Anduril's Detection and Response team is looking for a Security Operations Analyst to be the watchtower for Anduril's critical defence technologies. As a SecOps analyst on the detection and response team, you'll be responsible for monitoring and responding to adversarial activity while helping incorporate key detection feedback loops with the detection engineering team. When not responding to threats, you'll be asking questions of our data sets, conducting threat hunting and data normalisation operations across the organization to understand user behavior and identify anomalies.

WHAT YOU'LL DO

• Triage and respond to alerts / incidents covering multiple disciplines including, but not limited to, phishing, endpoints, cloud infrastructure and services, and SaaS applications
• Build and optimise tailored detection signatures, response playbooks, and response automation using detection-as-code principles
• As the frontline of DNR, you will lead the feedback loop for detections, ensuring alerts are fine tuned to reduce false positives
• Participate in threat modeling scenarios with cross-functional partners to understand weaknesses across Cloud, Mobile, Endpoints, and other environments incorporating findings into security controls and/or detection signatures
• Organise and conduct threat hunting and data baselines to identify anomalous patterns in data
• Participate in an on-call rotation responding to security events and conducting incident response investigations while effectively communicating findings to key stakeholders
• Proactively collaborate with a wide range of stakeholders

REQUIRED QUALIFICATIONS

• Experience in security monitoring, log analysis, and detection engineering within large data sets across endpoint, network, and a wide variety of application log sources
• Experience in Python development, specifically contributing to a shared codebase used for automating SOC operations
• Must have experience with one or more SIEM languages (SPL, KQL, SQL)
• Broad range of practical security knowledge across the spectrum of endpoint, network, identity, application, and cloud infrastructure
• Knowledge of attacker tactics, techniques, and procedures (TTPs) across Windows, Linux, MacOS, AWS/Azure, etc.
• Strong communication skills and experience collaborating with internal and external stakeholders
• Eligible to obtain and maintain an Australian NV2 clearance

PREFERRED QUALIFICATIONS

• Experience conducting incident response in the Cloud (AWS, Azure, GCP)
• Digital Forensics and/or reverse engineering experience is a plus!

Although we list out what we generally look for, we are very likely missing other attributes and skills that you have that could make you a great fit, but are not currently listed. Research has shown this especially applies to women and other marginalised groups, who tend to apply if they check 100% of every box, versus men who apply if they hit roughly 60%. The point we’re getting at, it doesn’t hurt to take a chance and apply!

BeyondTrust is a place where you can bring your purpose to life through the work that you do, creating a safer world through our cybersecurity SaaS portfolio.

Our culture of flexibility, trust, and continual learning means you will be recognized for your growth, and for the impact you make on our success. You will be surrounded by people who challenge, support, and inspire you to be the best version of yourself.

The Role

BeyondTrust is a global leader in privileged access management. Our products provide remote access and privileged control capabilities that are deployed across thousands of enterprise environments worldwide. That makes us a high-value target. Nation-state actors, ransomware operators, and sophisticated threat groups actively target companies like ours—not just to compromise our corporate environment, but to reach the customers who trust our software to protect their most sensitive systems. A compromise of BeyondTrust is a compromise of the privileged access layer inside our customers’ networks. We take that responsibility seriously.

As a SOC Analyst on our Cyber Defense Operations team, you will serve as a front-line defender responsible for protecting both BeyondTrust’s enterprise infrastructure and the integrity of the products our customers depend on. You will monitor, investigate, and respond to security events in an environment where the stakes are real and the adversaries are capable. You will work alongside experienced threat hunters, incident responders, and detection engineers in a collaborative team that values sharp analytical thinking over checkbox compliance.

This team is building toward an AI-augmented operating model. You will be expected to use AI-driven tools in your daily work and to contribute to how we integrate these capabilities into our detection, triage, and response workflows. We are not looking for people who are waiting to be told what to do—we are looking for people who want to build something.

What You’ll Do

Alert Triage & Monitoring 

• Monitor and triage security alerts across SIEM, EDR, and CSPM platforms covering both corporate and product environments.
• Investigate alerts to determine scope, severity, and whether escalation is warranted.
• Leverage AI-assisted triage and enrichment tools to accelerate analysis and reduce mean time to detect.
• Classify, document, and track alerts through the full lifecycle using ticketing and case management systems.

Incident Response & Investigation 

• Participate in or lead incident response engagements from detection through remediation, including evidence collection, forensic analysis, root cause determination, and stakeholder communication.
• Conduct investigations across SIEM, EDR, CSPM, and cloud-native log sources including identity provider logs, cloud audit trails, and network flow data—spanning both corporate and product infrastructure.
• Execute established IR runbooks across identity, endpoint, cloud, and email investigation workflows.
• Manage or assist with evidence handling, forensic artifact collection, and chain-of-custody procedures.
• Produce clear, decision-ready incident summaries and post-incident reports for both technical and leadership audiences.

Detection Engineering & Threat Intelligence 

• Contribute to the design, implementation, and tuning of detection rules across SIEM and EDR platforms, with a focus on reducing false positives and closing coverage gaps.
• Translate threat intelligence (CVE advisories, CISA alerts, vendor bulletins, open-source feeds) into actionable detection content, with particular attention to threats targeting privileged access tooling and supply chain attack vectors.
• Help maintain and evolve detection coverage mapped to MITRE ATT&CK.
• Partner with threat hunting peers to validate detection logic through hypothesis-driven hunts.

AI Integration & Automation 

• Use AI-driven tools for alert triage, enrichment, and investigation as a standard part of daily operations.
• Contribute to the evaluation, integration, and optimization of AI and automation capabilities across the team’s workflows.
• Assist in designing prompts, agent workflows, or LLM-based pipelines that augment analyst capabilities and reduce manual effort.
• Partner with engineering teams to improve log ingestion, data quality, and tool integrations.

Operational Excellence 

• Maintain daily operational notes and shift handoff documentation.
• Contribute to and refine IR runbooks, playbooks, and standard operating procedures.
• Participate in on-call rotation for after-hours incident escalation.
• Track and report on operational metrics (MTTD, MTTR, MTTC, false positive rate) and identify improvement opportunities.
• Participate in tabletop exercises, purple team activities, and post-incident reviews. 

What You’ll Bring

• 2+ years of experience in a SOC, security operations, or incident response role.
• Understanding of common attack frameworks (MITRE ATT&CK), network protocols, and endpoint behavior.
• Experience with at least one SIEM platform and familiarity with writing search or detection queries.
• Familiarity with EDR platforms and cloud environments (IaaS preferred).
• Comfort using AI systems (e.g., LLM-based assistants, copilots, or AI-driven analysis tools) as part of security workflows.
• Strong written communication skills; able to document findings clearly and concisely for both technical and non-technical audiences.

Nice To Have

• Experience leading or co-leading complex incident response engagements from triage through remediation.
• Experience with identity and access management platforms and cloud security posture management tools.
• Scripting and automation skills (Python, PowerShell, or equivalent) applied to security workflows.
• Familiarity with SOAR platforms or orchestration tools for automated response and enrichment.
• Experience designing or implementing AI agent architectures, LLM-based automation pipelines, or prompt engineering for security use cases.
• Experience building or contributing to threat intelligence programs or detection-as-code pipelines.
• Understanding of the privileged access management landscape and the threat actors that target it.
• Track record of evaluating and adopting emerging technologies in a production security environment.

Better Together

Diversity. Inclusion. They’re more than just words for us. They are the guiding values of how we build our teams, cultivate leaders, and create a culture where people feel connected.

We take care of our employees so they can take care of our customers. Customers who come from all walks of life just like us. We hire incredible people from diverse backgrounds because when we are different together, we are stronger together.

About Us

BeyondTrust is the global identity security leader protecting Paths to Privilege™. Our identity-centric approach goes beyond securing privileges and access, empowering organizations with the most effective solution to manage the entire identity attack surface and neutralize threats, whether from external attacks or insiders.

BeyondTrust is leading the charge in transforming identity security to prevent breaches and limit the blast radius of attacks, while creating a superior customer experience and operational efficiencies. We are trusted by 20,000 customers, including 75 of the Fortune 100, and our global ecosystem of partners.

Learn more at www.beyondtrust.com. 

#LI-DF1

BeyondTrust is a place where you can bring your purpose to life through the work that you do, creating a safer world through our cybersecurity SaaS portfolio.

Our culture of flexibility, trust, and continual learning means you will be recognized for your growth, and for the impact you make on our success. You will be surrounded by people who challenge, support, and inspire you to be the best version of yourself.

The Role

BeyondTrust is a global leader in privileged access management. Our products provide remote access and privileged control capabilities that are deployed across thousands of enterprise environments worldwide. That makes us a high-value target. Nation-state actors, ransomware operators, and sophisticated threat groups actively target companies like ours—not just to compromise our corporate environment, but to reach the customers who trust our software to protect their most sensitive systems. A compromise of BeyondTrust is a compromise of the privileged access layer inside our customers’ networks. We take that responsibility seriously.

As a SOC Analyst on our Cyber Defense Operations team, you will serve as a front-line defender responsible for protecting both BeyondTrust’s enterprise infrastructure and the integrity of the products our customers depend on. You will monitor, investigate, and respond to security events in an environment where the stakes are real and the adversaries are capable. You will work alongside experienced threat hunters, incident responders, and detection engineers in a collaborative team that values sharp analytical thinking over checkbox compliance.

This team is building toward an AI-augmented operating model. You will be expected to use AI-driven tools in your daily work and to contribute to how we integrate these capabilities into our detection, triage, and response workflows. We are not looking for people who are waiting to be told what to do—we are looking for people who want to build something.

What You’ll Do

Alert Triage & Monitoring 

• Monitor and triage security alerts across SIEM, EDR, and CSPM platforms covering both corporate and product environments.
• Investigate alerts to determine scope, severity, and whether escalation is warranted.
• Leverage AI-assisted triage and enrichment tools to accelerate analysis and reduce mean time to detect.
• Classify, document, and track alerts through the full lifecycle using ticketing and case management systems.

Incident Response & Investigation 

• Participate in or lead incident response engagements from detection through remediation, including evidence collection, forensic analysis, root cause determination, and stakeholder communication.
• Conduct investigations across SIEM, EDR, CSPM, and cloud-native log sources including identity provider logs, cloud audit trails, and network flow data—spanning both corporate and product infrastructure.
• Execute established IR runbooks across identity, endpoint, cloud, and email investigation workflows.
• Manage or assist with evidence handling, forensic artifact collection, and chain-of-custody procedures.
• Produce clear, decision-ready incident summaries and post-incident reports for both technical and leadership audiences.

Detection Engineering & Threat Intelligence 

• Contribute to the design, implementation, and tuning of detection rules across SIEM and EDR platforms, with a focus on reducing false positives and closing coverage gaps.
• Translate threat intelligence (CVE advisories, CISA alerts, vendor bulletins, open-source feeds) into actionable detection content, with particular attention to threats targeting privileged access tooling and supply chain attack vectors.
• Help maintain and evolve detection coverage mapped to MITRE ATT&CK.
• Partner with threat hunting peers to validate detection logic through hypothesis-driven hunts.

AI Integration & Automation 

• Use AI-driven tools for alert triage, enrichment, and investigation as a standard part of daily operations.
• Contribute to the evaluation, integration, and optimization of AI and automation capabilities across the team’s workflows.
• Assist in designing prompts, agent workflows, or LLM-based pipelines that augment analyst capabilities and reduce manual effort.
• Partner with engineering teams to improve log ingestion, data quality, and tool integrations.

Operational Excellence 

• Maintain daily operational notes and shift handoff documentation.
• Contribute to and refine IR runbooks, playbooks, and standard operating procedures.
• Participate in on-call rotation for after-hours incident escalation.
• Track and report on operational metrics (MTTD, MTTR, MTTC, false positive rate) and identify improvement opportunities.
• Participate in tabletop exercises, purple team activities, and post-incident reviews. 

What You’ll Bring

• 2+ years of experience in a SOC, security operations, or incident response role.
• Understanding of common attack frameworks (MITRE ATT&CK), network protocols, and endpoint behavior.
• Experience with at least one SIEM platform and familiarity with writing search or detection queries.
• Familiarity with EDR platforms and cloud environments (IaaS preferred).
• Comfort using AI systems (e.g., LLM-based assistants, copilots, or AI-driven analysis tools) as part of security workflows.
• Strong written communication skills; able to document findings clearly and concisely for both technical and non-technical audiences.

Nice To Have

• Experience leading or co-leading complex incident response engagements from triage through remediation.
• Experience with identity and access management platforms and cloud security posture management tools.
• Scripting and automation skills (Python, PowerShell, or equivalent) applied to security workflows.
• Familiarity with SOAR platforms or orchestration tools for automated response and enrichment.
• Experience designing or implementing AI agent architectures, LLM-based automation pipelines, or prompt engineering for security use cases.
• Experience building or contributing to threat intelligence programs or detection-as-code pipelines.
• Understanding of the privileged access management landscape and the threat actors that target it.
• Track record of evaluating and adopting emerging technologies in a production security environment.

Better Together

Diversity. Inclusion. They’re more than just words for us. They are the guiding values of how we build our teams, cultivate leaders, and create a culture where people feel connected.

We take care of our employees so they can take care of our customers. Customers who come from all walks of life just like us. We hire incredible people from diverse backgrounds because when we are different together, we are stronger together.

About Us

BeyondTrust is the global identity security leader protecting Paths to Privilege™. Our identity-centric approach goes beyond securing privileges and access, empowering organizations with the most effective solution to manage the entire identity attack surface and neutralize threats, whether from external attacks or insiders.

BeyondTrust is leading the charge in transforming identity security to prevent breaches and limit the blast radius of attacks, while creating a superior customer experience and operational efficiencies. We are trusted by 20,000 customers, including 75 of the Fortune 100, and our global ecosystem of partners.

Learn more at www.beyondtrust.com. 

#LI-DF1

Verra Mobility is a global leader in smart mobility. We develop technology-driven solutions to make transportation safer and more convenient worldwide. We work with police departments and municipalities across North America, the Asia Pacific and Europe to install safety cameras, including red-light, speed, and school bus stop arm cameras. We manage tolling transactions and violations for the world's largest commercial fleets and rental car companies, serving over 8.5 million vehicles whilst, via our proprietary connected systems, are processing nearly 165 million transactions each year for more than 50 tolling authorities.

We are seeking an experienced Information Security Analyst – Security Ops & Risk to strengthen our information security capability across Australia and the broader international business.

This is a permanent, full-time and hybrid role, working from home and our National Head Office, South Melbourne.

The role: 

This hands-on role suits someone with strong security operations experience who can operate independently as a key security resource in the business. You will take ownership of security monitoring, vulnerability management, incident response, control improvement and security reporting.

Beyond SOC monitoring, you will investigate security events, coordinate remediation, improve processes, support audits and work with technology, operations and corporate teams to manage security risk in a regulated environment.

As an Information Security Analyst at Verra Mobility you will work on:

• Monitor, triage and investigate security alerts across SIEM, EDR, network and cloud environments.
• Coordinate security incidents, including investigation, escalation, documentation, containment and post-incident review.
• Own vulnerability management activities, including scanning, prioritisation, remediation tracking and reporting.
• Review security controls across cloud, endpoint, network and application environments.
• Support penetration testing, external assessments and remediation planning.
• Improve detection, response and reporting capability across security tools and processes.
• Maintain security documentation, incident reports, risk records and audit evidence.
• Partner with IT, engineering, operations and external vendors to reduce security risk.
• Support compliance, governance and audit activities across a regulated technology environment.
• Contribute to the maturity of security practices, processes, standards and controls

Technical Skills

• SIEM, EDR, IDS/IPS, vulnerability scanning and incident response tools.
• Cloud security exposure across AWS, Azure or similar environments.
• Understanding of IOCs, MITRE ATT&CK, phishing, malware and common attack techniques.
• Familiarity with security frameworks such as Essential Eight, ISO 27001, NIST CSF or similar.

Who are you?

You are an experienced security operations professional who can operate independently as a trusted security resource in the business. You bring hands-on experience across security monitoring, incident response, vulnerability management and control improvement, with the judgement to investigate issues, coordinate remediation and manage risk in a regulated environment.

You are accountable, analytical and calm under pressure, with clear communication skills and the confidence to work effectively with technical and non-technical stakeholders.

To apply, click below, submit your resume and a cover letter detailing your suitability for the role. We look forward to your application!

We value the unique backgrounds, experiences, and contributions that each person brings to our community and encourage and celebrate diversity.  First Nations people, those identifying as LGBTQIA+, females, people of all ages, with disabilities and culturally and linguistically diverse people are encouraged to apply. Our aim is to create a workforce that reflects the community in which we live.

About ROLLER

ROLLER isn’t your average SaaS company. We operate globally across 30+ countries, powering millions of real-world experiences in the leisure and attractions industry. What we build doesn’t just live on a screen. It shows up in busy venues, peak weekends, and unforgettable moments for guests.

Our mission is simple but ambitious: help operators run better businesses while creating great guest experiences. That means solving complex, real-world problems across ticketing, point of sale, self-service, memberships, kiosks, and digital waivers, all at meaningful scale.

Just as importantly, it’s the people. We’re a team of 300+ smart, grounded, and genuinely passionate humans working across the globe. We care about quality, ownership, and doing work we’re proud of, without taking ourselves too seriously.

We’re growing fast, aiming high, and building something that matters. If you want to work on real problems, with real customers, alongside people who care deeply about their craft and impact, ROLLER is a great place to do it.

Why You'll Enjoy This Role!

🚀 You'll have real ownership from day one - This isn’t a role where you’re just triaging tickets or following rigid processes. You’ll be trusted to identify problems, improve how we work, and help shape the future of security at ROLLER.

🤝 You'll work across a broad range of security domains - From cloud security and endpoint protection through IAM, DLP, and automation. It’s a great role for someone who enjoys variety and wants to keep building breadth as well as depth.

🌎 You'll get hands on with strong tooling - Including platforms like Wiz and Crowdstrike, with the freedom to push beyond out of the box usage and improve how those tools support the business.

✨ You'll have space to build and automate - We’re genuinely enthusiastic about AI automation, and we want someone who’s excited to use scripting, tooling, and creative problem-solving to make security workflows smarter and more scalable.

Why You Want To Work With Us!

❤️ Loved by Customers - ROLLER is consistently highly rated on Capterra and G2, and trusted by leading operators worldwide. That doesn’t happen by accident. Customer obsession isn’t a value on a wall here, it’s embedded in how we prioritise, build, and measure success.

🏆 A Great Place People Choose to Stay - We’ve been Great Place to Work certified across multiple regions for several years running. That reflects a culture that values trust, autonomy, and growth, and an environment where high standards and psychological safety coexist. ROLLER ranks in the top 5% of sales organisations to work for on RepVue!

💸 Competitive Package & Real Career Growth - We offer competitive compensation and benefits aligned to the level of ownership we expect. As ROLLER scales, so do the opportunities. People grow here by taking on bigger problems, broader scope, and greater responsibility. Progression is driven by impact and capability, not tenure, and strong performance is recognised and rewarded.

About the Role

Security at ROLLER is entering a critical phase of growth! As we scale globally, handle payments, and manage sensitive customer data, the need for strong, scalable security engineering becomes increasingly important. This role is the first dedicated step toward building that capability, allowing us to move beyond reactive security and invest in proactive, engineering-led improvements.

This hire will play a key role in strengthening how we detect, respond to, and prevent security threats across our cloud infrastructure, endpoints, and applications. You’ll help improve how we prioritise and manage risk, reduce noise in alerting, and introduce smarter, more automated ways of working.

Just as importantly, you’ll help shape how security integrates into the broader business, partnering with engineering, IT, and product teams to embed security into how we build and operate, without slowing the business down.

What You'll Do

Core Security Operations

• Monitor, triage, and respond to alerts across Wiz (cloud security) and CrowdStrike (EDR), improving signal-to-noise and detection quality over time
• Investigate anomalies across cloud and endpoint environments, identifying root causes and driving resolution
• Support IT with identity and access management (IAM), authentication setup, and endpoint security (including MDM)
• Continuously improve how we detect, prioritise, and respond to security events

Security Projects & Initiatives

• Design and implement improvements across ROLLER’s security controls, tooling, and workflows
• Drive data classification and data loss prevention (DLP) initiatives
• Build automation for security alerting and response workflows using scripting, AI, and tooling
• Develop lightweight tools, scripts, or detections to improve visibility and reduce manual effort
• Identify quick wins for risk reduction while contributing to longer-term security improvements

Collaboration & Cross-functional Work

• Partner with SRE on cloud security and infrastructure improvements
• Work closely with IT on endpoint, identity security and operational security
• Support secure development practices by collaborating with Engineering teams where needed
• Contribute to compliance-related security requirements (without owning compliance)
• Communicate clearly with technical and non-technical stakeholders across the business

About You

• 3+ years of hands-on experience in a Security Engineer, Security Analyst, or similar role
• Strong expertise in at least one domain (cloud security preferred), with working knowledge across others — you’re a generalist, not a specialist
• Experience with AWS or GCP and securing cloud-based systems in a SaaS environment
• Comfortable working across areas like cloud, endpoint, IAM, vulnerability management, or DLP
• Enjoy being on the tools — investigating alerts, responding to incidents, and improving detection and response
• Able to script or build lightweight tooling (e.g. Python, Bash) to automate and improve workflows
• You have a high appetite for Technology and AI and a natural curiosity for how it can transform your work. You’re comfortable using AI tools to automate repetitive 'busy work,' freeing you up to focus on high-impact work.
• Strong collaborator who can work effectively with engineering, SRE, and IT, and communicate clearly with non-technical stakeholders
• Familiar with frameworks like NIST or SOC 2, but not looking for a compliance-heavy role
• Curious, proactive, and comfortable with ambiguity — you pick things up and run with them

We believe AI is a career-defining inflection point. ROLLER is a fast adopter of new technology like AI, and every team member is empowered to own their learning and use the latest tools to supercharge their impact. We’re looking for candidates with the proficiency and curiosity to embrace AI and technology — not just as a technical skill, but as a core competency to help us achieve big goals.

Perks!

🚀 You'll get to work on a category-leading product that customers love in a fun, high-growth industry! Check our Capterra and G2 reviews.

🌴 ROLLER Recharge days to celebrate and recharge once we've hit our goals

🎉 Engage in our 'Vibe Tribe' - led by our team members; you can contribute to company-wide initiatives directly. Regular events and social activities, fundraising & cause-related campaigns...you name it. We're willing to make it happen!

💙 Team Member Assistance Program to proactively support our team's health and wellbeing - access to coaching, education modules, weekly webinars, and more.

🍼 16 weeks paid Parental Leave for primary carers and 4 weeks paid Parental Leave for secondary carers.

💡 Work with a driven, fun, and switched-on team that likes to raise the bar in all we do!

📚 Individual learning & development budget plus genuine career growth opportunities as we continue to expand!