Security Engineer

Responsibilities

• Support end to end SOC alerts workflow.
• Assist in operationalizing the Regular Incident Response Plan and Major Incident Response Plan across teams.
• Work with SOC tools and automation with Google SecOps as the primary SIEM, SOAR, Google Threat Intelligence, Gemini AI integrations and Jira as the authoritative system of record.
• Collaborate with our managed SOC provider (Tier 1) to ensure quality triage, correct escalations, and reduced false positives.
• This is a hands-on role where you will investigate alerts, implement playbooks, support incident response activities, and contribute to operational improvements within the SOC.
• Active participation in SOC alert lifecycle: Alert Ingestion → Triage → Routing → Investigation → Determination → Reporting.
• Support incident response coordination during security incidents.
• Ensure strict adherence to Perforce’s Incident Response Policies for regular incidents
• Follow the SOC Charter, operating model, and guardrails as per the Operationalization Plan, Own the SOC RACI and routing matrix across SOC, CloudOps, IT, Engineering, and the provider.

Tools, Telemetry & Automation

• Support the implementation and tuning of Google SecOps (Chronicle SIEM + SOAR + case management, Google Threat Intelligence and Gemini integrations) as the primary detection and workflow platform.
• Assist in configuring alert pipelines, detection logic, and investigation workflows
• Implement Alerts enrichment mechanism such as:

o asset context, user context, historical activity.

o Support Integration of Jira tickets and playbooks based on Google SecOps cases.

o Support SLA monitoring and notifications (MTTR, remediation timeframes).

• Work with the Corporate Security on CI/CD and IaC security automation where incident workflows intersect with pipelines (e.g., auto ticketing, auto asset tagging, config drift etc..).

Playbooks, IRP/MIRP Implementation & Quality

• Execute predefined SOC playbooks aligned with IRP/MIRP guidelines.

o Cloud misconfiguration / CSPM alerts.

o Endpoint malware and suspicious activity.

o Identity and credential compromise.

o Application and product security alerts.

o External threat reports via Security Mailbox or any other threat feeds.

• Oversee False Positives and Exceptions processes.

Metrics, Reporting & Operational Improvement

• Support the generation of SOC operational metrics.
• Contribute data for Monthly SOC Operational Reports
• Participate in RCA and post incident reviews

Team Collaboration & Knowledge Sharing

• Serve as a technical escalation point for Security Analysts.
• Assist in mentoring junior SOC members on investigation techniques and tooling usage.
• Collaborate with the Tier-1 SOC provider to improve alert quality and response workflows.
• Promote best practices in incident investigation and operational discipline within the SOC.

Requirements

• Bachelor’s or master’s degree in computer science, Information Security, Engineering, or related field.
• 4 - 6 years of experience in Security Operations, Incident Response, or SOC roles.
• Hands-on experience working with SIEM platforms (Google SecOps, Chronicle, Splunk, QRadar, or equivalent).
• Experience working with incident management workflows and Jira ticketing systems.
• Practical understanding of incident response aligned with NIST/ISO
• Familiarity with scripting or automation concepts (Python, APIs, or SOAR playbooks).
• Ability to interpret and operationalize written processes and RACI models.

Preferred Qualifications / Skills

• Basic understanding on AI tools usage, orchestration and Prompt Engineering.
• Familiarity with Google SecOps ecosystem and threat intelligence integrations.
• Knowledge of attacker techniques such as MITRE ATT&CK framework.
• Security certifications such as Security+, GCIH, GCED, CEH, or similar.
• Experience working in global SaaS or enterprise technology environments.
• Experience in a global SaaS or multi product organization, Prior experience in leading or actively participating in SOC2 or ISO 27001 audit evidence collection.