Senior Cloud Security Engineer (SecOps / GCP)

About the role

We are a global technology group, headquartered in London. We deploy experts and frontier technology, like AI, to help organisations thrive through change. We have over 600 professionals (>75% hands-on technical talent) spread across Europe, North America and Asia, and are backed by Marlin Equity Partners. We help customers to: Work smarter - Building modern, scalable infrastructure, apps and workflows that actually improve your bottom line. Engage personally - Creating digital experiences that capture attention, convert sales, and keep customers coming back. Stay secure - Establishing the security, governance and compliance systems that protect you from threats, fines, and downtime. We work with some of the world's biggest brands to solve their biggest problems. From highly regulated financial institutions to fast-moving tech unicorns and global retailers. Different worlds, same standard: we ship tangible outcomes into production, fast. Then we work alongside customers to maintain and optimise them long term, upskilling their teams along the way. About the role We help regulated and enterprise customers protect their Google Cloud Estates. As a Premier Google Cloud Partner, we deliver Google Unified Security (GUS) engagements across the full stack - from greenfield SIEM/SOAR deployments and SOC modernisation programmes to detection engineering, posture management, threat hunting, and incident response uplift. Secure GCP estates with the adoption of CI/CD pipelines, secure landing zones and cloud posture reviews. Expertise when integrating third party tools such as Wiz. We're looking for a Senior Security Engineer with deep, hands-on experience across the GCP and Google Security portfolio. You'll lead the technical work on customer engagements, build reusable content for the practice, and help customers deliver security solutions at scale. This is a hands-on senior role. Most of your week is client delivery. The rest goes into our practice - accelerators, parsers, rule packs, playbooks, and points of view that make the next engagement faster than the last. What you'll do Google SecOps (SIEM / SOAR) Lead end-to-end SecOps deployments - tenant setup, multi-tenant architecture, data ingestion, retention design, RBAC, and feed onboarding. Build and maintain parsers, UDM mappings, and data models for Google Cloud, AWS, Azure, endpoint, identity, and network sources Write, test, and tune YARA-L detection rules, including single-event, multi-event, and composite detections Design SOAR playbooks and python integrations Develop custom agents that can be deployed in customer environments using GCP infrastructure. GCP Configure CI/CD pipelines with integrated security tools Configure GCP security solutions including, Security Command Centre Enterprise, IAP, VPC Service controls and Model Armor. Work with platform teams to support the deployment of secure cloud foundation blueprints. Support clients with secure AI workload including the use of model armor and agent identities. Google Threat Intelligence Operationalise Google Threat Intelligence inside SecOps - IoC matching, Applied Threat Intelligence, and curated detections Build threat-informed defence programmes tied to customer-specific threat profiles (sector, geography, adversary groups) Run threat-hunting campaigns using GTI, Mandiant frontline intelligence, and UDM search Validate detection coverage against MITRE ATT&CK using Mandiant Security Validation where in scope Practice growth Mentor engineers and consultants; lead internal SecOps and GUS enablement Represent the practice in pre-sales, customer workshops, and Google partner forums What we're looking for Essential Strong SIEM/SOC delivery experience (any major platform; Google SecOps / Chronicle preferred) Hands-on with Google SecOps: UDM, YARA-L, parsers, SOAR playbooks, data ingestion patterns Solid grounding in Google Cloud security primitives: IAM, Organization Policies, VPC Service Controls, Cloud Logging, Cloud KMS Comfortable with Terraform, CI/CD pipelines and at least one scripting language (Python, Go) for automation, parser development, and integration work Experience supporting regulated workloads (financial services, public sector, healthcare) and translating compliance requirements into operational controls Able to explain risk, trade-offs, and findings to both SOC analysts and executive stakeholders Nice to have Google Professional Cloud Security Engineer or Google SecOps certification Prior SIEM migration experience (Splunk → SecOps, Sentinel → SecOps, etc.) Experience with adjacent tooling: Wiz, CrowdStrike, Splunk, Sentinel, Snyk Consulting or systems-integrator background Contributions to open detection content (Sigma, MITRE, public rule repos) Benefits We believe in supporting our team members both professionally and personally. Here's how we invest in you: Compensation and Financial Wellbeing Competitive base salary Matching pension scheme (up to 5%) from day one Discretionary company

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Beyond? Share your experience