I am currently assisting a client who operate in a regulated industry, financial services, who are currently embarking a programme of work focused on maturity/designing and implementing security posture utilising SIEM tools such as Google Chronicle & implementing UEBA/SOAR (Security Orchestration, Automation, and Response / User and Entity Behaviour Analytics) built on GCP/Google Cloud so Google SecOps/Security Operations experience is highly desirable.

Key Responsibilities;

- Enable and validate UEBA alerting within Chronicle SIEM, based on log sources

- Deliver a minimum viable UEBA capability with tested detection logic

- Provide engineering support to accelerate onboarding of log sources required for UEBA enrichment and detection fidelity

- Demonstrate the ability to work with Google Chronicle and SecOps APIs, specifically for the purpose of updating and managing reference data

- Conduct current state assessment of detection engineering capabilities and log source coverage

- Design and implement detection use cases aligned to MITRE ATT&CK framework

- Enable SOAR integration by identifying high-fidelity detections and mapping

Key Technical / IT Security Skills;

- Chronicle SIEM

- Google SecOps

- UEBA Tooling

- Windows Event Logs

- BindPlane

- MITRE ATT&CK

- Strong SOC background

- SOAR playbooks

- GCP

Finer Details;

- Outside IR35

- Contract until End of December, possibly longer

- Hybrid, 4 times a month in the London office

Please apply for consideration