Google - SIEM Engineer (Security)

Responsibilities :-
Lead the design and implementation of data ingestion from diverse sources, various mechanisms for integration and normalization of logs.Extension of pre-built UDMs in and creation of custom parsers where required for log sources.Integration of SIEM with other security capabilities and tools such as SOAR, EDR, NDR, threat intelligence platform, and ticketing systems.Write custom actions, scripts and/or integrations to extend SIEM platform functionality.Monitor performance and perform timely actions to scale SIEM deployment, especially in a very high-volume security environment.Creation of SIEM assets such as: detection rules using YARA-L, dashboards, parsers etc.Migration of existing assets from existing customers SIEM/SOAR to SecOps and assisting in implementing the SIEM/SOAR phase-out, phase-in approach.Testing and deployment of newly created and migrated assets such as rules, playbooks, alerts, dashboards etcDesign and implement solutions to handle alert fatigue encountered in SIEM correlation.Creation of custom SIEM dashboards to meet customer requirements.Guide on building or maturing cloud security programs and the implementation of tools and approaches used for improving cloud security.Debug and solve customer issues in ingestion, parsing, normalization of data etcDevelop SOAR playbooks to provide case handling and Incident response as per triage needsMinimum Qualifications (MQs):-8+ years experience in leading projects and delivering technical solutions related to securitySIEM experience in the areas of responsibility for at least 1 year.Implementation experience of YARA-L 2.0 and at least one more general purpose language.Experience managing customer projects to completion, working with engineering teams, sales and partners.Experience architecting, developing, or maintaining SIEM and SOAR platforms & secure Cloud solutions.Strong verbal and written communication skills and the ability to develop high-qualityDemonstrated experience on consulting or ownership of Security during high-speed environment migration for large-scale businesses with regulatory requirementsStrong verbal and written communication skills (English), and the ability to develop high-quality technical documentation and presentation materials.Preferred Qualifications (PQs):-Experience in Prevention, Detection and response to cyber threatsSOAR experience of 1 year in creation of playbooks, testing and validation of playbooks, integration with custom actions using bespoke scripts, or other SOAR platformsKnowledge and experience in SIEM platformsKnowledge in GCP, including Google Cloud Professional Certifications (Security, Architect) and other industry certifications (CISSP, CCSP etc)Experience in security governance, security risk management, security operations, security architecture, and/or cyber incident response programs for cloud.Experience working with cloud architecture across a broad set of enterprise use cases and creating end-to-end solution architectures.Excellent organizational, problem-solving, articulating and influencing skills.Experience with industry compliance frameworks (e.g., PCI-DSS, ISO 27017/27018, GDPR, SOC).