Enable job alerts via email!
Google Chronicle Developer - Remote
FDM
United Kingdom
Remote
GBP 60,000 - 90,000
Full time
Boost your interview chances
Create a job specific, tailored resume for higher success rate.
Job summary
FDM, a leading global consultancy, is hiring a Senior Google Chronicle Developer for a remote contract role within the health sector. The successful candidate will enhance their client's security monitoring ecosystem through expertise in Chronicle and work alongside SecOps and DevOps teams.
Qualifications
- Senior experience as a Google Chronicle Developer is essential.
- Expertise in designing detection rules and playbooks.
- Ability to mentor junior engineers and analysts.
Responsibilities
- Design, develop, and maintain Chronicle detections and playbooks.
- Onboard new data sources and optimize UDM pipelines.
- Drive improvements in log standardization and detection rule hygiene.
Skills
Job description
Social network you want to login/join with:
FDM is a global business and technology consultancy seeking a Senior Google Chronicle Developer to work for our client within the health sector. This is initially a 6-month contract with the potential to extend and will be a fully remote role.
Our client is seeking a Senior Google Chronicle Developer, who will be instrumental in building, managing, and optimising their Chronicle-based security monitoring and threat detection ecosystem. You will work closely with Security Operations (SecOps), DevOps, and Data Engineering teams to ensure they have reliable data ingestion, robust detection logic, and automated response playbooks that surface actionable insights and drive rapid incident response.
Responsibilities
- Design, develop, and maintain Chronicle detections and playbooks across IT, application, and security domains, using YARA-L, EQL, and Chronicle Policy Engine
- Onboard new data sources into Chronicle via forwarders (e.g., Chronicle Data Forwarder, Fluentd/Fluent Bit), APIs, and custom parsers
- Build and optimise UDM pipelines (parsers & normalization)—create custom parsing rules, JSON or regex-based Normalized Event configurations, and ensure new log sources conform to the common schema
- Develop scheduled hunts and automated workflows in Chronicle for threat hunting (e.g., abnormal DNS tunneling, lateral movement). Leverage EQL for complex queries and scheduled scans
- Collaborate with SecOps and DevOps to integrate Chronicle alerts with SOAR platforms (e.g., Phantom, Demisto), enabling automated enrichment (TI, asset data) and response actions. Author playbooks that, for example, isolate compromised endpoints, block IPs, or escalate to ticketing systems
- Drive improvements in log standardization and detection rule hygiene—audit existing YARA-L rules, tune conditions to reduce false positives/negatives, and retire stale detections
- Act as Chronicle SME for architecture reviews, capacity planning, licensing, and best practices and advise on Chronicle’s ingestion pipeline scaling (back-pressure, sharding), health monitoring, and performance metrics (ingest latency, query response times)
- Participate in incident investigations and postmortems, providing insights via Chronicle query analysis and retrospectives. Identify detection gaps and propose new rule or playbook enhancements
- Mentor junior Chronicle engineers and analysts—lead brown-bag sessions on writing EQL hunts, building YARA-L rules, or configuring UDM transformations
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
