FDM is a global business and technology consultancy seeking a Senior Google Chronicle Developer to work for our client within the health sector. This is initially a 6-month contract with the potential to extend and will be a fully remote role.
Our client is seeking a Senior Google Chronicle Developer, who will be instrumental in building, managing, and optimising their Chronicle-based security monitoring and threat detection ecosystem. You will work closely with Security Operations (SecOps), DevOps, and Data Engineering teams to ensure they have reliable data ingestion, robust detection logic, and automated response playbooks that surface actionable insights and drive rapid incident response.
Responsibilities
* Design, develop, and maintain Chronicle detections and playbooks across IT, application, and security domains, using YARA-L, EQL, and Chronicle Policy Engine
* Onboard new data sources into Chronicle via forwarders (e.g., Chronicle Data Forwarder, Fluentd/Fluent Bit), APIs, and custom parsers
* Build and optimise UDM pipelines (parsers & normalization)—create custom parsing rules, JSON or regex-based Normalized Event configurations, and ensure new log sources conform to the common schema
* Develop scheduled hunts and automated workflows in Chronicle for threat hunting (e.g., abnormal DNS tunneling, lateral movement). Leverage EQL for complex queries and scheduled scans
* Collaborate with SecOps and DevOps to integrate Chronicle alerts with SOAR platforms (e.g., Phantom, Demisto), enabling automated enrichment (TI, asset data) and response actions. Author playbooks that, for example, isolate compromised endpoints, block IPs, or escalate to ticketing systems
* Drive improvements in log standardization and detection rule hygiene—audit existing YARA-L rules, tune conditions to reduce false positives/negatives, and retire stale detections
* Act as Chronicle SME for architecture reviews, capacity planning, licensing, and best practices and advise on Chronicle’s ingestion pipeline scaling (back-pressure, sharding), health monitoring, and performance metrics (ingest latency, query response times)
* Participate in incident investigations and postmortems, providing insights via Chronicle query analysis and retrospectives. Identify detection gaps and propose new rule or playbook enhancements
* Mentor junior Chronicle engineers and analysts—lead brown-bag sessions on writing EQL hunts, building YARA-L rules, or configuring UDM transformations