Security Infrastructure Engineer (Google SecOps)

Functional Responsibilities Data Ingestion and Normalization Pipeline Management: Architect and maintain the ingestion of telemetry from multi-cloud (GCP, AWS, Azure) and on-premises environments using Bind Plane Forwarders, Cloud-to-Cloud (C2C) connectors, and Webhooks. Parser Development: Design, build, and troubleshoot custom parsers (CBN) to ensure non-standard log sources are correctly normalized into the Unified Data Model (UDM). Data Health Monitoring: Build dashboards to monitor ingestion rates, latency, and data drops to ensure the SIEM is always receiving high-quality, actionable data. SOAR & Automation Engineering Playbook Development: Design and code automated incident response playbooks in Google SOAR using Python and visual builders. Connector Engineering: Build and maintain API integrations between Google SOAR and third party tools (Firewalls, EDR, IAM, Ticketing systems). Workflow Optimization: Automate repetitive manual tasks such as artifact enrichment, evidence gathering, and initial containment actions. Case Management Configuration: Tailoring the SOAR environment to fit the SOC's operational needs, including custom fields, stages, and SLA tracking. Platform Administration and Optimization System Health Monitoring: Monitoring the ingestion health to ensure no data is dropped and that latency stays within acceptable limits. Access Control: Managing Role-Based Access Control (RBAC) to ensure analysts have the correct level of access to sensitive data. Threat Intel Ingestion: Managing the integration of Mandiant, Virus Total, and other third party threat intelligence feeds to ensure detections are always up to date with the latest global threats. Collaboration with SOC Team Feedback Loops: Collaborating with Tier 1 and Tier 2 analysts to tune YARA-L rules based on real-world alert performance and "noise" levels. Requirements Gathering: Interviewing incident responders to understand their manual workflows, then translating those into Google SOAR playbooks. Training & Enablement: Conducting knowledge transfer sessions on how to use UDM Search and the Google SecOps interface to speed up investigations. Alignment with Infrastructure Team Data Ingestion Strategy: Working with GCP/AWS/Azure Architects to ensure that Cloud Logging and Pub/Sub are configured correctly for seamless export to Google SecOps platform. Agent Deployment: Coordinating with IT Infrastructure teams to deploy and maintain Bind Plane Forwarders on on premises servers and virtual machines. Troubleshooting: Collaborating with Network Engineers to resolve connectivity issues or firewall blocks that prevent telemetry from reaching the Google SecOps platform. Knowledge, Skills & Experience Academic & Professional Qualifications: Bachelor's degree in computer science, IT, Cybersecurity, or equivalent. SIEM Certification (e.g., Google SecOps, Splunk, Azure Sentinel). Preferred: Security certifications such as Security+, CySA+, CEH, CISSP, GCIH Experience: 3-5 years of hands on experience in Security Engineering, SOC Automation, DevOps Engineer, Security Operations, or Infrastructure Security. Skills and Requirements: Technical Skills (Must Have) SIEM/SOAR Mastery: Proven experience architecting and managing enterprise grade platforms (e.g., Splunk, Azure Sentinel, or QRadar), with at least 1-2 years specifically focused on Google SecOps (Chronicle). Key Requirement: Required skills: Google SecOps. Coding & Scripting: Professional experience using Python to automate security workflows or build custom API connectors. Cloud Infrastructure: Hands on experience managing security within Google Cloud Platform (GCP), including VPC service controls, IAM, and Cloud Logging. Languages: Python (Advanced), SQL (BigQuery), YARA/YARA-L, and Bash. Frameworks: MITRE ATT&CK, NIST Cybersecurity Framework. Tools: Git (Version Control), Terraform (Infrastructure as Code), Docker/Kubernetes (Containerization). Data Standards: Deep knowledge of JSON, Protobuf, and Regex for log parsing and normalization. Soft Skills Strong analytical thinking and problem solving capability. Excellent communication skills, able to explain technical findings to non technical stakeholders. Ability to work independently, manage multiple priorities, and meet deadlines. Attention to detail and a structured, documentation driven mindset.