Centralized Security Logging & SIEM

Overview

Designed and implemented centralized security logging pipelines to aggregate and normalize logs from cloud infrastructure, SaaS platforms, and endpoints. Integrated GCP native logging with Elastic/Splunk to build dashboards, alerts, and detections for key threat scenarios. Established log retention, access controls, and monitoring to meet compliance and audit requirements.

Role

Director and key technical contributor, with operations handled by the security operations team.

Impact

Improved visibility into cloud and application environments, reduced incident detection time by 40%, and enabled proactive threat hunting. Provided auditors and executives with transparent, evidence-backed reporting of security monitoring coverage.

Technologies, Frameworks, and Artifacts

• Google Cloud Logging
• Elastic Stack / Splunk
• SIEM correlation rules
• Cloud audit log ingestion
• Detection engineering playbooks