Senior Threat & Vulnerability Engineer

A national critical infrastructure organization is hiring a Senior Threat & Vulnerability Engineer to lead threat detection uplift, incident response, and vulnerability management across enterprise IT and OT environments. This is a hands-on leadership role reporting into the Cyber Defence Manager, with a clear 2IC remit and contribution to 24/7 readiness in a regulated critical infrastructure setting.

Key Responsibilities

• Lead cyber incident response and red/purple team simulations
• Uplift detection capabilities: improve log coverage, onboard assets to SOC, optimise ingestion
• Design automation workflows and scripts to improve response efficiency
• Drive the vulnerability management program: track high-risk CVEs, support remediation, report to leadership
• Work closely with engineering/project teams to embed security by design
• Act as a delegate for the Cyber Defence Manager (including on-call responsibilities)
• Support compliance initiatives (e.g., SoCI Act) with strong risk documentation and control alignment
• Communicate cyber risks clearly to both technical and business stakeholders

What We’re Looking For

• Strong hands-on experience in cyber incident response and threat detection
• Deep knowledge of frameworks like MITRE ATT&CK, Cyber Kill Chain
• Technical capability across:
• SIEM: Exabeam (or similar)
• EDR: CrowdStrike
• Vuln Mgmt: Tenable
• Logging/Scripting: ELK, Python
• Comfortable in a fast-paced, high-stakes environment with diverse stakeholders
• Prior experience in regulated sectors or critical infrastructure is a plus

Aboriginal and Torres Strait Islander Peoples are encouraged to apply.
To apply please click apply or call Cody Berry on 02 8289 3123 for a confidential discussion.