Candidates with 5 + years’ experience in GCP Practitioner
| Identify what security-related items should be logged in GCP |
| Enable or help to enable all of those relevant logs in GCP |
| Integrate or work with our Splunk engineer to integrate the relevant logs with our on-prem Splunk instance |
| This could include integrating Security Command Center with our Splunk instance |
| Identify what security-related alerts should be created in real-time or on a scheduled basis (e.g. hourly, daily, weekly, monthly) |
| Create or work with our Splunk engineer to create relevant security alerts |
| The alerts should be sent to an email address and/or Teams channel |
| Provide at least basic GCP security training to the security team specifically focusing on all of the above so they understand what logs are being saved in Splunk, what those logs mean, what kind of common security problems might arise, and how to potentially deal with them. |
| Ongoing services that may require further discussion and are not as high priority as the above |
| Potentially investigating and responding to security-related alerts during off-hours |
| Includes researching relevant log entries to gather more information |
| May include forensic activity if some logs aren’t currently being sent to Splunk |
| Be a GCP security resource incident response team to assist in gathering information and suggesting what actions should be taken |
| Creation of ServiceNow tickets when incidents occur. Includes documenting relevant information and any actions taken |
| Notify security team as to findings. Also document actions taken in ServiceNow. |
Job Category: Permanent
Job Type: Full Time
Job Location: WorkFromHome