SOC Onboarding, CTI & Engineering Manager
The SOC Onboarding, CTI & Engineering Manager is responsible for leading and overseeing three core functions of our security operations capability: onboarding of new clients and technologies, cyber threat intelligence (CTI), and overall delivery of managed Endpoint Detection and Response (EDR) services. This role is both strategic and hands-on, involving cross-team collaboration, technical leadership, and strong client engagement.
You will be accountable for:
- Lead the planning, coordination, and execution of SOC onboarding projects across diverse clients and technologies.
- Ensure successful ingestion and normalization of log sources from on-prem and cloud platforms (e.g., firewalls, EDRs, AWS, Azure, GCP).
- Define and enforce standard onboarding playbooks and documentation.
- Coordinate with SIEM/SOAR engineers, client infrastructure teams, and project managers to ensure timely and effective onboarding
- Oversee the development and operationalization of threat intelligence capabilities.
- Integrate CTI into detection engineering, use case development, and incident response workflows.
- Manage threat feeds, enrichment tools, and TTP mapping using MITRE ATT&CK.
- Lead the creation of threat briefs, intel summaries, and threat hunting guidance.
- Lead security and automation engineers to deliver client engagements and improve security platforms and automation.
- Own the architecture, deployment, and lifecycle management of SOC tools including SIEM, SOAR, EDR/XDR, threat intelligence platforms, and log management solutions.
- Lead integrations between SOC platforms and other enterprise systems (e.g., ITSM, CMDB, cloud platforms).
- Ensure tool configurations align with detection, compliance, and operational needs.
- Build and lead a high-performing team across onboarding, CTI, and delivery functions.
- Develop career paths, training plans, and performance objectives for team members.
- Identify areas for process improvement and automation to improve SOC onboarding and threat intelligence maturity.
- Lead change management efforts related to onboarding frameworks, CTI workflows, and service expansion.
To be successful in this role, you will ideally bring with you:
- 7+ years of experience in cybersecurity operations, with at least 3 years in a leadership or management role.
- Hands-on experience with SIEM/SOAR platforms (e.g., Google Chronicle, Splunk, Sentinel).
- Strong understanding of log management, alert tuning, threat detection, and incident lifecycle.
- Solid grasp of threat intelligence frameworks, IOCs, TTPs, and intelligence lifecycle.
- Demonstrated experience delivering managed SOC services and handling enterprise customers.
- Familiarity with CTI tools (e.g., MISP, Anomali, ThreatConnect, Recorded Future).
- Project management certification (PMP, Agile, ITIL).
- Experience working in MSSP environments.
- Degree qualification in Cybersecurity, Computer Science, or a related field.
- Certifications: CISSP, GCIA, GCTI, GCIH, or similar.
Our Benefits
- Flexible working options
- Paid Parental Leave and Veterans Leave
- Novated Lease options
- Family support through our partnership with Parents at Work
- Ongoing personal and professional development opportunities
- Sonder – Wellbeing & Support Partner
We encourage you to apply. After you have applied, you will receive an email acknowledging your application. We'll then provide a personalized experience for suitable applicants as we progress the selection and assessment process. Prior to being offered employment, you will need to complete pre-employment police checks.
As a Defence security clearance is required for this role, applicants must be Australian citizens and eligible to obtain and maintain an appropriate clearance.