Incident Response Engineer, Security Operations

• Bachelor's degree or equivalent practical experience.
• Certifications in Security, or a related Cyber Security/Incident Response.
• 1 year of experience in technical troubleshooting and writing code in one or more programming languages.
• Experience in SOC related roles with responding actioning on security incidents.
• Eligibility to obtain UK Developed Vetting (DV) security clearance; British Citizenship is required for this role.

• Certification in Certified Ethical Hacker (CEH), Global Information Assurance Certification (GIAC) or Computing Technology Industry Association Security (CompTIA Sec).
• Experience in responding to security incidents on Kubernetes.
• Experience in analyzing, triaging, and remediating common information security incidents.
• Knowledge of common attacker tactics, tools, and techniques.
• Excellent problem-solving and investigative skills
• Active and current UK Developed Vetting (DV) Security Clearance.

The UK Security Operations (SecOps) team in Google Public Sector delivers, operates and secures private cloud services. We aim to provide the flexibility, reliability, and scalability of public cloud for customers with security requirements that can only be met in a private cloud environment. We deliver and operate these private cloud deployments for the customers, helping them secure and maintain the deployment while working with Google product teams to improve the technology.

In this role, you will be monitoring, detecting, and investigating security incidents around the clock. You will respond to escalated security incidents and enhance the Security Operations Center (SOC) by building platform efficiencies, conducting threat hunting, and participating in purple team events. You will participate in a rotating on-call schedule outside of business hours and over the weekend to ensure security incidents can be resolved.

• Respond to security incidents escalated from the front line team.
• Build and develop security efficiencies on the platform to improve the overall security operations center (SOC).
• Conduct threat hunting activities on the platform and participate in purple team events.
• Review and develop security operations center dashboards for anomalous activity.
• Be a subject matter expert (SME) across typical security disciplines, vulnerability, Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), etc.