Google Chronicle Implementation Engineer
Foresite delivers a range of managed security, and cyber consulting & compliance solutions through strategic channel partnerships serving more than 400 customers globally. These unique and flexible solutions offer businesses innovative ways to address the liabilities of today’s complex security and compliance requirements. Our professionals, long experienced and highly knowledgeable in IT management and security, apply their expertise to providing superior product performance and unparalleled customer service through Foresite’s proprietary ProVision platform. Foresite is headquartered in Overland Park KS, with Operation Centers in Kansas City and Farnborough, UK.
Foresite is seeking enthusiastic and motivated individuals to provide Managed Security Services for our valued customers operating all over the world. This is an opportunity for a rewarding career in the rapidly growing Information Security industry. The Chronicle Implementation Engineer will demonstrate the capacity to establish full production capabilities, documentation, and operational activities of a managed Chronicle offering with the goal to consistently meet and exceed client expectations. A successful candidate will be able to perform implementation of log sources, create and tune detections, and write and implement SOAR playbooks utilizing Google Chronicle while representing the Foresite brand through positive interaction with clients and other teams within the company. The position consists of configuring and deploying SIEM functionality for new and existing customers utilizing Google Chronicle SIEM and SOAR. As a Chronicle implementation engineer you will keep abreast of intelligence from the IT security community and government/law-enforcement, or other industry sources and operating from 24/7/365 within our Overland Park, Kansas Security Operations Center (SOC). Successful candidates will be able to demonstrate an advanced understanding of SIEM and SOAR while exuding a genuine passion for Information Security.
• Responsible for day-to-day operational support of Google Chronicle events.
• Maintain 24x7x365 comprehensive situational awareness of customer cyber-threat landscape as it relates to security monitoring.
• Ensure that the Security Operations team has the necessary skills and knowledge to effectively detect, analyze, and respond to security incidents.
• Provide regular training sessions and mentorship opportunities to facilitate knowledge-sharing within the team.
• Researches and develops mitigation strategies to address the evolution of security trends and threat landscapes.
• Establish security roles & responsibilities for enterprise operations, including Secrets management (API Secrets, cloud Secrets & Client Auth Secrets).
• Analyze and configure security event data from customer computing platforms, network elements, and security devices.
• Input customer data, perform system/network inventory, configuration management, operational ticket submission, request tracking, and problem resolution.
• Generate and maintain operational processes and training documentation.
• Provide input to constantly improve our products and services to add value for our customers.
• Deliver presentations and develop technical training content on Google Security products and services, including but not limited to Chronicle SIEM and SOAR.
• Build relationships with clients, developers, stakeholders, and security champions, to incorporate security principles into engineering design and deployments.
• Regularly research and learn new tactics, techniques, and procedures (TTPs), and work with clients and colleagues to assess risk and implement/validate controls.
• Hands-on experience performing maintaining, upgrading, testing and/or implementing security appliance configuration changes.
• Ongoing evaluation of existing SIEM queries, reports, and dashboards to make recommendations on changes of logging levels, detections, and events being monitored.
• Other duties as assigned.
• 5 or more years of progressing/in-depth IT security experience.
• Relevant training in System Administration, Networking, and/or Security. Certifications preferred for the equivalent of CompTIA CYSA+, CompTIA Security+ ANS Certification (e.g. GCIH, GCIA, GSEC, GMON), OSCP, ISC2 SSCP, or ISC2 CISSP.
• Ability to demonstrate a foundational knowledge of SIEM management, networking, System Administration, SOAR, data security, and Information Security.
• Experience writing detections, alerts, and automated or manual runbooks.
• Advanced understanding of logging concepts and ability to analyze forensic artifacts.
• Experience “threat hunting,” i.e. using threat intel to proactively and iteratively investigate potential risks and finding suspicious behavior in the network.
• Knowledge of attacker methodologies and techniques.
• Understand the MITRE ATT&CK framework and other cyber kill chains.
• Knowledge of Cloud Services like Google Cloud, AWS, Azure
• Genuine passion for Information Security
• Current firewall, EDR, SIEM experience and or vendor certifications would be a distinct advantage such as .
• Ability to think and act strategically and proactively.
• Ability to employ strong interpersonal and communication skills, with a proven ability to influence and build consensus across a broad range of backgrounds, organizational levels, and personalities.