Location: Canberra
Engagement: Contract
Clearance: Active NV1 Security Clearance
A major program of work is underway to uplift security telemetry, log rationalisation, and SOC onboarding capabilities across a large, complex environment. We’re seeking an experienced Security Data Pipeline, SIEM & Data Engineering Specialist to join the team and help deliver scalable, modern, and cost efficient security data architectures.
This role is ideal for a senior engineer who thrives in high volume data environments, understands modern security logging ecosystems, and can design and optimise pipelines that support next generation SOC operations.
What You’ll Be Doing
- Designing and implementing advanced security data pipelines (Cribl, Splunk DMX, Kafkabased).
- Architecting and optimising Security Data Lakes (AWS Security Lake, Snowflake, Delta Lake, Microsoft Fabric).
- Configuring and managing SIEM platforms such as Splunk ES or Microsoft Sentinel.
- Developing log rationalisation, enrichment, suppression, and parsing strategies.
- Building scalable ingestion frameworks, schema management, and ETL/ELT processes.
- Enabling federated search and cross platform analytics across SIEM and data lake environments.
- Supporting SOC onboarding, including SOAR, threat intel, and case management integrations.
- Conducting performance benchmarking, readiness assessments, and architecture validation.
- Producing documentation, runbooks, and knowledge transfer materials.
- Active NV1 Security Clearance (essential).
- 5+ years in security engineering, SIEM engineering, or security data platforms.
- Strong data engineering experience across log ingestion, transformation, and distributed systems.
- Hands on expertise with at least one major pipeline technology (Cribl Stream, Splunk DMX, Fluentd, Logstash).
- Experience with modern data lakes (AWS Security Lake, Snowflake, Delta Lake, Microsoft Fabric).
- Proficiency with SIEM platforms such as Splunk ES or Microsoft Sentinel.
- Strong scripting/automation skills (Python, SQL, PowerShell).
- Familiarity with cloud platforms (AWS, Azure, GCP).
- Experience with SOC onboarding workflows, SOAR, ticketing, and threat intelligence integrations.
- Excellent communication and documentation skills.
We are an inclusive employer committed to fostering a diverse and accessible workplace. We encourage applications from Aboriginal and Torres Strait Islander peoples, people with disabilities, LGBTQIA+ individuals, people of all ages, and those from culturally and linguistically diverse backgrounds.
