SOC Onboarding, CTI
4 weeks ago
Overview
At Thales, we know technology has the ability to make our world more secure, sustainable, and inclusive – and that it’s all driven by human intelligence. We stay curious, make space for diverse points of view, share what we know, and challenge what’s possible. From manufacturing and engineering to cybersecurity and space, we’re driving progress in some of the world’s most important industries – and working together to build a future we can all trust.
About the Team
Thales delivers cybersecurity products and services that keep people and assets safe, giving organisations confidence in the security of their digital journeys. Our solutions are deployed in 148 countries, helping governments maintain sovereignty and organisations preserve their strategic autonomy. Thales is a global leader in cybersecurity with thousands of experts and developers, delivering in finance, health, retail, manufacturing, aerospace, critical infrastructure, defence and space.
About the Role
The SOC Onboarding, CTI & Engineering Manager is responsible for leading and overseeing three core functions of our security operations capability: onboarding of new clients and technologies, cyber threat intelligence (CTI), and delivery of managed Endpoint Detection and Response (EDR) services. This role combines strategic and hands‑on leadership, cross‑team collaboration, technical direction, and strong client engagement.
You will be accountable for:
1. Lead the planning, coordination, and execution of SOC onboarding projects across diverse clients and technologies.
2. Ensure successful ingestion and normalization of log sources from on‑prem and cloud platforms (e.g., firewalls, EDRs, AWS, Azure, GCP).
3. Define and enforce standard onboarding playbooks and documentation.
4. Coordinate with SIEM/SOAR engineers, client infrastructure teams, and project managers to ensure timely and effective onboarding.
5. Oversee the development and operationalization of threat intelligence capabilities.
6. Integrate CTI into detection engineering, use case development, and incident response workflows.
7. Manage threat feeds, enrichment tools, and MITRE ATT&CK mapping.
8. Lead the creation of threat briefs, intel summaries, and threat hunting guidance.
9. Lead security and automation engineers to deliver client engagements and improve security platforms and automation.
10. Own the architecture, deployment, and lifecycle management of SOC tools including SIEM, SOAR, EDR/XDR, threat intelligence platforms, and log management solutions.
11. Lead integrations between SOC platforms and other enterprise systems (e.g., ITSM, CMDB, cloud platforms).
12. Ensure tool configurations align with detection, compliance, and operational needs.
13. Build and lead a high‑performing team across onboarding, CTI, and delivery functions.
14. Develop career paths, training plans, and performance objectives for team members.
15. Identify areas for process improvement and automation to improve SOC onboarding and threat intelligence maturity.
16. Lead change management efforts related to onboarding frameworks, CTI workflows, and service expansion.
About You
To be successful in this role, you will ideally bring with you:
- 7+ years of experience in cybersecurity operations, with at least 3 years in a leadership or management role.
- Hands-on experience with SIEM/SOAR platforms (e.g., Google Chronicle, Splunk, Sentinel).
- Strong understanding of log management, alert tuning, threat detection, and incident lifecycle.
- Solid grasp of threat intelligence frameworks, IOCs, TTPs, and intelligence lifecycle.
- Demonstrated experience delivering managed SOC services and handling enterprise customers.
- Familiarity with CTI tools (e.g., MISP, Anomali, ThreatConnect, Recorded Future).
- Project management certification (PMP, Agile, ITIL).
- Experience working in MSSP environments.
- Degree qualification in Cybersecurity, Computer Science, or a related field.
- Certifications: CISSP, GCIA, GCTI, GCIH, or similar.
Our Benefits
- Flexible working options
- Paid Parental Leave and Veterans Leave
- Novated Lease options
- Family support through our partnership with Parents at Work
- Ongoing personal and professional development opportunities
- Sonder – Wellbeing & Support Partner
WE ENCOURAGE YOU TO APPLY. After you have applied, you will receive an email acknowledging your application. We’ll provide a personalised experience for suitable applicants as we progress the selection and assessment process. Prior to being offered employment, you will need to complete pre‑employment police checks.
As a Defence security clearance is required for this role, applicants must be Australian citizens and eligible to obtain and maintain an appropriate clearance. To learn more about clearances, please visit the Defence AGSVA portal. This role is identified with the code LG‑PG1.
It’s easy to dismiss the perfect opportunity if you don’t see yourself as the perfect fit. If this role feels right – no matter your background or personal circumstances – please introduce yourself or join our community. We’re committed to supporting a diverse workplace, and that starts here.
We’re proud to be endorsed by WORK180 as an Employer for All Women, and we’ll continue to foster industry partnerships, employee resource groups, and development opportunities to make Thales a genuinely equitable employer for everyone. Read more about our WORK180 endorsement.
#J-18808-Ljbffr
-
▷ (Urgent) Splunk Engineer - Cribl (NV1)
2 weeks ago
Council of the City of Sydney, Australia ROBERT WALTERS AUSTRALIA Full timeOverview Long-term contract to utilise strong Splunk and Cribl skills in an NV1 cleared environment. Experience with Splunk Phantom/SOAR highly desirable. You will be working across different projects from a Splunk perspective, on use case development, log ingestion setup and, in some cases, the setup and build of a Splunk SIEM. This role can be based...
-
Council of the City of Sydney, Australia Vanta Inc. Full timeAt Vanta, our mission is to help businesses earn and prove trust.We believe that security should be monitored and verified continuously, and we empower companies to practice better security and prove it with ease. Vanta has a kind and talented team, and while some have prior security experience, many have been successful at Vanta without it. As a Vanta...
-
[Urgent] Startups Sales Manager
3 weeks ago
Council of the City of Sydney, Australia Vanta Full timeAt Vanta, our mission is to help businesses earn and prove trust.We believe that security should be monitored and verified continuously, and we empower companies to practice better security and prove it with ease. Vanta has a kind and talented team, and while some have prior security experience, many have been successful at Vanta without it. As a Startups...
-
Startups Sales Manager
1 week ago
Council of the City of Sydney, Australia Vanta Inc. Full timeAt Vanta, our mission is to help businesses earn and prove trust.We believe that security should be monitored and verified continuously, and we empower companies to practice better security and prove it with ease. Vanta has a kind and talented team, and while some have prior security experience, many have been successful at Vanta without it. As a Startups...
-
Information Security Consultant
6 days ago
Sydney, Australia Westpac Group Full time**How will I help?** As a part of an **Engineering and Onboarding **team, you will be directly supporting Westpac’s security operations centre (SOC). The primary goal of this role is to provide end-to-end security expertise to the SOC, from security use case definition through to incident response workflows and automation. Your key accountabilities will...
-
Human Resources Adviser
6 days ago
Sydney, New South Wales, Australia CTI Logistics Limited Full time $60,000 - $90,000 per yearWe are seeking an organised and proactive HR Adviser to support our warehousing and transport operations. Reporting to the National Manager, this role will be responsible for providing day-to-day HR support to managers and employees, ensuring compliance, and helping foster a positive workplace culture. The role is based in Sydney however you will be...
-
City of Brisbane, Australia InfoTrust Co. Full timeSOCEmergency Number: 1300 554 798 Managed Services – Technical Delivery Manager Brisbane, QLD Home Careers Managed Services – Technical Delivery Manager THE ROLE Sample senior customer-facing technical leader for Spirit’s key clients, bridging the divide between account and service management. The Technical Delivery Manager (TDM) holds expertise in at...
-
Lead Professional Services Consultant
1 week ago
Sydney, New South Wales, Australia Palo Alto Networks Full timeCompany Description Our MissionAt Palo Alto Networks everything starts and ends with our mission:Being the cybersecurity partner of choice, protecting our digital way of life.Our vision is a world where each day is safer and more secure than the one before. We are a company built on the foundation of challenging and disrupting the way things are done, and...
-
Ps Consultant
2 weeks ago
Sydney, Australia Palo Alto Networks Full timeCompany Description At Palo Alto Networks® everything starts and ends with our mission: Being the cybersecurity partner of choice, protecting our digital way of life. We have the vision of a world where each day is safer and more secure than the one before. These aren’t easy goals to accomplish - but we’re not here for easy. We’re here for better....
-
Ps Consultant
3 days ago
Sydney, Australia Palo Alto Networks Full timeCompany Description **Our Mission** At Palo Alto Networks® everything starts and ends with our mission: Being the cybersecurity partner of choice, protecting our digital way of life. Our vision is a world where each day is safer and more secure than the one before. We are a company built on the foundation of challenging and disrupting the way things are...