As the Cyber Security Engineer, you will be a frontline defender of Betashares’ digital environment, protecting the trust of more than a million Australian investors and the integrity of more than $80 billion in funds under management. This is a hands-on, technical role focused on operating our security tooling day-to-day, triaging and responding to threats, configuring policy, and driving measurable risk reduction across our hybrid cloud environment.
This role is deliberately hybrid. Day-to-day, you will do the work of a senior security analyst – triaging alerts, running incidents, tuning policy – while also doing the work of a security engineer – designing automations, integrating platforms, building AI-assisted workflows, and shaping how our security stack evolves. It will suit someone who genuinely enjoys both sides: the operational rhythm of analyst work and the build-and-improve mindset of an engineer. Reflecting that, the role title is Cyber Security Engineer, but the day-to-day blend of analyst and engineer responsibilities is core to how we work and to our broader team culture.
A core part of this role is leveraging automation and AI to make security operations smarter, faster, and quieter. You will not just consume our security platforms, you will shape how they work together, reduce alert noise, accelerate response, and embed AI assistants and workflow automation into how we detect, investigate, and remediate. You will work closely with the Head of IT, the broader Technology team, and our key technology partners to mature our security posture in line with APRA CPS 234, ISO 27001, and our broader regulatory obligations as an APRA-regulated entity.
Key Responsibilities
Security Operations & Alert Triage
- Operate as the day-to-day owner of triage across our security tooling, including SIEM, EDR/XDR, email security, SASE/SWG, SaaS security posture management, code security, and Microsoft Defender / Entra.
- Investigate alerts end to end, distinguish true positives from noise, and drive consistent, high-quality decisions on containment and escalation.
- Lead and execute incident response activities for security events, coordinating with internal stakeholders, key technology partners, and external vendors where required.
- Act as the lead technical liaison with external DFIR (digital forensics and incident response) teams during major incidents, briefing them on environment context, coordinating evidence collection, and translating their findings into actions for our technology and risk stakeholders.
- Conduct root cause analysis on incidents and near misses, producing clear written findings and recommended improvements.
- Contribute to and maintain incident response playbooks, ensuring they remain fit for purpose as the threat landscape and our tooling evolve.
Automation, AI & Capability Uplift
- Drive the automation roadmap for security operations, identifying repetitive triage and response tasks that can be automated using workflow tooling, scripting (PowerShell, Python), and platform-native automation.
- Design and implement AI-assisted triage, enrichment and summarisation workflows to reduce alert volume, improve signal quality, and shorten time to detect and respond.
- Integrate security tooling via APIs to remove manual handoffs between platforms, including alert enrichment, ticket creation, and remediation actions.
- Continuously tune detection content (including SIEM rules and analytics), policies and exception lists to reduce false positives and operational toil.
- Act as an internal champion for AI in security operations, evaluating new capabilities such as agentic SOC tooling, AI copilots within our existing platforms, and emerging detection and response patterns.
Policy, Configuration & Hardening
- Configure and maintain policy across endpoint, email, web, SaaS, identity, and code security platforms, ensuring controls are aligned to our risk appetite and regulatory obligations.
- Implement and refine controls supporting our zero trust architecture, including conditional access, data protection, and SaaS security posture management.
- Operate and tune data loss prevention (DLP) controls across email, endpoint, and SaaS, including policy design, classification labels, exception handling, and incident review, to protect client and corporate data in line with our regulatory obligations.
- Maintain a strong configuration baseline across security tooling, with documented standards and change control.
- Partner with the IT team to harden the underlying environment across our multi-cloud estate, including Microsoft 365, Azure, AWS, Entra ID, and endpoint management via Intune.
Threat Modelling, Risk Assessment & Remediation
- Conduct threat modelling and security risk assessments for new initiatives, third party services, and material changes to the technology environment.
- Translate risks into clear, prioritised remediation plans with measurable outcomes and realistic timelines.
- Execute and track remediation activities through to closure, working with technology owners, vendors, and key technology partners.
- Support vulnerability management activities including scanning, prioritisation, exception management, and remediation oversight across infrastructure and application layers.
- Contribute to the maintenance of our security risk register and supporting documentation.
Compliance, Assurance & Reporting
- Support compliance with APRA CPS 234, CPS 230, ISO 27001:2022 and other relevant frameworks through evidence collection, control testing, and remediation.
- Use our GRC tooling to maintain continuous control monitoring, automate evidence collection, and support audit and assurance activities.
- Produce clear, executive-ready reporting on security operations metrics, incidents, risks, and remediation progress.
- Support internal and external audits, regulatory engagements, and third-party assurance activities.
Awareness & Stakeholder Engagement
- Support the delivery of security awareness, phishing simulation, and targeted training to staff.
- Engage constructively with technology and business stakeholders to embed security thinking early in change activities.
- Build strong working relationships with key technology partners, security vendors, and peer security teams across the group.
Key skills and experience
Technical Expertise
- 4 to 7 years’ experience across cyber security analyst, SOC analyst, or security engineering roles, with demonstrable hands-on experience operating security tooling and a track record of contributing to (or leading) automation, integration, or detection engineering work.
- Strong working knowledge of modern security tooling across SIEM, endpoint (EDR / XDR), email, web / SASE, SaaS posture, identity, data loss prevention (DLP), and vulnerability management.
- Solid understanding of cloud security across Microsoft 365, Azure, and AWS environments, including identity, conditional access, network and data protection, and cloud-native security services.
- Hands-on experience with incident response and investigation, including log analysis, endpoint forensics at a triage level, and structured root cause analysis.
- Working knowledge of common attacker techniques and frameworks (MITRE ATT&CK), and how they manifest in tooling.
Automation & AI
- Demonstrable experience automating security workflows using scripting (PowerShell and / or Python), workflow tools (such as Power Automate, Logic Apps, or similar), and platform APIs.
- Practical experience using AI assistants and copilots in a security or technology context, with a clear point of view on where they add value and where they need guard-rails.
- Curiosity and aptitude to evaluate, prototype, and operationalise new AI and automation capabilities as they emerge.
Risk, Compliance & Communication
- Experience working in regulated environments, ideally financial services, with exposure to APRA CPS 234, ISO 27001, NIST CSF, or equivalent frameworks.
- Comfortable conducting threat modelling and risk assessments and translating technical risk into business language.
- Strong written and verbal communication skills, with the ability to engage credibly with both technical engineers and business stakeholders.
- Customer service mindset with a focus on enabling the business safely rather than blocking it.
Professional Development
- Certifications such as SC-200, AZ-500, AWS Certified Security – Specialty, GCIH, GCFA, OSCP, CISSP, CompTIA Security+, or BTL1 are welcomed but not required – demonstrated experience is weighted equally.
- Commitment to continuous learning and staying current with the rapidly evolving threat and AI landscape.
- Interest in financial services technology, regulatory requirements, and the role of security as a business enabler.