Role Snapshot Design and implement threat detection logic for SIEM/SOAR platforms at enterprise scale Monitor, tune, and enhance threat detection capability across core network and digital systems Work in a high-performance cyber team protecting Australia’s critical digital infrastructure Collaborate with incident response, architecture, and threat intelligence teams About the Company D’Arcy Weil is recruiting on behalf of one of Australia’s largest digital infrastructure operators, delivering telecommunications, cloud and data services to millions of customers nationwide. With a dedicated internal cyber security division operating at Tier 1 scale, our client has invested significantly in uplift across threat detection, incident response, and proactive risk mitigation. This is a highly specialised position within the Threat Detection & Engineering team, responsible for designing and implementing detection logic and automation across one of the most complex digital environments in the country. The Role This role is suited to a technically driven security engineer or cyber specialist with proven experience developing threat detection logic within modern SIEM and SOAR environments. You’ll be responsible for engineering and refining detection content across a range of internal platforms, working in partnership with the threat intelligence, response, and SOC teams. You’ll contribute to improving detection coverage, reducing false positives, and embedding new telemetry sources and detection patterns aligned with emerging threat activity and MITRE ATT&CK frameworks. You’ll also contribute to uplift of detection engineering frameworks, including content development pipelines, use-case lifecycle management, detection-as-code, and operational tuning. This is a hands-on, engineering-focused role with significant scope to shape how threats are identified and managed across a national infrastructure platform. Key Responsibilities Develop and tune detection rules across SIEM/SOAR platforms (e.g., Splunk, Chronicle, Azure Sentinel) Design detection use cases based on threat models, attack simulations, and incident learnings Integrate threat intel feeds and behavioural indicators into detection pipelines Reduce false positives through contextualisation, enrichment, and use-case optimisation Create and maintain detection-as-code frameworks and pipelines (CI/CD integration) Contribute to detection coverage mapping using MITRE ATT&CK and similar models Work with stakeholders across architecture, threat intel, blue team and SOC operations Participate in detection testing, red team simulations and adversary emulation activities Contribute to SOC maturity uplift through tooling, playbook development and automation Candidate Profile 3–5 years in cyber security engineering, threat detection, or SOC tooling roles Strong experience with SIEM platforms (e.g., Splunk ES, Azure Sentinel, Google Chronicle) Familiarity with SOAR tools and orchestration playbooks (e.g., Phantom, XSOAR) Hands-on experience writing and tuning detection rules (e.g., SPL, YARA, Sigma, KQL) Knowledge of common attack techniques and cyber kill chains (MITRE ATT&CK, NIST) Experience working with detection-as-code and CI/CD pipelines Strong scripting skills (e.g., Python, PowerShell, Bash) for automation and enrichment Exposure to enterprise-scale IT, cloud, or telecoms environments Ability to analyse complex telemetry (logs, flows, events) and identify actionable patterns Australian Citizen or Permanent Resident (Baseline clearance or eligibility preferred) What’s on Offer Competitive remuneration package and performance-based incentives Flexible work arrangements with hybrid onsite/remote model High-impact engineering role within a Tier 1 cyber operations function Access to advanced cyber tooling, red team exercises, and threat simulation programs Ongoing training, security certifications and career development pathways Employee benefits including paid parental leave, leave purchase, and salary packaging Wellbeing support, EAP access, and employee product discounts Long-term career mobility across cyber operations, engineering, and architecture To explore this opportunity, please submit your CV and a brief cover note online outlining your: Experience developing threat detection rules or use-cases in SIEM/SOAR environments Platforms and scripting tools you’ve worked with to support threat detection Knowledge of threat models and your practical experience applying frameworks like MITRE ATT&CK For further information or a confidential discussion, contact: Ivan Pignataro Director D’Arcy Weil M: 0416 507 856 E: ivan@darcyweil.com cybersecurity threatdetection siemengineering splunk telecomsecurity soarplatforms mitreattack cyberjobs securityoperations darcyweil infosecroles redteamblue