SIEM Solution Engineer


Location: Melbourne

Job Type: Full time


We’re inventing the future, right here, right now, at Thales. We design the critical security solutions of tomorrow by combining the curiosity to explore, the intelligence to question and the vision to create. Together we solve complicated problems by combining our experience in the market with our leading research and development capabilities.

This role of SIEM Solution Engineer supports the delivery of the CMATS air-traffic management system implementation in Australia, which is part of the OneSky program.

In this role you will be the technical lead the SIEM team, being responsible for the Security Information and Event Management (SIEM) subsystem design, engineering, documentation, and implementation. Post implementation you will also lead the development of a DevSecOps model for supporting and tuning the CMATS SIEM and integrating it with other SOC environments.

Working to the direction of the Solution Engineering Manager (SEM), you will be collaborating with security architects, risk analyst and other CMATS subsystems

​Hybrid position to be based at our Melbourne CBD site

In this role, we expect you to:

  • Maintain the specifications, detailed SIEM architecture, and contribute to maintaining the Subsystem Design Description (SSDD) documentation.
  • Contribute to the Software User Manual (SUM), and other contracted solution documents as required, in coordination with the selected supplier.
  • Contribute and/or provide SIEM subject-matter expertise into various OneSKY CDRLs and to other OneSKY teams on an as-needed basis.
  • Provide technical guidance to the automation team on the build/deployment/maintenance of the SIEM

You will possess:

  • Australian Citizenship (as a need to obtain baseline clearance)
  • Advanced knowledge of SIEM security architectures and designs. In particular: Kafka, Zookeeper, and Opendistro for Elasticsearch, Kibana and Logstash (a.k.a. the ELK stack)
  • Strong knowledge of data modelling for SIEM events, parsing, enrichment, correlation rules (against published threat analysis) and dashboards
  • Hands on experience managing a SIEM stack using DevOps principles
  • Intimate knowledge of Australian Government Information Security Manual (ISM).
  • Experience working with formal systems engineering requirements
  • Experience with the architecture and design of SIEM in heterogeneous environments (Linux and Windows).
  • Experience with authoring/reviewing technical documentation.
  • Strong presentation, verbal communication, and liaison skills (in English)
  • Exposure to software development environment technologies, e.g. Jira, Git, Puppet, Jenkins, Ansible

Why Thales?

  • Annual Bonus
  • Free Private Health Insurance for you and your family
  • Flexible work conditions
  • Modernised parental leave


Thales is committed to promoting and maintaining a workplace culture of shared respect that enables all of us to feel valued, do our best, and remain truly passionate about the place that we work. We are committed to making reasonable adjustments to provide a positive, barrier-free recruitment process and supportive workplace. We encourage applications from Aboriginal and Torres Strait Islander people and individuals from diverse backgrounds.

We are also proud to be a WORK180 Endorsed Employer for Women. If you would like to know more on how we are supporting our employees, you can view our policies and initiatives here:

Wellbeing matters at Thales, and where possible we encourage flexible working.

You’ve got this!