Security Engineer - Security Operations Centre (SOC)

Position Summary: 

This position will be a part of the Corporate Security Team, reporting into the SOC Manager and working closely with the Senior Security Engineer, Google SecOps Tenex Team, CloudOps, IT, and Engineering teams.

The Security Engineer will play a balanced technical and operational role within Perforce’s Security Operations Centre in Pune, supporting SOC monitoring, alert triage, investigation workflows, automation tuning, and incident response activities.

This role bridges operational monitoring performed by Analysts and the advanced engineering and leadership responsibilities handled by Senior Engineers. The Security Engineer will actively contribute to improving SOC workflows, maintaining detection capabilities, and assisting in implementing playbooks and automation that enable scalable and reliable SOC operations. 

•    Support end to end SOC alerts workflow.
•    Assist in operationalizing the Regular Incident Response Plan and Major Incident Response Plan across teams.
•    Work with SOC tools and automation with Google SecOps as the primary SIEM, SOAR, Google Threat Intelligence, Gemini AI integrations and Jira as the authoritative system of record.
•    Collaborate with our managed SOC provider (Tier 1) to ensure quality triage, correct escalations, and reduced false positives.
•    This is a hands-on role where you will investigate alerts, implement playbooks, support incident response activities, and contribute to operational improvements within the SOC.
•    Active participation in SOC alert lifecycle: Alert Ingestion → Triage → Routing → Investigation → Determination → Reporting.
•    Support incident response coordination during security incidents.
•    Ensure strict adherence to Perforce’s Incident Response Policies for regular incidents
•    Follow the SOC Charter, operating model, and guardrails as per the Operationalization Plan, Own the SOC RACI and routing matrix across SOC, CloudOps, IT, Engineering, and the provider.

Tools, Telemetry & Automation
•    Support the implementation and tuning of Google SecOps (Chronicle SIEM + SOAR + case management, Google Threat Intelligence and Gemini integrations) as the primary detection and workflow platform.
•    Assist in configuring alert pipelines, detection logic, and investigation workflows
•    Implement Alerts enrichment mechanism such as:
o    asset context, user context, historical activity.
o    Support Integration of Jira tickets and playbooks based on Google SecOps cases.
o    Support SLA monitoring and notifications (MTTR, remediation timeframes).
•    Work with the Corporate Security on CI/CD and IaC security automation where incident workflows intersect with pipelines (e.g., auto ticketing, auto asset tagging, config drift etc..).
Playbooks, IRP/MIRP Implementation & Quality

•    Execute predefined SOC playbooks aligned with IRP/MIRP guidelines.
o    Cloud misconfiguration / CSPM alerts.
o    Endpoint malware and suspicious activity.
o    Identity and credential compromise.
o    Application and product security alerts.
o    External threat reports via Security Mailbox or any other threat feeds.
•    Oversee False Positives and Exceptions processes.
Metrics, Reporting & Operational Improvement

•    Support the generation of SOC operational metrics.
•    Contribute data for Monthly SOC Operational Reports
•    Participate in RCA and post incident reviews

Team Collaboration & Knowledge Sharing

•    Serve as a technical escalation point for Security Analysts.
•    Assist in mentoring junior SOC members on investigation techniques and tooling usage.
•    Collaborate with the Tier-1 SOC provider to improve alert quality and response workflows.
•    Promote best practices in incident investigation and operational discipline within the SOC.

•    Bachelor’s or master’s degree in computer science, Information Security, Engineering, or related field.
•    4 - 6 years of experience in Security Operations, Incident Response, or SOC roles.
•    Hands-on experience working with SIEM platforms (Google SecOps, Chronicle, Splunk, QRadar, or equivalent).
•    Experience working with incident management workflows and Jira ticketing systems.
•    Practical understanding of incident response aligned with NIST/ISO
•    Familiarity with scripting or automation concepts (Python, APIs, or SOAR playbooks).
•    Ability to interpret and operationalize written processes and RACI models.

Preferred Qualifications / Skills

•    Basic understanding on AI tools usage, orchestration and Prompt Engineering.
•    Familiarity with Google SecOps ecosystem and threat intelligence integrations.
•    Knowledge of attacker techniques such as MITRE ATT&CK framework.
•    Security certifications such as Security+, GCIH, GCED, CEH, or similar. 
•    Experience working in global SaaS or enterprise technology environments.
•    Experience in a global SaaS or multi product organization, Prior experience in leading or actively participating in SOC2 or ISO            27001 audit evidence collection.

All employees are expected to demonstrate AI fluency appropriate to their role and level, including responsible use of AI tools, sound judgment, and adherence to company AI governance and security policy standards.