Job Description

Key responsibilities

SIEM Solution Design and Implementation

: + Designing and deploying secure, scalable Google SecOps architectures, including log ingestion pipelines and integration with existing IT infrastructure
+ Configuring and managing log ingestion from various sources, ensuring data normalization and efficient analysis within Google SecOps.

Design, Build, and Maintain SIEM Data Pipelines

: + Design and develop robust, scalable, and automated data pipelines to ingest, process, transform, and store security logs and events from diverse sources (e.g., servers, firewalls, applications, cloud platforms) into the SIEM platform.
+ Develop and implement data parsing rules, enrichment processes, and data normalization techniques to ensure data quality and consistency within the SIEM.
+ Integrate new data sources into the SIEM, including connecting to APIs, databases, streaming data sources, and cloud platforms.
+ Collaborate with various teams (e.g., development, operations, cloud services) to understand logging requirements, define logging standards, and ensure the appropriate data is collected.

Optimize SIEM Data Pipelines

: + Monitor data pipeline performance, identify bottlenecks, and implement optimizations to improve efficiency, reduce latency, and ensure timely data availability for security analysis.
+ Tune log sources and correlation rules to reduce false positives, minimize noise, and enhance the accuracy of threat detection.
+ Develop and implement best practices for SIEM and SOAR (Security Orchestration, Automation, and Response) content management and development.
+ Explore and implement automation opportunities to improve analyst alert handling, streamline security operations, and reduce manual intervention.

SIEM Administration and Support

: + Maintain the health, performance, and tuning of the SIEM platform.
+ Troubleshoot issues related to log sources, data ingestion, parsing failures, and other SIEM platform issues.
+ Create technical documentation detailing SIEM architecture, processes, and procedures.
+ Provide expert advice and recommendations on SIEM best practices and configurations.

Security & Cloud skills

: + Familiarity with security concepts, cybersecurity frameworks such as NIST, MITRE ATT&CK threat hunting, and cyber threat intelligence.
+ Strong technical experience working in multi-cloud platforms, particularly Google Cloud.
+ Relevant industry certifications (e.g., CISSP, CISA, GCIH, GCIA, CompTIA Security+, CEH) are highly valued.
+ GCP Professional certifications like Security Engineer, Cloud Engineer/Architect are a strong plus.

Qualifications:

Basic Qualifications:

Bachelor's degree in Computer Science, Cyber Security, or Information Systems. 4+ years of hands-on experience with SIEM platforms such as Google SecOps, IBM QRadar, Microsoft Azure Sentinel, or similar. 4+ years experience with security logging, data sources, and industry best practices for log ingestion 2+ years experience in log parsing, custom rule creation, and developing actionable alerts.

Technical Skills:

Proficiency in scripting languages like Python, Go, Java, or Bash for automation, data manipulation, and integration tasks. Hands-on experience setting up CI/CD pipelines. OpenShift Tekton, or GitHub Actions, or alike Knowledge of secure coding practices Experience setting up serverless functions using GCP Cloud Run or Cloud functions, and configuring the respective cloud provider for scaling Robust knowledge of system design principles including reliability, availability, and scalability Experience setting up logging and monitoring services (Dynatrace, GCP Ops Suites) Strong understanding of network security, log analysis, threat detection, and incident response. * Knowledge of RESTful APIs, data integration techniques, and infrastructure-as-code tools (e.g., Terraform, Ansible).