Security Engineer Detection And Response Sydney Australia

Monitor security telemetry and alerts from SIEM, EDR/XDR, network, and cloud sources for signs of malicious activity

operational

Triage incoming security alerts to determine severity, scope, and priority

analytical

Investigate security incidents to identify root cause, impacted assets, attack vector, and attacker behavior

analytical

Contain and remediate confirmed security incidents by applying isolation, eradication, and recovery actions

operational

Create, tune, and validate detection rules and use-cases in SIEM, EDR, and cloud-native detection platforms

technical

Perform proactive threat hunting across logs, endpoints, network traffic, and cloud telemetry to uncover hidden threats

analytical

Develop, document, and maintain incident response playbooks and runbooks for common threat scenarios

operational

Automate detection, enrichment, and response workflows using SOAR, scripts, or orchestration tools

technical

Integrate and operationalize threat intelligence feeds into detection logic and alert enrichment processes

technical

Perform malware analysis (static and dynamic) to characterize malicious samples and extract indicators of compromise

technical

Execute root-cause analyses after incidents and produce technical reports summarizing findings and remediation steps

analytical

Maintain and configure EDR/XDR agents, sensors, and collectors to ensure comprehensive visibility

technical

Parse, normalize, and map log sources to ensure consistent fields and usable telemetry for detections

technical

Validate and test detection coverage through simulation exercises, red-team engagements, or synthetic traffic

operational

Escalate and document incidents in ticketing/IR platforms, maintaining timelines, actions taken, and post-incident notes

administrative

Implement and verify containment and remediation measures across endpoints, servers, cloud resources, and network devices

technical

Produce and deliver incident summary reports, metrics, and detection effectiveness dashboards to stakeholders

communication

Conduct vulnerability and configuration reviews relevant to detection posture and recommend mitigations

analytical

Update and maintain detection rule libraries, playbooks, and runbooks based on emerging threats and lessons learned

operational

Collaborate with engineering teams to instrument applications and infrastructure for improved observability and detection

communication

Conduct host- and network-level forensic analysis to collect and preserve evidence for investigations

technical

Coordinate incident response activities with internal teams (IT, engineering, legal, communications) and external stakeholders

communication

Participate in on-call rotations and respond to after-hours security incidents as required

operational

Execute data retention, access, and chain-of-custody procedures for investigative artifacts and evidence

administrative