420 Arcsight Jobs - Page 2

Roles/Responsibilities: Experiencein SIEM Tool like ArcSight, LogRhythm SIEM, Threat Intelligence, MalwareAnalysis, Incident Response Experiencein handling SOC customer in MSSP/multi-tenant environment Responsiblefor the technical Administration or troubleshooting in SIEM ensuring theefficient functionality of the solution Responsiblefor Incident Validation, Incident Analysis, Solution Recommendation, Good knowledge on implementation,installation, integration troubleshooting and overall functionalities of LogRhythm/ArcSight/QRadar/Splunk Arc Sight/LR/QRadar platformadministration, management experience, platform upgrade Experience in troubleshooting platformrelated issues, Data backup, restoration, retention Experience in creating content basedon MITRE Framework Exposure to SOAR, alert aggregation,automation, Playbook creation ArcSight/LRrule base fine tuning, Ongoing log source modifications, Configuration/policychanges, General SIEM Administration, SIEM Content Development Troubleshootingof an incident within IT Security incident response teams of SOC. Maintainsawareness of new and emerging cyber-attack threats with potential to harmcompany systems and networks. Devises and implements countermeasures tomitigate potential security threats. Assistswith the development and maintenance of IT security measurement and reportingsystems to aid in monitoring effectiveness of IT Security programs. Assistswith the development, revision, and maintenance of Standard OperatingProcedures and Working Instructions related to IT Security. Good Coordination skills with variousother teams for faster resolution/completion. Good to have threat huntingknowledge. Education/Skills: BE/B.Techor equivalent with minimum 7-10 years of experience Workexperience of minimum 6 years in SOC Incident Handling, Incident Response TrendAnalysis, administration/monitoring of SIEM Tool like ArcSight, LogRhythm SIEM,Threat Intelligence, Malware Analysis, Abilityto adapt and follow the processes and guidelines Possessan impeccable work ethic and a high degree of integrity GoodAnalytical & Problem Solving skills Ableto communicate with technical staff/management Flexibleto work after office and over weekend if required Highlymotivated & customer centric

We’re Hiring: Lead – SOC (Security Operations Center) Engineer 📍 Location: [Onsite/Hybrid/Remote – specify] 🕒 Experience: 6+ Years in Cybersecurity/SOC Operations 📜 Certifications Required: Valid CEH, CISSP, CISM, CompTIA Security+, or equivalent 📅 Joining: Immediate / Up to 30 Days Are you a seasoned cybersecurity professional ready to lead SOC operations, manage incident response, and strengthen enterprise security posture? We’re looking for a Lead SOC Engineer to take charge of real-time threat monitoring, incident handling, and mentoring junior analysts. Key Responsibilities Lead end-to-end SOC operations and ensure 24x7 monitoring coverage Manage security incidents: triage, analysis, containment, eradication, and recovery Perform threat hunting, log analysis, and forensic investigations Define and implement SOC playbooks, escalation procedures, and use cases Collaborate with SIEM engineers to tune and optimize correlation rules Stay up to date with latest threats, TTPs, and share insights with the team Mentor L1/L2 SOC analysts and ensure adherence to SLAs and KPIs Required Skills 6+ years in SOC operations , incident response , or threat detection Hands-on experience with SIEM tools (e.g., Splunk, QRadar, ArcSight), EDR, and SOAR Strong understanding of MITRE ATT&CK , malware analysis, and cyber kill chain Proficient in log analysis, threat intelligence integration , and reporting Valid cybersecurity certifications: CISSP, CEH, CISM, Security+, or equivalent Familiar with NIST, ISO 27001, and incident response frameworks Nice to Have Experience with cloud security monitoring (AWS/Azure/GCP) Familiarity with automation in incident response using SOAR platforms Knowledge of scripting (Python, PowerShell) for custom threat detection

We are seeking a highly skilled Cybersecurity Officer with a strong background in information security, cyber risk management, and technical infrastructure protection.As a global provider of financial and data clearing applications for mobile network operators, we understand the critical importance of robust cybersecurity measures.This role is specifically focused on the digital security of enterprise systems, cloud infrastructure, application environments, and customer data. Nextgen Clearing is the market leading provider of global roaming services. We operate internationally across 20 global locations, employing over 300 talented people. We offer Award-winning Data and Financial Clearing services, along with unique value-added features on a single flexible online platform. Nextgen Clearing serves more than 160 operators worldwide, giving them a 24/7 holistic overview of their full roaming business Key Responsibilities: Define and implement security policies and controls to protect the company's digital assets and ensure regulatory compliance. Continuously monitor the company's security posture and quickly respond to security incidents. Develop security strategies and plans for preventing and responding to security breaches. Provide expert guidance and support to software teams on implementing secure development practices, security requirements, and conducting security testing. Foster secure application deployment and configuration, ensuring the protection of data integrity and confidentiality. Conduct regular training and awareness sessions for the company's staff to promote security best practices. Assist in the response to security incidents, including the management of communications and recovery efforts. Work collaboratively with customer service teams to safeguard customer data, enhance data privacy, and ensure secure customer interactions. Contribute to the company's efforts to prevent fraud and manage security incident communications to maintain trust with customers. Stay up-to-date on the latest cybersecurity trends, threats, and security technologies to continuously improve the organization's security stance. Collaborate with IT and other departments to establish a security-focused culture across the company. Develop and maintain documentation related to security policies, procedures, and incident response plans. Stay up to date on emerging cybersecurity threats and vulnerabilities and proactively recommend and implement countermeasures to mitigate risks. Foster security awareness and monitor security policy implementation Requirements Bachelor's degree in Computer Science, Information Security, or a related field. Master's degree or cybersecurity certifications (e.g., CISSP, CISM, CEH, TOGAF) are a plus. A minimum of 5 years of experience in information security or cybersecurity. Strong understanding of information security principles, best practices, and industry standards. Experience with implementing and managing security protocols, cybersecurity tools, and technologies. Familiarity with compliance requirements and standards such as ISO 27001, GDPR, and PCI DSS. Ability to identify security vulnerabilities and risks, as well as implement preventive and corrective measures. Knowledge of secure software development life cycle (SDLC) practices. Excellent problem-solving skills and the ability to work in a fast-paced, high-pressure environment. Strong communication and interpersonal skills to collaborate with diverse teams and educate non-technical stakeholders on security-related matters. Incident response and crisis management experience. Working Conditions: The role may require availability outside of standard business hours to respond to security incidents and maintain critical security measures. Benefits A supportive, dynamic, and collaborative work environment. Exceptional opportunities for professional and career advancement. Engagement with the leading provider of roaming services, catering to global Mobile Network Operators as clients. For more information, please visit www.nextgenclearing.com. Private Health Insurance Training & Development

The Security Analyst monitors security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity, escalate to managed service support teams, tier2 information security specialists, and/or customer as appropriate to perform further investigation and resolution. Good knowledge of SIEM, SIEM Architecture, SIEM health check. Audit the SIEM in the customer environment. Troubleshoot issues regarding SIEM and other SOC tools. Good verbal/written communication skills. Build of use case for the customer. Data archiving and backup and data purging configuration as per need and compliance. Raising change management tickets for SOC Administration activities like Patch upgrade for SIEM, onboarding log sources etc. Helping L3 and L1 with required knowledge base details and basic documentations. Co-ordination SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation. High ethics, ability to protect confidential information. Troubleshooting at device and connector/agent end to fix the anomaly reported by other team and observed on day to day basis. Building of incident reports, advisories and review if SLA has been met for Incident alerting and Incident closure. Update and maintain SOC knowledge base for new security incidents and docs. Creation of daily status report sheet and submit to SOC manager for review. Review advisories and make necessary detection measures. Provide analysis and trending of security log data from a large number of security devices. Troubleshooting non-reporting devices fix and maintain device status. Working with OEM (Tool support) in a way to resolve the issue or incident raised. Administration of Windows and Unix servers. Ready to work on 24/7 shifts to support client requirement. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 2 Years of Experience in SOC monitoring and investigation. Audit the SIEM in the customer environment. Troubleshoot issues regarding SIEM and other SOC tools. Build of use case for the customer. Data archiving and backup and data purging configuration as per need and compliance. Helping L3 and L1’s with required knowledge base details and basic documentations. Co-ordination with SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation. Troubleshooting at device and connector/agent end to fix the anomaly reported by other team and observed on day to day basis. Building of incident reports, advisories and review if SLA has been met for Incident alerting and Incident closure. Update and maintain SOC knowledge base for new security incidents and docs. Creation of daily status report sheet and submit to SOC manager for review. Review advisories and make necessary detection measures.\ Provide analysis and trending of security log data from a large number of security devices. Troubleshooting non-reporting devices fix and maintain device status. Working with OEM (Tool support) in a way to resolve the issue or incident raised. Administration of Windows and Unix servers. Building Parser for the SIEM using regex. Preferred technical and professional experience Escalation point for L1’s and SOC Monitor team. Ability to drive call and summarizing it post discussion. Good Understanding of Firewall, IDP/IPS, SIEM functioning (Generalize HLD as well as LLD). Deep understanding on Windows, DB, Mail cluster, VM and Linux commands. Knowledge of network protocols TCP/IP and ports. Team Spirit and working ideas heading to resolution of issues. Qualifications like CISA, CISM, CISSP, CEH, SANS or any other recognized qualification in Cybersecurity (SIEM/Qradar certification) will be preferred. Thorough knowledge in SIEM tool and experience in networking, Cloud security experience will be preferred. SOC Senior Analyst experience with multiple customers.

Join our Team About this opportunity: We are now looking for a Senior Security Engineer professional for our Managed Security team. This job role has accountability for researching, designing, engineering, implementing, and supporting security solutions in partnership with the respective stakeholders within Ericsson and / or customer organization and / or 3rd Party Providers. The professional will work alongside a highly skilled, diverse team, making sure that the information assets, that we are responsible to protect, are secured. What you will do: Design, implement, manage, monitor, and troubleshoot cybersecurity defenses, including configuration management, network security, systems security, and monitoring systems / tools. Participate in planning and audit scope development as well as project execution as a critical team member on complex technology related assessments. Play an active role in the design and execution of infrastructure initiatives to ensure an evolving adherence to industry best practices for information security. Lead the execution of the assessment of specific technical areas of a project, supervising other team members and providing coaching where needed. Perform Security Incident Management, including but not limited to: supporting SIEM tools, integrating logs into the tool, creating and modifying rules, investigating and resolving alerts, automating tasks. Research new and emerging threats to gain insight into the evolving threat landscape, and share knowledge with the team. Promote new ideas and new ways of executing projects and internal infrastructure enhancements. Innovate and automate repetitive activities and corrective actions, including broader automation initiatives. Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets, and monitors for compliance Responds to information security incidents, including investigation of countermeasures to and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement The skills you bring: Strong knowledge of information security Strong knowledge of SIEM tools (such as McAfee ESM, QRadar, ArcSight, Splunk, etc.), scanning tools (Nessus, Qualys, IBM AppScan, etc.) and PAM tools (BeyondTrust, CyberArk, etc.) Strong knowledge of both Linux-based and MS Windows-based system platforms with a strong technical understanding and aptitude for analytical problem-solving Strong understanding of enterprise, network, system and application level security issues Strong understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP/IP networks along with available security controls (technical & process controls) for respective layers Good understanding of the system hardening processes, tools, guidelines and benchmarks Fundamental understanding of encryption technologies Participate in the out-of-hours on call rotation, providing technical support to the business for incidents Strong knowledge sharing and collaboration skills Deliver results and meet customer expectations Excellent communication skills; English is a must Key Qualifications: Education: BE/ B.Tech (Telecommunication/ Computer Science) Minimum years of relevant experience: 8 to 15 years experience with at least 8 years in IT and 7 years in Security ITIL certification, CCSP, OSCP, Security +, CISSP or similar will be an advantage Basic knowledge of telecommunications networks will be an added advantage Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply? Click Here to find all you need to know about what our typical hiring process looks like. Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more. Primary country and city: India (IN) || Bangalore Req ID: 769624

Job Title: SOC Analyst with Python Knowledge (Fresher Level) Location: Indore Experience: 0–1 year Employment Type: Full-Time Job Summary: We are looking for a motivated and technically skilled fresher to join our cybersecurity team as a SOC Analyst with Python expertise . The ideal candidate should have a strong understanding of cybersecurity principles and hands-on experience with Python scripting to automate tasks and analyze data. This is an excellent opportunity for someone eager to kickstart a career in cybersecurity and grow in a dynamic, fast-paced environment. Key Responsibilities: Monitor security alerts and events using SIEM tools and escalate threats as per defined protocols Perform initial analysis of security incidents and assist in threat detection and incident response Create and enhance Python scripts for log parsing, automation, alerting, and data analysis Assist in implementing security use cases and correlating logs for detection Prepare daily/weekly reports and dashboards from SOC tools Stay updated with the latest cybersecurity threats and trends Collaborate with senior analysts and support investigation of incidents Required Skills and Qualifications: Bachelor’s degree in Computer Science, IT, Cybersecurity, or related field Knowledge of SOC operations, SIEM tools (e.g., Splunk, QRadar, ArcSight), IDS/IPS, and basic incident response workflow Strong hands-on experience in Python scripting (file handling, APIs, data analysis, etc.) Understanding of networking protocols, logs (Windows, Linux, firewall, etc.), and cyber threat landscape Analytical thinking with strong problem-solving skills Good communication and documentation skills Preferred (Good to Have): Any internship or academic project related to SOC or security analysis Exposure to Linux command line and log management Basic knowledge of MITRE ATT&CK or cyber kill chain Job Type: Full-time Pay: ₹15,000.00 - ₹17,000.00 per month Benefits: Cell phone reimbursement Paid time off Provident Fund Work Location: In person

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Platform Engineering Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a skilled Security Engineer with expertise in Google Chronicle SIEM, parser development, and foundational knowledge of cybersecurity. The ideal candidate will be responsible for analyzing security data and logs, ensuring accurate aggregation, normalization, tagging, and classification. You will work closely with log sources, particularly security and networking devices, to enhance our security monitoring capabilities. Roles & Responsibilities:Conduct security and data/log analysis, focusing on the aggregation, normalization, tagging, and classification of logs.Research, analyze, and understand log sources for security monitoring, with a particular focus on security and networking devices such as firewalls, routers, antivirus products, proxies, IDS/IPS, and operating systems.Validate log sources and indexed data, optimizing search criteria to improve search efficiency.Utilize automation tools to build and validate log collectors for parsing aggregated logs. Professional & Technical Skills: Proficiency in log analysis and SIEM tools, including but not limited to Google Chronicle, Splunk, ArcSight, and QRadar. Experience in SIEM content creation and reporting is essential.Strong experience in manual security log review and analysis, such as Windows Event Log and Linux Syslog, including incident classification, investigation, and remediation.Solid understanding of multiple attack vectors, including malware, Trojans, exploit kits, ransomware, phishing techniques, and APTs, as well as familiarity with attack techniques outlined in the OWASP Top 10.Knowledge of security and networking devices, including firewalls, routers, antivirus products, proxies, IDS/IPS, and operating systems.TCP/IP networking skills for packet and log analysis.Experience working with Windows and Unix platforms.Familiarity with databases is an advantage.Experience in GCP, AWS and Azure environments is a plus. Additional Information:- The candidate should have minimum 5 years of experience in Security Platform Engineering.- This position is based at our Pune office.- A 15 years full time education is required. Qualification 15 years full time education

Join our Team About this opportunity: We are looking for an experienced ArcSight Solution Architect to lead the design, implementation, and optimization of ArcSight-based security solutions. The ideal candidate will have deep expertise in SIEM (Security Information and Event Management), with hands-on experience in ArcSight architecture, deployment, and integration with various log sources and security tools. The role also includes close collaboration with cloud engineering, security operations, and compliance teams to ensure end-to-end security visibility across the GCP environment. What will you do: Analyse and understand new log source formats (syslog, flat files, APIs, JSON etc.). Design and develop custom Flex Connectors, including support for JSON and non-standard log formats & deploy ArcSight Flex Connectors for custom log source integration. Lead parser creation and tuning for various log sources and security technologies. Collaborate with the SOC and threat intel teams to build detection use cases and correlation rules aligned with MITRE ATT&CK. Integrate ArcSight with SOAR platforms for automated response, leveraging Python scripting. Conduct feasibility analysis for new integrations and support parser deployment lifecycle. Review parser performance, log quality, EPS optimization, and correlation tuning. Document architecture, parser specifications, playbooks, and integration workflows. Lead implementation projects, including installation, configuration, and tuning of ArcSight ESM, Logger, and Smart Connectors. Work closely with security operations and infrastructure teams to integrate log sources and develop use cases. Perform infrastructure sizing, health checks, and system performance tuning. Develop and maintain documentation including solution design, implementation guides, and SOPs. Provide subject matter expertise during POCs, and implementation support. The skills you bring: Bachelor in CS/IT or similar 8+ years of experience in cybersecurity with at least 4+ years in ArcSight solution design and deployment. Familiarity with regular expressions (regex) for parsing custom logs. Experience with log onboarding, parsing, and normalization processes. Log analysis (Analyst) Understanding of cloud environment (GCP) & Kubernetes & docker technologies Integration of different types of log sources Solid understanding of - CEF (Common Event Format) ,ArcSight Event Schema and Field Mapping, Device/Product Event Categorization Knowledge of Linux/Unix systems and basic scripting. Experience with ArcSight content development: rules, correlation, dashboards, reports. And familiarity with ArcSight upgrades and migration planning. Strong understanding of log management, threat detection, and SOC workflows. Knowledge of related tools and platforms such as SIEM, SOAR, firewalls, IDS/IPS, endpoint security. Scripting knowledge (e.g., Python, Shell) for automation and data parsing. Excellent communication and stakeholder management skills. Architect and implement end-to-end SIEM solutions using ArcSight 24* (ESM, SmartConnectors, Thub, Recon). Hands-on experience in leading parser development, customization, and tuning for various log sources and third-party security technologies. Integrate ArcSight with SOAR platforms for automated response, leveraging Python scripting. Skilled in performing feasibility analysis and POCs for new log source integrations and managing the complete parser deployment lifecycle. Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply? Click Here to find all you need to know about what our typical hiring process looks like. Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more. Primary country and city: India (IN) || Req ID: 770473

Position: Team Lead-SOC, Noida Department: Information Technology | Role: Full-time | Experience: 7 to 12 Years | Number of Positions: 1 | Location: Noida Skillset: SOC Lead, Team Lead, Threat monitoring, Cyber Security, Forensics Services, Audit Trails, SIEM, ITSM Tools, Excellent English communication skills Job Description: We are seeking for SOC Lead to support threat monitoring, detection, event analysis, incident response/reporting, brand monitoring, forensics and threat hunting activities for its SOC, which is a 24/7 environment. The individual must be able to rapidly respond to security incidents and should have at least 7 years of relevant experience in Cyber security incident response. Should have deeper understanding with some hands-on experience on enterprise IT infra components such as advanced firewalls, IPS/IDS/WIPS/HIPS, routers/switches, TACACS, VPN, proxy, AV/EDR, DNS, DHCP, multi factor authentication, virtualization, Email systems/security, Web Proxy, DLP etc. along with cloud environments like AWS (Must), Azure etc. Responsibilities: • Should be able to manage a SOC L1/L2 team • Providing incident response/investigation and remediation support for escalated security alerts/incidents • Work with various stakeholders for communicating and remediating the cyber incidents • Use emerging threat intelligence IOCs, IOAs, etc.to identify affected systems and the scope of the attack and perform threat hunting, end user’s systems and AWS infrastructure • Provides support for complex computer/network exploitation and defense techniques to include deterring, identifying and investigating computer, applications and network intrusions • Provides technical support for forensics services to include evidence capture, computer forensic analysis and data recovery, in support of computer crime investigation. • Should be able to safeguard and custody of audit trails in case of any security incident • Researches and maintains proficiency in open and closed source computer exploitation tools, attack techniques, procedures and trends. • Performs research into emerging threat sources and develops threat profiles. Keep updated on latest cyber security threats. • Demonstrates strong evidence of analytical ability and attention to detail. Has a broad understanding of all stages of incident response. • Performing comprehensive computer monitoring, identifying vulnerabilities, Target mapping and profiling. • Has a sound understanding of SIEM (Splunk, Datadog, Arcsight etc), PIM/PAM, EDR, O365 security suite and other threat detection platforms and Incident Response tools. • Should have knowledge of integrating security solutions to SIEM tool and crate the use cases as per the best practices and customized requirements • Has knowledge on working on ITSM tools such as JIRA, Service NOW etc • Has a logical, disciplined and analytical approach to problem solving • Has knowledge of current threat landscape such as APTs • Has basic knowledge of Data Loss Prevention monitoring • Has basic knowledge of audit requirements (SOC2, HIPPA, ISO27001, etc.) • Should be flexible to work in 24*7 environment Preferred qualifications: Security Certifications Preferred (but not limited to): CISSP, CHFI, CEH Additional Information: • This is 5 days work from office role.(No Hybrid/ Remote options available) • There are 2-3 rounds in the interview process. • Final round will be F2F only (Strictly) Required Qualification: Bachelor of Engineering - Bachelor of Technology (B.E./B.Tech.) - IT/CS/E&CE/MCA With a Top Pharmacovigilance IT Products MNC

At Securonix, we’re on a mission to secure the world by staying ahead of cyber threats, reinforcing all layers of our platform with AI capabilities. Our Securonix Unified Defense SIEM provides organizations with the first and only AI-Reinforced solution built with a cybersecurity mesh architecture on a highly scalable data cloud. Enhanced by Securonix EON’s AI capabilities, our innovative cloud-native solution delivers a seamless CyberOps experience, empowering organizations to scale their security operations and keep up with evolving threats. Recognized as a five-time leader in the Gartner Magic Quadrant for SIEM and highly rated on Gartner Peer Insights, our award-winning Unified Defense SIEM provides organizations with 365 days of ‘hot’ data for rapid search and investigation, threat content-as-a-service, proactive defense through continuous peer and partner collaboration, and a fully integrated Threat Detection, Investigation, and Response (TDIR) experience—all within a single platform. Built on a cloud-native architecture, the platform leverages the Snowflake Data Cloud for unparalleled scalability and performance. Securonix is proud to be a cybersecurity unicorn and featured in CRN's 2024 Security 100 list. Backed by Vista Equity Partners, one of the largest private equity firms with over $100 billion in assets under management, we have a unique advantage in driving innovation and growth. With a global footprint, we serve more than 1,000 customers worldwide, including 10% of the Fortune 100. Our network of 150+ partners and Managed Security Service Providers (MSSPs) enables us to deliver unmatched security solutions on a global scale. At Securonix, we are driven by our core values and place our people at the heart of everything we do: Winning as One Team: We work together with universal respect to achieve aligned outcomes Customer Driven Innovation: We innovate to stay ahead of the market and create value for our customers Agility in Action: We embrace change and are unified in our purpose and objectives amidst change Join us as we redefine cybersecurity, innovate fearlessly, and grow together as one team. Role Summary: The SIEM Engineer III position is an integral part of our Professional Services team. In this role, you will work with our customers , supporting our mission to help them quickly and completely adopt our Security Operating Platform, leaving them more secure. This is a highly technical, hands-on role that will focus on architecting, planning, implementing, and operationalizing the SIEM platform. The ideal candidate will have a demonstrated understanding of information security and networking and extensive experience interacting with customers. Securonix Next-Gen SIEM and UEBA experience, although desired, is not required, but the candidate must have SIEM and SOAR software expertise and be willing to train on the Securonix platform and products. Primary Responsibility: Lead end-to-end SIEM implementation or integrations in a customer environment. Understand customer business requirements and the threat landscape applicable to their industry’s vertical sector to develop tailored use cases for security and Incident monitoring. Coordinate with customers to deploy collectors and agents in the on-premises network for data collection and forwarding. Work with customers to design and implement secure data flow into the Securonix cloud, following industry-standard best practices. Coordinate with service delivery managers, management, engineering, maintenance, and operational support teams to ensure timely delivery. Develop content, use cases, data models, dashboards, and connectors to support custom user requirements. Troubleshooting end-to-end network and infrastructure issues during data onboarding. Deploy and integrate the Securonix SOAR solution with the customer infrastructure for response orchestration. Engage with customers and internal product development teams to gather user requirements, suggest new product features, and help improve existing ones. Training and enabling customers and partners for successful adoption. Minimum Requirements: 5+ years of experience in information security and SIEM field. Strong understanding of SIEM solutions such as Splunk, Qradar, ArcSight, Logrhythm and Exabeam. Experience deploying SIEM across multiple customers. Good understanding of MITRE ATT&CK matrices, kill chains and other attack models. Strong communication skills and customer facing experience. Strong knowledge of scripting languages such as Python, Powershell. Industry certifications such as CISSP, CISM Preferred: BS in Computer Science, Information Systems, CyberSecurity 3-4+ years of experience in UEBA deployment Working knowledge of Machine learning in cybersecurity Working knowledge of cloud technologies such as Amazon, Azure and Google Good understanding of log collection methodologies and aggregation techniques such as Syslog-NG, syslog, Nxlog, Windows Event Forwarding Good understanding of Hadoop ecosystem and Apache technologies. Experience integrating endpoint security and host-based intrusion detection solutions Experience with network forensics and toolsets such as Wireshark, PCAP, tcpdump Benefits: As a full-time employee with Securonix, you will be eligible for the following employee benefits: Health Insurance with a total sum insured is INR 7,50,000 Coverage: Self, Spouse, 2 kids, Dependent parents, or parents-in-law Personal Accident with total sum insured is INR 10,00,000 Term Life Insurance with a sum assured for employees is 5 times fixed base pay is covered. Securonix provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state and local laws. Securonix complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including hiring, placement, promotion, termination, layoff, recall, and transfer, leaves of absence, compensation and training. Securonix expressly prohibits any form of unlawful employee harassment based on race, color, religion, gender, sexual orientation, national origin, age, genetic information, disability or veteran status. Improper interference with the ability of Securonix employees to perform their expected job duties is absolutely not tolerated. Headhunters and recruitment agencies may not submit candidates through this application. Securonix does not accept unsolicited headhunter and agency submissions for candidates and will not pay fees to any third-party agency without a prior agreement with Securonix.

At Securonix, we’re on a mission to secure the world by staying ahead of cyber threats, reinforcing all layers of our platform with AI capabilities. Our Securonix Unified Defense SIEM provides organizations with the first and only AI-Reinforced solution built with a cybersecurity mesh architecture on a highly scalable data cloud. Enhanced by Securonix EON’s AI capabilities, our innovative cloud-native solution delivers a seamless CyberOps experience, empowering organizations to scale their security operations and keep up with evolving threats. Recognized as a five-time leader in the Gartner Magic Quadrant for SIEM and highly rated on Gartner Peer Insights, our award-winning Unified Defense SIEM provides organizations with 365 days of ‘hot’ data for rapid search and investigation, threat content-as-a-service, proactive defense through continuous peer and partner collaboration, and a fully integrated Threat Detection, Investigation, and Response (TDIR) experience—all within a single platform. Built on a cloud-native architecture, the platform leverages the Snowflake Data Cloud for unparalleled scalability and performance. Securonix is proud to be a cybersecurity unicorn and featured in CRN's 2024 Security 100 list. Backed by Vista Equity Partners, one of the largest private equity firms with over $100 billion in assets under management, we have a unique advantage in driving innovation and growth. With a global footprint, we serve more than 1,000 customers worldwide, including 10% of the Fortune 100. Our network of 150+ partners and Managed Security Service Providers (MSSPs) enables us to deliver unmatched security solutions on a global scale. At Securonix, we are driven by our core values and place our people at the heart of everything we do: Winning as One Team: We work together with universal respect to achieve aligned outcomes Customer Driven Innovation: We innovate to stay ahead of the market and create value for our customers Agility in Action: We embrace change and are unified in our purpose and objectives amidst change Join us as we redefine cybersecurity, innovate fearlessly, and grow together as one team. Role Summary: The SIEM Engineer III position is an integral part of our Professional Services team. In this role, you will work with our customers , supporting our mission to help them quickly and completely adopt our Security Operating Platform, leaving them more secure. This is a highly technical, hands-on role that will focus on architecting, planning, implementing, and operationalizing the SIEM platform. The ideal candidate will have a demonstrated understanding of information security and networking and extensive experience interacting with customers. Securonix Next-Gen SIEM and UEBA experience, although desired, is not required, but the candidate must have SIEM and SOAR software expertise and be willing to train on the Securonix platform and products. Primary Responsibility: Lead end-to-end SIEM implementation or integrations in a customer environment. Understand customer business requirements and the threat landscape applicable to their industry’s vertical sector to develop tailored use cases for security and Incident monitoring. Coordinate with customers to deploy collectors and agents in the on-premises network for data collection and forwarding. Work with customers to design and implement secure data flow into the Securonix cloud, following industry-standard best practices. Coordinate with service delivery managers, management, engineering, maintenance, and operational support teams to ensure timely delivery. Develop content, use cases, data models, dashboards, and connectors to support custom user requirements. Troubleshooting end-to-end network and infrastructure issues during data onboarding. Deploy and integrate the Securonix SOAR solution with the customer infrastructure for response orchestration. Engage with customers and internal product development teams to gather user requirements, suggest new product features, and help improve existing ones. Training and enabling customers and partners for successful adoption. Minimum Requirements: 5+ years of experience in information security and SIEM field. Strong understanding of SIEM solutions such as Splunk, Qradar, ArcSight, Logrhythm and Exabeam. Experience deploying SIEM across multiple customers. Good understanding of MITRE ATT&CK matrices, kill chains and other attack models. Strong communication skills and customer facing experience. Strong knowledge of scripting languages such as Python, Powershell. Industry certifications such as CISSP, CISM Preferred: BS in Computer Science, Information Systems, CyberSecurity 3-4+ years of experience in UEBA deployment Working knowledge of Machine learning in cybersecurity Working knowledge of cloud technologies such as Amazon, Azure and Google Good understanding of log collection methodologies and aggregation techniques such as Syslog-NG, syslog, Nxlog, Windows Event Forwarding Good understanding of Hadoop ecosystem and Apache technologies. Experience integrating endpoint security and host-based intrusion detection solutions Experience with network forensics and toolsets such as Wireshark, PCAP, tcpdump Benefits: As a full-time employee with Securonix, you will be eligible for the following employee benefits: Health Insurance with a total sum insured is INR 7,50,000 Coverage: Self, Spouse, 2 kids, Dependent parents, or parents-in-law Personal Accident with total sum insured is INR 10,00,000 Term Life Insurance with a sum assured for employees is 5 times fixed base pay is covered. Securonix provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state and local laws. Securonix complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including hiring, placement, promotion, termination, layoff, recall, and transfer, leaves of absence, compensation and training. Securonix expressly prohibits any form of unlawful employee harassment based on race, color, religion, gender, sexual orientation, national origin, age, genetic information, disability or veteran status. Improper interference with the ability of Securonix employees to perform their expected job duties is absolutely not tolerated. Headhunters and recruitment agencies may not submit candidates through this application. Securonix does not accept unsolicited headhunter and agency submissions for candidates and will not pay fees to any third-party agency without a prior agreement with Securonix.

Overview: We are looking for a skilled SIEM Administrator to manage and maintain Security Information and Event Management (SIEM) solutions such as Innspark , LogRhythm , or similar tools. This role is critical to ensuring effective security monitoring, log management, and event analysis across our systems. Key Responsibilities: Design, deploy, and manage SIEM tools (e.g., Innspark, LogRhythm, Splunk). Develop and maintain correlation rules, s, dashboards, and reports. Integrate logs from servers, network devices, cloud services, and applications. Troubleshoot log collection, parsing, normalization, and event correlation issues. Work with security teams to improve detection and response capabilities. Ensure SIEM configurations align with compliance and audit requirements. Perform routine SIEM maintenance (e.g., patching, upgrades, health checks). Create and maintain documentation for implementation, architecture, and operations. Participate in evaluating and testing new SIEM tools and features. Support incident response by providing relevant event data and insights. Required Qualifications: Bachelor's degree in Computer Science, Information Security, or related field. 3+ years of hands-on experience with SIEM tools. Experience with Innspark, LogRhythm, or other SIEM platforms (e.g., Splunk, QRadar, ArcSight). Strong knowledge of log management and event normalization. Good understanding of cybersecurity concepts and incident response. Familiarity with Windows/Linux OS and network protocols. Scripting knowledge (e.g., Python, PowerShell) is a plus. Strong troubleshooting, analytical, and communication skills. Industry certifications (CEH, Security+, SSCP, or vendor-specific) are a plus. Key Skills: SIEM Tools (Innspark, LogRhythm, Splunk) Troubleshooting Log Management & Analysis Scripting (optional) Security Monitoring Skills Siem,Splunk,Troubleshooting Required Skills Siem,Splunk,Troubleshooting

Overview: We are looking for a skilled SIEM Administrator to manage and maintain Security Information and Event Management (SIEM) solutions such as Innspark , LogRhythm , or similar tools. This role is critical to ensuring effective security monitoring, log management, and event analysis across our systems. Key Responsibilities: Design, deploy, and manage SIEM tools (e.g., Innspark, LogRhythm, Splunk). Develop and maintain correlation rules, s, dashboards, and reports. Integrate logs from servers, network devices, cloud services, and applications. Troubleshoot log collection, parsing, normalization, and event correlation issues. Work with security teams to improve detection and response capabilities. Ensure SIEM configurations align with compliance and audit requirements. Perform routine SIEM maintenance (e.g., patching, upgrades, health checks). Create and maintain documentation for implementation, architecture, and operations. Participate in evaluating and testing new SIEM tools and features. Support incident response by providing relevant event data and insights. Required Qualifications: Bachelor's degree in Computer Science, Information Security, or related field. 3+ years of hands-on experience with SIEM tools. Experience with Innspark, LogRhythm, or other SIEM platforms (e.g., Splunk, QRadar, ArcSight). Strong knowledge of log management and event normalization. Good understanding of cybersecurity concepts and incident response. Familiarity with Windows/Linux OS and network protocols. Scripting knowledge (e.g., Python, PowerShell) is a plus. Strong troubleshooting, analytical, and communication skills. Industry certifications (CEH, Security+, SSCP, or vendor-specific) are a plus. Key Skills: SIEM Tools (Innspark, LogRhythm, Splunk) Troubleshooting Log Management & Analysis Scripting (optional) Security Monitoring Skills Siem,Splunk,Troubleshooting Required Skills Siem,Splunk,Troubleshooting

Your Role Administer and develop solutions usingSplunkandSplunk Security Essentialsto support enterprise security monitoring and analytics. Design, implement, and maintain Splunk dashboards, alerts, and reports to provide actionable insights into security events. UtilizeUNIX shell scripting or Pythonto automate data ingestion, parsing, and enrichment processes. Lead and manage security-related projects from planning through execution, ensuring timely delivery and alignment with business goals. Collaborate with cross-functional teams to define requirements, manage risks, and ensure stakeholder satisfaction. Your Profile 5 to 10 yearsof experience in IT security with a strong focus onSplunk administration and development. Proficiency inSplunk Security Essentials, data onboarding, and custom dashboard creation. Strong scripting skills inUNIX shellorPythonfor automation and integration. Solid understanding ofAgile/Scrum methodologiesand project lifecycle management. Proven experience in leading cross-functional teams and managing complex security projects. What You Will Love Working at Capgemini Work on cutting-edge security analytics platforms likeSplunkin enterprise-scale environments. Lead impactful projects that enhance cybersecurity posture for global clients. Clear career progression paths from engineering to leadership and consulting roles. Collaborate with diverse teams in a supportive, inclusive, and innovation-driven culture. Gain exposure to modern security frameworks, automation tools, and real-time threat intelligence.

Job Title: SOC Consultant Location: Gurgaon / Bangalore Experience: 3+ Years Position Type: Full-time Immediate Joiners Preferred Job Description: We are seeking a skilled SOC (Security Operations Center) Consultant with 3+ years of experience in security operations, threat analysis, and incident response. The ideal candidate should have hands-on experience with SIEM tools and a strong understanding of cybersecurity principles and frameworks. Key Responsibilities: Monitor, analyze, and respond to security events and incidents Operate and manage SIEM platforms (e.g., Splunk, QRadar, ArcSight, etc.) Perform real-time threat analysis, detection, and triage of security incidents Support vulnerability management and threat intelligence integration Work closely with clients and internal teams to implement security best practices Document security incidents and contribute to knowledge base development Assist in the development of security playbooks and incident response plans Required Skills: 3+ years of experience in SOC operations or a similar cybersecurity role Proficiency in SIEM tools and log analysis Good understanding of TCP/IP, IDS/IPS, firewalls, and malware analysis Familiarity with threat hunting techniques and cybersecurity frameworks (NIST, MITRE ATT&CK) Strong analytical and problem-solving skills Excellent communication and documentation skills Certifications (Preferred): CEH / CompTIA Security+ / SSCP / Splunk Certified / Microsoft SC-200 or equivalent

Job Responsibilities - Investigate, document, and report on information security issues and emerging trends - Notify clients of incidents and required mitigation works - Understand logs from various sources like firewalls, IDS, Windows DC, Cisco appliances, AV and antimalware software, and email security - Fine-tune SIEM rules to reduce false positives and remove false negatives - Perform threat intel research and vulnerability analysis Required Skills and Experience - Experience: 5-7 years in roles related to information security or similar fields - Skills: Expertise in Cloudstrike, Proofpoint, LogRhythm, and Rapid 7 - Knowledge of ITIL disciplines like Incident, Problem, and Change Management

RESG/GTS is the entity in charge of the entire IT infrastructure of Socit Gnrale. The RESG/GTS/SEC/SOC department, which corresponds to the Socit Gnrale SOC (SOC SG), is in charge of operational detection, incident response and prevention activities within the scope of GTS across the businesses. The mission of the SOC is to identify, protect, detect, respond and using the security platforms for the detection/reaction and prevention and resolution of security incidents. The SG SOC consists of Cyber Defense (incident management) Cyber Tools (management of SOC tools including the SIEM), Cyber Control (Prevention and Compliance) and Governance. This role is for a SOC L3(Lead Cyber Security Analyst) will be part of the GTS Security SOC team. In this role, you will involved in supporting India and global regional needs. The objectives of the Security Department (RESG/GTS/SEC) are to manage the strategy for all RESG/GTS in terms of security, technical standards, processes and tools, and thus to cover many cross-functional functions within the company and subsidiaries across all regions. Accountabilities Major Activities SOC Lead/L3 Lead and manage all high priority Critical Security Incidents including end to end incident mgmt. Support/help and guide the L1/L2 in managing complex issues/incidents Lead and engage in Study/POC of Tools and technologies aligning to the security roadmap Will be an expert in 1 or 2 key security technologies/tools globally and be part of the global SOC L3/Experts Example Areas: Threat Hunting, Forensic Analysis, IPS, EDR, DLP, etc. Contribution to the risk detection management approach, consistent with the SG MITRE Matrix approach and other industry standard relevant approaches Analysis support for complex investigations and improve reaction procedures/run book definitions/ enhancements Support for analyses on cybersecurity technical plans, analysis approach and incident management Identify different security tools and technologies to make security operations more effective. Identification of security gaps, mitigation strategy, implementation tracking till closure Work with various regional SOC and CERT teams on the security aspects an incidents where required Reporting to Function Head GTS SEC SOC

Hi Everyone, I am on lookout for Sr Information Security Analyst -GSOC for leading product based MNC in Pune, Yerwada. Kindly refer below JD & share your resume on alisha.sh@peoplefy.com Job description: ● 7 to 10 years of overall experience ● Experience with Security Information and Event Management (SIEM) systems (e.g., Splunk, ArcSight, Qradar) and GSOC ● Experience with vulnerability assessment tools and techniques. ● Experience with incident response frameworks and procedures. ● Knowledge of security standards and regulations (e.g., PCI DSS, GDPR) ● Looking for candidates who can join within 30 days

You will be responsible for monitoring and analyzing information security events such as unauthorized use or access, fraudulent activities, and data leakage. This role involves initiating information security incident tickets at a third level, which complements the first and second level monitoring and support in the service desk. Your tasks will include monitoring and analyzing security events in central tools like ArcSight and local systems like IPS on a regular basis. You will be involved in developing and refining detective controls based on input from Information Security Investigation Coordinators, as well as controlling the effectiveness of preventive and detective measures. Additionally, you will develop and report metrics for the overall information security situation, such as the number of targeted attacks or attempts. In terms of incident management, you will be responsible for initiating information security incident tickets, triggering escalation processes if necessary, and implementing initial counter-measures. You will support and collaborate with the Information Security Incident Response Team by providing real-time information on current developments and identifying the origin and target of attacks. Furthermore, you will be involved in planning, performing, and monitoring vulnerability scans using tools like Qualys Guard and reporting the results. The ideal candidate should possess a graduate degree in computer sciences or a related field, with at least 5+ years of experience working with ArcSight. Proficiency in security monitoring tools and devices, including IDS/IPS, AV scanners, security gateways, and SIEM solutions (preferably ArcSight) is mandatory. You should demonstrate the ability to handle high workloads and pressure effectively. Knowledge of network and infrastructure security is essential for this role. Strong analytical skills, good communication abilities, self-organization, and motivation to work in a multicultural environment are highly desirable. Preferred certifications include CEH, ECSA, and GCIH. If you are a Senior Systems Engineer with expertise in SIEM, HP ArcSight, IDS/IPS, AV scanners, and security gateways, this opportunity in Trivandrum could be a perfect fit for you. Holders of B.Sc, B.Com, M.Sc, MCA, B.E, or B.Tech degrees are encouraged to apply by sending your resume to jobs@augustainfotech.com.,

Dear Candidate, We are looking for a skilled Cybersecurity Analyst to monitor, detect, and respond to security threats. If you have expertise in threat intelligence, SIEM tools, and incident response, wed love to hear from you! Key Responsibilities: Monitor network traffic and systems for potential security threats. Investigate and analyze security incidents to prevent breaches. Implement security controls and best practices for data protection. Manage security tools such as SIEM, IDS/IPS, and endpoint protection. Conduct vulnerability assessments and recommend mitigation strategies. Ensure compliance with security standards like ISO 27001, NIST, and GDPR. Required Skills & Qualifications: Strong knowledge of security frameworks and incident response. Experience with SIEM tools (Splunk, QRadar, ArcSight). Proficiency in scripting (Python, Bash, PowerShell) for security automation. Understanding of network protocols, firewalls, and VPN security. Knowledge of penetration testing and ethical hacking techniques. Soft Skills: Strong analytical and problem-solving skills. Excellent attention to detail and ability to work under pressure. Good communication and teamwork skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

A career in our Advisory Acceleration Centre is the natural extension of PwC’s leading class global delivery capabilities. We provide premium, cost effective, high quality services that support process quality and delivery capability in support for client engagements. To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future. Responsibilities As a Senior Associate, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to: Use feedback and reflection to develop self awareness, personal strengths and address development areas. Delegate to others to provide stretch opportunities, coaching them to deliver results. Demonstrate critical thinking and the ability to bring order to unstructured problems. Use a broad range of tools and techniques to extract insights from current industry or sector trends. Review your work and that of others for quality, accuracy and relevance. Know how and when to use tools available for a given situation and can explain the reasons for this choice. Seek and embrace opportunities which give exposure to different situations, environments and perspectives. Use straightforward communication, in a structured way, when influencing and connecting with others. Able to read situations and modify behavior to build quality relationships. Uphold the firm's code of ethics and business conduct. ,Quality Assurance SOC Analyst - CaaS As a Quality Assurance SOC Analyst (Senior Associate) within the Cyber as a Service (CaaS) practice, you’ll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. You will play a pivotal role in ensuring the quality and effectiveness of our SOC operations. You will be responsible for reviewing and enhancing our security incident response processes and procedures, evaluating the performance of SOC analysts, and implementing best practices to maintain the highest standards of security. This role is critical in maintaining the integrity of our clients' systems and Required Qualifications data. Responsibilities include but are not limited to: 3+ years of experience in a technical role in the areas of Security Operations, Quality Assurance in a SOC setting, Threat Intelligence, Incident Response, or Penetration Testing/Red Team. At a minimum, a Bachelor's Degree in a relevant area of study with a preference for Computer Science, Computer Engineering, Cybersecurity, or Information Security. Knowledge and experience working with various SIEM, EDR, NDR and Ticketing tools. Knowledge of Security Operations Centre (SOC) processes and procedures. Effective communication skills, both written and verbal. Strong attention to detail and commitment to quality. Advanced knowledge and experience analyzing attacker techniques at all stages of a breach. Knowledge of MITRE ATT&CK and Cyber Kill-Chain is a must Be available to work on a 24/7 basis (Mon-Sun) on a shift based schedule to continuously assure quality within SOC. Roles & Responsibilities Conduct regular quality assessments of security incident handling processes within the SOC for both L1 and L2 functions. Review and evaluate the effectiveness of SOC analyst activities, including incident detection, analysis, investigation and response. Identify areas for improvement and provide recommendations to enhance SOC operations and incident response capabilities. Collaborate with SOC management and leads to develop and implement quality assurance strategies and initiatives. Create and maintain comprehensive quality assurance documentation, reports, and metrics. Mentor and provide guidance to junior SOC analysts to improve their performance and investigation skills. Stay up-to-date with the latest threat landscape, attack vectors, and cybersecurity technologies through ongoing research and professional development. Assist in incident response activities as needed, including during high-priority security incidents. Participate in the development and delivery of training programs for SOC staff. Collaborate with the L2 analyst team to develop robust quality assurance practices, documentation, reports and metrics. Collaborate with L1 and L2 SOC analysts to provide training and knowledge sharing on quality assurance best practices. Communicate findings and recommendations effectively to technical and non-technical stakeholders internally and externally. Maintain detailed records of quality assurance activity, including findings, actions taken, and outcomes. Participate in knowledge-sharing initiatives with the L1 and L2 team to enhance collective expertise and investigation skills. Ensure adherence to established quality assurance processes and procedures. Identify opportunities for process improvement and contribute to the enhancement of quality assurance methodologies. Maintain composure and efficiency in high-pressure situations. Willing to work in US day shift (9AM EST - 5PM EST) / India night Shift (7 PM IST to 3 AM IST) and weekend support / on call support Experience & Skills 3+ years of experience in a technical role in the areas of Security Operations, Quality Assurance in a SOC setting, Threat Intelligence, Cyber Incident Response, or Penetration Testing/Red Team. Experience in SOC L1, SOC L2 is a must. Experience in SOC Quality Assurance is a must Experience in SIEM technologies such as Azure Sentinel, Splunk, ArcSight, QRadar, Exabeam, LogRhythm Experience and knowledge of EDR and NDR technologies such as Cortex XDR, CrowdStrike, Carbon Black, Cylance, Defender, DarkTrace Experience with ticketing system such as ServiceNow, JIRA is considered a strong asset Experience and Knowledge working with Cyber Kill-Chain model and MITRE ATT&CK framework Ability to use data to 'tell a story'; ability to communicate findings and recommendations effectively to technical and non-technical stakeholders. Proficient in preparation of reports, dashboards and documentation Excellent communication and leadership skills Ability to handle high pressure situations with key stakeholders Good Analytical skills, Problem solving and Interpersonal skills A demonstrated commitment to valuing differences and working alongside diverse people and perspectives

Location: Gurgaon (Work from Office) Looking for Immediate joiners only Required Technical Skills & Experience: Experience: 7+ years in cybersecurity, with at least 3 years in a SOC leadership role . SIEM & Log Analytics: XSIAM, ArcSight, Splunk, Elastic Stack (ELK), QRadar, Microsoft Sentinel Threat Intelligence: MITRE ATT&CK, Cyber Kill Chain, MISP, STIX/TAXII. Incident Response & Forensics: Volatility, Wireshark, FTK, EnCase, Sleuth Kit, YARA. Endpoint Security & EDR/XDR: CrowdStrike Falcon, Microsoft Defender, Palo Alto XDR, SentinelOne, Carbon Black. Cloud Security: AWS GuardDuty, Azure Security Center, Google Chronicle, CSPM, CNAPP. Compliance & Risk: NIST 800-53, ISO 27001, PCI-DSS, SOC2, GDPR, CIS Benchmarks. Key Responsibilities: SOC Operations & Security Monitoring Lead and manage the 24/7 Security Operations Center (SOC) , ensuring continuous threat detection and response . Working extensively on SIEM (XSIAM. Arcsight, Splunk, QRadar, ELK, Sentinel, etc.) and other security monitoring tools. Oversee 24/7 monitoring of security events and alerts. Ensure effective use of SIEM (Security Information and Event Management) tools. Prioritize, analyze, and manage security incidents. Improve threat intelligence capabilities and integrate with threat intelligence feeds. Continuously optimize detection rules, correlation logic, and security alerts to minimize false positives and improve response times. Incident Response & Management Develop and enforce incident response plans (IRPs) . Ensure timely response to cyber threats, minimizing impact. Coordinate with stakeholders during major incidents. Conduct post-incident analysis and lessons learned exercises. EDR/XDR (Endpoint Detection & Response / Extended Detection & Response) CrowdStrike Falcon – AI-powered threat detection with real-time response. Palo Alto XDR – Extended Detection and Response. Microsoft Defender for Endpoint – Integrated with Azure security solutions. – Behavioral AI-driven endpoint protection. Carbon Black (VMware) – Next-gen EDR with cloud analytics. Sophos Intercept X – Machine-learning-based ransomware prevention. Threat Intelligence Platforms (TIP) Recorded Future – AI-driven threat intelligence analysis. MISP (Malware Information Sharing Platform) – Open-source threat sharing platform. Flashpoint Threat Intel Outseer AFCC ( Previously RSA) IBM X-Force Exchange – Intelligence-sharing with global threat data. Anomali ThreatStream – Automated threat intelligence processing. VirusTotal Enterprise – File and URL malware scanning with shared intelligence. Compliance & Reporting Ensure compliance with security frameworks (ISO 27001, NIST, GDPR, etc.). Maintain accurate security logs and reports for audits. Prepare executive-level reports on security incidents and risk posture.

Role & responsibilities Responsible for handling escalation in 24*7 environment. 1) Hands On Experience on working as level 2 SIEM Admin on multiple SIEMs(ArcSight) 2) Hands On Experience with working on different layers of protection(Network/ EndPoint/ Content/ Web Security) devices of the infrastructure 3) Understanding of Risk Management Frameworks 4) Monitoring Compliance with Information Security Policies and Procedures 5) Mentoring and coaching 6) Maintain a broad and current understanding of evolving threats and vulnerabilities to ensure the maintenance of the security of our client networks 7) Escalation Handling 8) Threat hunting on the collected events from the clients 9) Team Player 10) ProActive action on Zero Day Attacks 11) Must have good communication skill 12) Must have ability to work independently towards success Preferred candidate profile 1) Creating, Modifying, and Updating Security Information Event Management (SIEM), EDR, XDR, Threat Hunting, VAPT, SOAR 2) Network, Infrastructure including security segment 3) Cyber threats & Vulnerabilities, authentication, authorization & access control methods 4) Any programming knowledge or scripting knowledge will consider as added advantage 5) Experience in analysing malware 6) Maintaining Security Records of Monitoring and Incident Response Activities 7) Performing Security Analyses 8) Performing Threat Analyses 9) Client request handling 10) Excellent communication skills (English & Hindi)

Role Details Responsible for monitoring SOC tools in 24*7 environment Job Summary Key Responsibility Area 1)24*7 SIEM Monitoring for MSSP environment and alert on Incidents/alerts 2)Maintains record of security monitoring and incident response acvies, ulizing case management and ckeng technologies 3)Incident Management and coordinate with customer for Incident closure 4)Registering and Handling customer complaints 5)First level incident handling 6)Prepares briengs and reports of analysis methodology and results 7)Tagging of events based on priority levels & severity levels 8)Follow Standard Operang Procedures to perform rst level troubleshoong 9)Generates end-of-shi reports for documentaon and knowledge transfer to subsequent analysts on duty 10)SLA management 11)Escalate to L2 in case of any deviaonBasic Requirement Exposure to and Knowledge of 1)SIEM 2)Network Security 3)Windows server, Virtualizaon (VMware) and Linux commands Fundamental understanding of computer networking (TCP/IP), Windows, Linux, Cisco Operating Systems, Information Security knowledge of VA, IDS, Network infrastructure & Security and SIEM, Malware and its types 4) Experience in Arcsight is mandatory Competencies Companies/Industry to be sourced from 1)Network Defenders 2)Creang, Modifying, and Updang Security Informaon Event Management (SIEM) 3)Maintaining Security Records of Monitoring and Incident Response Acvies 4)Performing Security Analyses 5)Performing Threat Analyses 6)Client request handling

Microland Limited is looking for Associate Manager - Cyber Security to join our dynamic team and embark on a rewarding career journeyTeam Supervision: Provide leadership, direction, and supervision to a team of employees, ensuring their productivity, performance, and professional development.Operational Management: Manage day-to-day operations within the assigned area, ensuring efficiency, adherence to processes, and effective resource allocation.Performance Management: Set performance goals, conduct regular performance reviews, and provide feedback and coaching to team members to help them excel in their roles.Project Coordination: Oversee projects, initiatives, or tasks within the department, ensuring that deadlines are met and objectives are achieved.Communication: Foster effective communication within the team and with other departments, conveying goals, expectations, and updates to ensure alignment.Problem-Solving: Address challenges and issues that arise within the team or department, working to find solutions and implement process improvements.Budget Management: Contribute to budget planning and management, ensuring that resources are allocated appropriately to achieve departmental goals.