Key skills
BigQueryCloudGoogle Cloud PlatformPythonSDLCTerraformAILLMGCPGoogle CloudGKEIAMOktaSSOGitHubWorkdayCI/CDLeadershipCommunication
About this role
Role Overview
- Own our SIEM-of-record end-to-end; take it from deployed to operated: finish and harden log-source onboarding (GCP audit logs, Okta, Google Workspace, GitHub, endpoint telemetry) and own normalization, ingest health and the operating rhythm.
- Build detection-as-code: grow the first high-signal rules into a versioned, peer-reviewed rule set (Sigma / YARA-L / scheduled queries) mapped to MITRE ATT&CK and tuned hard against false positives.
- Drive MTTD down to minutes on the attack paths that matter; identity abuse, service-account impersonation, bulk data access, CI/CD compromise.
- Incident response: rehearse playbooks, lead investigations and forensics, and support breach-notification workflows with the compliance team.
- Run the cloud-findings triage loop (Security Command Center / CNAPP)
- Harden our Google Cloud estate (IAM least privilege, org policies, VPC Service Controls, GKE security, Cloud Armor) and codify everything in Terraform.
- Secure the CI/CD pipeline and SDLC (SAST, dependency and secrets scanning, supply-chain controls) and contribute to threat modeling of new features, including our AI/LLM surfaces.
- Strengthen the identity plane with IT — Okta policy hardening, phishing-resistant MFA (FIDO2/passkeys), SSO/SCIM coverage, joiner-mover-leaver automation — and route EDR and email-security telemetry into your detections.
Requirements
- 5–8+ years in security engineering, including at least 2–3 years hands-on experience in detection engineering, SOC or incident response.
- Proven experience writing detection rules as code (Sigma, YARA-L or equivalent) and tuning them in production.
- Python automation (event pipelines, alert enrichment, BigQuery) and Terraform
- Incident response and forensics fundamentals; comfortable moving between an IAM review, a CI hardening PR and an Okta policy change
- Excellent communication in English able to work cross-functionally with engineering, compliance and IT.
- GKE Autopilot & admission controllers, SIEM operations (Google SecOps / Elastic / Panther), or experience in healthcare / another regulated industry is a plus.
Tech Stack
- BigQuery
- Cloud
- Google Cloud Platform
- Python
- SDLC
- Terraform
Benefits
- Stock ownership
- 100% healthcare coverage
- Meal vouchers
- Public transportation costs covered at 50%
- Exercise class during the workday: Yoga, running, pilates, HIIT
- Unlimited budget for book purchases, so you can continue to learn about IT, security, and leadership
- Culture of trust & accountability — your output matters more than your clock-in time