Job title: 1 Principal Security Engineer Cyber Advisor
Job type: Contract
Emp type: Full-time
Pay interval: Hourly
Pay rate: negotiable
Job published: 17/07/2026

Job Description

Job Title: Principal Security Engineer Cyber Advisor

Security Clearance: Must be able to obtain Negative Vetting Level 1

Duration: Initial 36 months with any number of 12-month extensions

Industry: Information Technology

Functional Expertise: Cyber Security

Sub-functional Expertise: Security Engineering / SIEM & SOAR

Location of work: ACT

Working arrangements: The primary office is in Canberra, however working remotely from an alternate location (including work from home) and/or flexible work arrangements may be considered. Any approval is at the sole discretion of our client.

Closing date: 9AM Thursday, 30 July 2026

Description:

Our client is seeking an experienced Principal Security Engineer Cyber Advisor to provide expert cyber security advice and technical leadership across enterprise security operations. The successful candidate will design, implement and optimise SIEM and SOAR capabilities, enhance threat detection and response, and contribute to the ongoing improvement of cyber security operations through automation, mentoring, stakeholder engagement and continuous improvement initiatives.

Responsibilities:

  • Design and implement onboarding of log sources into the SIEM from cloud, on-premise, identity, endpoint and network platforms.
  • Develop and maintain parsing, normalisation and data quality standards for logs.
  • Build and maintain SOAR workflows to automate alert triage, enrichment, containment and response.
  • Integrate SIEM and SOAR platforms with security and IT tooling including EDR, IAM, ticketing, email, firewall and threat intelligence systems.
  • Develop, tune and maintain high-quality detection rules aligned to threat detection capability, attacker techniques and organisational risk.
  • Create and maintain SOC playbooks and operational runbooks mapped to automated workflows.
  • Reduce false positives and improve alert fidelity through continuous tuning and enrichment.
  • Support incident response through log analysis, detection insights and rapid rule development.
  • Conduct detection gap analysis following cyber events, incidents and threat intelligence updates.
  • Maintain performance, reliability and configuration of SIEM/SOAR platforms.
  • Implement dashboards for monitoring and health checks for SIEM/SOAR platforms.
  • Develop and maintain clear, accessible documentation for analysts and capture system knowledge to support ongoing operations and knowledge transfer.
  • Define and report on key detection and response performance metrics to assess effectiveness and inform continuous improvement initiatives.
  • Maintain current technical knowledge through ongoing professional development.
  • Establish and maintain effective business relationships and professional networks.
  • Contribute to improved ICT practices and procedures.
  • Provide mentoring, coaching and training.
  • Work effectively within a small team and broader organisational environment.
  • Deliver work within agreed timeframes and quality standards.
  • Record and maintain documentation in accordance with organisational requirements.

Requirements:

  • Demonstrated hands-on experience as a technical lead implementing and administering enterprise SIEM platforms such as Microsoft Sentinel, Microsoft Defender, IBM QRadar, Elastic or Splunk.
  • Strong experience with automation, writing complex queries, correlation rules, parsers and developing SOC playbooks.
  • Proven ability to optimise and integrate SIEM platforms, reduce false positives and improve alert quality.
  • Experience designing and implementing SIEM and SOAR solutions.
  • Experience integrating security platforms with EDR, IAM, ticketing, email, firewall and threat intelligence systems.
  • Strong understanding of threat detection engineering and incident response.
  • Experience developing dashboards, reporting metrics and technical documentation.
  • Strong stakeholder engagement, mentoring and communication skills.

Key Capabilities:

  • Technical leadership across cyber security engineering initiatives.
  • SIEM and SOAR implementation and optimisation.
  • Threat detection engineering and incident response.
  • Security automation and orchestration.
  • Stakeholder engagement and collaboration.
  • Technical documentation and knowledge transfer.
  • Continuous improvement and mentoring.

How to apply:

Please submit your application including your resume and a completed application form addressing the essential and desirable criteria. Ensure your application highlights your experience and any relevant certifications.