Security Architect

L3 Analyst: Google Chronicle / Google SecOps

Roles & Responsibilities

Google Chronicle and Google SecOps

• SIEM Integration of

  Log Sources:

  Cloud (GCP, AWS, Azure), endpoints (EDR), identity (AD/Azure AD/Okta), network (FW/Proxy/NDR), SaaS (O365/GWS), app logs (K8s/containers)
• Content or rules development, New Use case creation and Use Case Fine tuning
• SOC process & procedures and Incident Response Run book / Play book creation
• Incident Response, Cyber threat analysis support, research and recommend appropriate remediation and mitigation
• Incident Response & Automation (Google SecOps SOAR)
• identification of advanced cyber threat activities, Endpoint Detection & Response, intrusion detection, incident response, malware analysis, and security content development (e.g., signatures, rules etc.); and cyber threat intelligence
• Maintain and drive the development of new reports of Cyber Threat Intelligence analysis to peers, management, and customer teams for purposes of situational awareness
• Recommendation of threat mitigation strategies

Skills & Experience

• 7+ years in SOC operations, with 2+ years on Google Chronicle and Google SecOps.

• Next-Gen SIEM Expertise:

  Good knowledge and demonstrated experience in Google Secops (Google Chronicle)

• SOAR Expertise:

  Playbook development and orchestration in Google SecOps.
• Good Knowledge in Nextgen Firewalls, Advanced Anti-malware prevention and analysis, Phishing email investigations, Sandbox analysis etc.,
• Automation scripting (Python, JSON).
• Integration with ticketing systems (ServiceNow, Jira) and EDR tools.

• Certifications:

  Google Cybersecurity Professional Certificate, Chronicle-specific training, GCIA/GCIH preferred.

Education

• Bachelor’s degree in science or engineering or information technology, related field,
• Minimum 7 years’ experience in Cybersecurity, SOC Operations or Incident Response

Should have one of the following certifications CISSP, CISA, OSCP, SANS, SIEM, CEH, CCNA Security etc.,