Security Engineer

5+ years in SOC / SecOps / Incident Response, with at least 2+ years focused on detection engineering.

Direct hands on with Google Security Operations (Google SecOps / Chronicle) for:

o Writing and tuning YARA L detection rules.

o Managing log sources and reference lists.

o Running investigations and hunts in SecOps.

Proven Detection as Code implementation:

o Detections stored as code in Git/GitHub (YAML/JSON or similar).

o Use of branches, pull requests, and code review for rule changes.

o CI/CD pipeline to test and deploy rules to Google SecOps (or another SIEM) not just manual uploads.

Strong Python for security engineering:

o Building data parsers and enrichment scripts.

o Automating interactions with Google SecOps / SIEM / SOAR APIs.

o Implementing test harnesses for detections (synthetic logs, unit tests).

Strong SOAR / playbook experience:

o Hands on with Google SecOps SOAR or equivalent (Cortex XSOAR, Splunk SOAR, etc.).

o Built playbooks for phishing, suspicious logins, brute force, WAF events, including enrichment and containment steps.

Solid L2/L3 SOC capability:

o Has led investigations for account compromise, ransomware, and web app attacks.

o Comfortable owning incidents end to end and communicating updates to stakeholders.

Strong written and verbal communication in English, suitable for US customer calls and incident bridges.

If a CV does not clearly show Git based DaC + Python + SOAR + L2 IR, it should not be considered