SOC Onboarding, CTI & Engineering Manager

At Thales, we know technology has the ability to make our world more secure, sustainable, and inclusive – and that it’s all driven by human intelligence. Because it takes human intelligence to build and power the systems and solutions that people depend on every day. So we stay curious and make space for diverse points of view. We share what we know and we challenge what’s possible. From manufacturing and engineering to cybersecurity and space, we’re driving progress in some of the world’s most important industries – and working together to build a future we can all trust. Thales delivers cybersecurity products and services that keep people and assets safe, giving organisations confidence in the security of their digital journeys. Our solutions are deployed in 148 countries, helping governments to maintain sovereignty, and organisations to preserve their strategic autonomy. Thales is a global leader in cybersecurity - no.1 in data security - with 6,000+ experts and developers. We bring trust and resilience to key industries including finance, health, retail and manufacturing, as well as vital sectors such as aerospace, critical infrastructure, defence and space.

About the Role

The SOC Onboarding, CTI & Engineering Manager is responsible for leading and overseeing three core functions of our security operations capability: onboarding of new clients and technologies, cyber threat intelligence (CTI), and overall delivery of managed Endpoint Detection and Response (EDR) services. This role is both strategic and hands-on, involving cross-team collaboration, technical leadership, and strong client engagement.

You will be accountable for:

• Lead the planning, coordination, and execution of SOC onboarding projects across diverse clients and technologies.
• Ensure successful ingestion and normalization of log sources from on-prem and cloud platforms (e.g., firewalls, EDRs, AWS, Azure, GCP).
• Define and enforce standard onboarding playbooks and documentation.
• Coordinate with SIEM/SOAR engineers, client infrastructure teams, and project managers to ensure timely and effective onboarding.
• Oversee the development and operationalization of threat intelligence capabilities.
• Integrate CTI into detection engineering, use case development, and incident response workflows.
• Manage threat feeds, enrichment tools, and TTP mapping using MITRE ATT&CK.
• Lead the creation of threat briefs, intel summaries, and threat hunting guidance.
• Lead security and automation engineers to deliver client engagements and improve security platforms and automation.
• Own the architecture, deployment, and lifecycle management of SOC tools including SIEM, SOAR, EDR/XDR, threat intelligence platforms, and log management solutions.
• Lead integrations between SOC platforms and other enterprise systems (e.g., ITSM, CMDB, cloud platforms).
• Ensure tool configurations align with detection, compliance, and operational needs.
• Build and lead a high-performing team across onboarding, CTI, and delivery functions.
• Develop career paths, training plans, and performance objectives for team members.
• Identify areas for process improvement and automation to improve SOC onboarding and threat intelligence maturity.
• Lead change management efforts related to onboarding frameworks, CTI workflows, and service expansion.

About You

To be successful in this role, you will ideally bring with you:

• 7+ years of experience in cybersecurity operations, with at least 3 years in a leadership or management role.
• Hands-on experience with SIEM/SOAR platforms (e.g., Google Chronicle, Splunk, Sentinel).
• Strong understanding of log management, alert tuning, threat detection, and incident lifecycle.
• Solid grasp of threat intelligence frameworks, IOCs, TTPs, and intelligence lifecycle.
• Demonstrated experience delivering managed SOC services and handling enterprise customers.
• Familiarity with CTI tools (e.g., MISP, Anomali, ThreatConnect, Recorded Future).
• Project management certification (PMP, Agile, ITIL).
• Experience working in MSSP environments.
• Degree qualification in Cybersecurity, Computer Science, or a related field.
• Certifications: CISSP, GCIA, GCTI, GCIH, or similar.

Our Benefits

• Flexible working options
• Paid Parental Leave and Veterans Leave
• Novated Lease options
• Family support through our partnership with Parents at Work
• Ongoing personal and professional development opportunities
• Sonder – Wellbeing & Support Partner

WE ENCOURAGE YOU TO APPLY

After you have applied, you will receive an email acknowledging your application. We’ll then provide a personalised experience for suitable applicants as we progress the selection and assessment process. Prior to being offered employment, you will need to complete pre-employment police checks.

As a Defence security clearance is required for this role, applicants must be Australian citizens and eligible to obtain and maintain an appropriate clearance. To learn more about clearances please visit the Defence website.

It’s easy to dismiss the perfect opportunity if you don’t see yourself as the perfect fit. If this role feels right – no matter your background or personal circumstances – please introduce yourself or join our community. We’re committed to supporting a diverse workplace, and that starts here.

We’re proud to be endorsed by WORK180 as an Employer for All Women, but we know there’s always more we can do. We’ll continue to foster industry partnerships, employee resource groups (ERGs) and development opportunities to make Thales a genuinely equitable employer, for everyone. Read more about our WORK180 endorsement.