Security Infrastructure Engineer (Google SecOps)

Doha, Qatar

Functional Responsibilities
Data Ingestion and Normalization

Pipeline Management: Architect and maintain the ingestion of telemetry from multi-cloud (GCP, AWS, Azure) and on-premises environments using Bind Plane Forwarders, Cloud-to-Cloud (C2C) connectors, and Webhooks.
Parser Development: Design, build, and troubleshoot custom parsers (CBN) to ensure non-standard log sources are correctly normalized into the Unified Data Model (UDM).
Data Health Monitoring: Build dashboards to monitor ingestion rates, latency, and data drops to ensure the SIEM is always receiving high-quality, actionable data.

SOAR & Automation Engineering

Playbook Development: Design and code automated incident response playbooks in Google SOAR using Python and visual builders.
Connector Engineering: Build and maintain API integrations between Google SOAR and third-party tools (Firewalls, EDR, IAM, Ticketing systems).
Workflow Optimization: Automate repetitive manual tasks such as artifact enrichment, evidence gathering, and initial containment actions.
Case Management Configuration: Tailoring the SOAR environment to fit the SOC’s operational needs, including custom fields, stages, and SLA tracking.

Platform Administration and Optimization

System Health Monitoring: Monitoring the ingestion health to ensure no data is dropped and that latency stays within acceptable limits.
Access Control: Managing Role-Based Access Control (RBAC) to ensure analysts have the correct level of access to sensitive data.
Threat Intel Ingestion: Managing the integration of Mandiant, Virus Total, and other third-party threat intelligence feeds to ensure detections are always up to date with the latest global threats.

Collaboration with SOC Team

Feedback Loops: Collaborating with Tier 1 and Tier 2 analysts to tune YARA-L rules based on real-world alert performance and "noise" levels.
Requirements Gathering: Interviewing incident responders to understand their manual workflows, then translating those into Google SOAR playbooks.
Training & Enablement: Conducting knowledge transfer sessions on how to use UDM Search and the Google SecOps interface to speed up investigations.

Alignment with Infrastructure Team

Data Ingestion Strategy: Working with GCP/AWS/Azure Architects to ensure that Cloud Logging and Pub/Sub are configured correctly for seamless export to Google SecOps platform.
Agent Deployment: Coordinating with IT Infrastructure teams to deploy and maintain Bind Plane Forwarders on on-premises servers and virtual machines.
Troubleshooting: Collaborating with Network Engineers to resolve connectivity issues or firewall blocks that prevent telemetry from reaching the Google SecOps platform.

Knowledge, Skills & Experience
Academic & Professional Qualifications:

Preferred:

Experience:

3–5 years of hands-on experience in Security Engineering, SOC Automation, DevOps Engineer, Security Operations, or Infrastructure Security.

Skills and Requirements:
Technical Skills (Must Have)

SIEM/SOAR Mastery: Proven experience architecting and managing enterprise-grade platforms (e.g., Splunk, Azure Sentinel, or QRadar), with at least 1–2 years specifically focused on Google SecOps (Chronicle).

Coding & Scripting: Professional experience using Python to automate security workflows or build custom API connectors.
Cloud Infrastructure: Hands-on experience managing security within Google Cloud Platform (GCP), including VPC service controls, IAM, and Cloud Logging.
Languages: Python (Advanced), SQL (BigQuery), YARA/YARA-L, and Bash.
Frameworks: MITRE ATT&CK, NIST Cybersecurity Framework.
Tools: Git (Version Control), Terraform (Infrastructure as Code), Docker/Kubernetes (Containerization).
Data Standards: Deep knowledge of JSON, Protobuf, and Regex for log parsing and normalization.

Soft Skills

Strong analytical thinking and problem-solving capability.
Excellent communication skills, able to explain technical findings to non-technical stakeholders.
Ability to work independently, manage multiple priorities, and meet deadlines.
Attention to detail and a structured, documentation-driven mindset.