Security infrastructure engineer (google secops)

Functional ResponsibilitiesData Ingestion and NormalizationPipeline Management: Architect and maintain the ingestion of telemetry from multi-cloud (GCP, AWS, Azure) and on-premises environments using Bind Plane Forwarders, Cloud-to-Cloud (C2 C) connectors, and Webhooks.Parser Development: Design, build, and troubleshoot custom parsers (CBN) to ensure non-standard log sources are correctly normalized into the Unified Data Model (UDM).Data Health Monitoring: Build dashboards to monitor ingestion rates, latency, and data drops to ensure the SIEM is always receiving high-quality, actionable data.SOAR & Automation EngineeringPlaybook Development: Design and code automated incident response playbooks in Google SOAR using Python and visual builders.Connector Engineering: Build and maintain API integrations between Google SOAR and third‑party tools (Firewalls, EDR, IAM, Ticketing systems).Workflow Optimization: Automate repetitive manual tasks such as artifact enrichment, evidence gathering, and initial containment actions.Case Management Configuration: Tailoring the SOAR environment to fit the SOC’s operational needs, including custom fields, stages, and SLA tracking.Platform Administration and OptimizationSystem Health Monitoring: Monitoring the ingestion health to ensure no data is dropped and that latency stays within acceptable limits.Access Control: Managing Role-Based Access Control (RBAC) to ensure analysts have the correct level of access to sensitive data.Threat Intel Ingestion: Managing the integration of Mandiant, Virus Total, and other third‑party threat intelligence feeds to ensure detections are always up to date with the latest global threats.Collaboration with SOC TeamFeedback Loops: Collaborating with Tier 1 and Tier 2 analysts to tune YARA-L rules based on real-world alert performance and "noise" levels.Requirements Gathering: Interviewing incident responders to understand their manual workflows, then translating those into Google SOAR playbooks.Training & Enablement: Conducting knowledge transfer sessions on how to use UDM Search and the Google Sec Ops interface to speed up investigations.Alignment with Infrastructure TeamData Ingestion Strategy: Working with GCP/AWS/Azure Architects to ensure that Cloud Logging and Pub/Sub are configured correctly for seamless export to Google Sec Ops platform.Agent Deployment: Coordinating with IT Infrastructure teams to deploy and maintain Bind Plane Forwarders on on‑premises servers and virtual machines.Troubleshooting: Collaborating with Network Engineers to resolve connectivity issues or firewall blocks that prevent telemetry from reaching the Google Sec Ops platform.Knowledge, Skills & ExperienceAcademic & Professional Qualifications:Bachelor’s degree in computer science, IT, Cybersecurity, or equivalent.SIEM Certification (e.g., Google Sec Ops, Splunk, Azure Sentinel).Preferred:Security certifications such as Security+, Cy SA+, CEH, CISSP, GCIHExperience:3–5 years of hands‑on experience in Security Engineering, SOC Automation, Dev Ops Engineer, Security Operations, or Infrastructure Security.Skills and Requirements:Technical Skills (Must Have)SIEM/SOAR Mastery: Proven experience architecting and managing enterprise‑grade platforms (e.g., Splunk, Azure Sentinel, or QRadar), with at least 1–2 years specifically focused on Google Sec Ops (Chronicle).Key Requirement: Required skills: Google Sec Ops.Coding & Scripting: Professional experience using Python to automate security workflows or build custom API connectors.Cloud Infrastructure: Hands‑on experience managing security within Google Cloud Platform (GCP), including VPC service controls, IAM, and Cloud Logging.Languages: Python (Advanced), SQL (Big Query), YARA/YARA-L, and Bash.Frameworks: MITRE ATT&CK, NIST Cybersecurity Framework.Tools: Git (Version Control), Terraform (Infrastructure as Code), Docker/Kubernetes (Containerization).Data Standards: Deep knowledge of JSON, Protobuf, and Regex for log parsing and normalization.Soft SkillsStrong analytical thinking and problem‑solving capability.Excellent communication skills, able to explain technical findings to non‑technical stakeholders.Ability to work independently, manage multiple priorities, and meet deadlines.Attention to detail and a structured, documentation‑driven mindset.