Sr. Security Engineer

Perforce is a community of collaborative experts, problem solvers, and possibility seekers who believe work should be both challenging and fun. We are proud to inspire creativity, foster belonging, support collaboration, and encourage wellness. At Perforce, you’ll work with and learn from some of the best and brightest in business. Before you know it, you’ll be in the middle of a rewarding career at a company headed in one direction: upward.

With a global footprint spanning more than 80 countries and including over 75% of the Fortune 100, Perforce Software, Inc. is trusted by the world’s leading brands to deliver solutions for the toughest challenges. The best run DevOps teams in the world choose Perforce.

Position Summary

This position will be a part of Corporate Security Team, reporting into the SOC Manager and partnering closely with, Google SecOps Tenex Team, CloudOps, IT, and Engineering, the SOC Lead / Senior Engineer will be the technical and operational lead/supervisor for Perforce’s new Security Operations Centre in Pune.

The ideal candidate will combine traditional SOC operations with cutting-edge AI technologies. This person will use Google Threat Intelligence, Gemini and other market leading AI tools to accelerate incident root-cause analysis and build automated security agents and defensive playbooks. These will transform the global security posture

Responsibilities

• Lead the end to end SOC alerts workflow.
• Operationalize the Regular Incident Response Plan and Major Incident Response Plan across teams.
• Own SOC tools and automation (with Google SecOps as the primary SIEM, SOAR, Google Threat Intelligence, Gemini AI integrations and Jira as the authoritative system of record).
• Coordinate with our managed SOC provider (Tier 1) to ensure, low noise of false positives, high quality triage, implementation of playbooks, clean escalations, and measurable MTTD/MTTR improvements.
• This is a hands on leadership role: you will design workflows and playbooks, lead investigations and RCA for high impact incidents, and mentor SOC Engineers and Analysts as we scale from a lean Phase 1 SOC (~2–3 FTE) to an AI enabled mature operations.
• Own the SOC alert lifecycle: Alert Ingestion → Triage → Routing → Investigation → Determination → Reporting.
• Act as Major Incident Manager (MIM) for security events meetings.
• Ensure strict adherence to Perforce’s Incident Response Policies for regular incidents
• Maintain the SOC Charter, operating model, and guardrails as per the Operationalization Plan, Own the SOC RACI and routing matrix across SOC, CloudOps, IT, Engineering, and the provider.

Tools, Telemetry & Automation

• Lead design, configuration, and continuous tuning of Google SecOps (Chronicle SIEM + SOAR + case management, Google Threat Intelligence and Gemini integrations) as the primary detection and workflow platform.
• Design and implement automation to:

o Enrich alerts (asset context, user context, historical activity).

o Trigger Jira tickets and playbooks based on Google SecOps cases.

o Support SLA monitoring and notifications (MTTR, remediation timeframes).

• Partner with the Corporate Security on CI/CD and IaC security automation where incident workflows intersect with pipelines (e.g., auto ticketing, auto asset tagging, config drift etc..).

Playbooks, IRP/MIRP Implementation & Quality

• Define and own a core set of playbooks aligned to IRP/MIRP.

o Cloud misconfiguration / CSPM alerts.

o Endpoint malware / suspicious activity.

o Identity/credential compromise.

o Application / product security alerts.

o External threat reports via Security Mailbox or any other threat feeds.

• Oversee False Positives and Exceptions processes.

Metrics, Reporting & Continuous Improvement

• Own SOC KPIs and operational metrics
• Produce and present the Monthly SOC Summary Report
• Lead RCA and post incident reviews
• Champion a culture of continuous improvement

Team Leadership & Stakeholder Management

• Act as day to day lead and senior escalation point for SOC Engineers and Analysts in Pune.
• Coach and mentor team members on process adherence and effective alert handling.
• Build strong partnerships with vendors, partners and stake holders, Serve as primary liaison with the Tier 1 provider.

Requirements

• Bachelor’s or master’s degree in computer science, Information Security, Engineering, or related field.
• 8+ years of experience in Security Operations, Incident Response, or SOC roles, including:

o 2+ years in a lead or senior engineer capacity.

o Proven experience working with managed SOC providers.

• Deep hands on experience with:

o SIEM / security analytics platforms (Google SecOps / Chronicle strongly preferred or equivalent).

o Case and ticket workflows integrated with Jira or other ITSM platforms.

• Strong background in incident response aligned with NIST/ISO:

o Demonstrable experience running containment, eradication, recovery, and post incident RCA.

o Experience coordinating Major Incidents involving multiple teams.

• Solid understanding of:

o Cloud platforms Security (AWS, GCP, Azure) and their logging/monitoring stacks.

o Endpoint security (Microsoft Defender or equivalent).

o Common attacker TTPs across infrastructure, endpoints, and SaaS.

o Hands-on Experience with: Security automation (Python/Go/Ruby, SOAR, API based integrations), SIEM and SOAR tools (e.g., Google Sec-Ops, Tenex, Q-radar etc..).

• Ability to interpret and operationalize written processes and RACI models.

Preferred Qualifications / Skills

o Building AI Agentic Workflows and Orchestration.

o Generative AI Engineering (Google eco system) Technics like Gemini Powered Investigation, AI Playbooks development, Prompt Engineering for security.

o Use AI to correlate signals across the infrastructure.

o AI Red Teaming, AI Model Monitoring, Cross functional AI Support.

• Certifications such as GCIA, GCED, GCIH, GCDA, GCFA, CISSP, CCSP, or similar.
• Experience in a global SaaS or multi product organization, Prior experience leading or actively participating in SOC2 or ISO 27001 audit evidence collection.