
SOC Onboarding, CTI
12 hours ago
Overview
At Thales, we know technology has the ability to make our world more secure, sustainable, and inclusive – and that it’s all driven by human intelligence. We stay curious, make space for diverse points of view, share what we know, and challenge what’s possible. From manufacturing and engineering to cybersecurity and space, we’re driving progress in some of the world’s most important industries – and working together to build a future we can all trust.
About the Team
Thales delivers cybersecurity products and services that keep people and assets safe, giving organisations confidence in the security of their digital journeys. Our solutions are deployed in 148 countries, helping governments maintain sovereignty and organisations preserve their strategic autonomy. Thales is a global leader in cybersecurity with thousands of experts and developers, delivering in finance, health, retail, manufacturing, aerospace, critical infrastructure, defence and space.
About the Role
The SOC Onboarding, CTI & Engineering Manager is responsible for leading and overseeing three core functions of our security operations capability: onboarding of new clients and technologies, cyber threat intelligence (CTI), and delivery of managed Endpoint Detection and Response (EDR) services. This role combines strategic and hands‑on leadership, cross‑team collaboration, technical direction, and strong client engagement.
You will be accountable for:
1. Lead the planning, coordination, and execution of SOC onboarding projects across diverse clients and technologies.
2. Ensure successful ingestion and normalization of log sources from on‑prem and cloud platforms (e.g., firewalls, EDRs, AWS, Azure, GCP).
3. Define and enforce standard onboarding playbooks and documentation.
4. Coordinate with SIEM/SOAR engineers, client infrastructure teams, and project managers to ensure timely and effective onboarding.
5. Oversee the development and operationalization of threat intelligence capabilities.
6. Integrate CTI into detection engineering, use case development, and incident response workflows.
7. Manage threat feeds, enrichment tools, and MITRE ATT&CK mapping.
8. Lead the creation of threat briefs, intel summaries, and threat hunting guidance.
9. Lead security and automation engineers to deliver client engagements and improve security platforms and automation.
10. Own the architecture, deployment, and lifecycle management of SOC tools including SIEM, SOAR, EDR/XDR, threat intelligence platforms, and log management solutions.
11. Lead integrations between SOC platforms and other enterprise systems (e.g., ITSM, CMDB, cloud platforms).
12. Ensure tool configurations align with detection, compliance, and operational needs.
13. Build and lead a high‑performing team across onboarding, CTI, and delivery functions.
14. Develop career paths, training plans, and performance objectives for team members.
15. Identify areas for process improvement and automation to improve SOC onboarding and threat intelligence maturity.
16. Lead change management efforts related to onboarding frameworks, CTI workflows, and service expansion.
About You
To be successful in this role, you will ideally bring with you:
- 7+ years of experience in cybersecurity operations, with at least 3 years in a leadership or management role.
- Hands-on experience with SIEM/SOAR platforms (e.g., Google Chronicle, Splunk, Sentinel).
- Strong understanding of log management, alert tuning, threat detection, and incident lifecycle.
- Solid grasp of threat intelligence frameworks, IOCs, TTPs, and intelligence lifecycle.
- Demonstrated experience delivering managed SOC services and handling enterprise customers.
- Familiarity with CTI tools (e.g., MISP, Anomali, ThreatConnect, Recorded Future).
- Project management certification (PMP, Agile, ITIL).
- Experience working in MSSP environments.
- Degree qualification in Cybersecurity, Computer Science, or a related field.
- Certifications: CISSP, GCIA, GCTI, GCIH, or similar.
Our Benefits
- Flexible working options
- Paid Parental Leave and Veterans Leave
- Novated Lease options
- Family support through our partnership with Parents at Work
- Ongoing personal and professional development opportunities
- Sonder – Wellbeing & Support Partner
WE ENCOURAGE YOU TO APPLY. After you have applied, you will receive an email acknowledging your application. We’ll provide a personalised experience for suitable applicants as we progress the selection and assessment process. Prior to being offered employment, you will need to complete pre‑employment police checks.
As a Defence security clearance is required for this role, applicants must be Australian citizens and eligible to obtain and maintain an appropriate clearance. To learn more about clearances, please visit the Defence AGSVA portal. This role is identified with the code LG‑PG1.
It’s easy to dismiss the perfect opportunity if you don’t see yourself as the perfect fit. If this role feels right – no matter your background or personal circumstances – please introduce yourself or join our community. We’re committed to supporting a diverse workplace, and that starts here.
We’re proud to be endorsed by WORK180 as an Employer for All Women, and we’ll continue to foster industry partnerships, employee resource groups, and development opportunities to make Thales a genuinely equitable employer for everyone. Read more about our WORK180 endorsement.
#J-18808-Ljbffr
-
Lead Security Engineer/Architect
4 weeks ago
Sydney, New South Wales, Australia Needus Full timeOverviewLead Security Engineer/Architect (SOC/SIEM), 12+ month contract, Sydney, NSW, Australia. The role is a trusted advisor and project lead for SOC/SIEM deployment and migration projects, requiring deep consulting and leadership skills with a strong background in SOC and SIEM technologies and 10+ years of hands-on experience.Key ResponsibilitiesLead...
-
Information Security Consultant
1 week ago
Sydney, Australia Westpac Group Full time**How will I help?** As a part of an **Engineering and Onboarding **team, you will be directly supporting Westpac’s security operations centre (SOC). The primary goal of this role is to provide end-to-end security expertise to the SOC, from security use case definition through to incident response workflows and automation. Your key accountabilities will...
-
Human Resources Adviser
1 day ago
Sydney, New South Wales, Australia CTI Logistics Limited Full time $60,000 - $90,000 per yearWe are seeking an organised and proactive HR Adviser to support our warehousing and transport operations. Reporting to the National Manager, this role will be responsible for providing day-to-day HR support to managers and employees, ensuring compliance, and helping foster a positive workplace culture. The role is based in Sydney however you will be...
-
Sydney, New South Wales, Australia Amazon Web Services Full time $120,000 - $180,000 per yearExperience with security incident response processes, tools, techniques and strategies Experience and understanding of security incident response, intelligence analysis and/or global security operations Experience applying threat modeling or other risk identification techniques or equivalent Ability to work any shift pattern within the 24/7/365...
-
Sitec - Senior Cyber Security Technologist
3 weeks ago
Sydney, New South Wales, Australia Australian Security Intelligence Organisation Full timeThe OrganisationThe Australian Security Intelligence Organisation (ASIO) protects Australia and Australians from threats to their security.In a complex, challenging and changing security environment, our success is built on the imagination and intelligence of our team.ASIO's people are ordinary Australians but they do extraordinary things – they are our...
-
City of Brisbane, Australia InfoTrust Co. Full timeSOCEmergency Number: 1300 554 798 Managed Services – Technical Delivery Manager Brisbane, QLD Home Careers Managed Services – Technical Delivery Manager THE ROLE Sample senior customer-facing technical leader for Spirit’s key clients, bridging the divide between account and service management. The Technical Delivery Manager (TDM) holds expertise...
-
Sydney, New South Wales, Australia Amazon Full time $120,000 - $180,000 per yearDESCRIPTION At Amazon Security, we obsess over our customers and maintaining their trust. To earn that trust in an environment as vast and varied as ours, requires broad technical and industry skills to drive emergent response and tackle never-before-seen challenges at accelerated scales. Security is our highest priority. As an Amazon Security Operations...
-
Technical Account Manager
2 days ago
Sydney, Australia NCC Group Full timeRole: Technical Account Manager Summary of role NCC Group’s Cloud XDR Team provide world class Extended Detection and Response (XDR) services, detecting, responding and mitigating cyber-attacks on our customers networks in our Security Operations Centres using the Microsoft Sentinel ecosystem. The Cloud XDR Team is looking for a Technical Account...
-
Customer Success Manager, Growth
2 weeks ago
Sydney, Australia Vanta Inc. Full timeAt Vanta, our mission is to help businesses earn and prove trust.We believe that security should be monitored and verified continuously, and we empower companies to practice better security and prove it with ease. Vanta has a kind and talented team, and while some have prior security experience, many have been successful at Vanta without it. As a Vanta...
-
Urgent! Customer Success Manager, Japan
2 weeks ago
Sydney, Australia Vanta Inc. Full timeAt Vanta, our mission is to help businesses earn and prove trust.We believe that security should be monitored and verified continuously, and we empower companies to practice better security and prove it with ease. Vanta has a kind and talented team, and while some have prior security experience, many have been successful at Vanta without it. As a Vanta...