Sydney CBD3-4 days in OfficeFinancial Services
About the role: We're looking for a Cyber Operations Lead / SOC Lead to join one of our financial services clients in Sydney. This is a step-up opportunity for someone already operating in a hands-on SOC / Cyber Operations environment who's ready to take ownership. The function is established, with a managed SOC (MSP) handling L1/L2, and a lean internal team responsible for context, decision-making and incident leadership.
This is not a pure Security Engineering role. It's built for someone who has spent time in Security Operations and wants to move into a lead position where they:Drive incident response end-to-endApply context across multiple systems (identity, trading, HR, etc.)Challenge visibility gaps across the environmentAct as the technical escalation point internally and with the SOC providerHave the confidence to speak/present to executives and senior leaders
You'll manage 1 direct report, work closely with the MSP, and play a key role in shaping how the function evolves. We need someone who has been in the trenches of Security Operations, not adjacent to it.
What's a typical day look like?Own Security Operations and Incident Response across a global environmentAct as the bridge between internal teams and the managed SOC providerTake alerts and apply context across multiple telemetry sources (SIEM, EDR, identity, email, network)Lead major incident response, including triage, containment, timelines and commsBuild and refine incident response playbooks and escalation frameworksMap threats and detections to the MITRE ATT&CK frameworkContribute to detection engineering and threat hunting activitiesAnalyse SOC outputs to identify trends, patterns and control gapsChallenge areas of low visibility: "why aren't we seeing this?"Deliver clear updates to senior stakeholders and execs during incidents
About you:Strong experience in a SOC / Cyber Operations / Incident Response roleSIEM platforms (Splunk or similar) - writing queries, correlating logsEDR tools (e.g. CrowdStrike, Defender)Log analysis across multiple sources (not just single-tool visibility)Threat hunting methodologiesDetection engineering conceptsThreat actor behaviour and TTPsExperience working with or alongside a managed SOC / MSPStrong communication, able to translate incidents into business impactFinancial Services / Consulting / Regulated environments
If you're currently in a SOC or Cyber Operations role and feel like you're already operating at a lead level without the title, this is a strong opportunity to step into it properly. Reach out to Shannon -
[email protected]
Kapital Consulting is a niche Fintech Recruitment Business specialising in Technology, Project Services and Data Recruitment across Australia. For more information connect with us on www.kapitalconsulting.com.au and follow us on www.linkedin.com/company/kapital-consulting