Detection and Response Engineer (AU) at DroneShield
Sydney, New South Wales, Australia -
Full Time


Start Date

Immediate

Expiry Date

11 Oct, 26

Salary

0.0

Posted On

13 Jul, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Incident Response, Detection Engineering, SIEM, Threat Intelligence, Cloud Security, Automation, Digital Forensics, Vulnerability Management, Python, Bash, KQL, Go, Powershell, Linux, MacOS, Log Analysis

Industry

Defense and Space Manufacturing

Description
About the role DroneShield is seeking a Detection and Response Engineer with relevant experience to join the Security team in Sydney, NSW. The Security team is a nimble team responsible for protecting DroneShield's assets and users. Our adversaries are sophisticated and use state-of-the-art tooling. To protect DroneShield, we need to focus on the biggest risks, eliminate threats, focus on automation to scale our efforts and continually increase the cost for the attackers. Key responsibilities for this role include own and improve our existing detection strategy, including tooling, custom detections, process, threat intelligence etc. This role will also be responsible for the response strategy including handling incidents, being incident commander, staff training, tooling and others. Other areas this role will influence and/or drive change are corporate security and vulnerability management. Detection and Response should be viewed as a closed loop. Detections should enhance responses and focus on providing enriched information to responders and improving the signal-to-noise ratio. Responders should leverage automated playbooks to respond to incidents as quickly as possible and use incident reviews as opportunities to improve or create new detections. The ideal candidate will have a strategic view of both spaces and will drive change so that this loop works well – they will improve and implement our detection strategy to facilitate response and will use response metrics and learnings to influence new detections. They will enhance this process with threat intelligence and vulnerability management metrics as well. The ideal candidate will have strong communication skills, being a hands-on engineer and will have a systemic view of the problem space focusing on solving the biggest problems and designing solutions that can scale. Experience in detection and response operations, including the investigation, triage, and management of security incidents. Exposure to incident coordination and stakeholder communication during security events is desirable. Experience with automation and forensics is highly desirable. This position offers the opportunity to contribute to the security of hardware products with complex threat models. Responsibilities, Duties and Expectations Detection & Monitoring Develop, tune, and maintain detection rules across SIEM and security tooling Improve signal-to-noise ratio by reducing false positives and enhancing alert fidelity Leverage threat intelligence, vulnerability data, and attacker techniques to build new detections Incident Response Investigate and respond to security incidents across endpoints, cloud, and SaaS environments Support incident handling from detection through containment, eradication, and recovery Participate in incident response rotations and follow established runbooks Assist in coordinating cross-team response efforts during incidents Automation & Tooling Contribute to automation of detection and response workflows (e.g. scripts, playbooks) Work with security orchestration tools to improve response efficiency Support development and improvement of internal security tools Continuous Improvement Conduct post-incident reviews (RCA) and contribute to lessons learned Identify gaps in detection and response capabilities and propose improvements Maintain and improve incident response documentation and runbooks Collaboration & Communication Work closely with engineering, IT, and security teams on investigations and improvements Communicate findings and incident updates clearly to stakeholders Contribute to building a strong security culture across the organization Qualifications, Experience and Skills 3-6 years of experience in security operations, incident response, or detection engineering Hands-on experience investigating security incidents in cloud or enterprise environments Familiarity with SIEM platforms and log analysis Basic scripting or programming experience (Python, Bash, KQL, Go or Powershell) Understanding of common attack techniques, malware behaviour, and threat lifecycle Experience with Linux/macOS command line environments Knowledge of cloud platforms (AWS, Azure or similar) Strong analytical and problem-solving skills Nice to Have Experience with detection-as-code or infrastructure-as-code Exposure to malware analysis or digital forensics Experience with automation frameworks or SOAR platforms Understanding of threat modelling and attacker methodologies Familiarity with modern security tools (EDR, IDS, cloud security tools) Interest in leveraging AI/LLMs for security operations What Success Looks Like Effectively triaging and responding to security alerts with minimal supervision Contributing meaningful improvements to detection coverage and response speed Building automation that reduces manual workload Demonstrating growth toward owning incident response and detection strategy Why This Role Hands-on exposure to real-world security incidents Opportunity to grow into a senior D&R or security engineering role Work in a fast-paced, high-impact security environment Contribute to protecting critical systems and users Note for recruitment agencies: We do not accept unsolicited candidates from external recruiters unless specifically instructed.
Responsibilities
Own and improve the detection strategy and response processes to protect company assets and users. This includes developing detection rules, handling security incidents as an incident commander, and automating workflows to scale security efforts.
Loading...