Google Secops Security Engineer
Jconnect Inc, Boston, MA, United States
Hi, Greetings!
This is
Piyush, IT Recruiter at Jconnect Inc.
I'm looking for an A
Security Engineer
our client. Please find job description below
Role:
Security Engineer
Location:
Hybrid in Boston, MA
Job Type:
Contract
Job description:
Key Responsibilities
Implement, configure, and maintain Google SecOps (Chronicle SIEM + SOAR)
Own SecOps platform configuration end-to-end: data sources, parsers, correlation rules, enrichments, user/role configuration, and integration with ticketing/ITSM and messaging tools.
Design and implement "detection as code": manage SIEM detections, correlation rules, and content in version control (e.g., Git), using code-driven workflows, reviews, and CI/CD where applicable.
Develop, tune, and maintain reusable detection logic, including rule templates, mappings to MITRE ATT&CK, and test cases for validating new and updated detections.
Create, maintain, and optimize automation playbooks in SOAR for common and complex use cases (phishing triage, suspicious login, malware, data exfiltration, privilege escalation, cloud misconfigurations).
Continuously improve automation coverage and quality by identifying manual tasks, converting them into playbooks, and measuring playbook performance (MTTR, auto-resolution rate, false positives).
Onboard and normalize security telemetry from GCP, SaaS platforms, endpoints, network devices, and identity providers into Google SecOps, including parser/taxonomy tuning.
Own L2 triage of security alerts: validate, correlate, and prioritize events escalated by L1, and perform deep-dive investigations using Chronicle search, pivots, and threat intelligence.
Lead or participate in incident response: containment, eradication, recovery, documentation, and post-incident review; feed lessons learned back into detections and automation playbooks.
Contribute to proactive threat hunting based on hypotheses, IOCs, TTPs, and threat intel feeds, and codify successful hunts into reusable detections and automated workflows.
Act as a stand in On call support one week per month for any major escalations
Monitor platform health and data quality for Google SecOps (log gaps, parsing errors, latency, ingestion failures) and drive resolution with engineering/ops teams.
Document runbooks, SOPs, detection and playbook catalogs, and knowledge articles to enable L1 teams and ensure consistent service delivery.
Required Skills and Experience
3-5 years of experience in Security Operations (SOC), Incident Response, or Security Engineering, including hands-on work in cloud environments (preferably GCP).
Strong experience with SIEM/SOAR platforms; direct experience with Google SecOps / Chronicle SIEM + SOAR is highly preferred.
Proven experience implementing detection-as-code practices: managing rules/content , using branching, code review, and testing approaches for detections and playbooks.
Experience designing and maintaining automation playbooks in SOAR tools, including integrations (REST APIs, webhooks, custom connectors) and error-handling strategies.
Good understanding of security concepts and services: IAM, VPC, firewall rules, Cloud DNS, Cloud Storage, Load Balancing, Security Command Center, Cloud Logs, and Monitoring.
Solid knowledge of network and security fundamentals: TCP/IP, DNS, VPNs, proxies, IDS/IPS, WAF, EDR, authentication and authorization, encryption, and common attack techniques.
Demonstrated experience in incident handling, threat analysis, and root cause analysis across endpoints, identities, and cloud workloads.
Scripting or automation skills (e.g., Python, Bash, YAML, or similar) to build integrations, detections, and SOAR workflows, and to support CI/CD for SecOps content.
Familiarity with security frameworks and standards (MITRE ATT&CK, NIST, CIS, SOC 2, PCI-DSS, ISO 27001) and how they map to detections and controls.
Strong analytical and troubleshooting skills, with the ability to work independently in an L2 capacity and mentor L1 analysts.
Excellent written and verbal communication skills for working with US-based stakeholders and documenting technical content.
Good To have/ Preferred:
Google Cloud Professional Security Operations Engineer or Professional Cloud Security Engineer certification.
Prior experience working with US enterprises, MSSP environments, or 24x7 global SOCs.
If you are interested, please send me your updated resume ASAP with below details:
1.
Full Name:
2.
Current Location/Zip:
3.
Visa/Work Permit Status:
4.
Notice Period/Availability to Start:
5.
Willingness to relocate to job location:
6.
Preferred Interview timings (Specify Time zone):
7.
LinkedIn URL:
Best Regards,
Piyush Sri
Jconnect Infotech Inc.
168 Barclay Center Ste. 347
Cherry Hill, NJ 08034
Phone: 856-569-1699
|
LinkedIn
|
Mail
|
Company Page
|
Skype
This is
Piyush, IT Recruiter at Jconnect Inc.
I'm looking for an A
Security Engineer
our client. Please find job description below
Role:
Security Engineer
Location:
Hybrid in Boston, MA
Job Type:
Contract
Job description:
Key Responsibilities
Implement, configure, and maintain Google SecOps (Chronicle SIEM + SOAR)
Own SecOps platform configuration end-to-end: data sources, parsers, correlation rules, enrichments, user/role configuration, and integration with ticketing/ITSM and messaging tools.
Design and implement "detection as code": manage SIEM detections, correlation rules, and content in version control (e.g., Git), using code-driven workflows, reviews, and CI/CD where applicable.
Develop, tune, and maintain reusable detection logic, including rule templates, mappings to MITRE ATT&CK, and test cases for validating new and updated detections.
Create, maintain, and optimize automation playbooks in SOAR for common and complex use cases (phishing triage, suspicious login, malware, data exfiltration, privilege escalation, cloud misconfigurations).
Continuously improve automation coverage and quality by identifying manual tasks, converting them into playbooks, and measuring playbook performance (MTTR, auto-resolution rate, false positives).
Onboard and normalize security telemetry from GCP, SaaS platforms, endpoints, network devices, and identity providers into Google SecOps, including parser/taxonomy tuning.
Own L2 triage of security alerts: validate, correlate, and prioritize events escalated by L1, and perform deep-dive investigations using Chronicle search, pivots, and threat intelligence.
Lead or participate in incident response: containment, eradication, recovery, documentation, and post-incident review; feed lessons learned back into detections and automation playbooks.
Contribute to proactive threat hunting based on hypotheses, IOCs, TTPs, and threat intel feeds, and codify successful hunts into reusable detections and automated workflows.
Act as a stand in On call support one week per month for any major escalations
Monitor platform health and data quality for Google SecOps (log gaps, parsing errors, latency, ingestion failures) and drive resolution with engineering/ops teams.
Document runbooks, SOPs, detection and playbook catalogs, and knowledge articles to enable L1 teams and ensure consistent service delivery.
Required Skills and Experience
3-5 years of experience in Security Operations (SOC), Incident Response, or Security Engineering, including hands-on work in cloud environments (preferably GCP).
Strong experience with SIEM/SOAR platforms; direct experience with Google SecOps / Chronicle SIEM + SOAR is highly preferred.
Proven experience implementing detection-as-code practices: managing rules/content , using branching, code review, and testing approaches for detections and playbooks.
Experience designing and maintaining automation playbooks in SOAR tools, including integrations (REST APIs, webhooks, custom connectors) and error-handling strategies.
Good understanding of security concepts and services: IAM, VPC, firewall rules, Cloud DNS, Cloud Storage, Load Balancing, Security Command Center, Cloud Logs, and Monitoring.
Solid knowledge of network and security fundamentals: TCP/IP, DNS, VPNs, proxies, IDS/IPS, WAF, EDR, authentication and authorization, encryption, and common attack techniques.
Demonstrated experience in incident handling, threat analysis, and root cause analysis across endpoints, identities, and cloud workloads.
Scripting or automation skills (e.g., Python, Bash, YAML, or similar) to build integrations, detections, and SOAR workflows, and to support CI/CD for SecOps content.
Familiarity with security frameworks and standards (MITRE ATT&CK, NIST, CIS, SOC 2, PCI-DSS, ISO 27001) and how they map to detections and controls.
Strong analytical and troubleshooting skills, with the ability to work independently in an L2 capacity and mentor L1 analysts.
Excellent written and verbal communication skills for working with US-based stakeholders and documenting technical content.
Good To have/ Preferred:
Google Cloud Professional Security Operations Engineer or Professional Cloud Security Engineer certification.
Prior experience working with US enterprises, MSSP environments, or 24x7 global SOCs.
If you are interested, please send me your updated resume ASAP with below details:
1.
Full Name:
2.
Current Location/Zip:
3.
Visa/Work Permit Status:
4.
Notice Period/Availability to Start:
5.
Willingness to relocate to job location:
6.
Preferred Interview timings (Specify Time zone):
7.
LinkedIn URL:
Best Regards,
Piyush Sri
Jconnect Infotech Inc.
168 Barclay Center Ste. 347
Cherry Hill, NJ 08034
Phone: 856-569-1699
|
|
|
Company Page
|
Skype