Senior Security Engineer - Google SecOps

Responsibilities: 

• Implement, configure, and maintain Google SecOps (Chronicle SIEM + SOAR) 
• Own SecOps platform configuration end‑to‑end: data sources, parsers, correlation rules, enrichments, user/role configuration, and integration with ticketing/ITSM and messaging tools.
• Design and implement “detection as code”: manage SIEM detections, correlation rules, and content in version control (e.g., Git), using code‑driven workflows, reviews, and CI/CD where applicable.
• Develop, tune, and maintain reusable detection logic, including rule templates, mappings to MITRE ATT&CK, and test cases for validating new and updated detections.
• Create, maintain, and optimize automation playbooks in SOAR for common and complex use cases (phishing triage, suspicious login, malware, data exfiltration, privilege escalation, cloud misconfigurations).
• Continuously improve automation coverage and quality by identifying manual tasks, converting them into playbooks, and measuring playbook performance (MTTR, auto‑resolution rate, false positives).
• Onboard and normalize security telemetry from Google Cloud Platform, SaaS platforms, endpoints, network devices, and identity providers into Google SecOps, including parser/taxonomy tuning.
• Own L2 triage of security alerts: validate, correlate, and prioritize events escalated by L1, and perform deep‑dive investigations using Chronicle search, pivots, and threat intelligence.
• Lead or participate in incident response: containment, eradication, recovery, documentation, and post‑incident review; feed lessons learned back into detections and automation playbooks.
• Contribute to proactive threat hunting based on hypotheses, IOCs, TTPs, and threat intel feeds, and codify successful hunts into reusable detections and automated workflows.
• Act as a stand in On call support one week per month for any major escalations
• Monitor platform health and data quality for Google SecOps (log gaps, parsing errors, latency, ingestion failures) and drive resolution with engineering/ops teams.
• Document runbooks, SOPs, detection and playbook catalogs, and knowledge articles to enable L1 teams and ensure consistent service delivery.