The day to day responsibilities of this individual will be in a SOC type role, evaluating alerts from GCP assets. They will need experience interpreting alerts and responding to events. While it will also be nice for them to provide guidance on DevSecOps processes, the core of the role will be living in the Security Operations Center.
- GCP Architecture understanding
- Experience with native GCP controls
- Experience with native GCP logging
- Experience with the GCP command center
- Fundamental Tele-Communication skills (TCP/IP, OSI model, etc)
- Understanding of Cloud networking concepts
- Familiarity with the Mitre Attack Framework and how to apply the framework to the GCP environment.
- Experience with Google Cloud Security Center. (Can sift through numerous alerts currently sitting in their Google Security Center, categorize them, add context, and push them down to their SIEM as appropriate).
- Has foundational networking, TCP/IP knowledge, comfortable doing Packet Captures and packet flow analysis.
- (Nice to have) CASB experience, preferably NetSkope.
- Familiarity with DevSecOps principles.
- Implement cloud security solutions to support the cybersecurity vision and strategy.
- Document process, workflows, and tool implementations via technical documents.
- Configure and maintain cloud security controls and provide standard operating procedures and improved metrics and operational support.
- Leverage cloud native security services to enhance preventive, detective, and response capabilities.
- Assist with automating Cloud Security Policies, Standards in Cloud Platforms and monitoring tools.
- Participate in cloud project meetings to ensure security requirements are being met.