A note before you read on: This role has a sweet spot. It won’t suit someone who's been around the block many times over, and it’s not for someone fresh out of study with no real-world exposure. The sweet spot is around 1–3 years of genuine, hands-on SOC experience. If that's you, keep reading.
Setting the scene You'll probably know this business. ASX-listed enterprise, multiple brands, customer-facing operations right across Australia. Chances are you've interacted with them. The security team are good people, they know how to enjoy their work and they’re deliberate about who they hire. The SOC is growing, and they’re hiring someone in-house to get deep into the environment and help bring more detection and response capability off the bench. CrowdStrike Falcon Complete handles 24/7 managed response, but the internal team is the beating heart, and the goal is to do more in-house over time.
The role - L1-L2-level. Not a pure alert-jockey position, you'll be expected to go beyond just triaging.
- Investigate alerts across CrowdStrike Falcon EDR and next-gen SIEM.
- Participate in incident response and contribute to IR playbook development.
- Contribute to detection engineering and tuning to improve signal quality over time.
- Support threat hunting across endpoint, cloud, network, and log telemetry.
- Operate Cribl, Zscaler, Exchange Online email security, and Microsoft security tooling.
- Participate in an on-call roster roughly one week per month, with compensation provided.
Month one is about learning, not performing. Shadow the team, build relationships, get across the environment. The SOC lead wants to see inquisitiveness and initiative from the get-go (and this is how you’ll thrive in this role).
What you'll bring - ~1–3 years in a SOC experience – triage, IR, threat investigation.
- Familiarity with SIEM and EDR tools, CrowdStrike Falcon is a real plus.
- Solid networking fundamentals and comfort in Microsoft environments (Entra ID, Exchange Online, M365).
- Strong communication skills and an inquisitive, tinkerer's mindset.
- Full Australian work rights. Aussie PR minimum, no sponsorship available, and visas cannot be considered.
- Bonus: AWS exposure, scripting (Python/PowerShell), MITRE ATT&CK familiarity, blue team certs, or any dabbling with AI tools in a security context.
If you're interested but based outside of Sydney, get in touch. Consideration will be given to people interstate, although Sydney remains the preference.
How to apply
Applications are treated with absolute confidentiality. Click APPLY or contact Michael at mpearman@decipherbureau.com for an informal chat about what you want next in your career. Equal opportunity and diversity are a priority. We encourage applicants from all backgrounds.