Expoint - all jobs in one place

The point where experts and best companies meet

Limitless High-tech career opportunities - Expoint

EY Senior Consultant - Security Engineer Cyber 
Australia, Victoria, Melbourne 


We bring together extraordinary people, like you, to build a better working world.

As ayou will be the primary technical resource for developing automation and response to detect, resolve and mitigate cyber security attacks within the Sentinel and Splunk environment through alerts ingested.

Key responsibilites

  • Splunk and Azure Sentinel Platform management and engineering
  • Understanding and interpreting event discovery and incident response activities
  • Full-spectrum incident response support, including event discovery, alert notification, investigation, facilitation of containment, facilitating of the resolution, and event reporting
  • Assist with project planning and identification of mitigation activities
  • Consistently deliver quality client services. Monitor progress, manage risk, and keep key stakeholders informed about progress and expected outcomes. Stay abreast of current business and industry trends relevant to the client's business.
  • Perform the activities necessary for the immediate, short-term rapid resolution of incidents to minimize risk exposure and production downtime
  • Provide timely, comprehensive, and accurate information in both written and verbal communications
  • Proactively research and monitor security-related information sources to aid in the identification of threats to client networks, systems, and intellectual property
  • Additional workbooks that will enable improved investigations and improved outlier monitoring
  • Perform regular updates of existing Playbooks based on requirements provided by operations teams for changes in the Threat Landscape or a client's security controls
  • Drive continuous improvement of existing playbooks to address new threats and tactics employed by attackers
  • Reduction of alerts through fine-tuning of existing and future rulesets
  • Create additional detection rulesets, deployed to cover more of the attack lifecycle and alert upon more potentially malicious behaviour
  • Custom automated playbooks to automate and improve efficiency on key incident workflows by creating custom Azure Logic Apps playbooks
  • Manage an inventory of integrations that enable broader playbook creation
  • Produce new playbooks as threats change and new security tools and controls emerge in the marketplace based on requirements from operations teams
  • Perform regular reporting on the usage of playbooks and the effectiveness of a playbook to the conclusion
  • Develop logic that bridges connectors, tasks, and human input to accelerate the response to escalated security incidents
  • Develop connectors that collect, enrich and leverage data from third-party and proprietary services
  • Participate in client meetings to further optimize their specific operational plan based on our best practices and operational learnings

What we’re looking for

Here is our ‘wish list’ but don’t worry if you don’t tick all the boxes. We’re interested in your passion, strengths, what you want to learn, and how far you want to go.

  • A bachelor's degree in a related field and approximately 3-5 years of related work experience; or a graduate degree and about two years of related work experience
  • 3+ years of experience with scripting in one or more of the following scripting languages: JavaScript, Python, power shell and various shell scripting
  • Proven background in creating automation tools, automating web-based services
  • Excellent analytical and problem-solving abilities
  • Experience with Sentinel, Microsoft Defender for endpoint, O365 and CloudApp, CrowdStrike and Splunk
  • Familiarity with *nix-based command line tools
  • Familiarity with REST API best practices and usage
  • Experience with programming in Python, JavaScript, or bash shell scripting.
  • Familiarity and experience with security orchestration and automation tools like Phantom and ServiceNow SecOps
  • Familiarity with common open-source research frameworks
  • CISSP, CISM, CISA, CIPT, CIPM, CRISC or other relevant certifications desired

What we can offer you

  • Explore how a career at EY is yours to build at
  • Discover how, when and where you can work at
  • Learn about our commitment to DE&I at
  • Understand how our benefits can support you at

Apply now… we’re over 9,000 perspectives in Australia and we’re ready to welcome yours.

At EY we take inclusivity seriously, and we’re committed to removing barriers and improving the employment prospects of people with disability or long-term health conditions. We encourage you to share any support and adjustments you need to be your best and participate equitably in our recruitment process. We understand sharing your needs with us can be daunting, so if you have questions before or during your application, we welcome you to get in touch at or +61 3 8650 7788 (option 2). Anything you tell us will be kept completely confidential.

The minimum salary for this role is AUD$80,000 inclusive of superannuation and dependent on skills and experience.

Our preferred applicant will be required to undertake employment screening by EY or our external third-party provider.