I am currently assisting a client who operate in a regulated industry, financial services, who are currently embarking a programme of work focused on maturity/designing and implementing security posture utilising SIEM tools such as Google Chronicle & implementing UEBA/SOAR (Security Orchestration, Automation, and Response / User and Entity Behaviour Analytics) built on GCP/Google Cloud so Google SecOps/Security Operations experience is highly desirable.

Key Responsibilities; - Enable and validate UEBA alerting within Chronicle SIEM, based on log sources - Deliver a minimum viable UEBA capability with tested detection logic - Provide engineering support to accelerate onboarding of log sources required for UEBA enrichment and detection fidelity - Demonstrate the ability to work with Google Chronicle and SecOps APIs, specifically for the purpose of updating and managing reference data - Conduct current state assessment of detection engineering capabilities and log source coverage - Design and implement detection use cases aligned to MITRE ATT&CK framework - Enable SOAR integration by identifying high-fidelity detections and mapping

Key Technical / IT Security Skills; - Chronicle SIEM - Google SecOps - UEBA Tooling - Windows Event Logs - BindPlane - MITRE ATT&CK - Strong SOC background - SOAR playbooks - GCP

Finer Details; - Outside IR35 - Contract until End of December, possibly longer - Hybrid, 4 times a month in the London office

Please apply for consideration