Senior Security Engineer (GCP)

Senior Security Engineer

We help regulated and enterprise customers protect their Google Cloud Estates. As a Premier Google Cloud Partner, we deliver:

• Google Unified Security (GUS) engagements across the full stack — from greenfield SIEM/SOAR deployments and SOC modernisation programmes to detection engineering, posture management, threat hunting, and incident response uplift.
• Secure GCP estates with the adoption of CI/CD pipelines, secure landing zones and cloud posture reviews.
• Expertise when integrating third party tools such as Wiz.

We're looking for a Senior Security Engineer with deep, hands-on experience across the GCP and Google Security portfolio. You'll lead the technical work on customer engagements, build reusable content for the practice, and help customers deliver security solutions at scale.

This is a hands-on senior role. Most of your week is client delivery. The rest goes into our practice — accelerators, parsers, rule packs, playbooks, and points of view that make the next engagement faster than the last.

What You'll Do

Google SecOps (SIEM / SOAR)

• Lead end-to-end SecOps deployments — tenant setup, multi-tenant architecture, data ingestion, retention design, RBAC, and feed onboarding.
• Build and maintain parsers, UDM mappings, and data models for Google Cloud, AWS, Azure, endpoint, identity, and network sources
• Write, test, and tune YARA-L detection rules, including single-event, multi-event, and composite detections
• Design SOAR playbooks and python integrations
• Develop custom agents that can be deployed in customer environments using GCP infrastructure.

GCP

• Configure CI/CD pipelines with integrated security tools
• Configure GCP security solutions including, Security Command Centre Enterprise, IAP, VPC Service controls and Model Armor.
• Work with platform teams to support the deployment of secure cloud foundation blueprints.
• Support clients with secure AI workload including the use of model armor and agent identities.

Google Threat Intelligence

• Operationalise Google Threat Intelligence inside SecOps — IoC matching, Applied Threat Intelligence, and curated detections
• Build threat-informed defence programmes tied to customer-specific threat profiles (sector, geography, adversary groups)
• Run threat-hunting campaigns using GTI, Mandiant frontline intelligence, and UDM search
• Validate detection coverage against MITRE ATT&CK using Mandiant Security Validation where in scope

Practice Growth

• Mentor engineers and consultants; lead internal SecOps and GUS enablement
• Represent the practice in pre-sales, customer workshops, and Google partner forums

What We're Looking For

Essential

• Strong SIEM/SOC delivery experience (any major platform; Google SecOps / Chronicle preferred)
• Hands-on with Google SecOps: UDM, YARA-L, parsers, SOAR playbooks, data ingestion patterns
• Solid grounding in Google Cloud security primitives: IAM, Organization Policies, VPC Service Controls, Cloud Logging, Cloud KMS
• Comfortable with Terraform, CI/CD pipelines and at least one scripting language (Python, Go) for automation, parser development, and integration work
• Experience supporting regulated workloads (financial services, public sector, healthcare) and translating compliance requirements into operational controls
• Able to explain risk, trade-offs, and findings to both SOC analysts and executive stakeholders

Nice to Have

• Google Professional Cloud Security Engineer or Google SecOps certification
• Prior SIEM migration experience (Splunk → SecOps, Sentinel → SecOps, etc.)
• Experience with adjacent tooling: Wiz, CrowdStrike, Splunk, Sentinel, Snyk
• Consulting or systems-integrator background
• Contributions to open detection content (Sigma, MITRE, public rule repos)

Benefits

We believe in supporting our team members both professionally and personally. Here's how we invest in you:

Compensation and Financial Wellbeing

• Competitive base salary
• Matching pension scheme (up to 5%) from day one
• Discretionary company bonus scheme
• 4 x annual salary Death in Service coverage from day one
• Employee referral scheme
• Tech Scheme

Health and Wellness

• Private medical Insurance from day one
• Optical and Dental cashback scheme
• View email address on click.appcast.io app: access to remote GP's, second opinions, mental health support, and physiotherapy
• EAP service
• Cycle to work scheme

Work Life Balance and Growth

• 28 days annual leave (plus bank holidays)
• An extra paid day off for your birthday
• Ten paid learning days per year
• Flexible working hours
• Work from anywhere (up to 3 weeks per year)
• Industry-recognised training and certifications
• Bonusly employee recognition and reward platform
• Clear opportunities for career progression
• Length of service awards
• Regular company events

Diversity and Inclusion

At Beyond we champion diversity and inclusion. We believe that a career in IT should be open to everyone, regardless of race, ethnicity, gender, age, sexual orientation, disability or neurotype. We value the unique talents and perspectives that each individual brings to our team, and we strive to create a fair and accessible hiring process for all.