I am currently assisting a client who operate in a regulated industry, financial services, who are currently embarking a programme of work focused on maturity/designing and implementing security posture utilising SIEM tools such as Google Chronicle & implementing UEBA/SOAR (Security Orchestration, Automation, and Response / User and Entity Behaviour Analytics) built on GCP/Google Cloud so Google SecOps/Security Operations experience is highly desirable.
Key Responsibilities;
- Enable and validate UEBA alerting within Chronicle SIEM, based on log sources
- Deliver a minimum viable UEBA capability with tested detection logic
- Provide engineering support to accelerate onboarding of log sources required for UEBA enrichment and detection fidelity
- Demonstrate the ability to work with Google Chronicle and SecOps APIs, specifically for the purpose of updating and managing reference data
- Conduct current state assessment of detection engineering capabilities and log source coverage
- Design and implement detection use cases aligned to MITRE ATT&CK framework
- Enable SOAR integration by identifying high-fidelity detections and mapping
Key Technical / IT Security Skills;
- Chronicle SIEM
- Google SecOps
- UEBA Tooling
- Windows Event Logs
- BindPlane
- MITRE ATT&CK
- Strong SOC background
- SOAR playbooks
- GCP
Finer Details;
- Outside IR35
- Contract until End of December, possibly longer
- Hybrid, 4 times a month in the London office
Please apply for consideration