must have valid Australian work rights.
We're seeking an accomplished Cyber Security Platform Architect to lead the design, uplift, and governance of a large‐scale security tooling ecosystem across endpoint, data, network, and SIEM domains.
You will shape secure-by-design principles, modernise enterprise security platforms, and act as the technical authority for P1/P2 incidents, ensuring operational readiness and continuous improvement across the environment.
This is a hands‐on architecture role where you'll define target state, guide platform engineering, and deliver real‐world uplift across Trellix/Defender, Microsoft Purview, Cisco security, and Splunk.
Key Focus Areas
* Enterprise‐wide secure‐by‐design architecture and platform governance
* Endpoint/App/Infrastructure security uplift (Trellix, Defender, DTEX)
* SIEM (Splunk) detection engineering, tuning and operational effectiveness
Core Responsibilities:
* Define secure‐by‐design patterns including segmentation, telemetry‐by‐default, and policy‐as‐code.
* Produce architectural artefacts: HLDs, LLDs, roadmaps, implementation strategies, and operational models.
Endpoint / App / Infrastructure Security (Trellix / Defender / DTEX)
* Lead engineering for endpoint security tools: policy design, baselines, monitoring, and coverage reporting.
* Drive Trellix platform operations including policy optimisation, trusted sources, false positive tuning, and automation.
* Support insider risk/UBA use cases through DTEX signal analysis, visualisation, and risk recommendations.
* Integrate endpoint tooling with ITSM, SIEM, and enterprise management systems.
Data Protection & Compliance (Microsoft Purview)
* Architect and optimise Purview: labels, auto‐labelling, DLP frameworks, classifiers, governance models.
* Design enterprise‐scale DLP strategies across M365 workloads and endpoints.
* Produce compliance‐ready documentation covering controls, decisions, operational guidance, and reporting.
Network Security & Segmentation
* Architect and govern enterprise network security across LAN/WAN/WLAN/VPN.
* Oversee firewall operations, segmentation design and lifecycle processes.
* Act as escalation lead for critical network security incidents and drive preventative improvements.
* Maintain accurate topology, risk assessments, and design documentation.
Monitoring / SIEM (Splunk)
* Own SIEM outcomes: detection engineering, tuning, dashboards, automation, and signal‐to‐noise optimisation.
* Manage Splunk onboarding, performance, detections, and rule lifecycle.
* Partner with SOC/IR to deliver threat‐aligned detection catalogues and continuous improvement.
Delivery Planning & Governance
* Build delivery plans including scope breakdown, WBS, dependency mapping, and onboarding waves.
* Provide credible effort estimates for onboarding, policy design, testing, change governance, and operational readiness.
* Define measurable outcomes across coverage, detection efficacy, false‐positive reduction, and compliance.
* Target state security tooling architecture & reference patterns
* Purview DLP and label strategy, governance approach, and deployment roadmap
* Splunk SIEM detection catalogue (use cases, rules, dashboards, tuning plan)
* Network security artefacts: segmentation standards, firewall lifecycle processes, topologies
* Operational models, runbooks, escalation processes, and DR readiness documentation
* Roadmaps, WBS, migration waves, and accurate effort estimates
* 8–10+ years in security engineering/architecture across endpoint, network, and SIEM domains
* Strong network security experience: firewalls, segmentation, VPN, incident/problem management
* Microsoft Purview expertise: labels, auto‐labelling, DLP, governance, assessments
* Enterprise endpoint controls: Trellix engineering and/or equivalent EDR tooling
* Understanding of insider risk analytics and behaviour monitoring (DTEX)
* Strong documentation skills: HLD, LLD, strategy, roadmaps, operational guides
* Proven planning capability: WBS, rollout waves, change governance
* Excellent stakeholder engagement across IT, SOC, Infra, Apps, and vendors
#J-18808-Ljbffr