SOC Security Engineer

Perth, AU

Xero

Xero software for small businesses connects you to your bank, accountant, bookkeeper, and other business apps. Start a free trial today.

View all jobs at Xero

Apply now Apply later

Xero is a beautiful, easy-to-use platform that helps small businesses and their accounting and bookkeeping advisors grow and thrive. 
At Xero, our purpose is to make life better for people in small business, their advisors, and communities around the world. This purpose sits at the centre of everything we do. We support our people to do the best work of their lives so that they can help small businesses succeed through better tools, information and connections. Because when they succeed they make a difference, and when millions of small businesses are making a difference, the world is a more beautiful place.
We are looking for a SOC Security Engineer based in Perth WA to join our Security Engineering function at Xero. This role requires overlap with both UK and ANZ timezones as you will be part of a cross-regional team.
About the team
The Defence pod at Xero is the Detection Engineering Team within Security Operations. The team serves as the backbone of proactive threat defence. This specialized group focuses on designing, developing, and refining detection capabilities to identify potential security threats swiftly and accurately. Leveraging cutting-edge technologies, data analytics, and deep security expertise, the team creates and fine-tunes detection rules, threat hunting methodologies, and automated workflows.Collaborating closely with incident responders the Detection Engineering Team plays a crucial role in supporting the Response Analyst Team by ensuring that detection systems and workflows are optimized for effective threat identification and streamlined incident handling.
About the role
A day in the life of a Detection Engineer is dynamic and mission-critical, focused on maintaining and improving the organization’s ability to detect and respond to threats.
The engineering work of a Detection Engineer revolves around designing and implementing systems and solutions that empower the Security Operations Center (SOC) to identify and mitigate threats effectively. Detection Engineers act as the technical architects of the SOC, leveraging coding, automation, and deep knowledge of security technologies.
This role requires a balance of technical expertise, curiosity, and adaptability, as Detection Engineers continuously refine capabilities to outpace adversaries and strengthen organizational defences.

What you'll do

  • Developing Detection Logic: Crafting advanced queries, rules, and signatures for platforms like the SIEM to detect anomalous or malicious activity.
  • Data Pipeline Management: Ensuring log sources are ingested, normalized, and enriched for maximum visibility, maintaining the integrity and performance of data pipelines.
  • Automation and Scripting: Building tools and scripts to automate repetitive tasks, create custom detection mechanisms, and integrate platforms for streamlined workflows.
  • Prototyping and Innovation: Experimenting with new technologies, techniques, and machine learning models to advance detection capabilities.
  • Continuous Improvement: Iteratively refining detection logic based on attack simulations and post-incident reviews to address gaps and improve resilience.
  • Threat Research and Intelligence: Staying updated on the latest threat actor tactics, techniques, and procedures (TTPs) and incorporating them into detection strategies.
  • Incident Support: Collaborating with response teams during investigations by providing insights, creating custom queries, or adjusting detections in real time.
  • Tool Development and Automation: Building scripts, dashboards, and playbooks to streamline and enhance detection and investigation processes.

What you'll bring

  • Relevant engineering experience building and deploying solutions in a production environment on Google Cloud Platform (GCP)
  • Experience with Python
  • Experience with SOAR tools
  • Understanding of Security Operations Centre (SOC)
Why Xero? Offering very generous paid leave to use however you’d like (plus statutory holidays!), dedicated paid leave to care for your physical and mental wellbeing as well as an Employee Assistance Program to access mental health care for you and your family, health insurance, life insurance, and income protection, wellbeing and sports programmes, employee resource groups, 26 weeks of paid parental leave for primary caregivers, an Employee Share Plan, beautiful offices, flexible working, career development, and many other benefits that reflect our human value, you’ll do the best work of your life at Xero.
Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  0  0  0

Tags: Analytics Automation Cloud Data Analytics GCP Machine Learning Prototyping Python Scripting SIEM SOAR SOC Threat Research TTPs

Perks/benefits: Career development Flex hours Health care Parental leave

Region: Asia/Pacific
Country: Australia

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.