Incident Response Engineer, UK Security Operations at Google

Minimum qualifications:

• Bachelor's degree or equivalent practical experience.
• Certification in Certified Ethical Hacker (CEH), Global Information Assurance Certification (GIAC) or Computing Technology Industry Association Security+ (CompTIA Sec+).
• 2 years of experience in similar SOC related roles, explicitly in responding to and actioning on security incidents.
• Experience in technical troubleshooting and writing code in one or more programming languages.
• United Kingdom Security Vetting Developed Vetting (DV) clearance.

Preferred qualifications:

• Certifications in Security+ or similar Cyber Security/Incident Response.
• Experience responding to security incidents on Kubernetes.
• Experience analyzing, triaging, and remediating common information security incidents.
• Understanding of common attacker tactics, tools, and techniques.
• Excellent problem-solving and investigative skills.
• Current and active UK Developed Vetting (DV) Security Clearance.

About the job

The UK Security Operations (SecOps) team in Google Public Sector delivers, operates and secures private cloud services. We aim to provide the flexibility, reliability, and scalability of public cloud for customers with exceptionally high security requirements that can only be met in a private cloud environment. We deliver and operate these private cloud deployments for the most critical customers, helping scale, secure and maintain the deployment whilst working closely with Google product teams to continually improve our technology.

Security Operations plays a critical role in safeguarding Google's public sector customers by proactively monitoring, detecting, and investigating security incidents around the clock. Operating 24/7, the team ensures comprehensive coverage of environments and swiftly responds to suspicious activity. In this role, you will respond to escalated security incidents and proactively enhance the Security Operations Center (SOC) by building platform efficiencies, conducting threat hunting, and participating in purple team events. You will participate in a rotating on-call schedule outside of core business hours and over the weekend to ensure security incidents can be swiftly resolved.

Responsibilities

• Respond to security incidents escalated from the front line 24/7 team.
• Build and develop security efficiencies on the platform to improve the overall security operations center (SOC).
• Conduct threat hunting activities on the platform and participate in purple team events.
• Review and develop security operations center dashboards for anomalous activity.
• Be a subject matter expert (SME) across typical security disciplines, vulnerability, Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM) etc.