Google SecOps Engineer (SOAR/UEBA)
Posted 1 day ago by SF Technology Solutions
£90 Per hour
Outside
Hybrid
London Area, United Kingdom
Summary: The role of Google SecOps Engineer focuses on enhancing the security posture of a client in the financial services sector through the implementation of SIEM tools like Google Chronicle and UEBA/SOAR solutions. The position requires expertise in detection engineering and the ability to work with Google Cloud technologies. The engineer will be responsible for validating alerting, delivering UEBA capabilities, and integrating SOAR functionalities. Strong experience in security operations and familiarity with the MITRE ATT&CK framework is essential.
Key Responsibilities:
- Enable and validate UEBA alerting within Chronicle SIEM, based on log sources
- Deliver a minimum viable UEBA capability with tested detection logic
- Provide engineering support to accelerate onboarding of log sources required for UEBA enrichment and detection fidelity
- Demonstrate the ability to work with Google Chronicle and SecOps APIs, specifically for the purpose of updating and managing reference data
- Conduct current state assessment of detection engineering capabilities and log source coverage
- Design and implement detection use cases aligned to MITRE ATT&CK framework
- Enable SOAR integration by identifying high-fidelity detections and mapping
Key Skills:
- Chronicle SIEM
- Google SecOps
- UEBA Tooling
- Windows Event Logs
- BindPlane
- MITRE ATT&CK
- Strong SOC background
- SOAR playbooks
- GCP
Salary (Rate): £90.00/hr
City: London
Country: United Kingdom
Working Arrangements: hybrid
IR35 Status: outside IR35
Seniority Level: undetermined
Industry: IT
I am currently assisting a client who operate in a regulated industry, financial services, who are currently embarking a programme of work focused on maturity/designing and implementing security posture utilising SIEM tools such as Google Chronicle & implementing UEBA/SOAR (Security Orchestration, Automation, and Response / User and Entity Behaviour Analytics) built on GCP/Google Cloud so Google SecOps/Security Operations experience is highly desirable.
Key Responsibilities;
- Enable and validate UEBA alerting within Chronicle SIEM, based on log sources
- Deliver a minimum viable UEBA capability with tested detection logic
- Provide engineering support to accelerate onboarding of log sources required for UEBA enrichment and detection fidelity
- Demonstrate the ability to work with Google Chronicle and SecOps APIs, specifically for the purpose of updating and managing reference data
- Conduct current state assessment of detection engineering capabilities and log source coverage
- Design and implement detection use cases aligned to MITRE ATT&CK framework
- Enable SOAR integration by identifying high-fidelity detections and mapping
Key Technical / IT Security Skills;
- Chronicle SIEM
- Google SecOps
- UEBA Tooling
- Windows Event Logs
- BindPlane
- MITRE ATT&CK
- Strong SOC background
- SOAR playbooks
- GCP
Finer Details;
- Outside IR35
- Contract until End of December, possibly longer
- Hybrid, 4 times a month in the London office
Please apply for consideration