The SOC Threat Intelligence and Threat Hunting Engineering Lead is a senior security professional responsible for leading advanced threat detection, threat hunting, and cyber threat intelligence functions for one of our protected SOC clients. This role is critical in protecting the organisation's network and systems by proactively identifying, analysing, and responding to complex security threats.
The role oversees incident investigations, drives both reactive and proactive threat hunting initiatives, and leverages cyber threat intelligence (CTI) tools to provide actionable insights on emerging threats, threat feeds, and vulnerability advisories. The position also leads the development of detection strategies and collaborates closely with security engineering to enhance the SOC's overall threat detection and response capabilities.
This role can be performed from any of our EY offices across Australia. Our roles can potentially be adjusted to work flexibly with reduced hours. Please speak with us about potential options.
Key Responsibilities
* Act as the L3 escalation point for the SOC, owning complex cyber incidents end‐to‐end and leading high‐impact investigations for a protected client environment.
* Lead proactive and reactive threat hunting activities, using SIEM, EDR, and network telemetry to design hypotheses, refine detections, and uncover advanced threats.
* Apply cyber threat intelligence to enhance detection and response, including monitoring threat feeds, threat actor activity, vulnerabilities, and credential exposure.
* Mentor SOC analysts and work closely with security engineering to improve detection coverage, reduce alert noise, and strengthen overall SOC capability.
Skills and Attributes for Success
* Extensive experience operating in a SOC environment, including acting as an L3 escalation point for complex security incidents and investigations.
* Advanced expertise using SIEM and detection tools, particularly Splunk, to investigate threats, develop detections, and support threat hunting activities.
* Strong understanding of threat hunting methodologies, cyber threat intelligence, and frameworks such as MITRE ATT&CK.
* Due to the nature of this role, Australian citizenship is required. Candidates must hold an NV1 security clearance, or be willing and eligible to obtain one.
Preferred Qualifications
* 7–10 years' experience in SOC or security analyst roles with progressively increasing responsibility and leadership.
* Experience working with endpoint, network, and security tooling such as EDR, IDS/IPS, email security, vulnerability management, and SOAR platforms.
* Hands‐on experience applying cyber threat intelligence, including threat actor analysis, vulnerability intelligence, and emerging threat monitoring.
* Strong communication skills, with the ability to lead under pressure, mentor analysts, and engage both technical and non‐technical stakeholders.
What We Offer
* Career development: We'll develop you with future‐focused skills and equip you with world‐class experiences.
* Flexible work arrangements: Our flexible work policies empower you to balance your professional and personal life.
* Comprehensive benefits package: Yearly wellness incentives, additional 8 weeks of flex leave, and family‐friendly policies including 26 weeks of gender‐neutral paid parental leave.
* Salary: Competitive, open to negotiation based on skills and experience.
We encourage applications from people of all ages, nationalities, abilities, cultures, sexual orientations and gender identities and are committed to providing an equitable and barrier‐free recruitment experience for all. We encourage you to share any support and adjustments you need to be your best and participate equitably in our recruitment process. Any information you share will be kept confidential.
Our preferred applicant will be required to undertake employment screening by EY or our external third‐party provider.
#J-18808-Ljbffr