Security Engineer - SIEM Platform (Google SecOps)

Security Engineer – SIEM Platform (Google SecOps) Hi, we're MoonPay. We're here to onboard the world to the decentralized economy. Why? Because crypto and blockchain aren't just technologies—they're tools for global financial empowerment. They give people control over their money, their digital assets, and their future, unlocking opportunities that traditional systems have kept out of reach. What we do At MoonPay, we're building the infrastructure that powers this new financial system. We make it easy for anyone, anywhere, to buy, sell, and trade crypto using everyday payment methods like cards, Apple Pay, PayPal, Revolut and Venmo. We provide simple tools to send, receive, and manage stablecoins, so anyone can participate in the crypto economy confidently. Trusted by nearly 30 million customers and over 500 companies, our secure, enterprise-grade platform is driving mainstream crypto adoption worldwide. We collaborate with innovative brands and projects to build secure, scalable solutions for a blockchain-powered future. And we're committed to doing it right—fully licensed in the U.S. and regulated across the UK, EU, Canada, and Australia—because trust and compliance are non-negotiable. We're just getting started. We've launched a consumer app that makes crypto accessible, intuitive, and usable for everyone, and it's growing fast. We're iterating every day to make it the best it can be. If you believe financial freedom should be for everyone—if you believe in building a fairer, more open financial system—we want you with us. To build systems that benefit all, we need contributions from all, regardless of background. Come build the future of payments and the decentralized economy with MoonPay. Let's make financial freedom and autonomy the new normal. Locations Supported: U.S., New York. Relocation available: No. Work pattern: This role will be hybrid (we expect you in our New York office ~2–3 days per week). Key Responsibilities Lead the design, implementation, and continuous improvement of our Google SecOps (Chronicle) platform. Work closely with project managers, security engineers, and key stakeholders to deliver scalable SIEM/SOAR capabilities. Serve as an L2 Incident Responder, leading investigations end-to-end and enabling the SOC Team through runbooks and operational guidance. Blend platform engineering (integration, automation, performance, detection content) with hands-on security operations (triage, investigation, response leadership). Design and Implementation of Google SecOps Integration of Google SecOps SIEM with other security capabilities and tools such as SOAR, EDR, NDR, threat intelligence platform, and ticketing systems. Write custom actions, scripts and/or integrations to extend SIEM platform functionality. Creation of SIEM assets such as detection rules using YARA-L, dashboards, parsers, etc. Extension of pre-built UDMs in Google SecOps and creation of custom parsers where required for log sources. Testing and deployment of newly created and migrated assets such as rules, playbooks, alerts, dashboards, etc. Monitor performance and perform timely actions to scale SIEM deployment. Creation of custom SIEM dashboards to meet security requirements. Debug and solve customer issues in ingestion, parsing, normalization of data, etc. Develop SOAR playbooks to provide case handling and incident response as per triage needs. Design and implement solutions to handle alert fatigue encountered in SIEM correlation. L2 Incident Response (Operational Role) Actively participate in Security Operations activities as an L2 Incident Responder. Lead incidents through all stages: identification, containment, eradication, recovery, and lessons learned. Serve as the primary point of contact for the SOC regarding SIEM investigations, platform behavior, detection logic, and operational troubleshooting. Support continuous improvement by translating incident learnings into better detections, dashboards, and playbooks. About You – Must-Have Experience and Skills Minimum of 2-3 years in Cybersecurity, ideally security operations or security operation center. Expertise on incident management, SIEM, DLP, threat intelligence, VPN, and email security. Google SecOps SIEM experience in the areas of responsibility for at least 1 year. Experience building detection content (rule logic, correlation, tuning); YARA-L experience preferred. Experience integrating security tools via APIs and automation (EDR, NDR, ticketing). Scripting ability (e.g., Python, Bash) for automation and troubleshooting. Strong understanding of cybersecurity principles and best practices. Strong knowledge of network, endpoint, identity, and cloud security fundamentals. Excellent analytical and problem-solving abilities. Ability to work effectively under pressure and handle multiple incidents simultaneously. Strong communication and interpersonal skills to collaborate with various teams. About You – Nice-to-Have Experience Bachelor's degree in Computer Science, Information Security, or a related field (equivalent work experience considered). Experience with security frameworks such as ISO 27001, SOC 2, and PCI-DSS; responsible for defining and implementing key security controls. Practical incident response experience including triage, investigation, containment, and communications. Experience in vulnerability management: identifying, prioritizing, and automating remediation of security vulnerabilities. Bonus Points Certifications: CISSP, CISM, or equivalent certifications are a plus. Google Cloud Certified Professional Security Operations Engineer. Proven experience with tools such as Google Cloud Platform, Okta, CrowdStrike, Cloudflare Zero Trust, Tenable Nessus, ZeroFox, Code42. Compensation and Benefits Competitive salary package. Equity package: All employees have ownership at MoonPay. Pay for performance equity bonus. Moonshot award: 10 employees twice a year earn a $250,000 equity grant. Unlimited holidays. Hybrid working schedule: fully remote or office base. Private healthcare benefits. Enhanced parental leave. Annual training budget. Home office setup allowance. Remote working allowance for fully remote employees. Monthly budget to spend on MoonPay products and zero-fee crypto transactions. Employee referral program: 10K USDC for successful referrals. Regular remote company off-sites and hackathons. Core Values B - Be Hungry L - Level Up O - Own It C - Crypto Curious K - Kaizen Equal Opportunity Employment Statement MoonPay is an equal opportunity employer. We prohibit discrimination and harassment of any kind based on race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other characteristic protected by law. This policy applies to all employment practices within our organization, including, but not limited to, hiring, recruiting, promotion, termination, layoff, and leave of absence. MoonPay is also committed to providing reasonable accommodations in our job application procedures for qualified individuals with disabilities. Please inform our Talent Team if you need any assistance completing any forms or otherwise participating in the application process. Please be aware that MoonPay does not request an AI-led interview without seeing a recruiter or team member from MoonPay on video call. We won't ask for your personal identification documents or any money from you during your interview process with us. We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. If you would like more information about how your data is processed, please contact us. J-18808-Ljbffr