Google Cloud Platform Engineer

REMOTE OPPORTUNITY

Roles & Responsibilities:

• Help Security team onboard relevant security-related Google Cloud Platform logs into existing Splunk SIEM
• Previous Splunk experience is nice to have but not necessary. We have an in-house Splunk engineer who can help with the Splunk side of things
• Help Security team create relevant searches in Splunk to assist the client analyst in investigating Google Cloud Platform security-related events/incidents
• Create and update KBs and workflows to help and instruct the client analyst on how to:
• Identify the type of alert and what services or configurations are impacted
• Investigate if the alert is a false positive or real alert
• Provide recommendations on how to make sure other Google Cloud Platform services are not impacted
• Respond to and remediate the alert
• Review Google Cloud Platform best practices guides, such as the client Google Cloud Platform security standards, and prioritize remediations based on the most risk
• Assist relevant teams in remediating identified risk
• Recommend and work with relevant teams to implement automatic guardrails to ensure best practices and the client Google Cloud Platform security standards are being followed by default
• Create a process to ensure client antivirus is automatically deployed across all Google Cloud Platform instances
• Document custom made IAM accounts and privileges then review against least privilege
• Other security-related Google Cloud Platform tasks as necessary