Senior Security Engineer (GCP) Full Time

We are a global technology group, headquartered in London.We deploy experts and frontier technology, like AI, to help organisations thrive through change.We have over 600 professionals (>75% hands-on technical talent) spread across Europe, North America and Asia, and are backed by Marlin Equity Partners. We help customers to:Work smarter – Building modern, scalable infrastructure, apps and workflows that actually improve your bottom line.Engage personally – Creating digital experiences that capture attention, convert sales, and keep customers coming back.Stay secure – Establishing the security, governance and compliance systems that protect you from threats, fines, and downtime.We work with some of the world’s biggest brands to solve their biggest problems. From highly regulated financial institutions to fast-moving tech unicorns and global retailers.Different worlds, same standard: we ship tangible outcomes into production, fast.Then we work alongside customers to maintain and optimise them long term, upskilling their teams along the way.About the roleWe help regulated and enterprise customers protect their Google Cloud Estates. As a Premier Google Cloud Partner, we deliver Google Unified Security (GUS) engagements across the full stack — from greenfield SIEM/SOAR deployments and SOC modernisation programmes to detection engineering, posture management, threat hunting, and incident response upliftSecure GCP estates with the adoption of CI/CD pipelines, secure landing zones and cloud posture reviewsExpertise when integrating third party tools such as WizWe’re looking for a Senior Security Engineer with deep, hands-on experience across the GCP and Google Security portfolio. You’ll lead the technical work on customer engagements, build reusable content for the practice, and help customers deliver security solutions at scale.This is a hands-on senior role. Most of your week is client delivery. The rest goes into our practice — accelerators, parsers, rule packs, playbooks, and points of view that make the next engagement faster than the last.What you’ll doGoogle SecOps (SIEM / SOAR)Lead end-to-end SecOps deployments — tenant setup, multi-tenant architecture, data ingestion, retention design, RBAC, and feed onboarding. Build and maintain parsers, UDM mappings, and data models for Google Cloud, AWS, Azure, endpoint, identity, and network sourcesWrite, test, and tune YARA-L detection rules, including single-event, multi-event, and composite detectionsDesign SOAR playbooks and python integrationsDevelop custom agents that can be deployed in customer environments using GCP infrastructureGCPConfigure CI/CD pipelines with integrated security toolsConfigure GCP security solutions including, Security Command Centre Enterprise, IAP, VPC Service controls and Model ArmorWork with platform teams to support the deployment of secure cloud foundation blueprintsSupport clients with secure AI workload including the use of model armor and agent identitiesGoogle Threat IntelligenceOperationalise Google Threat Intelligence inside SecOps — IoC matching, Applied Threat Intelligence, and curated detectionsBuild threat-informed defence programmes tied to customer-specific threat profiles (sector, geography, adversary groups)Run threat-hunting campaigns using GTI, Mandiant frontline intelligence, and UDM searchValidate detection coverage against MITRE ATT&CK using Mandiant Security Validation where in scopePractice growthMentor engineers and consultants; lead internal SecOps and GUS enablementRepresent the practice in pre-sales, customer workshops, and Google partner forumsWhat we’re looking forEssentialStrong SIEM/SOC delivery experience (any major platform; Google SecOps / Chronicle preferred)Hands-on with Google SecOps: UDM, YARA-L, parsers, SOAR playbooks, data ingestion patternsSolid grounding in Google Cloud security primitives: IAM, Organization Policies, VPC Service Controls, Cloud Logging, Cloud KMSComfortable with Terraform, CI/CD pipelines and at least one scripting language (Python, Go) for automation, parser development, and integration workExperience supporting regulated workloads (financial services, public sector, healthcare) and translating compliance requirements into operational controlsAble to explain risk, trade-offs, and findings to both SOC analysts and executive stakeholdersNice to haveGoogle Professional Cloud Security Engineer or Google SecOps certificationPrior SIEM migration experience (Splunk → SecOps, Sentinel → SecOps, etc.)Experience with adjacent tooling: Wiz, CrowdStrike, Splunk, Sentinel, SnykConsulting or systems-integrator backgroundContributions to open detection content (Sigma, MITRE, public rule repos)BenefitsWe believe in supporting our team members both professionally and personally. Here’s how we invest in you:Compensation and Financial WellbeingCompetitive base salaryMatching pension scheme (up to 5%) from day oneDiscretionary company bonus scheme4 x annual salary Death in Service coverage from day oneEmployee referral schemeTech SchemeHealth and WellnessPrivate medical Insurance from day oneOptical and Dental cashback schemeHelp@Hand app: access to remote GP’s, second opinions, mental health support, and physiotherapyEAP serviceCycle to work schemeWork Life balance and Growth28 days annual leave (plus bank holidays)An extra paid day off for your birthdayTen paid learning days per yearFlexible working hoursWork from anywhere (up to 3 weeks per year)Industry-recognised training and certificationsBonusly employee recognition and reward platformClear opportunities for career progressionLength of service awardsRegular company eventsDiversity and InclusionAt Beyond we champion diversity and inclusion. We believe that a career in IT should be open to everyone, regardless of race, ethnicity, gender, age, sexual orientation, disability or neurotype. We value the unique talents and perspectives that each individual brings to our team, and we strive to create a fair and accessible hiring process for all.