Job opportunitythis role is a great opportunity for an experienced security operations center (soc) engineer to join our dynamic team and contribute to the growth of our security operations capabilities.key responsibilities:collaborate with the cyber security organization to design, develop, and implement monitoring and response tooling and processes to enhance our monitoring and response capabilities.log collection - obtain all relevant cloud, infrastructure, and application logs parsed and into our siem system.detection - establish detection and prevention rules and policies, deploy tools that help with detection, tune/audit deployed rules/policies in security tools on true and false positives, setup a detection framework, threat intel framework/program, ato detection program/framework etc.response - develop plans and procedures for incident response, create playbooks to be followed, automate response, develop/deploy malware analysis tools and techniques, forensic tools and techniques to capture evidence/malware, poc and deploy tools that help with response, integrate with customer service teams and engineering teams etc.build security alerts & dashboards in various incident response tools. Monitor for suspicious activities/alerts in the cloud/infrastructure/application from various sources such as internal reports from employees as well as external reports such as customers/social media, vendors, partners, bug bounty programs etc., deployed/integrated security tools, data visualization tools etc.analyze these suspicious activities/alerts including malware analysis and forensicsrespond to security alerts and incidents, respond to novel issues and take appropriate action to remediate and resolve.requirements:5+ years experience working in cyber security operationsgood communication skills in englishxdr – google cloud – gcpthorough understanding of the threat landscape, the latest security trends, attack vectors for corporate and cloud environments, and how build detection and response tooling to identify and respond to malicious actorsexperience with building and scaling soar/siem technologiesexperience with incident detection and remediationstrong working knowledge of threat vectors, vulnerabilities, and what anomalies to look forstrong working knowledge of linux and/or windows logs & indicatorsone or more scripting languages to automate or build features, python, or powershell preferred.hands-on experience with incident response and monitoring tools, such as siem, edr, firewall management.excellent communication skills, especially the ability to communicate security risks in