Security Operations (SecOps) Analyst

At Wesfarmers Health is growing – fast – as we strive to make health, beauty and wellness experiences simpler, more affordable and easier to access for all Australians.

Our portfolio includes well-known names like Priceline and Priceline Pharmacy, as well as our medi-aesthetics brands, Clear Skincare Clinics and SILK Laser Clinics. In the digital space, we’re proud to have SISU Health and InstantScripts—and most recently, we’ve launched our newest beauty retail brand, atomica.

About us:

What began in 1910 as a small co-operative of just three pharmacies has grown into Wesfarmers Health—a leading Australian organisation in health, beauty, and wellness.

Today, Wesfarmers Health proudly employs over 3,600 team members, all committed to delivering accessible, innovative, and trusted health and beauty services to Australians nationwide, across retail, medi-aesthetics, digital health, and wholesale and supply chain operations.

What you’ll do:

As a Security Operations (SecOps) Analyst, you’ll play a vital role in protecting our critical systems, networks, and data from cyber threats. Acting as a key escalation point for complex incidents from our outsourced SOC, you'll lead root cause analysis, containment, and recovery efforts. You'll also proactively hunt for threats, fine-tune detection rules, and automate processes to enhance SOC performance — all while ensuring alignment with our security standards and compliance requirements.

As a key member of our Security Operations team, your key responsibilities will be:

Threat Monitoring and Detection

• Continuously monitor security tools (SIEM, IDS/IPS, EDR, etc.) for suspicious activities or alerts.
• Perform in-depth analysis of anomalies and potential threats using log data, endpoint telemetry, and network traffic.
• Correlate events from multiple data sources to identify patterns of malicious behaviour.

Incident Response and Management

• Triage, investigate, and respond to security incidents following defined playbooks and escalation procedures.
• Act as the escalation point for complex or high-impact incidents detected by Tier 1 analysts (SOC).
• Conduct root cause analysis and ensure effective containment, eradication, and recovery.
• Document incident reports and lessons learned for post-incident reviews.
• On-call responsibilities to respond to security alerts and incidents, including outside regular working hours in accordance with the security escalation matrix.

Threat Hunting and Intelligence Integration

• Proactively hunt for threats in the environment using hypotheses based on threat intelligence and past incidents.
• Integrate external and internal threat intelligence into detection and response workflows.
• Create threat detection rules based on threat intelligence, DFIR reports and known malicious IOAs.

Security Tooling and Engineering Support

• Fine-tune detection rules and use cases in SIEM and EDR platforms to reduce false positives and increase detection fidelity.
• Collaborate with infrastructure or security engineering teams to implement improvements in security tools, logging, and visibility.
• Contribute to or lead efforts to automate repetitive tasks using SOAR or scripting (Python, PowerShell, etc.).
• Responsible for collaborating with internal and external stakeholders as required.

Documentation and Process Improvement

• Maintain thorough documentation of procedures, playbooks, detection rules, and response steps.
• Recommend and implement improvements to incident handling procedures and SOC workflows.
• Participate in regular red team/blue team exercises and help update response strategies accordingly.

Reporting and Metrics

• Produce and present detailed technical reports, as well as summaries for non-technical stakeholders.
• Track key performance indicators (KPIs) and metrics such as mean time to detect (MTTD) and mean time to respond (MTTR).
• Support compliance audits or regulatory reporting as needed (e.g., HIPAA, PCI-DSS, ISO 27001).

What you’ll bring:

• 5+ years in Security Operations or similar cyber security roles.
• Bachelor’s or Master’s degree in IT, Cyber Security, or related field.
• Industry certifications highly regarded (e.g., CISSP, SANS, CISM, CEH).
• Strong analytical and investigative skills.
• Proven experience in threat hunting, incident response, vulnerability assessment.
• Proficient in SIEM/IDS tuning, scripting, and automation.
• Sound understanding of risk and compliance frameworks (ISO27001, NIST, ISO31000, etc.).
• Experience with Microsoft security controls and cloud environments (AWS, Azure, GCP).
• Comfortable supporting audit and regulatory compliance initiatives.

Why us?  

• Access to employee benefits across Wesfarmers including team member discounts at Bunnings, Kmart, Target, Officeworks, OnePass, Priceline and Clear Skincare Clinics.
• Ongoing professional development and career opportunities across the Wesfarmers Health Division and the broader Wesfarmers Group.
• Novated leasing options
• Access to our Employee Assistance Program (EAP) - available to all team members and their immediate family members, 24/7, 365 days a year
• Beautiful outdoor terrace for work and recreation.  
• Food, coffee and health & wellbeing facilities onsite including a landlord operated gym 
• Dedicated end of trip facilities (cycle racks, showers, lockers). 

Aboriginal and Torres Strait Islander Applicants

Wesfarmers Health aims to become an employer of choice for First Nations Australians, through investments that attract, empower and retain First Nations team members within our stores, distribution centres, clinics and corporate offices. 

As part of the Wesfarmers group, we provide authentic support through a diverse range of programs and initiatives, designed to empower you on your journey towards personal achievement and professional advancement.