Senior Security Engineer (GCP)
We are a global technology group, headquartered in London.
We deploy experts and frontier technology, like AI, to help organisations thrive through change.
We have over 600 professionals (\>75% hands\-on technical talent) spread across Europe, North America and Asia, and are backed by Marlin Equity Partners.
We help customers to:
Work smarter – Building modern, scalable infrastructure, apps and workflows that actually improve your bottom line.
Engage personally – Creating digital experiences that capture attention, convert sales, and keep customers coming back.
Stay secure – Establishing the security, governance and compliance systems that protect you from threats, fines, and downtime.
We work with some of the world's biggest brands to solve their biggest problems. From highly regulated financial institutions to fast\-moving tech unicorns and global retailers.
Different worlds, same standard: we ship tangible outcomes into production, fast.
Then we work alongside customers to maintain and optimise them long term, upskilling their teams along the way.
About the role
We help regulated and enterprise customers protect their Google Cloud Estates. As a Premier Google Cloud Partner, we deliver
- Google Unified Security (GUS) engagements across the full stack — from greenfield SIEM/SOAR deployments and SOC modernisation programmes to detection engineering, posture management, threat hunting, and incident response uplift.
- Secure GCP estates with the adoption of CI/CD pipelines, secure landing zones and cloud posture reviews.
- Expertise when integrating third party tools such as Wiz.
This is a hands\-on senior role. Most of your week is client delivery. The rest goes into our practice — accelerators, parsers, rule packs, playbooks, and points of view that make the next engagement faster than the last.
What you'll doGoogle SecOps (SIEM / SOAR)
- Lead end\-to\-end SecOps deployments — tenant setup, multi\-tenant architecture, data ingestion, retention design, RBAC, and feed onboarding.
- Build and maintain parsers, UDM mappings, and data models for Google Cloud, AWS, Azure, endpoint, identity, and network sources
- Write, test, and tune YARA\-L detection rules, including single\-event, multi\-event, and composite detections
- Design SOAR playbooks and python integrations
- Develop custom agents that can be deployed in customer environments using GCP infrastructure.
- Configure CI/CD pipelines with integrated security tools
- Configure GCP security solutions including, Security Command Centre Enterprise, IAP, VPC Service controls and Model Armor.
- Work with platform teams to support the deployment of secure cloud foundation blueprints.
- Support clients with secure AI workload including the use of model armor and agent identities.
- Operationalise Google Threat Intelligence inside SecOps — IoC matching, Applied Threat Intelligence, and curated detections
- Build threat\-informed defence programmes tied to customer\-specific threat profiles (sector, geography, adversary groups)
- Run threat\-hunting campaigns using GTI, Mandiant frontline intelligence, and UDM search
- Validate detection coverage against MITRE ATT\&CK using Mandiant Security Validation where in scope
- Mentor engineers and consultants; lead internal SecOps and GUS enablement
- Represent the practice in pre\-sales, customer workshops, and Google partner forums
- Strong SIEM/SOC delivery experience (any major platform; Google SecOps / Chronicle preferred)
- Hands\-on with Google SecOps: UDM, YARA\-L, parsers, SOAR playbooks, data ingestion patterns
- Solid grounding in Google Cloud security primitives: IAM, Organization Policies, VPC Service Controls, Cloud Logging, Cloud KMS
- Comfortable with Terraform, CI/CD pipelines and at least one scripting language (Python, Go) for automation, parser development, and integration work
- Experience supporting regulated workloads (financial services, public sector, healthcare) and translating compliance requirements into operational controls
- Able to explain risk, trade\-offs, and findings to both SOC analysts and executive stakeholders
- Google Professional Cloud Security Engineer or Google SecOps certification
- Prior SIEM migration experience (Splunk SecOps, Sentinel SecOps, etc.)
- Experience with adjacent tooling: Wiz, CrowdStrike, Splunk, Sentinel, Snyk
- Consulting or systems\-integrator background
- Contributions to open detection content (Sigma, MITRE, public rule repos)
We believe in supporting our team members both professionally and personally. Here's how we invest in you:
Compensation and Financial Wellbeing
- + Competitive base salary
+ Discretionary company bonus scheme
+ 4 x annual salary Death in Service coverage from day one
+ Employee referral scheme
+ Tech Scheme
Health and Wellness
- + Private medical Insurance from day one
+ Help@Hand app: access to remote GP's, second opinions, mental health support, and physiotherapy
+ EAP service
+ Cycle to work scheme
Work Life balance and Growth
- + 28 days annual leave (plus bank holidays)
+ Ten paid learning days per year
+ Flexible working hours
+ Work from anywhere (up to 3 weeks per year)
+ Industry\-recognised training and certifications
+ Bonusly employee recognition and reward platform
+ Clear opportunities for career progression
+ Length of service awards
+ Regular company events
Diversity and Inclusion
At Beyond we champion diversity and inclusion. We believe that a career in IT should be open to everyone, regardless of race, ethnicity, gender, age, sexual orientation, disability or neurotype. We value the unique talents and perspectives that each individual brings to our team, and we strive to create a fair and accessible hiring process for all.
This listing is from indeed. View original listing ↗