SIEM Google SecOps Manager

SIEM Google SecOps Engineer

• Should have end to end experience [SME] in Google SecOps engineering with Google Chronicle, Google Threat Intelligence platform management experience.
• Should have deep expertise in all modules of Google SecOps, GTI and case management.
• Lead the design and implementation of Google SecOps data ingestion from diverse sources and using various mechanisms for integration and normalization of logs.
• Architect and maintain robust log ingestion pipelines from diverse log/data sources, ensuring comprehensive data collection, normalization, and parsing.
• Should have high proficiency and technical knowledge on Bindplane agents and its management components.
• Should have practical & technical experience in building SecOps log forwarders and end to end management of the component.
• Should be an expert in building UDMs in Google SecOps and creation of custom parsers where required for log sources.
• Should have good practical experience in developing and implementing playbooks, custom detection rules, dashboards and reporting.
• Automate SIEM tasks, workflows, and integrations using scripting languages (e.g. Python) to improve efficiency and scalability.
• Create, optimize response workflows, improve threat detection capabilities, and provide expert-level support during security incidents.
• Collaborate with internal engineering teams to fine-tune log sources, parsers and detection rules to improve alert fidelity.
• Design, develop, implement, and optimize advanced correlation rules, use cases, and detection logic within the enterprise SIEM platform.
• Develop and refine high-fidelity security alerts, dashboards, and reports to enhance threat identification, reduce false positives, and provide actionable insights.
• Design and implement solutions to handle alert fatigue encountered in SIEM correlation.
• Develop SOAR playbooks to provide case handling and Incident response as per triage needs.
• Develop and maintain comprehensive SIEM documentation, including system architecture diagrams, data flow diagrams, log source configurations, alert rationale.
• Contribute to the long-term vision and roadmap for SIEM and threat detection capabilities. Identify gaps and opportunities for improvement in existing detection strategies and recommend solutions.