Security Infrastructure Engineer
MEEZA QSTPQatar19 hours ago
Full-timeInformation Technology
Track This Job
Add this job to your tracking list to:
- Monitor application status and updates
- Change status (Applied, Interview, Offer, etc.)
- Add personal notes and comments
- Set reminders for follow-ups
- Track your entire application journey
Save This Job
Add this job to your saved collection to:
- Access easily from your saved jobs dashboard
- Review job details later without searching again
- Compare with other saved opportunities
- Keep a collection of interesting positions
- Receive notifications about saved jobs before they expire
AI-Powered Job Summary
Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.
Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.
Security Infrastructure Engineer
Functional Responsibilities:
Data Ingestion and Normalization
- Pipeline Management: Architect and maintain the ingestion of telemetry from multi-cloud (GCP, AWS, Azure) and on-premises environments using Bind Plane Forwarders, Cloud-to-Cloud (C2C) connectors, and Webhooks.
- Parser Development: Design, build, and troubleshoot custom parsers (CBN) to ensure non-standard log sources are correctly normalized into the Unified Data Model (UDM).
- Data Health Monitoring: Build dashboards to monitor ingestion rates, latency, and data drops to ensure the SIEM is always receiving high-quality, actionable data.
SOAR & Automation Engineering
- Playbook Development: Design and code automated incident response playbooks in Google SOAR using Python and visual builders.
- Connector Engineering: Build and maintain API integrations between Google SOAR and third-party tools (Firewalls, EDR, IAM, Ticketing systems).
- Workflow Optimization: Automate repetitive manual tasks such as artifact enrichment, evidence gathering, and initial containment actions.
- Case Management Configuration: Tailoring the SOAR environment to fit the SOC’s operational needs, including custom fields, stages, and SLA tracking.
Platform Administration and Optimization
- System Health Monitoring: Monitoring the ingestion health to ensure no data is dropped and that latency stays within acceptable limits.
- Access Control: Managing Role-Based Access Control (RBAC) to ensure analysts have the correct level of access to sensitive data.
- Threat Intel Ingestion: Managing the integration of Mandiant, Virus Total, and other third-party threat intelligence feeds to ensure detections are always up to date with the latest global threats.
Collaboration with SOC Team
- Feedback Loops: Collaborating with Tier 1 and Tier 2 analysts to tune YARA-L rules based on real-world alert performance and "noise" levels.
- Requirements Gathering: Interviewing incident responders to understand their manual workflows, then translating those into Google SOAR playbooks.
- Training & Enablement: Conducting knowledge transfer sessions on how to use UDM Search and the Google SecOps interface to speed up investigations.
Alignment with Infrastructure Team
- Data Ingestion Strategy: Working with GCP/AWS/Azure Architects to ensure that Cloud Logging and Pub/Sub are configured correctly for seamless export to Google SecOps platform.
- Agent Deployment: Coordinating with IT Infrastructure teams to deploy and maintain Bind Plane Forwarders on on-premises servers and virtual machines.
- Troubleshooting: Collaborating with Network Engineers to resolve connectivity issues or firewall blocks that prevent telemetry from reaching the Google SecOps platform.
Knowledge, Skills & Experience
Academic & Professional Qualifications:
- Bachelor’s degree in computer science, IT, Cybersecurity, or equivalent.
- SIEM Certification (e.g., Google SecOps, Splunk, Azure Sentinel).
Preferred:
- Security certifications such as Security+, CySA+, CEH, CISSP, GCIH
Experience:
- 3–5 years of hands-on experience in Security Engineering, SOC Automation, DevOps Engineer, Security Operations, or Infrastructure Security.
Skills and Requirements:
Technical Skills (Must Have)
- SIEM/SOAR Mastery: Proven experience architecting and managing enterprise-grade platforms (e.g., Splunk, Azure Sentinel, or QRadar), with at least 1–2 years specifically focused on Google SecOps (Chronicle).
- Coding & Scripting: Professional experience using Python to automate security workflows or build custom API connectors.
- Cloud Infrastructure: Hands-on experience managing security within Google Cloud Platform (GCP), including VPC service controls, IAM, and Cloud Logging.
- Languages: Python (Advanced), SQL (BigQuery), YARA/YARA-L, and Bash.
- Frameworks: MITRE ATT&CK, NIST Cybersecurity Framework.
- Tools: Git (Version Control), Terraform (Infrastructure as Code), Docker/Kubernetes (Containerization).
- Data Standards: Deep knowledge of JSON, Protobuf, and Regex for log parsing and normalization.
Soft Skills
- Strong analytical thinking and problem-solving capability.
- Excellent communication skills, able to explain technical findings to non-technical stakeholders.
- Ability to work independently, manage multiple priorities, and meet deadlines.
- Attention to detail and a structured, documentation-driven mindset.
Key Skills
Ranked by relevanceReady to apply?
Join MEEZA QSTP and take your career to the next level!
Application takes less than 5 minutes