SOC Analyst Canberra (Remote)
NCC Group
•Remote
About The Position
Join our Australian SOC team as a SOC Analyst. In this role, you will be the "engine room" of our security operations, moving beyond basic alert monitoring to lead deep investigations across a diverse range of client environments in Asia Pacific (APAC). You will work with a world-class security stack and have the autonomy to hunt for threats and recommend custom detections.
Requirements
- 2–4 years in a SOC or high-pressure security operations environment.
- Hands-on proficiency in Splunk, Sentinel, CrowdStrike, and Microsoft Defender.
- Strong understanding of TCP/IP, Windows/Linux internals, Cloud Security and common attack vectors (Phishing, Ransomware, Living-off-the-Land).
- One or more of the following: SC-200, Splunk Core Certified Power User, CompTIA CySA+, or SANS GCIH.
- Ability to clearly articulate technical risks to non-technical client stakeholders verbally and/or via email and ticketing system.
Nice To Haves
- Experience with other SIEM and EDR technologies highly regarded.
Responsibilities
- Lead investigations into complex security alerts utilising Splunk, Microsoft Sentinel, and SentinelOne SIEMs.
- Execute rapid containment and remediation actions using CrowdStrike Falcon, Microsoft Defender for Endpoint, and SentinelOne EDR.
- Optimise detection rules using KQL and SPL to enhance our proactive defence posture.
- Support regular threat hunting activities based on the MITRE ATT&CK framework to uncover hidden malicious activity.
- Produce detailed incident reports for technical and executive stakeholders.
- Understand data-loss prevention in the context of Security Operations.
- Participate in paid on-call roster every 3 weeks.
Benefits
- wellness programs
- flexible working arrangements
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
