Informacje o stanowisku

technologies-expected :

• Google Cloud Platform
• Security Command Center
• IAM
• VPC-SC
• Cloud Armor
• KMS
• Python
• Go
• Bash
• Terraform

• Chronicle Security Operations
• Splunk
• Microsoft Sentinel

• We are seeking a Cloud SIEM/SOAR Security Engineer with deep expertise in Google Cloud Platform (GCP) to support cloud-native threat detection and security automation initiatives. In this role, you will design and build integrations, parsers, and detection logic across SIEM/SOAR platforms, helping to scale SecOps capabilities and strengthen security posture in complex environments.
• This is a hands-on engineering role requiring close collaboration with cloud architects, security analysts, and DevOps teams. You will contribute to threat detection pipelines, implement playbooks, and support forensic capabilities across GCP workloads, using best-in-class security tools and frameworks.

• Design, implement, and maintain log parsing and normalization pipelines for GCP-native services
• Develop SIEM/SOAR integrations, parsers, correlation rules, and automated response playbooks (e.g., Chronicle, Splunk, Sentinel)
• Enable cloud-native security telemetry ingestion across GCP environments (e.g., SCC, VPC Flow Logs, Audit Logs)
• Create reusable detection content based on MITRE ATT&CK and threat intelligence inputs
• Collaborate with DevSecOps teams to embed detection and response into CI/CD workflows
• Use scripting languages (Python, Bash, Go) to build automation and custom tooling
• Maintain Infrastructure as Code (IaC) for security infrastructure (e.g., Terraform)
• Contribute to incident response, threat hunting, and forensic analysis
• Apply security frameworks (NIST, OWASP, MITRE) in detection and logging strategies
• Monitor and improve cloud security coverage and risk detection KPIs

• 5+ years of experience in cloud security engineering or SIEM/SOAR operations
• Hands-on experience with SIEM/SOAR platforms such as Chronicle Security Operations, Splunk, or Microsoft Sentinel
• Strong GCP background with exposure to Security Command Center, IAM, VPC-SC, Cloud Armor, KMS
• Proven experience in parser development, log ingestion, and detection content creation
• Proficiency in scripting for security automation (Python, Go, Bash)
• Familiarity with Infrastructure as Code tools (Terraform)
• Strong understanding of cloud security monitoring, logging, and alerting strategies
• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience
• Certification: Google Cloud PCSE or equivalent

• Fully remote work with flexible working hours - EMEA Timezone
• Long-term collaboration on B2B contract
• Opportunity to work on complex cloud projects for international clients
• Professional growth in a highly skilled and supportive team
• Collaborative and open working culture

• remote work opportunities
• flexible working time
• integration events
• no dress code

Warszawa - Oferty pracy w okolicznych lokalizacjach