Threat Detection Engineer - 12mo contract

Get to Know Us

Imagine joining an organisation that has a fully flexible working culture and an award-winning brand! That’s exactly what you will get when you join Centorrino Technologies. Our values, our people, our brand, and our customers mean everything to us.

Here at CT, we put a lot of effort into delivering the best customer experience of any managed ICT provider in Australia.

We work pretty hard at CT, but that doesn’t come without a little play.

• Work from Canberra Office
• Training and development – We offer heaps of courses, certifications, and coaching
• Wellbeing Subsidies – You’ll get discounts on your gym, yoga and pilates memberships
• Cost Price Tech – CT discounts
• Events, Events, Events for everyone!
• Everyone has a very personalised career and learning plan. Our commitment is to help you to become the best you can be.
• The list goes on….

Here’s what you’ll be doing:

• Create threat models and preform threat hunts to inform the detection engineering strategy
• Develop use cases based off threat models, system risks, vulnerabilities, intelligence, incident reports and industry frameworks
• Develop the detection rule syntax associated with use cases within the SIEM and EDR technologies
• Develop playbooks for alert validation by understanding the context in which the detection rule is designed
• Collaborate with Cyber Defence Analysts for detection rule tuning
• Maintain the threat intelligence integrations across the SOC technology stack
• Assist in the identification of content shortfalls across the detection engineering practice
• Assist with incident response at that direction of the incident manager
• Conduct in-depth research and analysis for new detection content
• Assist in the onboarding of new data sources to meet requirements of use cases
• Provide evaluation and feedback necessary for improving intelligence production and reporting
• Provide support to designated exercises, planning activities, and time sensitive operations

Here’s what you’ll bring:

• Demonstratable experience in content development with at least 2 SIEM technologies (Splunk, Elastic, Q-Radar, MS Sentinel)
• Experience in a detection engineering practice
• An understanding of the sigma detection rule syntax
• Experience with SOAR technologies and playbook development
• Experience with EDR technologies (Carbon Black, CrowdStrike, Defender ATP)
• A thorough understanding of the cyber threat intelligence lifecycle
• Knowledge of scripting languages (Bash, Python)
• Strong organisational and teamwork skills.
• Professional Certifications, such as GIAC
• Minimum 5 years of cyber security operations experience

Security Clearance: Must be able to obtain Baseline

All our team members are required to obtain and maintain a valid Victorian Working with Children Check, and Police Check.

When you join Centorrino Technologies, you know you are joining an organisation that is driven by our values and innovation. We are proud to be an equal opportunity employer, and are committed to building a diverse and inclusive workplace where we embrace our individual talents, and our differences. We encourage applications from people of all ages, disabilities, LGBTQI, First Nations people and people from culturally diverse backgrounds.

We look forward to hearing from you!