Cyber Security Operations Analyst (SIEM / Detection Engineering)

Countersight

Role Type

  • On-site • Permanent • Full-time • Mid-level Senior

Who we are

Countersight is a specialist cybersecurity company delivering security research, capability development and consulting services to clients within government and across the private sector. We are independent, Australian, and Canberra based but with the flexibility to operate Australia wide.

Our team works on interesting problems across the entire technology stack, from embedded systems to web and mobile applications, finding creative ways to deliver the capability our clients need.

The Role

Role Title: Senior Cyber Security Operations Analyst (SIEM / Detection Engineering)

Location: Canberra, ACT

Hours: Full-time

Salary: $100,000 – $180,000 (plus super) based on experience

Our Senior Cyber Security Operations Analysts work closely with client Cyber Security Operations Centres (CSOCs) to ensure SIEM and supporting security platforms are operational, optimised, and continuously improving.

This role is focused on hands-on SIEM engineering and operations, including onboarding log sources, improving data quality, tuning detection content, and optimising platform performance and cost.

Working as an embedded subject matter expert within client environments, you will collaborate with infrastructure, cloud, application and business teams to ensure security telemetry is fit-for-purpose and supports effective detection and response outcomes.

Typical responsibilities include:

  • Monitoring and maintaining SIEM platform health, ensuring availability and fitness for use by SOC analysts
  • Onboarding and integrating log sources across network, endpoint, cloud and application environments
  • Improving log fidelity, structure, and consistency to maximise detection effectiveness
  • Monitoring and analysing log ingestion rates and trends
  • Identifying and implementing optimisation opportunities to improve performance and reduce storage/ingestion costs
  • Developing and tuning correlation rules, alerts, dashboards and reports to reduce false positives and improve detection coverage
  • Maintaining and enhancing SIEM integrations, including threat intelligence feeds and API-based connections
  • Supporting incident response and remediation activities in collaboration with SOC teams
  • Developing and maintaining standard operating procedures for cyber security tooling
  • Engaging with system owners and stakeholders to uplift logging maturity and support ongoing capability improvements

What we are looking for

We are looking for experienced cyber security professionals with a strong background in SIEM, security operations, or detection engineering, particularly those who enjoy working at the intersection of security operations, data engineering, and platform optimisation.

Must-have

  • 3+ years’ hands-on experience in SIEM engineering, SOC operations, or cyber security operations roles.
  • Strong experience onboarding, parsing, normalising, and structuring logs from diverse sources.
  • Experience designing, building, and maintaining SIEM content including correlation rules, dashboards, reports, alerts and detection logic.
  • Experience monitoring and managing log ingestion, data quality, and platform performance.
  • Ability to analyse ingestion trends and identify optimisation opportunities.
  • Strong stakeholder engagement and communication skills.
  • Australian Government security clearance (NV1 minimum) or the ability to maintain one.

Nice-to-have

  • Experience with Google SecOps, Chronicle, or similar SIEM platforms.
  • Experience with log forwarding and pipelines (e.g. Bindplane or equivalent).
  • Understanding of detection engineering practices and threat-informed defence.
  • Familiarity with threat tactics, techniques and procedures (TTPs).
  • Experience supporting incident response and threat hunting.
  • Exposure to EDR, XDR, SOAR and related technologies.
  • Understanding of cloud platforms, APIs, and modern application architectures.
  • Familiarity with Australian Government environments and compliance frameworks.

Why work for Countersight

As a small company, we prioritise supporting our team and fostering a positive, flexible, and enjoyable work culture. Collaboration, continuous learning and the latitude to experiment are the heart of our approach.

Our main office is located a short walk from Braddon and some of Canberra’s most popular cafes, restaurants, breweries and coffee roasters, and is also convenient for public transport, including light rail.

Our work and client focus allows us to directly contribute to the security and success of our community, and we believe that security is the key ingredient in opening up the promise of technology.

We thrive on deep technical challenges and relish the opportunity to extend our knowledge and explore the limits of the technologies we work with.

We enjoy what we do, and we think you will too.

Eligibility

To be eligible to apply for this position you must meet the below eligibility criteria:

  • Be an Australian Citizen.
  • Hold or be eligible to hold a NV1 security clearance (minimum).
  • Satisfy pre-employment screening.

Application Procedure

Please apply at https://employmenthero.com/jobs/position/countersight-proprietary-limited-cyber-security-operations-analyst-siem-detection-engineering-p4lhg/ and provide a current resume along with a covering letter highlighting your relevant experience and any publicly available examples of your work.

Please feel free to get in touch with any questions you may have about this role via ***email_hidden***.