Google Cloud Platform Security Engineer/Architect role

Summary: The Google Cloud Platform Security Engineer/Architect role involves identifying and enabling security-related logging and alerts within Google Cloud Platform, integrating these logs with Splunk, and providing training to the security team. The position also includes ongoing support for incident response and documentation of security incidents. This is a long-term contract position that is fully remote.

Key Responsibilities:

• Identify what security-related items should be logged in Google Cloud Platform
• Enable or help to enable all of those relevant logs in Google Cloud Platform
• Integrate or work with our Splunk engineer to integrate the relevant logs with our on-prem Splunk instance
• This could include integrating Security Command Centre with our Splunk instance
• Identify what security-related alerts should be created in real-time or on a scheduled basis (e.g. hourly, daily, weekly, monthly)
• Create or work with our Splunk engineer to create relevant security alerts
• The alerts should be sent to an email address and/or Teams channel
• Provide at least basic Google Cloud Platform security training to the WCM security team specifically focusing on all of the above so they understand what logs are being saved in Splunk, what those logs mean, what kind of common security problems might arise, and how to potentially deal with them.
• Ongoing services that may require further discussion and are not as high priority as the above
• Potentially investigating and responding to security-related alerts during WCM off-hours
• Includes researching relevant log entries to gather more information
• May include forensic activity if some logs aren’t currently being sent to Splunk
• Be a Google Cloud Platform security resource to WCM incident response team to assist in gathering information and suggesting what actions should be taken
• Creation of ServiceNow tickets when incidents occur. Includes documenting relevant information and any actions taken
• Notify Weill Cornell security team as to findings. Also document actions taken in ServiceNow.

Key Skills:

• Experience with Google Cloud Platform security features
• Knowledge of logging and alerting mechanisms in cloud environments
• Familiarity with Splunk integration and usage
• Ability to provide security training and support
• Incident response experience
• Strong documentation skills

Salary (Rate): undetermined

City: undetermined

Country: USA

Working Arrangements: remote

IR35 Status: outside IR35

Seniority Level: undetermined

Industry: IT