Security Operations Centre Engineer

Triskele Labs are one of the leading providers of cybersecurity services in Australia. We assist clients to reduce their risk of a cyber compromise through the delivery of risk-considered controls. 

Triskele Labs are one of the last remaining boutiques in Australia. We are currently the largest CREST Registered Penetration Testing company in Melbourne and one of the only boutiques to run a 24x7x365 Security Operations Team completely onshore. 

This role sits within Triskele Labs’ Managed Detection and Response (MDR) team and acts as a technical first point of contact for client-side tooling and integration issues. While not a traditional security analyst role, it directly supports the effectiveness of our MDR service by resolving break/fix issues, supporting event source health and onboarding, and handling tool-centric troubleshooting before escalating internally.

The engineer will primarily support log source onboarding and health, agent installation and monitoring issues, connection failures, platform errors, and other Tier 1–2 technical queries across SIEM, EDR, and cloud-native tooling used by clients.

Requirements

Client-Facing Support & Issue Resolution

• Troubleshoot and resolve client-side issues related to SIEM log ingestion, event source connectivity, and agent health (e.g., Elastic Agent, CrowdStrike, Rapid7, Microsoft Sentinel connectors).
• Guide clients on log source setup, supported formats, and collection methods including syslog, API-based ingestion, and agent deployment.
• Investigate and respond to common alerts such as “source offline” or “no logs received in X hours.”
• Serve as a technical liaison between client IT teams and internal SOC personnel, ensuring clear and effective communication.

Tooling & Platform Support

• Diagnose and resolve errors within operational platforms, including Elastic/Kibana dashboards, TheHive case assignments, and Shuffle automation workflows.
• Monitor service health dashboards and proactively follow up with clients regarding degraded or failing sources.
• Escalate complex technical issues to Detection Engineering, Level 3 Engineers, or DevOps after initial triage and basic troubleshooting.

Operational Efficiency & Documentation

• Maintain internal knowledge base (KB) with resolutions and known fixes to support faster issue handling.
• Identify patterns in recurring issues and recommend process improvements or automation opportunities to enhance platform reliability and efficiency.

Preferred Experience

• Professional Background: Experience in Tier 2–3 IT Helpdesk, MSP technician, or IT systems administration with a support-focused role.
• Technical Skills: Familiar with SIEM platforms, endpoint agents (e.g., Elastic Agent, Sentinel), basic networking, and system logging.
• Tooling Experience: Proficient with RMM tools, ticketing systems, endpoint agents, and Windows/Linux environments.
• Security Awareness: Understands the importance of telemetry and the role of log sources in threat detection workflows.
• Soft Skills: Strong communicator with the ability to work confidently with both clients and internal teams.
• Scripting/automation skills (e.g., PowerShell, Bash)
• Familiarity with basic API usage
• Experience working with Microsoft 365 and Azure AD logs

Benefits

Team culture is everything to Triskele Labs and it is the reason we exist. We are a forward-thinking company and always looking for ways to boost our team culture to ensure we are a destination employer. We continually undertake surveys to seek feedback from our team on ways we can improve our work environment and team member experience at Triskele Labs.

We provide our team a great range of additional benefits such as:

• Collaborate closely with industry executives and gain insights from top industry leaders.
• Cutting edge Tech Stack.
• Help influence the SOC's direction while advancing your own career.
• Enjoy a brand-new office located in the heart of Melbourne CBD.
• Frequent events organised by our People & Culture Team.

Working Arrangements:

The role is full time, Monday to Friday in our Collins St Melbourne Office, with flexible working arrangements.