Should have end to end experience [SME] in Google SecOps engineering with Google Chronicle, Google Threat Intelligence platform management experience.
Should have deep expertise in all modules of Google SecOps, GTI and case management.
Lead the design and implementation of Google SecOps data ingestion from diverse sources and using various mechanisms for integration and normalization of logs.
Architect and maintain robust log ingestion pipelines from diverse log/data sources, ensuring comprehensive data collection, normalization, and parsing.
Should have high proficiency and technical knowledge on Bindplane agents and its management components.
Should have practical & technical experience in building SecOps log forwarders and end to end management of the component.
Should be an expert in building UDMs in Google SecOps and creation of custom parsers where required for log sources.
Should have good practical experience in developing and implementing playbooks, custom detection rules, dashboards and reporting.
Automate SIEM tasks, workflows, and integrations using scripting languages (e.g. Python) to improve efficiency and scalability.
Create, optimize response workflows, improve threat detection capabilities, and provide expert-level support during security incidents.
Collaborate with internal engineering teams to fine-tune log sources, parsers and detection rules to improve alert fidelity.
Design, develop, implement, and optimize advanced correlation rules, use cases, and detection logic within the enterprise SIEM platform.
Develop and refine high-fidelity security alerts, dashboards, and reports to enhance threat identification, reduce false positives, and provide actionable insights.
Design and implement solutions to handle alert fatigue encountered in SIEM correlation.
Develop SOAR playbooks to provide case handling and Incident response as per triage needs.
Develop and maintain comprehensive SIEM documentation, including system architecture diagrams, data flow diagrams, log source configurations, alert rationale.
Contribute to the long-term vision and roadmap for SIEM and threat detection capabilities. Identify gaps and opportunities for improvement in existing detection strategies and recommend solutions.
