Manager, SOC Onboarding, Cyber Threat Intelligence and Engineering
Thales – Millers Point, New South Wales, Australia
Join to apply for the
Manager, SOC Onboarding, Cyber Threat Intelligence and Engineering
role at
Thales
.
At Thales, technology drives security, sustainability and inclusion. We work across manufacturing, engineering, cybersecurity and space to build a safer future.
About The Team
Thales delivers cybersecurity products and services worldwide, protecting organizations in sectors such as finance, health, retail and defense.
About The Role
The
SOC Onboarding, CTI & Engineering Manager
leads three core functions: onboarding of new clients and technologies, cyber threat intelligence (CTI), and delivery of managed Endpoint Detection and Response (EDR) services. The role is strategic and hands-on, requiring cross-team collaboration, technical leadership and strong client engagement.
Accountable for:
Planning, coordinating and executing SOC onboarding projects across diverse clients and technologies.
Ingesting and normalizing log sources from on-prem and cloud platforms (firewalls, EDRs, AWS, Azure, GCP).
Defining and enforcing standard onboarding playbooks and documentation.
Co-ordinating with SIEM/SOAR engineers, client infrastructure teams and project managers for timely onboarding.
Developing and operationalizing threat intelligence capabilities.
Integrating CTI into detection engineering, use-case development and incident response workflows.
Managing threat feeds, enrichment tools and TTP mapping using MITRE ATT&CK.
Creating threat briefs, intel summaries and hunting guidance.
Leading security and automation engineers to deliver client engagements and enhance security platforms.
Owning architecture, deployment and lifecycle of SOC tools including SIEM, SOAR, EDR/XDR, threat intelligence platforms and log management solutions.
Integrating SOC platforms with other enterprise systems (ITSM, CMDB, cloud platforms).
Ensuring tool configurations align with detection, compliance and operational needs.
Building and leading a high-performing team across onboarding, CTI and delivery functions.
Developing career paths, training plans and performance objectives for team members.
Identifying process improvement and automation opportunities to raise SOC onboarding and threat intelligence maturity.
Leading change management for onboarding frameworks, CTI workflows and service expansion.
About You
7+ years in cybersecurity operations, with at least 3 years in a leadership or management role.
Hands-on experience with SIEM/SOAR platforms (Google Chronicle, Splunk, Sentinel).
Strong understanding of log management, alert tuning, threat detection and incident lifecycle.
Solid grasp of threat intelligence frameworks, IOCs, TTPs and intelligence lifecycle.
Demonstrated experience delivering managed SOC services for enterprise customers.
Familiarity with CTI tools (MISP, Anomali, ThreatConnect, Recorded Future).
Project management certification (PMP, Agile, ITIL).
Experience in MSSP environments.
Degree in Cybersecurity, Computer Science or related field.
Certifications: CISSP, GCIA, GCTI, GCIH or similar.
Australian citizen with eligibility to obtain a Defence clearance.
Our Benefits
Flexible working options.
Paid Parental Leave and Veterans Leave.
Novated Lease options.
Family support via Parents at Work partnership.
Ongoing personal and professional development opportunities.
Sonder – Wellbeing & Support Partner.
Legal and Diversity Statements
We encourage a diverse workplace and are endorsed by WORK180 as an Employer for All Women. We foster industry partnerships, employee resource groups and learning opportunities for all employees.
Workplace is compliant with Australian equal opportunity legislation.
How to Apply
After you apply, you will receive an email acknowledging your application. We will then provide a personalised experience for suitable applicants. Before being offered employment, you will need to complete pre-employment police checks. A Defence security clearance is required for this role.
To learn more about clearances, visit
AGSVA/
.
#J-*****-Ljbffr