Sr. Security Engineer

This position will be a part of Corporate Security Team, reporting into the SOC Manager and partnering closely with, Google SecOps Tenex Team, CloudOps, IT, and Engineering, the SOC Lead / Senior Engineer will be the technical and operational lead/supervisor for Perforce’s new Security Operations Centre in Pune.
The ideal candidate will combine traditional SOC operations with cutting-edge AI technologies. This person will use Google Threat Intelligence, Gemini and other market leading AI tools to accelerate incident root-cause analysis and build automated security agents and defensive playbooks. These will transform the global security posture

•    Lead the end to end SOC alerts workflow.
•    Operationalize the Regular Incident Response Plan and Major Incident Response Plan across teams.
•    Own SOC tools and automation (with Google SecOps as the primary SIEM, SOAR, Google Threat Intelligence, Gemini AI integrations and Jira as the authoritative system of record).
•    Coordinate with our managed SOC provider (Tier 1) to ensure, low noise of false positives, high quality triage, implementation of playbooks, clean escalations, and measurable MTTD/MTTR improvements.
•    This is a hands on leadership role: you will design workflows and playbooks, lead investigations and RCA for high impact incidents, and mentor SOC Engineers and Analysts as we scale from a lean Phase 1 SOC (~2–3 FTE) to an AI enabled mature operations.
•    Own the SOC alert lifecycle: Alert Ingestion → Triage → Routing → Investigation → Determination → Reporting.
•    Act as Major Incident Manager (MIM) for security events meetings.
•    Ensure strict adherence to Perforce’s Incident Response Policies for regular incidents
•    Maintain the SOC Charter, operating model, and guardrails as per the Operationalization Plan, Own the SOC RACI and routing matrix across SOC, CloudOps, IT, Engineering, and the provider.

Tools, Telemetry & Automation

•    Lead design, configuration, and continuous tuning of Google SecOps (Chronicle SIEM + SOAR + case management, Google Threat Intelligence and Gemini integrations) as the primary detection and workflow platform.
•    Design and implement automation to:
o    Enrich alerts (asset context, user context, historical activity).
o    Trigger Jira tickets and playbooks based on Google SecOps cases.
o    Support SLA monitoring and notifications (MTTR, remediation timeframes).
•    Partner with the Corporate Security on CI/CD and IaC security automation where incident workflows intersect with pipelines (e.g., auto ticketing, auto asset tagging, config drift etc..).

Playbooks, IRP/MIRP Implementation & Quality

•    Define and own a core set of playbooks aligned to IRP/MIRP.
o    Cloud misconfiguration / CSPM alerts.
o    Endpoint malware / suspicious activity.
o    Identity/credential compromise.
o    Application / product security alerts.
o    External threat reports via Security Mailbox or any other threat feeds.
•    Oversee False Positives and Exceptions processes.
Metrics, Reporting & Continuous Improvement

•    Own SOC KPIs and operational metrics
•    Produce and present the Monthly SOC Summary Report
•    Lead RCA and post incident reviews
•    Champion a culture of continuous improvement

Team Leadership & Stakeholder Management

•    Act as day to day lead and senior escalation point for SOC Engineers and Analysts in Pune.
•    Coach and mentor team members on process adherence and effective alert handling.
•    Build strong partnerships with vendors, partners and stake holders, Serve as primary liaison with the Tier 1 provider.

•    Bachelor’s or master’s degree in computer science, Information Security, Engineering, or related field.
•    8+ years of experience in Security Operations, Incident Response, or SOC roles, including:
o    2+ years in a lead or senior engineer capacity.
o    Proven experience working with managed SOC providers.
•    Deep hands on experience with:
o    SIEM / security analytics platforms (Google SecOps / Chronicle strongly preferred or equivalent).
o    Case and ticket workflows integrated with Jira or other ITSM platforms.
•    Strong background in incident response aligned with NIST/ISO:
o    Demonstrable experience running containment, eradication, recovery, and post incident RCA.
o    Experience coordinating Major Incidents involving multiple teams.
•    Solid understanding of:
o    Cloud platforms Security (AWS, GCP, Azure) and their logging/monitoring stacks.
o    Endpoint security (Microsoft Defender or equivalent).
o    Common attacker TTPs across infrastructure, endpoints, and SaaS.
o    Hands-on Experience with: Security automation (Python/Go/Ruby, SOAR, API based integrations), SIEM and SOAR tools (e.g., Google Sec-Ops, Tenex, Q-radar etc..).
•    Ability to interpret and operationalize written processes and RACI models.

 

Preferred Qualifications / Skills

o    Building AI Agentic Workflows and Orchestration.
o    Generative AI Engineering (Google eco system) Technics like Gemini Powered Investigation, AI Playbooks development, Prompt Engineering for security.
o    Use AI to correlate signals across the infrastructure.
o    AI Red Teaming, AI Model Monitoring, Cross functional AI Support. 
•    Certifications such as GCIA, GCED, GCIH, GCDA, GCFA, CISSP, CCSP, or similar.
•    Experience in a global SaaS or multi product organization, Prior experience leading or actively participating in SOC2 or ISO 27001 audit evidence collection.