Google Chronicle Developer - Remote

FDM is a global business and technology consultancy seeking a Senior Google Chronicle Developer to work for our client within the health sector. This is initially a 6-month contract with the potential to extend and will be a fully remote role.

Our client is seeking a Senior Google Chronicle Developer, who will be instrumental in building, managing, and optimising their Chronicle-based security monitoring and threat detection ecosystem. You will work closely with Security Operations (SecOps), DevOps, and Data Engineering teams to ensure they have reliable data ingestion, robust detection logic, and automated response playbooks that surface actionable insights and drive rapid incident response.

Responsibilities

• Design, develop, and maintain Chronicle detections and playbooks across IT, application, and security domains, using YARA-L, EQL, and Chronicle Policy Engine.
• Onboard new data sources into Chronicle via forwarders (e.g., Chronicle Data Forwarder, Fluentd/Fluent Bit), APIs, and custom parsers.
• Build and optimise UDM pipelines (parsers & normalization)—create custom parsing rules, JSON or regex-based Normalized Event configurations, and ensure new log sources conform to the common schema.
• Develop scheduled hunts and automated workflows in Chronicle for threat hunting (e.g., abnormal DNS tunneling, lateral movement). Leverage EQL for complex queries and scheduled scans.
• Collaborate with SecOps and DevOps to integrate Chronicle alerts with SOAR platforms (e.g., Phantom, Demisto), enabling automated enrichment (TI, asset data) and response actions. Author playbooks that, for example, isolate compromised endpoints, block IPs, or escalate to ticketing systems.
• Drive improvements in log standardization and detection rule hygiene—audit existing YARA-L rules, tune conditions to reduce false positives/negatives, and retire stale detections.
• Act as Chronicle SME for architecture reviews, capacity planning, licensing, and best practices and advise on Chronicle’s ingestion pipeline scaling (back-pressure, sharding), health monitoring, and performance metrics (ingest latency, query response times).
• Participate in incident investigations and postmortems, providing insights via Chronicle query analysis and retrospectives. Identify detection gaps and propose new rule or playbook enhancements.
• Mentor junior Chronicle engineers and analysts—lead brown-bag sessions on writing EQL hunts, building YARA-L rules, or configuring UDM transformations.

Requirements

• Minimum of 4+ years’ hands-on experience with Google Chronicle (or equivalent SIEM/SecOps) development and administration.
• Expertise in Chronicle detection languages: YARA-L (rule authoring, tuning), EQL-style queries, and Chronicle Policy Engine.
• Solid experience onboarding data via Chronicle Data Forwarder, Fluentd/Fluent Bit, syslog, and RESTful APIs. Comfortable building custom parsing pipelines and mapping to UDM.
• Deep understanding of Chronicle’s UDM schema—ability to create or extend Normalized Events, parse nested JSON, extract fields via JSONPath/regex.
• Proficiency integrating Chronicle with SOAR platforms (e.g., Phantom, Demisto) via webhooks or Cloud Pub/Sub. Able to automate threat-intel enrichment, host quarantines, and ticket creation.
• Hands-on with GCP services (Pub/Sub, Cloud Functions, BigQuery) and cloud-native logging (Stackdriver/Cloud Logging, AWS CloudWatch). Comfortable with containerized deployments (Kubernetes, Docker).
• Strong foundation in security operations—familiarity with threat intelligence feeds, MITRE ATT&CK, and intrusion detection concepts. Able to translate raw logs into actionable detections.
• Experience using Git, CI/CD pipelines (e.g., Cloud Build, Jenkins) to manage Chronicle rule repositories, automated testing of YARA-L against staging data, and staged rollouts.

Why join us

• Career coaching, mentoring and access to upskilling throughout your entire FDM career.
• Assignments with global companies and opportunities to work abroad.
• Opportunity to re-skill and up-skill into new areas, develop non-linear career paths and build a skillset within your field.
• Annual leave, work-place pension and BAYE share scheme.

About FDM

We are a business and technology consultancy and one of the UK's leading employers, recruiting the brightest talent to become the innovators of tomorrow. We have centres across Europe, North America and Asia-Pacific, and a global workforce of over 3,500 Consultants. FDM has shown exponential growth throughout the years, firmly establishing itself as an award-winning employer and is listed on the FTSE4Good Index.

Diversity and Inclusion

FDM Group is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, sexual orientation, national origin, age, disability, veteran status or any other status protected by federal, provincial or local laws.