GOOGLE SecOps SIEM Engineer

Role Description (About the job)

As a Google SecOps SIEM Engineer you will be responsible for strategic delivery helping our customers securely adopt Google SecOps. Expertise in Google Chronicle is mandatory. You will provide best practices on secure build of Google SecOps platform foundational cloud implementation for Google SecOps tackle difficult problems that businesses are facing when building Google SecOps and more. You will provide prescriptive guidance in ensuring customers receive the best of what Google SecOps can offer and you will ensure that customers have the best experience in migrating building modernizing and maintaining Google SecOps. Additionally you will work closely with Product Management and Product Engineering to drive excellence of Google SecOps and features.

Responsibilities:
Lead the design and implementation of Google SecOps data ingestion from diverse sources various mechanisms for integration and normalization of logs.

Extension of prebuilt UDMs in Google SecOps and creation of custom parsers where required for log sources.

Integration of Google SecOps SIEM with other security capabilities and tools such as SOAR EDR NDR threat intelligence platform and ticketing systems.

Write custom actions scripts and/or integrations to extend SIEM platform functionality.

Monitor performance and perform timely actions to scale SIEM deployment especially in a very highvolume security environment.

Creation of SIEM assets such as: detection rules using YARAL dashboards parsers etc.

Migration of existing assets from existing customers SIEM/SOAR to SecOps and assisting in implementing the SIEM/SOAR phaseout phasein approach.

Testing and deployment of newly created and migrated assets such as rules playbooks alerts dashboards etc.

Design and implement solutions to handle alert fatigue encountered in SIEM correlation.

Creation of custom SIEM dashboards to meet customer requirements.

Guide on building or maturing cloud security programs and the implementation of tools and approaches used for improving cloud security.

Debug and solve customer issues in ingestion parsing normalization of data etc

Develop SOAR playbooks to provide case handling and Incident response as per triage needs

Minimum Qualifications (MQs):
Bachelors degree in Computer Science Engineering or related technical field or equivalent practical experience.

Google SecOps SIEM experience in the areas of responsibility for at least 1 year.

Implementation experience of YARAL 2.0 and at least one more general purpose language.

Experience managing customer projects to completion working with engineering teams sales and partners.

Experience architecting developing or maintaining SIEM and SOAR platforms & secure Cloud solutions.

Strong verbal and written communication skills and the ability to develop highquality

8 years experience in leading projects and delivering technical solutions related to security

Demonstrated experience on consulting or ownership of Security during highspeed environment migration for largescale businesses with regulatory requirements

Strong verbal and written communication skills (English) and the ability to develop highquality technical documentation and presentation materials.

Ability to be located in Mumbai India for at least 1 year

Preferred Qualifications (PQs):
Experience in Prevention Detection and response to cyber threats

Google SecOps SOAR experience of 1 year in creation of playbooks testing and validation of playbooks integration with custom actions using bespoke scripts or other SOAR platforms

Knowledge and experience in SIEM platforms

Knowledge in GCP including Google Cloud Professional Certifications (Security Architect) and other industry certifications (CISSP CCSP etc)

Experience in security governance security risk management security operations security architecture and/or cyber incident response programs for cloud.

Experience working with cloud architecture across a broad set of enterprise use cases and creating endtoend solution architectures.

Excellent organizational problemsolving articulating and influencing skills.

Experience with industry compliance frameworks (e.g. PCIDSS ISO 27017/27018 GDPR SOC).