SIEM Google SecOps Manager
Virtusa · Bangalore Urban, Karnataka, India
Virtusa · Bangalore Urban, Karnataka, India
SIEM Google SecOps Engineer - Should have end to end experience [SME] in Google SecOps engineering with Google Chronicle, Google Threat Intelligence platform management experience. - Should have deep expertise in all modules of Google SecOps, GTI and case management. - Lead the design and implementation of Google SecOps data ingestion from diverse sources and using various mechanisms for integration and normalization of logs. - Architect and maintain robust log ingestion pipelines from diverse log/data sources, ensuring comprehensive data collection, normalization, and parsing. - Should have high proficiency and technical knowledge on Bindplane agents and its management components. - Should have practical & technical experience in building SecOps log forwarders and end to end management of the component. - Should be an expert in building UDMs in Google SecOps and creation of custom parsers where required for log sources. - Should have good practical experience in developing and implementing playbooks, custom detection rules, dashboards and reporting. - Automate SIEM tasks, workflows, and integrations using scripting languages (e.g. Python) to improve efficiency and scalability. - Create, optimize response workflows, improve threat detection capabilities, and provide expert-level support during security incidents. - Collaborate with internal engineering teams to fine-tune log sources, parsers and detection rules to improve alert fidelity. - Design, develop, implement, and optimize advanced correlation rules, use cases, and detection logic within the enterprise SIEM platform. - Develop and refine high-fidelity security alerts, dashboards, and reports to enhance threat identification, reduce false positives, and provide actionable insights. - Design and implement solutions to handle alert fatigue encountered in SIEM correlation. - Develop SOAR playbooks to provide case handling and Incident response as per triage needs. - Develop and maintain comprehensive SIEM documentation, including system architecture diagrams, data flow diagrams, log source configurations, alert rationale. - Contribute to the long-term vision and roadmap for SIEM and threat detection capabilities. Identify gaps and opportunities for improvement in existing detection strategies and recommend solutions.