Skip to main content
Posted 12 June, 2026

Senior Security Operations Analyst

Anduril Industries
Sydney, New South Wales, Australia Full Time
Reference: 102_698309_5047245007

Anduril's Detection and Response team is looking for a Security Operations Analyst to be the watchtower for Anduril's critical defence technologies. As a SecOps analyst on the detection and response team, you'll be responsible for monitoring and responding to adversarial activity while helping incorporate key detection feedback loops with the detection engineering team. When not responding to threats, you'll be asking questions of our data sets, conducting threat hunting and data normalisation operations across the organization to understand user behavior and identify anomalies.

WHAT YOU'LL DO

  • Triage and respond to alerts / incidents covering multiple disciplines including, but not limited to, phishing, endpoints, cloud infrastructure and services, and SaaS applications
  • Build and optimise tailored detection signatures, response playbooks, and response automation using detection-as-code principles
  • As the frontline of DNR, you will lead the feedback loop for detections, ensuring alerts are fine tuned to reduce false positives
  • Participate in threat modeling scenarios with cross-functional partners to understand weaknesses across Cloud, Mobile, Endpoints, and other environments incorporating findings into security controls and/or detection signatures
  • Organise and conduct threat hunting and data baselines to identify anomalous patterns in data
  • Participate in an on-call rotation responding to security events and conducting incident response investigations while effectively communicating findings to key stakeholders
  • Proactively collaborate with a wide range of stakeholders

REQUIRED QUALIFICATIONS

  • Experience in security monitoring, log analysis, and detection engineering within large data sets across endpoint, network, and a wide variety of application log sources
  • Experience in Python development, specifically contributing to a shared codebase used for automating SOC operations
  • Must have experience with one or more SIEM languages (SPL, KQL, SQL)
  • Broad range of practical security knowledge across the spectrum of endpoint, network, identity, application, and cloud infrastructure
  • Knowledge of attacker tactics, techniques, and procedures (TTPs) across Windows, Linux, MacOS, AWS/Azure, etc.
  • Strong communication skills and experience collaborating with internal and external stakeholders
  • Eligible to obtain and maintain an Australian NV2 clearance

PREFERRED QUALIFICATIONS

  • Experience conducting incident response in the Cloud (AWS, Azure, GCP)
  • Digital Forensics and/or reverse engineering experience is a plus!


Although we list out what we generally look for, we are very likely missing other attributes and skills that you have that could make you a great fit, but are not currently listed. Research has shown this especially applies to women and other marginalised groups, who tend to apply if they check 100% of every box, versus men who apply if they hit roughly 60%. The point we're getting at, it doesn't hurt to take a chance and apply!

Apply to this Job

Sign up for Job Alerts

By clicking Create Alert, you agree to the Global Terms of Use Agreement and acknowledge that you have read and understand the Global Privacy Policy.