Senior Security Engineer

About us

Loop IQ is a purpose-built intelligence platform helping care organisations move beyond fragmented spreadsheets and manual reporting — delivering the accuracy, auditability, and confidence that regulated environments demand. Alongside the platform sits our strategic consulting wing, guiding organisations through implementation and optimisation so the technology delivers from day one.

Why work at Loop IQ?

Build something that matters — We’re solving a real problem in a sector that affects millions of Australians. The work you do here has a direct line to better outcomes in aged care.

Grow with intention — We invest in our people through dedicated learning budgets, performance bonuses, and genuine wellbeing support — because great work starts with great people.

A culture worth showing up for — We’re a small, high-trust team that values different perspectives, moves fast, and communicates openly. There’s no politics here, just good people doing meaningful work.

Rare access, real impact — We operate at the intersection of health data, government, and enterprise. The market access and relationships we’ve built are genuinely hard to find at this stage of a company.

About the Role

We’re looking for a Senior Security Engineer to join our Security & Compliance team on a 12-month, We’re looking for a Senior Security Engineer to join our Security & Compliance team on a 12-month, full-time contract, taking operational ownership of Loop IQ’s security program under the direction of the CISO. You’ll manage day-to-day security operations — threat monitoring, vulnerability management, incident response, and policy enforcement — while providing hands-on execution of our SOC 2 Type 1 and Type 2 certification workstreams.

This role is open to Melbourne-based candidates only, with a minimum of two days per week in our Melbourne office. This is a role for someone who operates with technical depth and autonomy, translates strategic direction into precise operational outcomes, and thrives in a regulated environment where security is mission-critical.

A Day in the Life

Your work will span security operations, compliance execution, and incident response. One day you might be tuning SIEM alerting thresholds and triaging an emerging threat; the next, you’re coordinating a penetration test, preparing audit evidence for SOC 2 Type 1 and Type 2, or partnering with the Head of Technology to embed security controls into the SDLC. You’ll deliver monthly security metrics to the CISO, lead incident response activities end-to-end, and run security awareness training across the business. Expect to escalate complex scenarios with structured analysis and clear recommended actions.

Experience & Background

• Demonstrated experience in a security operations, security engineering, or information security role
• A completed undergraduate degree from a recognised university in a discipline relevant to the role
• Practical experience supporting ISO 27001 or SOC 2 certification processes

Security Operations:

• Hands-on proficiency with SIEM platforms, vulnerability scanners, and cloud security tooling
• Experience managing security monitoring infrastructure including alerting thresholds and log management
• Proven ability to lead incident response activities including triage, containment, root cause analysis, and post-incident review

Vulnerability & Threat Management:

• Experience executing vulnerability management programs including scheduled scans, penetration test coordination, and remediation tracking
• Comfortable documenting risk acceptance decisions and navigating complex threat scenarios under operational pressure

Compliance & Certifications:

• Practical experience implementing controls aligned to ISO 27001 and SOC 2 Trust Services Criteria
• Experience preparing for and supporting external audits, including evidence collection and auditor engagement
• Familiarity with government or enterprise client security requirements is a plus

Cloud & Identity:

• Working knowledge of AWS and Azure cloud security
• Familiarity with identity and access management platforms, particularly Okta
• Exposure to cloud access security tooling such as Netskope

Desired Certifications:

• Microsoft Azure Fundamentals (AZ-900) or above
• AWS Certified Cloud Practitioner
• Okta Certified Professional or Administrator
• Netskope Certified Cloud Security Professional (NCCSP) or equivalent Netskope certification
• Relevant security certification such as CISSP, CEH, CompTIA Security+, or equivalent

Ways of Working

• Operates with a high degree of professional integrity, discretion, and accountability
• Strong analytical capability and sound professional judgement under operational pressure
• Comfortable translating strategic direction into precise operational outcomes
• Strong communication skills and an ownership mindset
• Comfortable working across functional boundaries — partnering with engineering, technology, and executive stakeholders
• Demonstrated AI literacy, including practical experience using AI tools responsibly in a professional context
• A current National Police Check (to be provided prior to commencement and renewed as required)

Bonus Skills

• Familiarity with the health or aged care sector
• Experience supporting SOC 2 Type 1 and Type 2 certification workstreams
• Exposure to regulated-sector technology environments (health, government, financial services)
• Experience delivering security awareness training programs at scale