Australia onlyLAB3 is one of the largest Azure engineering practices in the Australasia region with a focus on Cloud & DevOps, Data, IoT & AI, Modern Workplace, Security, and Network services.
The role:
- We have an amazing permanent opportunity for a L3 SOC analyst on our managed services team ideally with NV1 clearance (or Australian citizenship so we can help you obtain one). This is a senior technical role within an enterprise scale Security Operations Centre supporting complex Azure and hybrid environments.
- Responsible for specialised detection engineering and tuning across cloud, identity, endpoint, and hybrid domains, advancing detection capability, improving analytic fidelity, and maturing SOC monitoring coverage. You will design, develop, tune, optimise and maintain advanced SIEM analytics via KQL, aligned to MITRE ATT&CK and structured threat modelling/ hunting. Develop and maintain SOAR playbooks (Azure Logic Apps) to streamline triage, enrichment, and containment.
- Covers full Level 3 SOC Operations & Incident Management responsibilities during standard business hours, including escalated investigations, queue oversight, incident lifecycle management, operational process upkeep and client engagement. Availability outside business hours is required for critical or high-severity incident response. Operates within SOC maturity standards in accordance with the Australian ISM, MITRE ATT&CK framework, and modern threat-led defence methodologies.
- Responsible for client Engagement & Governance, including hosting client weekly review meetings, structured reporting on incident trends, detection maturity, and uplift initiatives. Participate in Service Requests and Client Change Advisory Board meetings where detection and automation are impacted. Maintain and evolve SOC documentation, runbooks, and process artefacts
- Leadership & SOC Maturity: Serve as a senior subject matter expert in detection engineering and advanced incident analysis, mentoring L1 & L2 analysts. Monitor investigative quality and improve analytical consistency & contribute to continuous improvement of SOC capability .
Our ideal candidate:
- NV1 Clearance or Australian citizenship & the ability to obtain NV1 clearance
- Based in Australia
- Minimum 5+ years’ experience within an enterprise MSSP Security Operations Centre.
- Demonstrated experience in detection engineering and SIEM tuning.
- Proven experience with client facing duties, including governance and Incident response.
- Experience operating autonomously in high-pressure environments.
- Strong experience within Azure cloud-native security environments (preferred).
- Exposure to hybrid and multi-cloud environments (AWS familiarity advantageous).
- Degree in Cyber Security & or relevant Cyber Security Certifications
Core Technical Competencies
- Sentinel, Splunk, Kibana, or equivalent SIEM platforms - Advanced Proficiency. (Microsoft Sentinel preferred)
- Security Investigation Methodology
- XDR and Microsoft Azure Security
- Detection Engineering & Rule Optimisation (mandatory)
- Advanced KQL (mandatory)
- SOAR / Azure Logic Apps
- Threat Intelligence integration
- MITRE ATT&CK proficiency
- Cyber Kill Chain methodology
- Cloud Security Architecture
- DevSecOps principles
- Endpoint Protection platforms
- Privileged Access & Vulnerability Management
- Firewalls, DNS, IDS/IPS, Active Directory
- Splunk, Kibana, or equivalent SIEM platforms
- Regular Expressions
- Understanding of Threat Hunting and Penetration Testing methodologies
What’s in it for you?
- Be part of a Managed Services team that truly leverages modern technologies to solve real problems and provides top level of customer satisfaction
- Work with a Microsoft Partner of the Year award winner with multiple specialisations, consistently punching above our weight on the global technology stage
- Be supported by experienced peers and leaders, with clear career pathways and ongoing learning, including Microsoft and HashiCorp certifications, all in a community that values technical expertise, and encourages innovation and practical experimentation with automation and AI
- Enjoy a supportive workplace that values inclusion, flexibility, diversity, and differences. We actively encourage and embrace all cultural backgrounds, genders, abilities, and circumstances
- Take advantage of largely working from home in our remote/hybrid workplace and enjoy the flexibility to balance your life
- Thrive in a community with strong values #BeTrue #TeamUp #StandOut #ThinkAhead #FearLessAchieveMore
Apply now, call or connect on LinkedIn for further information.
