Global 24x7 SOC stand-up with Google SecOps
Designed and operationalised a scalable SIEM/SOAR and SOC operating model across cloud, identity, endpoint, enterprise SaaS, and network telemetry for a global enterprise.
Challenge
Detection coverage was fragmented across tools and teams, with inconsistent triage SLAs, limited automation, and unclear metrics for CISO-level reporting.
Approach
Drove evaluation, implementation and operationalisation of Google SecOps as the SIEM/SOAR backbone—onboarded around 20 major log sources within roughly two months. Strengthened detection engineering with improved logic, tuning, enrichment, escalation paths, playbooks and SLA definitions. Partnered with threat assessment and threat hunting to refine methodology and coverage. Designed a 24x7 model with an MSSP handling L1/L2 monitoring and triage and internal L3 owning investigation and response, with governance, escalation, and service review baked in.
Results
- Around 20 major log sources onboarded inside two months
- MITRE ATT&CK-aligned detection coverage with MTTD, MTTR, false-positive and SLA metrics reported to CISO-level stakeholders
- 24x7 detection and response capability with clear MSSP / internal handover model