Google Secops Security Engineer

Hi, Greetings!


This is Piyush, IT Recruiter at Jconnect Inc.


I'm looking for an A Security Engineer our client. Please find job description below


Role: Security Engineer


Location: Hybrid in Boston, MA


Job Type: Contract

Job description:


Key Responsibilities

• Implement, configure, and maintain Google SecOps (Chronicle SIEM + SOAR)
• Own SecOps platform configuration end-to-end: data sources, parsers, correlation rules, enrichments, user/role configuration, and integration with ticketing/ITSM and messaging tools.
• Design and implement "detection as code": manage SIEM detections, correlation rules, and content in version control (e.g., Git), using code-driven workflows, reviews, and CI/CD where applicable.
• Develop, tune, and maintain reusable detection logic, including rule templates, mappings to MITRE ATT&CK, and test cases for validating new and updated detections.
• Create, maintain, and optimize automation playbooks in SOAR for common and complex use cases (phishing triage, suspicious login, malware, data exfiltration, privilege escalation, cloud misconfigurations).
• Continuously improve automation coverage and quality by identifying manual tasks, converting them into playbooks, and measuring playbook performance (MTTR, auto-resolution rate, false positives).
• Onboard and normalize security telemetry from GCP, SaaS platforms, endpoints, network devices, and identity providers into Google SecOps, including parser/taxonomy tuning.
• Own L2 triage of security alerts: validate, correlate, and prioritize events escalated by L1, and perform deep-dive investigations using Chronicle search, pivots, and threat intelligence.
• Lead or participate in incident response: containment, eradication, recovery, documentation, and post-incident review; feed lessons learned back into detections and automation playbooks.
• Contribute to proactive threat hunting based on hypotheses, IOCs, TTPs, and threat intel feeds, and codify successful hunts into reusable detections and automated workflows.
• Act as a stand in On call support one week per month for any major escalations
• Monitor platform health and data quality for Google SecOps (log gaps, parsing errors, latency, ingestion failures) and drive resolution with engineering/ops teams.
• Document runbooks, SOPs, detection and playbook catalogs, and knowledge articles to enable L1 teams and ensure consistent service delivery.

Required Skills and Experience

• 3-5 years of experience in Security Operations (SOC), Incident Response, or Security Engineering, including hands-on work in cloud environments (preferably GCP).
• Strong experience with SIEM/SOAR platforms; direct experience with Google SecOps / Chronicle SIEM + SOAR is highly preferred.
• Proven experience implementing detection-as-code practices: managing rules/content , using branching, code review, and testing approaches for detections and playbooks.
• Experience designing and maintaining automation playbooks in SOAR tools, including integrations (REST APIs, webhooks, custom connectors) and error-handling strategies.
• Good understanding of security concepts and services: IAM, VPC, firewall rules, Cloud DNS, Cloud Storage, Load Balancing, Security Command Center, Cloud Logs, and Monitoring.
• Solid knowledge of network and security fundamentals: TCP/IP, DNS, VPNs, proxies, IDS/IPS, WAF, EDR, authentication and authorization, encryption, and common attack techniques.
• Demonstrated experience in incident handling, threat analysis, and root cause analysis across endpoints, identities, and cloud workloads.
• Scripting or automation skills (e.g., Python, Bash, YAML, or similar) to build integrations, detections, and SOAR workflows, and to support CI/CD for SecOps content.
• Familiarity with security frameworks and standards (MITRE ATT&CK, NIST, CIS, SOC 2, PCI-DSS, ISO 27001) and how they map to detections and controls.
• Strong analytical and troubleshooting skills, with the ability to work independently in an L2 capacity and mentor L1 analysts.
• Excellent written and verbal communication skills for working with US-based stakeholders and documenting technical content.

Good To have/ Preferred:

• Google Cloud Professional Security Operations Engineer or Professional Cloud Security Engineer certification.
• Prior experience working with US enterprises, MSSP environments, or 24x7 global SOCs.

If you are interested, please send me your updated resume ASAP with below details:


1.


Full Name:

2.


Current Location/Zip:

3.


Visa/Work Permit Status:

4.


Notice Period/Availability to Start:

5.


Willingness to relocate to job location:

6.


Preferred Interview timings (Specify Time zone):

7.


LinkedIn URL:


Best Regards,


Piyush Sri

Jconnect Infotech Inc.
168 Barclay Center Ste. 347
Cherry Hill, NJ 08034

Phone: View phone number on click.appcast.io | LinkedIn | Mail | Company Page | Skype