About the project

• We are seeking a Cloud SIEM/SOAR Security Engineer with deep expertise in Google Cloud Platform (GCP) to support cloud-native threat detection and security automation initiatives. In this role, you will design and build integrations, parsers, and detection logic across SIEM/SOAR platforms, helping to scale SecOps capabilities and strengthen security posture in complex environments.
• This is a hands-on engineering role requiring close collaboration with cloud architects, security analysts, and DevOps teams. You will contribute to threat detection pipelines, implement playbooks, and support forensic capabilities across GCP workloads, using best-in-class security tools and frameworks.

Your responsibilities

• Design, implement, and maintain log parsing and normalization pipelines for GCP-native services
• Develop SIEM/SOAR integrations, parsers, correlation rules, and automated response playbooks (e.g., Chronicle, Splunk, Sentinel)
• Enable cloud-native security telemetry ingestion across GCP environments (e.g., SCC, VPC Flow Logs, Audit Logs)
• Create reusable detection content based on MITRE ATT&CK and threat intelligence inputs
• Collaborate with DevSecOps teams to embed detection and response into CI/CD workflows
• Use scripting languages (Python, Bash, Go) to build automation and custom tooling
• Maintain Infrastructure as Code (IaC) for security infrastructure (e.g., Terraform)
• Contribute to incident response, threat hunting, and forensic analysis
• Apply security frameworks (NIST, OWASP, MITRE) in detection and logging strategies
• Monitor and improve cloud security coverage and risk detection KPIs

Our requirements

• 5+ years of experience in cloud security engineering or SIEM/SOAR operations
• Hands-on experience with SIEM/SOAR platforms such as Chronicle Security Operations, Splunk, or Microsoft Sentinel
• Strong GCP background with exposure to Security Command Center, IAM, VPC-SC, Cloud Armor, KMS
• Proven experience in parser development, log ingestion, and detection content creation
• Proficiency in scripting for security automation (Python, Go, Bash)
• Familiarity with Infrastructure as Code tools (Terraform)
• Strong understanding of cloud security monitoring, logging, and alerting strategies
• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience
• Certification: Google Cloud PCSE or equivalent

Optional

• Experience with behavioral analytics and ML-based threat detection
• Familiarity with container security and GKE/Istio environments
• Knowledge of compliance automation tools and cloud risk scoring frameworks
• Prior experience in public sector or highly regulated industries
• Understanding of incident response and cloud forensic methodologies

Technologies we use

This is how we work on a project

• Continuous Deployment

• Continuous Integration

• DevOps

What we offer

• Fully remote work with flexible working hours - EMEA Timezone

• Long-term collaboration on B2B contract

• Opportunity to work on complex cloud projects for international clients

• Professional growth in a highly skilled and supportive team

• Collaborative and open working culture