Senior Detection and Response Engineer (AU)

Work with cutting edge technology, making the world a safer and more secure place. DroneShield (ASX:DRO) offers an opportunity to solve some of world’s most challenging technical problems in the Electronic Warfare, Artificial Intelligence and Machine Learning, RF sensing, Sensor Fusion and distributed systems. Working with high profile customers across militaries, government agencies, airports, critical infrastructure, law enforcement and many others.

With one of the largest listed defence company market capitalisations in Australia and having raised approximately $250m in 2024 alone, DroneShield is undergoing hypergrowth stage, fuelled by rapidly increasing use of drones for nefarious applications, from battlefield, to terrorism, to contraband delivery and commercial espionage.

This role is in the DroneShield Sydney headquarters in Pyrmont, Sydney. There are approximately 290 staff based in the 4,000sqm facility today, scheduled to grow to approximately 350 staff by end of 2026. Overseas on the ground presence includes Virginia (USA), Denmark, Germany and Dubai, as well as distributors in over 70 countries globally.

About the role

The Security team is a nimble team responsible for protecting DroneShield's assets and users. Our adversaries are sophisticated and use state-of-the-art tooling. To protect DroneShield, we need to focus on the biggest risks, eliminate threats, focus on automation to scale our efforts and continually increase the cost for the attackers.

Key responsibilities for this role include own and improve our existing detection strategy, including tooling, custom detections, process, threat intelligence etc. This role will also be responsible for the response strategy including handling incidents, being incident commander, staff training, tooling and others. Other areas this role will influence and/or drive change are corporate security and vulnerability management.

Detection and Response should be viewed as a closed loop. Detections should enhance responses and focus on providing enriched information to responders and improving the signal-to-noise ratio. Responders should leverage automated playbooks to respond to incidents as quickly as possible and use incident reviews as opportunities to improve or create new detections.

The ideal candidate will have a strategic view of both spaces and will drive change so that this loop works well – they will improve and implement our detection strategy to facilitate response and will use response metrics and learnings to influence new detections. They will enhance this process with threat intelligence and vulnerability management metrics as well.

The ideal candidate will have strong communication skills, being a hands-on engineer and will have a systemic view of the problem space focusing on solving the biggest problems and designing solutions that can scale.

Experience with detection and response incidents is a must, including being an incident commander to large and complex incidents. Experience with automation and forensics is highly desirable.

This position offers the opportunity to contribute to the security of hardware products with complex threat models.

Responsibilities, Duties and Expectations 

• Lead key strategies in the Detection and Response space.
• Implementing tools and processes for detection and response, focused on automation and DroneShield’s threat model.
• Lead and drive to completion complex security incidents
• Collect metrics, identify patterns and create actions based on them
• Use external signals to drive detections (vulnerability management, threat intel etc)
• Influence our corporate security strategy
• Communicate to leadership about incidents metrics
• Manage multiple concurrent projects and solve cross-product problems

Qualifications, Experience and Skills 

• BS degree in Computer Science, Information Technology or similar technical field of study or equivalent practical experience.  
• Demonstrated experience working in a security incident response role 
• On-the-tools engineering experience – must be hands-on 
• Minimum 5 years’ experience in related roles. Roles could include: 
• • Security Engineer 
  • Detection and Response Engineer 
• Knowledge of the following would also be essential: 
• • Experience with SIEM and detection as code 
  • Malware analysis, including reverse engineering and investigating malicious infrastructure 
  • Automation experience, writing scripts in Go or Python 
  • Infrastructure as Code and experience with hybrid cloud environments 
  • Comfortable on the command line in a Linux first environment 
  • Threat Modelling – focus on the threat, controls and mitigations. 
• Knowledge of the following would also be desirable: 
• • Strong problem-solving and analytical skills. 
  • Ability to think creatively to identify potential security vulnerabilities. 
  • Have experimented on leveraging LLM for D&R activities.  
  • Systems thinking: focus on design solutions that improve the system 
  • Excellent communication skills to explain complex technical concepts. 
    

Note for recruitment agencies: We do not accept unsolicited candidates from external recruiters unless specifically instructed.