Principal Detection Engineer

About Woodside Energy

We know great results come from our people feeling valued, getting the support they need to reach their full potential as well as bring their whole self to work. We also recognise that enduring, meaningful relationships with communities are fundamental to maintaining our licence to operate.

Technology and innovation are essential to our long-term sustainability. We are growing our carbon and new energy businesses using technology to reduce emissions and the carbon footprint of our products. We are working to improving energy efficiency, offset emissions, reduce emissions intensity and explore options for lower-carbon energy. Woodside led the development of the LNG industry in Australia and is applying this same pioneering spirit to solving future energy challenges.

Our global headquarters are based in Perth and our state-of-the-art campus reflects the quality of life Perth is known for - with a six Green Star rating, advanced wellness features and flexibility in how you work.

About the Role:

This role will be accountable for being the subject matter expert as it comes to cyber defence and Detection Engineering. As a senior member of the cyber defence team, the Principal Detection Engineer is expected to provide technical leadership towards the holistic and effective defence of Woodside Energy and its many digital systems and environment. The Detection Engineer should have a good grasp of a variety to commonly deployed enterprise technologies within a mid-large size global enterprise context, utilize his/her knowledge in cyber threat, threat actor TTPs and available threat intel to develop effective and purposeful detection and automation. The Principal Detection Engineer must be able to perform threat analysis, develop threat models, apply various Detection Engineering paradigms and apply data analytics, automation and data engineering to develop playbooks, and detection logic that provide detection and/or enrichment of existing detections and where possible provide automated response. The goal of the Detection Engineer is to enhance the capability and generate leverage for the cyber defence team incident responders.

Duties & Responsibilities:

• Provide hands-on solutions, customization and tuning, automation, and use case development for the SIEM, SOAR.
• Participate in incident response, providing tactical support whilst capturing opportunities in improving the defensibility of the environment, visibility and detection capability of threats, as well as improving efficiency through automating repeatable actions, or enrichment of alerts that reduces triage and investigation efforts.
• Proactively enhance the defensive capability of the team and our environment by analysing existing services/solutions, assess existing defensibility, readiness of detection logic, playbooks, perform threat analysis and modelling to identify potential TTPs that are currently not detected.
• Maintain existing SIEM detection code, use cases, and further extend and enhance SIEM and SOAR integrations.

Duties and Responsibilities Cont.

• Contribute to improving processes, procedures, and technologies used for detection and response, incorporating lessons learn and feedback loops from each incident.
• Continuously improve log sources from various environments – On-Prem, AWS, Azure etc
• Automate workflows and improve identification and response time for security events
• Build and optimize detection rules, allowing us to spend our cycles on the alerts that matter
• Develop runbooks and incident playbooks for new and existing detections
• Lead Threat hunting practices, hunt for complex threats
• Develop and deploy detections/rules to prevent threats
• Increase detection fidelity through the continuous enrichment of existing detection logic.
• Responsible for working closely with the Secure By Design team to  ensure architecture designs are effective in terms of its defensibility and security within the Woodside US/Intl IT and OT systems and landscape.

Skills & Experience:

• 8+ years of security and hands on technical automation experience, with 3-5 of those years focused on creating use cases and detection focused automation
• 2-3 years of operational experience working directly with or in security operational teams including: SOC, Threat Intelligence , and Incident Response
• Deep understanding of SOC, SIEM (Microsoft Sentinel highly regarded), and other engineering best practices, limitations, and ways of extending or customizing threat detection automation related use cases
• Demonstrate hands-on skills in a major scripting/programming language or a search query language for use in security operations and threat detection
• Familiar and skilled with KQL, Zeek, Suricata, Snort, Sysmon, Windows Event Logs, or other security query languages
• Expertise on Entra ID, Azure, AWS security controls and services.
• Experience leveraging coding for automation, alert enrichment and detections.
• Knowledge of adversary tactics, techniques, and procedures (TTPs) and MITRE ATT&CK principles

If you think you can do this job but don’t meet all the criteria, that’s OK! Please apply. At Woodside, we value people with diverse experiences and backgrounds, as they provide unique perspectives that help us innovate.

Skills and Experience Cont.

• Experience with vulnerability research and exploit development
• Experience with offensive security frameworks and tooling
• Experience with malware analysis and memory forensics
• Solid understanding of:
  • Network security controls (e.g., firewalls, proxy, IPS/IDS)
  • Authentication and Authorization protocols
  • Attacker Methodologies and Post Exploit Operations
  • Active Directory/Entra ID
  • Cloud Security Operations and Top Threats
• Familiarity with GitHub and agile development methodologies
• Capability to write advanced Regular Expressions
• Knowledge of Risk-based alerting (RBA)
• Intermediate understanding of various code/scripting languages. (e.g., C, Java, python, bash)

Skills and Experience Cont.

• Experience developing SIEM correlation rules.
• Well-developed ability to diagnose and troubleshoot technical issues.
• SOC incident response experience is a plus.
• Familiarity with SOAR is a plus.
• Strong self-motivation and time management skills required.
• Excellent written and verbal communication skills required.
• Strong technical writing skills.
• A strong ability to understand business context and communicate risk and impacts in a clear, concise manner.
• Strong prioritization skills knowing how to prioritize between urgent and important priorities and manage stakeholder expectations.
• Mandatory Behavioural and Character traits: Must be results oriented, biased to action, embody strong sense of ownership. Exhibit grit, able to embrace and quickly adapt to change, resilient and determined in overcoming challenges. Strong interpersonal and influencing skills. Demonstrates self-awareness and adapts style to connect with others. Have a growth mindset, approach problems in a principled manner adopting an ideas meritocratic approach.

Recognition & Reward:

What you can expect from us:

• Commitment to your ongoing development, including on-the-job opportunities, formal programs, coaching and mentoring
• Industry-leading 18 weeks’ paid parental leave for primary carer, and maintenance of superannuation or retirement benefits at the current rate during any period of unpaid parental leave for up to 24 months (plus secondary carer leave entitlements)
• Values led culture
• Active employee community groups for gender equality, reconciliation between Indigenous and non-Indigenous Australians, and LGBTI+ staff and allies, and Neurodiversity
• Community volunteering opportunities
• Relocation assistance (if required)
• A competitive remuneration package featuring performance-based incentives and above-industry superannuation contributions

Woodside is committed to fostering an inclusive and diverse workforce culture, which is supported by our Values. Our aim is to attract, develop and retain a truly diverse and high-performing workforce. 

Diversity encompasses differences in age, nationality, race, ethnicity, national origin, religious beliefs, sex, sexual orientation, intersex status, gender identity or expression, relationship status, disability, neurodiversity, cultural background, thinking styles, experience, family background, including caregiving commitments, and education. Inclusion centres on all employees creating a climate of trust and belonging, where people feel comfortable to bring their whole self to work.

We offer supportive pathways for all employees to grow and develop leadership skills. We encourage applications from Aboriginal and Torres Strait Islander people and those seeking a more flexible working environment, including part-time opportunities

Applications close at 11:59pm AWST on January 23 2024.

Click APPLY to submit your application

Please note Woodside Energy will only accept direct candidate applications. We do not accept applications from Recruitment Agencies.