Detection and Response Engineer (AU)

Work with cutting edge AI technology, making the world a safer and more secure place. DroneShield (ASX:DRO) offers an opportunity to solve some of world’s most challenging technical problems in the rapidly growing counter-drone sector.    Our customers operate in some of the most challenging and high-stakes environments in the world, including military organisations, government agencies, airports, critical infrastructure operators, and law enforcement. Protecting airspace in these settings requires technology that performs under pressure and teams that understand what’s at stake. At DroneShield, employees work at the leading edge of counter-drone innovation, helping to address real-world security challenges as drone threats continue to evolve globally.  With one of the largest listed defence company market capitalisations in Australia, now part of the ASX200 index, DroneShield is experiencing a period of hypergrowth. Revenue has surged from A$57 million in 2024 to over A$217 million in 2025, representing growth of more than 400% year-on-year, with record profitability and cashflow. The total addressable global market for counter-drone is assessed at approximately $100 billion, and is currently at the nascent stage with much of the growth still to come, with DroneShield well positioned as a global market leader, and the only public listed pure-play business in this sector.    The company has grown from 11 employees in 2017 to over 450 staff globally today, and is on track to reach around 550 by the end of 2026. This expansion includes investment of over A$50 million annually in R&D, a global pipeline exceeding A$2.5 billion, and continuous scaling of production capacity to meet accelerating demand.   The role is based at DroneShield’s central Sydney headquarters. Overseas on-the-ground presence includes Virginia (USA), Netherlands, Denmark, Mexico and Dubai, as well as distributors in over 70 countries worldwide. About the role The Security team is a nimble team responsible for protecting DroneShield's assets and users. Our adversaries are sophisticated and use state-of-the-art tooling. To protect DroneShield, we need to focus on the biggest risks, eliminate threats, focus on automation to scale our efforts and continually increase the cost for the attackers. Key responsibilities for this role include own and improve our existing detection strategy, including tooling, custom detections, process, threat intelligence etc. This role will also be responsible for the response strategy including handling incidents, being incident commander, staff training, tooling and others. Other areas this role will influence and/or drive change are corporate security and vulnerability management. Detection and Response should be viewed as a closed loop. Detections should enhance responses and focus on providing enriched information to responders and improving the signal-to-noise ratio. Responders should leverage automated playbooks to respond to incidents as quickly as possible and use incident reviews as opportunities to improve or create new detections. The ideal candidate will have a strategic view of both spaces and will drive change so that this loop works well – they will improve and implement our detection strategy to facilitate response and will use response metrics and learnings to influence new detections. They will enhance this process with threat intelligence and vulnerability management metrics as well. The ideal candidate will have strong communication skills, being a hands-on engineer and will have a systemic view of the problem space focusing on solving the biggest problems and designing solutions that can scale. Experience with detection and response incidents is a must, including being an incident commander to large and complex incidents. Experience with automation and forensics is highly desirable. This position offers the opportunity to contribute to the security of hardware products with complex threat models. Responsibilities, Duties and Expectations  Detection & Monitoring Develop, tune, and maintain detection rules across SIEM and security toolingImprove signal-to-noise ratio by reducing false positives and enhancing alert fidelityLeverage threat intelligence, vulnerability data, and attacker techniques to build new detections Incident Response Investigate and respond to security incidents across endpoints, cloud, and SaaS environmentsSupport incident handling from detection through containment, eradication, and recoveryParticipate in incident response rotations and follow established runbooksAssist in coordinating cross-team response efforts during incidents Automation & Tooling Contribute to automation of detection and response workflows (e.g., scripts, playbooks)Work with security orchestration tools to improve response efficiencySupport development and improvement of internal security tools Continuous Improvement Conduct post-incident reviews (RCA) and contribute to lessons learnedIdentify gaps in detection and response capabilities and propose improvementsMaintain and improve incident response documentation and runbooks Collaboration & Communication Work closely with engineering, IT, and security teams on investigations and improvementsCommunicate findings and incident updates clearly to stakeholdersContribute to building a strong security culture across the organisation Qualifications, Experience and Skills  5-6 years of experience in security operations, incident response, or detection engineeringHands-on experience investigating security incidents in cloud or enterprise environmentsFamiliarity with SIEM platforms and log analysisBasic scripting or programming experience (Python preferred)Understanding of common attack techniques, malware behaviour, and threat lifecycleExperience with Linux/macOS command line environmentsKnowledge of cloud platforms (AWS, Azure or similar)Strong analytical and problem-solving skills Nice to Have Experience with detection-as-code or infrastructure-as-codeExposure to malware analysis or digital forensicsExperience with automation frameworks or SOAR platformsUnderstanding of threat modelling and attacker methodologiesFamiliarity with modern security tools (EDR, IDS, cloud security tools)Interest in leveraging AI/LLMs for security operations What success looks like Effectively triaging and responding to security alerts with minimal supervisionContributing meaningful improvements to detection coverage and response speedBuilding automation that reduces manual workloadDemonstrating growth toward owning incident response and detection strategy Why This Role Hands-on exposure to real-world security incidentsOpportunity to grow into a senior D&R or security engineering roleWork in a fast-paced, high-impact security environmentContribute to protecting critical systems and users Note for recruitment agencies: We do not accept unsolicited candidates from external recruiters unless specifically instructed. #667 Locations: Sydney, Australia