Subscribe to job alerts

Location: Brisbane

Aurizon is Australia’s largest rail freight operator — and that means cyber security isn’t just about laptops and email accounts. It’s about protecting real-world infrastructure, systems, and services that keep Australia moving.

We’re looking for a Level 1–2 SOC Analyst with strong incident response skills and a growing capability in Operational Technology (OT) security. You'll join our Cyber Defence team, where you’ll work at the frontline of security monitoring, detection and response — across both IT and OT environments.

About the role

This role will see you:

• Triage and prioritise alerts, incidents, and threat intel outputs from hybrid IT/OT environments.
• Conduct in-depth investigations of suspicious activity, including OT-specific threats.
• Coordinate and escalate security incidents to specialist response teams.
• Lead initial containment and recovery actions for incidents across our environment.
• Perform root cause analysis and recommend solutions to reduce risk.
• Collaborate with the Detection Engineering team to enhance detection coverage and quality.
• Analyse the latest OT malware and vulnerabilities to bolster defences.
• Support threat hunting and proactive identification of attack vectors in OT/ICS environments.
• Maintain and enhance response playbooks, tools, and documentation.
• Participate in post-incident reviews and support continuous improvement initiatives.
• Participate in the on-call roster rotation.

About you

You're a security analyst with a passion for incident response and a growing interest (or experience) in OT environments such as rail, energy, mining or manufacturing.

You bring:

• A relevant tertiary qualification in IT, Software Engineering, Networking or Cyber Security (mandatory).
• One or more SOC/IR certifications (e.g., CSA, CySA+, GCIH, E|CIH) (mandatory).
• 2+ years’ experience in a SOC/Incident Response role.
• Proven ability to work across security incidents from detection to resolution.
• Scripting skills in PowerShell, Python or Bash (mandatory).
• Strong experience with:
  • Splunk (including SPL and admin tasks)
  • CrowdStrike EDR
  • Nozomi for OT/ICS visibility
  • Windows/Linux/Unix and/or Azure administration
  • Network security fundamentals
• Experience with Microsoft Sentinel (preferred).

What we offer you:             

At Aurizon, we support the development and growth of our employees. With a national portfolio of operations, we offer long-term and exciting career opportunities. 

Some of our benefits include:

• Development and growth opportunities.
• Access to mentoring and development programs.
• Discounts on selected health insurance funds, personal travel, gyms, vehicles and retail brands.
• Parental leave program and super booster.

About Aurizon.

https://youtu.be/PHESxVZ6dQY

Aurizon is Australia’s largest rail freight operator and a top 100 ASX company. Each year, we deliver more than 250 million tonnes of Australian commodities right across the country. Aurizon is crucial to the Australian economy, connecting miners, primary producers and industry with international and domestic markets. 

Look to Aurizon for a diverse and collaborative culture.

At Aurizon, we are proud of our diverse, collaborative, creative and high-performance culture. We celebrate the contribution of every employee and provide opportunities for career development in a dynamic, caring, and inclusive work environment.

To learn about us and our company values, please visit www.aurizon.com.au/careers