Security Engineer – SIEM Platform (Google SecOps)

About The Position

Requirements

• Minimum of 2-3 years in Cybersecurity, ideally security operations or security operation center.
• Expertise on incident management, SIEM, DLP, threat intelligence, VPN, and email security.
• Google SecOps SIEM experience in the areas of responsibility for at least 1 year.
• Experience building detection content (rule logic, correlation, tuning); YARA-L experience preferred.
• Experience integrating security tools via APIs and automation (EDR, NDR, ticketing).
• Scripting ability (e.g., Python, Bash) for automation and troubleshooting.
• Strong understanding of cybersecurity principles and best practices.
• Strong knowledge of network, endpoint, identity, and cloud security fundamentals.
• Excellent analytical and problem-solving abilities.
• Ability to work effectively under pressure.
• Capable of handling multiple incidents simultaneously.
• Strong communication and interpersonal skills to collaborate with various teams.
• You’re a Security Engineer who can both build and operate at scale.
• You have strong expertise in Google SecOps and are equally comfortable with leading incident response.
• You will be working primarily on the following stack: Apple systems, Google SecOps, Okta, Google Workspace, Slack, Code42, Crowdstrike, Cloudflare WARP, Tenable Nessus and Jamf Pro.

Nice To Haves

• Bachelor's degree in Computer Science, Information Security, or a related field. Equivalent work experience will be considered.
• Experience with frameworks such as ISO 27001, SOC 2, and PCI-DSS. Responsible for defining and implementing key security controls.
• Practical incident response experience including triage, investigation, containment, and communications.
• Identifying, prioritizing, and automating remediation of security vulnerabilities.
• CISSP, CISM, or equivalent certifications are a plus.
• Google Cloud Certified Professional Security Operations Engineer
• Proven experience with tools such as: Google Cloud Platform Okta Crowdstrike Cloudflare Zero Trust Tenable Nessus ZeroFox Code42

Responsibilities

• Design and Implementation of Google SecOps
• Integration of Google SecOps SIEM with other security capabilities and tools such as SOAR, EDR, NDR, threat intelligence platform, and ticketing systems.
• Write custom actions, scripts and/or integrations to extend SIEM platform functionality.
• Creation of SIEM assets such as: detection rules using YARA-L, dashboards, parsers etc.
• Extension of pre-built UDMs in Google SecOps and creation of custom parsers where required for log sources.
• Testing and deployment of newly created and migrated assets such as rules, playbooks, alerts, dashboards etc.
• Monitor performance and perform timely actions to scale SIEM deployment.
• Creation of custom SIEM dashboards to meet security requirements.
• Debug and solve customer issues in ingestion, parsing, normalization of data etc
• Develop SOAR playbooks to provide case handling and Incident response as per triage needs.
• Design and implement solutions to handle alert fatigue encountered in SIEM correlation.
• Actively participate in Security Operations activities as an L2 Incident Responder.
• Lead incidents through all stages: identification, containment, eradication, recovery, and lessons learned.
• Serve as the primary point of contact for the SOC regarding SIEM investigations, platform behavior, detection logic, and operational troubleshooting.
• Support continuous improvement by translating incident learnings into better detections, dashboards, and playbooks.

Benefits

• Competitive salary package
• Equity package: We believe financial freedom starts with our employees, so all employees have ownership at MoonPay
• Pay for performance equity bonus: Those who drive outsized outcomes receive outsized rewards
• Moonshot award. We honor exceptional impact - 10 employees twice a year, each earning a $250,000 equity grant.
• Unlimited holidays: We give you the autonomy to choose when to work (and when to switch off)
• Hybrid working schedule: Work fully remotely or your nearest Moonbase, the choice is yours
• Private Healthcare benefits: To protect you and your loved ones
• Enhanced parental leave: So you can spend more time with your loved ones without a second thought
• Annual training budget: We support your training journey every step of the way
• Home office setup allowance: Create the home office of your dreams
• Remote working allowance: Those working fully remotely get a little extra for utilities
• Monthly budget to spend on our products and zero fee crypto transactions: Cultivate your inner DEGEN
• Employee referral programme: Great people know great people, refer them to receive 10K in USDC
• Regular remote company offsites: Meet your colleagues regularly for high impact in person sessions and hackathons
• Working in a disruptive and fast-growing company where excellence is rewarded