SOC Onboarding, CTI & Engineering Manager

SOC Onboarding, CTI & Engineering Manager

The SOC Onboarding, CTI & Engineering Manager is responsible for leading and overseeing three core functions of our security operations capability: onboarding of new clients and technologies, cyber threat intelligence (CTI), and overall delivery of managed Endpoint Detection and Response (EDR) services. This role is both strategic and hands-on, involving cross-team collaboration, technical leadership, and strong client engagement.

You will be accountable for:

• Lead the planning, coordination, and execution of SOC onboarding projects across diverse clients and technologies.
• Ensure successful ingestion and normalization of log sources from on-prem and cloud platforms (e.g., firewalls, EDRs, AWS, Azure, GCP).
• Define and enforce standard onboarding playbooks and documentation.
• Coordinate with SIEM/SOAR engineers, client infrastructure teams, and project managers to ensure timely and effective onboarding
• Oversee the development and operationalization of threat intelligence capabilities.
• Integrate CTI into detection engineering, use case development, and incident response workflows.
• Manage threat feeds, enrichment tools, and TTP mapping using MITRE ATT&CK.
• Lead the creation of threat briefs, intel summaries, and threat hunting guidance.
• Lead security and automation engineers to deliver client engagements and improve security platforms and automation.
• Own the architecture, deployment, and lifecycle management of SOC tools including SIEM, SOAR, EDR/XDR, threat intelligence platforms, and log management solutions.
• Lead integrations between SOC platforms and other enterprise systems (e.g., ITSM, CMDB, cloud platforms).
• Ensure tool configurations align with detection, compliance, and operational needs.
• Build and lead a high-performing team across onboarding, CTI, and delivery functions.
• Develop career paths, training plans, and performance objectives for team members.
• Identify areas for process improvement and automation to improve SOC onboarding and threat intelligence maturity.
• Lead change management efforts related to onboarding frameworks, CTI workflows, and service expansion.

To be successful in this role, you will ideally bring with you:

• 7+ years of experience in cybersecurity operations, with at least 3 years in a leadership or management role.
• Hands-on experience with SIEM/SOAR platforms (e.g., Google Chronicle, Splunk, Sentinel).
• Strong understanding of log management, alert tuning, threat detection, and incident lifecycle.
• Solid grasp of threat intelligence frameworks, IOCs, TTPs, and intelligence lifecycle.
• Demonstrated experience delivering managed SOC services and handling enterprise customers.
• Familiarity with CTI tools (e.g., MISP, Anomali, ThreatConnect, Recorded Future).
• Project management certification (PMP, Agile, ITIL).
• Experience working in MSSP environments.
• Degree qualification in Cybersecurity, Computer Science, or a related field.
• Certifications: CISSP, GCIA, GCTI, GCIH, or similar.

Our Benefits

• Flexible working options
• Paid Parental Leave and Veterans Leave
• Novated Lease options
• Family support through our partnership with Parents at Work
• Ongoing personal and professional development opportunities
• Sonder – Wellbeing & Support Partner

We encourage you to apply. After you have applied, you will receive an email acknowledging your application. We'll then provide a personalized experience for suitable applicants as we progress the selection and assessment process. Prior to being offered employment, you will need to complete pre-employment police checks.

As a Defence security clearance is required for this role, applicants must be Australian citizens and eligible to obtain and maintain an appropriate clearance.