This is a Data Engineer (Cyber) role with NTT DATA based in Sydney, NSW, AU NTT DATA Role Seniority - mid level More about the Data Engineer (Cyber) role at NTT DATA Position: Data Engineer (Cyber) ✅ Eligibility: Open to candidates with valid Australian work rights Contract: Initial 3 months of contract with high likelihood of extension Location: Northwest Sydney, NSW Hybrid Work Model: Minimum 2 days onsite per week About the Role: As a Data Engineer (Cyber), you will work closely with senior leads across Cyber Engineering, SecOps, and Data Platform to leverage existing patterns and frameworks to: Onboard new data sources (logs, alerts, context) into the platform. Remediate and uplift legacy code for reliability, performance, and readability. Develop and enhance data models (via DBT) to codify business rules and cyber logic. Implement validation tests and documentation to maintain data trust. Troubleshoot pipeline and cloud infra issues impacting ingestion, modeling, and access. Collaborate with stakeholders to manage expectations and prioritize work in an agile cadence. Continuously improve our cyber data ecosystem through automation, CI/CD, and standards. Key Responsibilities: Write ingestion configurations (connectors, schemas, mappings). Create staging tables/views and dbt source definitions. Implement incremental loading patterns and late‑arriving data handling. Enforce PII/security controls (masking, hashing, row/column access). Add data quality tests (generic/custom), documentation and lineage/exposures. Contribute to Git‑based workflows (branches, PRs, reviews) and CI/CD for dbt. Support backfills, replays, and validation tooling for operational resilience. Essential Skills: SQL (strong): joins, window functions, dedupe patterns, incremental modeling, handling semi‑structured logs. Git (strong): branching, PRs, code reviews, semantic commits. Python: light utilities for schema inference, API pulls (when ingestion isn’t fully managed), validation/backfills/replay tooling. JSON/YAML: config‑driven pipelines and declarative patterns. Cyber domain literacy: SIEM concepts, MITRE ATT&CK understanding, clear grasp of threats vs. vulnerabilities, SOC data needs, common telemetry (EDR, identity, network, cloud). Ways of working: Agile/sprint delivery, stakeholder communication, concise documentation. Preferred Skills / Experience: Cloud & Warehouse: GCP BigQuery (preferred) and/or Snowflake/Databricks; cloud storage patterns. DBT (Data Build Tools: sources, staging/core models, incremental models, macros/Jinja (intermediate), tests (generic custom), snapshots (nice), exposures/docs (nice). DevOps/SecOps: CI/CD pipelines, IaC (e.g., Terraform), secrets mgmt, policy‑as‑code, scan gates. Comfort with log formats (JSON/CSV/syslog/parquet), time normalization, IP/UUID parsing; understands event‑time vs ingest‑time, correlation keys, identity stitching SIEM: hands‑on with any major SIEM (e.g., Chronicle/Splunk/Sentinel/QRadar) is a plus. About You: You’re someone who takes initiative, enjoys collaborative problem-solving, and is comfortable navigating large-scale cyber data ecosystems. You ask the right questions, learn quickly, and adapt to evolving priorities. If this sounds like you, we encourage you to apply and join a team making meaningful impact in the cyber data space. This is an exciting opportunity to join a dynamic team at the forefront of retail cybersecurity, working within a collaborative and innovative environment. Before we jump into the responsibilities of the role. No matter what you come in knowing, you’ll be learning new things all the time and the NTT DATA team will be there to support your growth. Please consider applying even if you don't meet 100% of what’s outlined Key Responsibilities Writing ingestion configurations Creating staging tables/views Enforcing PII/security controls Key Strengths ️ SQL Git Python ☁️ Cloud & Warehouse DBT (Data Build Tools) SIEM A Final Note: This is a role with NTT DATA not with Hatch.
