Key skills
AWSAzureCloudGoogle Cloud PlatformPythonSplunkTerraformGoAIGCPGoogle CloudIAMCI/CDSalesSnykCloud Security
About this role
Role Overview
- Lead end-to-end SecOps deployments — tenant setup, multi-tenant architecture, data ingestion, retention design, RBAC, and feed onboarding.
- Build and maintain parsers, UDM mappings, and data models for Google Cloud, AWS, Azure, endpoint, identity, and network sources.
- Write, test, and tune YARA-L detection rules, including single-event, multi-event, and composite detections.
- Design SOAR playbooks and python integrations.
- Develop custom agents that can be deployed in customer environments using GCP infrastructure.
- Configure CI/CD pipelines with integrated security tools.
- Configure GCP security solutions including, Security Command Centre Enterprise, IAP, VPC Service controls and Model Armor.
- Work with platform teams to support the deployment of secure cloud foundation blueprints.
- Support clients with secure AI workload including the use of model armor and agent identities.
- Operationalise Google Threat Intelligence inside SecOps — IoC matching, Applied Threat Intelligence, and curated detections.
- Build threat-informed defence programmes tied to customer-specific threat profiles (sector, geography, adversary groups).
- Run threat-hunting campaigns using GTI, Mandiant frontline intelligence, and UDM search.
- Validate detection coverage against MITRE ATT&CK using Mandiant Security Validation where in scope.
- Mentor engineers and consultants; lead internal SecOps and GUS enablement.
- Represent the practice in pre-sales, customer workshops, and Google partner forums.
Requirements
- Strong SIEM/SOC delivery experience (any major platform; Google SecOps / Chronicle preferred)
- Hands-on with Google SecOps: UDM, YARA-L, parsers, SOAR playbooks, data ingestion patterns
- Solid grounding in Google Cloud security primitives: IAM, Organization Policies, VPC Service Controls, Cloud Logging, Cloud KMS
- Comfortable with Terraform, CI/CD pipelines and at least one scripting language (Python, Go) for automation, parser development, and integration work
- Experience supporting regulated workloads (financial services, public sector, healthcare) and translating compliance requirements into operational controls
- Able to explain risk, trade-offs, and findings to both SOC analysts and executive stakeholders
- Google Professional Cloud Security Engineer or Google SecOps certification (Nice to have)
- Prior SIEM migration experience (Splunk → SecOps, Sentinel → SecOps, etc.) (Nice to have)
- Experience with adjacent tooling: Wiz, CrowdStrike, Splunk, Sentinel, Snyk (Nice to have)
- Consulting or systems-integrator background (Nice to have)
- Contributions to open detection content (Sigma, MITRE, public rule repos) (Nice to have)
Tech Stack
- AWS
- Azure
- Cloud
- Google Cloud Platform
- Python
- Splunk
- Terraform
- Go
Benefits
- Competitive base salary
- Matching pension scheme (up to 5%) from day one
- Discretionary company bonus scheme
- 4 x annual salary Death in Service coverage from day one
- Employee referral scheme
- Tech Scheme
- Private medical Insurance from day one
- Optical and Dental cashback scheme
- Help@Hand app: access to remote GP's, second opinions, mental health support, and physiotherapy
- EAP service
- Cycle to work scheme
- 28 days annual leave (plus bank holidays)
- An extra paid day off for your birthday
- Ten paid learning days per year
- Flexible working hours
- Work from anywhere (up to 3 weeks per year)
- Industry-recognised training and certifications
- Bonusly employee recognition and reward platform
- Clear opportunities for career progression
- Length of service awards
- Regular company events