Security Operations Engineer (GCP)

Overview

Security Operations Engineer (GCP) A Global Financial Services client requires a Contract GCP SecOps Engineer with strong hands-on expertise in Google Cloud Platform (GCP), incident response, and log source integration to join their Security Operations team.

• Day Rate: £700-£750pd
• IR35 Status: Outside
• Duration: Initial 6 months
• Travel: 2 days a week in Central London

Responsibilities

• Ingest, normalise and correlate log data from a wide range of sources, including GCP-native services (e.g. VPC Flow Logs, Cloud Audit Logs, Cloud DNS) and third-party systems, to support real-time threat detection and analysis.
• Build and maintain detection logic by transforming raw log data into actionable insights such as indicators of compromise (IOCs), behavioural patterns, or risk-based alerts using tools such as Google Chronicle, BigQuery, or Splunk.
• Lead or support incident response investigations, working closely with SOC analysts, engineering teams, and stakeholders to contain and remediate threats effectively across complex cloud infrastructures.
• Design and implement automated response workflows, leveraging GCP-native services like Cloud Functions, Pub/Sub, and Event Threat Detection to streamline alert triage and reduce mean time to response (MTTR).
• Enhance visibility and detection coverage by improving log source onboarding, parsing, and enrichment pipelines ensuring critical cloud activities are captured, monitored, and aligned with compliance requirements.

Requirements

This GCP Security Engineer will have the following experience:

• Ingest, normalise and correlate log data from a wide range of sources, including GCP-native services (e.g. VPC Flow Logs, Cloud Audit Logs, Cloud DNS) and third-party systems, to support real-time threat detection and analysis.
• Build and maintain detection logic by transforming raw log data into actionable insights such as indicators of compromise (IOCs), behavioural patterns, or risk-based alerts using tools such as Google Chronicle, BigQuery, or Splunk.
• Lead or support incident response investigations, working closely with SOC analysts, engineering teams, and stakeholders to contain and remediate threats effectively across complex cloud infrastructures.
• Design and implement automated response workflows, leveraging GCP-native services like Cloud Functions, Pub/Sub, and Event Threat Detection to streamline alert triage and reduce mean time to response (MTTR).
• Enhance visibility and detection coverage by improving log source onboarding, parsing, and enrichment pipelines ensuring critical cloud activities are captured, monitored, and aligned with compliance requirements.