Job Description
I am currently assisting a client who operate in a regulated industry, financial services, who are currently embarking a programme of work focused on maturity/designing and implementing security posture utilising SIEM tools such as Google Chronicle & implementing UEBA/SOAR (Security Orchestration, Automation, and Response / User and Entity Behaviour Analytics) built on GCP/Google Cloud so Google SecOps/Security Operations experience is highly desirable.
Key Responsibilities;
- Enable and validate UEBA alerting within Chronicle SIEM, based on log sources
- Deliver a minimum viable UEBA capability with tested detection logic
- Provide engineering support to accelerate onboarding of log sources required for UEBA enrichment and detection fidelity
- Demonstrate the ability to work with Google Chronicle and SecOps APIs, specifically for the purpose of updating and managing reference data
- Conduct current state assessment of detection engineering capabilities and log source coverage
- Design and implement detection use cases aligned to MITRE ATT&CK framework
- Enable SOAR integration by identifying high-fidelity detections and mapping
Key Technical / IT Security Skills;
- Chronicle SIEM
- Google SecOps
- UEBA Tooling
- Windows Event Logs
- Bind...