150 Azure Sentinel Jobs

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NA Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations. You will engage in discussions to align security strategies with organizational objectives, ensuring that all security measures are effectively integrated into the cloud environment. Your role will also require you to stay updated on the latest security trends and technologies to enhance the overall security posture of the organization. Roles & Responsibilities:1)Design and implement Microsoft Sentinel architecture, including data connectors, analytics rules, and workbooks.2)Integrate Sentinel with various data sources, including Azure services on-premises systems, and third-party security products.3)Develop and maintain data connectors, APIs and custom integrations.4)Configure and optimize incident response workflows, including automated response actions and playbooks.5)Collaborate with security operations teams to implement Sentinel-based security monitoring and incident response processes.6)Provide training and support to security teams on Sentinel features and functionality7)Continuously monitor and optimize Sentinel performance, scalability, and reliability8)Develop and maintain custom dashboards, reports, and workbooks to provide security insights and metrics. 9)Integrate Azure Logic Apps with Azure Sentinel to automate security workflows and incident response.10)Develop custom connectors for Logic apps to integrate with Azure Sentinel and other security tools. 11)Collaborate with security teams, developers, and operation teams to ensure seamless integration and deployment of Logic Apps with Azure Sentinel12)Configure and maintain Sentinel workspaces, including data connectors, analytics rules. 13)Optimize Sentinel workspace performance, scalability, and security.14)Develop and maintain reports and dashboards to provide visibility into security metrics and trends.15)Strong knowledge of KQL and experience writing complex queries. Professional & Technical Skills: - Must To Have Skills: Proficiency in Microsoft Sentinel, Azure Security Center and Azure Monitor- Experience with data analytics, machine learning, and threat intelligence.- Strong understanding of cloud security principles and practices.- Experience with security incident response and management.- Knowledge of regulatory compliance frameworks such as GDPR, HIPAA, or PCI-DSS.- Familiarity with security tools and technologies used in cloud environments. Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Hyderabad office.- A 15 years full time education is required. Qualification 15 years full time education

Role & responsibilities : Perform comprehensive security reviews of infrastructure, applications, and cloud deployments. Analyze and assess security configurations across Cloud environments (Azure, AWS and GCP) Monitor and evaluate security alerts and incidents, collaborating with SOC teams for resolution. Conduct targeted security assessments of cloud-hosted assets to identify misconfigurations, enforce compliance, and improve operational security posture. Provide recommendations to improve security posture and reduce risk exposure Utilize Cloud Security tools to assess and remediate vulnerabilities. Cyber security reviews of cloud-hosted assets, including infrastructure resources, applications and associated configurations. Develop and maintain security documentation, including review reports and risk assessments. Collaborate with cross-functional teams to embed security best practices. Stay updated on emerging threats, vulnerabilities, and compliance requirements. Automate routine security tasks using scripting or orchestration tools (e.g., Python, PowerShell, Terraform). Administer and manage Cloud Security Posture Management (CSPM) tools including Microsoft Defender for Cloud (MDC), Prisma Cloud, Wiz, etc. Primary skills: MDC (Microsoft Defender for Cloud and Prisma Cloud. Experience on Wiz is a plus. Integrate security controls into CI/CD pipelines (DevSecOps) Knowledge around IAM concepts and reviews of least privilege access across cloud and enterprise systems. Perform/Familiarity around container security assessments (Kubernetes, Docker, Sandbox) and ensure secure configurations. Apply cloud security frameworks and best practices (e.g., CSA CCM, Azure Security Benchmark) Leverage AI/ML-based threat detection tools to enhance security operations and reduce false positives. Preferred candidate profile 58 years of experience in Cybersecurity, with a focus on security reviews and operations. Hands-on experience with Cloud Security Posture Management (CSPM) tools such as Microsoft Defender for Cloud, Prisma Cloud, Wiz, etc. Hands-on experience in cloud security operations, cloud asset reviews, including infrastructure, applications, resources and associated configurations. Proficiency in cloud-native security solutions across Microsoft Azure, AWS, or GCP. Familiarity with vulnerability scanners (Qualys, Tenable), SIEM platforms (Splunk, Sentinel), and ticketing systems (ServiceNow), SecOps. Strong understanding of networking protocols, Firewalls, IDS/IPS, NSG, NACL , DDOS, VPN and WAF technologies. Deep understanding of Cyber Security Standards and Frameworks such as NIST 800-61R2, OWASP, CIS. Experience with incident response workflows. Excellent analytical, communication, and documentation skills Mandatory certifications: SC-100/ SC-200/ AZ-500/ ISC2 CC/ CompTIA Security+ or equivalent. Additional certifications like CEH, CCSP, CISA, CRISC, CISM are a plus.

About Northern Trust: Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889. Northern Trust is proud to provide innovative financial services and guidance to the world&aposs most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world&aposs most sophisticated clients using leading technology and exceptional service. Key responsibilities Implement and manage privileged access management solutions for broad platform and service coverage. Assist with product deployment, enhancements, and integration. Work closely with operations partners in the same team to support the PAM solution. Key Skills: Experience in installing and configuring CyberArk PTA component Expertise in Windows Server/Linux operating system Experience working with CyberArk PAM and PTA Work with technical lead to develop log ingestion strategy. Contribute to detection strategy based on industry best practices. Detail step by step process to ingest high quality log sources. Perform log source monitoring and optimization. Excellent conceptual, organizational, analytical, and problem-solving skills Excellent written and oral English communication skills and ability to work with globally distributed teams and users Ability to learn product capabilities as implemented in the Firm, and learn about firm practices and procedures Knowledge of privileged access management solutions Familiarity with automation tools, such as Ansible, Puppet, or Chef Expertise in Unix/Linux Knowledge of Microsoft Active Directory / Group Policy Knowledge of development practices and processes (source control, deployment processes and automations) Knowledge of Azure Sentinel- Good to have Technical Skills: 5+ Years CyberArk experience 2+ Years Cloud Services Implementation (Azure) Strong CyberArk hands-on experience including advanced CyberArk modules like PTA PSM, PSMP, and good to have CP/CCP Strong experience with CyberArk utilities and their usage - PUU, PACLI and EVD. Experience in working with PTA log altering and monitoring Familiarity with CyberArk configuration files, logs files, access control and user management. Experience in working with CyberArk support. Good knowledge of Microsoft AD (Active Directory) knowledge and experience. Strong Privileged Access Management solutions knowledge and experience. Good knowledge of Identity and Access Management technology solutions and processes. Basic understanding of the main network protocols (IPv4/IPv6/TCP/UDP/DNS/SMPT). A good knowledge of Azure environment for managing/troubleshooting CyberArk components on Azure Working with Us: As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas. Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose. We&aposd love to learn more about how your interests and experience could be a fit with one of the world&aposs most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater Reasonable accommodation Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at [HIDDEN TEXT] . We hope you&aposre excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people. Apply today and talk to us about your flexible working requirements and together we can achieve greater. About Our Pune Office The Northern Trust Pune office, established in 2016, is now home to over 3,000 employees. The office handles various functions, including Operations for Asset Servicing and Wealth Management, as well as delivering critical technology solutions that support business operations across the globe. Our Pune team takes our commitment to service to heart. In 2024, they volunteered more than 10,000+ hours into the communities where they live and work. Learn more. Show more Show less

Role Overview: You will be joining the EY cyber security team as a CMS-TDR Senior, where you will work as a Senior Analyst assisting clients in detecting and responding to security incidents using SIEM, EDR, and NSM solutions. Your role will involve operational support, incident validation, coordination, and communication with clients to ensure effective containment, eradication, and recovery of security incidents. Key Responsibilities: - Provide operational support using SIEM solutions (Splunk, Sentinel, CrowdStrike Falcon LogScale), EDR (CrowdStrike, Defender, Carbon Black), and NSM (Fidelis, ExtraHop) for multiple customers. - Specialize in second-level incident validation and detailed investigation. - Perform incident coordination and communication with clients for effective containment, eradication, and recovery. - Conduct SIEM support activities including adhoc reporting and basic troubleshooting. - Advise customers on best practices and use cases to achieve end-state requirements. - Provide near real-time analysis, investigation, reporting, remediation, coordination, and tracking of security-related activities for customers. Qualifications Required: - B. Tech./ B.E. with sound technical skills. - Ability to work in 24x7 shifts. - Strong command of verbal and written English language. - Demonstrate technical acumen and critical thinking abilities. - Strong interpersonal and presentation skills. - Minimum 3 years of hands-on experience in SIEM/EDR/NSM solutions. - Certification in any of the SIEM platforms. - Knowledge of RegEx, Perl scripting, and SQL query language. - Certification - CCSA, CEH, CISSP, GCIH. Additional Details: At EY, you will have the opportunity to work on inspiring and meaningful projects, receive support, coaching, and feedback from engaging colleagues, develop new skills, progress your career, and have the freedom and flexibility to handle your role in a way that suits you. EY is dedicated to building a better working world by creating long-term value for clients, people, and society, and building trust in the capital markets through diverse teams in over 150 countries.,

Level - L4 Reports to: SOC Head Position Summary: The SOC Lead will lead the operations of the Security Operations Centre (SOC). The candidate should have deep expertise in security monitoring, incident response, threat intelligence and security technologies. This role is critical in safeguarding digital assets and ensuring rapid detection, response and mitigation of security incidents. Key Responsibilities: Lead and manage the day-to-day operations of the Security Operations Centre (SOC) team. Oversee monitoring, detection, analysis, and response to security incidents using SIEM tools and other security technologies. Oversee tuning and optimization of SIEM platforms (e.g. Azure sentinel, LogRhythm, Splunk, QRadar, Wazuh etc.) Develop, implement, and maintain SOC processes, procedures, and playbooks to ensure effective incident response. Perform threat hunting and proactive analysis to identify emerging threats. Manage and mentor SOC analysts, providing training and professional development. Conduct root cause analysis and prepare detailed incident reports and recommendations. Drive continuous improvement in SOC capabilities through adoption of new tools and technologies. Participate in security audits, assessments, and vulnerability management initiatives. Stay up-to-date with the latest threat trends, vulnerabilities and regulatory requirements. Required Qualifications: Minimum 12 years of professional experience in cybersecurity, with at least 8 years in a SOC environment. Deep understanding of networking, system administration, cloud environments (AWS/Azure/GCP) and security architecture. Experience with EDR, SIEM, SOAR, IDS/IPS, firewalls and forensic tools. Strong knowledge of malware analysis, log correlation, threat hunting and vulnerability management. Strong analytical and problem-solving skills with an investigative mindset. Excellent communication skills for technical and executive-level reporting. Preferred Certifications: CISSP, GCIA, GCIH, CEH, OSCP, Security+, CySA+ or similar. SIEM-specific certifications (e.g. Azure Sentinel, LogRhythm, Splunk etc). Education: BE CSE/IT or a related field, MCA with 60%+ throughout the academics.

About Company Choosing Capgemini means choosing a company where you will be empowered to shape your career in the way youd like, where youll be supported and inspired bya collaborative community of colleagues around the world, and where youll be able to reimagine whats possible. Join us and help the worlds leading organizationsunlock the value of technology and build a more sustainable, more inclusive world. Job TitleSOC L2 Total Exp- 4 to 7 Years Location- Bangalore Your Role SOC Analyst Key Skills & Experience Experience 3+ years in SOC analysis; prior network/system admin experience is a strong plus. Technical Expertise Strong in Active Directory, Kerberos, ADCS, Windows security logs, network technologies, and cloud security (Azure & O365). Tool Proficiency Hands-on with Azure Sentinel, Microsoft KQL, and Microsoft E5 Security Stack (Defender suite); SIEM & EDR mandatory, NDR a plus. Detection & Analysis Skilled in writing detection queries (SPL, EKQL, MS-KQL, ArcSight), interpreting PCAPs, regex, malware/phishing analysis, and threat actor TTPs (MITRE ATT&CK). Threat Response Capable of creating detection hypotheses, tuning rules, and improving playbooks for effective incident response. Your Profile Incident Response Analyze and document security incidents, escalate when needed, and ensure smooth handover to L3 teams. Threat Detection Perform research and data analysis to identify threats and coordinate remediation efforts. Stakeholder Support Assist IT teams and end users in understanding security issues and applying mitigation strategies. Threat Hunting Conduct deep dives beyond routine incidents and propose corrective actions. Cyber Intelligence Leverage threat intelligence to suggest detection use cases and improve security posture. What Youll Love About Working Here You can shape yourcareerwith us. We offer a range of career paths and internal opportunities within Capgemini group. You will also get personalized career guidance from our leaders.You will get comprehensive wellness benefits including health checks, telemedicine, insurance with top-ups, elder care, partner coverage or new parent support via flexible work.At Capgemini, you can work on cutting-edge projectsin tech and engineering with industry leaders or createsolutions to overcome societal and environmental challenges.

Overall exp can be 10+ years. 3-8 yrs relevant experience in Microsoft Sentinel & SOAR ? Experience in the following tools : Microsoft Sentinel, Azure Security Center, Microsoft Log Analytics, ? Experience in writing queries for cyber-attack detection in Kusto Query Language (KQL) in Azure. ? Experience in supporting security infrastructure such as MS Sentinel Security Information and Event Management (SIEM) , SOAR ? Experience in automation using Playbooks like Logic Apps in Sentinel. ? Experience in Monitoring, investigating and remediating Security Alerts in Sentinel and Log analytics

What will youressential responsibilities include Act as an escalation point for Level 1 analysts and contribute to the Level 1 capability. Deep dive analysis of escalated alerts to understand impact and prioritize tickets. Provide additional context on the threats. Forensics Investigations. Monitor and support Incident remediation. Root cause analysis. Produce high quality reports and accurate reports for a wide range of stakeholders. Provide technical guidance to Level 1 analysts on complex security issues. Mentor and support L1 analysts with alert analysis. Troubleshoot SIEM issues. Continuous reporting and improvements. Maintain and improve SOPs and Processes. Contribute to the enhancement of threat detection and response capabilities. Participate in incident response exercises and RED/BLUE/Purple team activities. You will report to the SOC head. Were looking for someone who has these abilities and skills: Required Skills and Abilities: Relevant years of proven experience working in a Security Operation Centre with a focus on incident detection, analysis, and response. Outstanding understanding of cyber security principles, threat intelligence and attack vectors. Working knowledge of Azure Sentinel, Microsoft Defender, ADX or other similar security tooling. Excellent Cloud Security and Cloud incident handling skills, knowledge, and experience Experience handling digital forensic evidence and writing reports to support investigations. Good understanding of attacker tactics, techniques, and procedures (TTP). Desired Skills and Abilities: Excellent English verbal and written communication skills with the ability to articulate complex ideas in simple language. Willing to make important decisions self-directedly and multi-task under pressure. Ability to collaborate with high performing agile teams and throughout the organization to accomplish goals. Certifications such as CISSP, GIAC, CEH or other. Have an inquisitive nature and enjoy security technology research and the desired to up skills and advance security your skill sets.

Role Summary: We are seeking an experienced Microsoft Security Engineer with strong hands-on expertise in Microsoft Sentinel (SIEM/SOAR) and Microsoft Intune (Endpoint Compliance & Access Control). The candidate will be responsible for designing, implementing, customizing, and supporting our SIEM dashboards, threat detection rules, connectors, and device compliance policies to strengthen our cybersecurity posture. This is a core technical role the candidate must have direct hands-on experience in end-to-end deployment of both Sentinel and Intune in enterprise environments. Key Responsibilities: Microsoft Sentinel (SIEM): Enable and configure data connectors: Azure Activity, AWS CloudTrail/GuardDuty, On-prem AD, Cisco ASA/Firepower, FortiGate firewalls. Deploy and manage Syslog collector VMs for firewall/AD log ingestion. Configure IoC/IoA threat intelligence feeds (MISP, OTX, Recorded Future, etc.). Build custom dashboards (Top Talkers, Incident Overview, Events per Device, Rule Hits, Device Coverage). Write and implement custom KQL correlation rules (beyond Microsoft built-ins). Tune rules to reduce false positives and align with SOC operational needs. Provide incident playbooks/runbooks for SOC team. Microsoft Intune (MDM): Review existing Intune configuration and optimize policies. Define and implement device onboarding (corporate devices + BYOD). Configure compliance validation policies (encryption, AV, OS patch levels). Define and implement conditional access (CA) policies for O365, SaaS apps, and internal systems. Integrate Intune with Defender for Endpoint and Sentinel for unified risk visibility. Generate compliance dashboards and audit-ready reports. Cross-Functions: Work with Architect/Lead to align design with security framework. Document all configurations, rules, dashboards, and policies. Conduct structured knowledge transfer sessions for SOC/IT teams. Support audit and regulatory readiness (ISO 27001, PDPL, GDPR, etc.). Required Skills & Experience: 8-12 years of hands-on experience in enterprise security engineering. Minimum 3+ years direct, practical experience with Microsoft Sentinel (KQL, connectors, dashboards, rules). Minimum 3+ years direct, practical experience with Microsoft Intune (compliance, CA, device onboarding). Strong expertise in Azure AD, Conditional Access, Defender for Endpoint integration. Proven experience writing custom KQL correlation rules (beyond out-of-box templates). Familiarity with Syslog/CEF ingestion for firewalls and AD logs. Experience integrating multi-cloud (Azure + AWS) into Sentinel. Solid understanding of IoC/IoA feeds and Threat Intelligence integrations. Strong documentation and KT delivery experience. Certifications preferred: SC-200: Microsoft Security Operations Analyst SC-300: Microsoft Identity and Access Administrator SC-400: Microsoft Information Protection MS-101/MD-101: Microsoft 365 Enterprise Admin / Modern Desktop Administrator Soft Skills: Strong communication and stakeholder-facing ability. Ability to lead discussions with security teams and senior management. Problem-solving mindset balancing business risk vs technical enforcement. Can work independently and deliver under tight timelines.

Candidates must be a CyberArk Certified Delivery Engineer (CCDE) or equivalent. The successful applicant will be an experienced CyberArk PAM consultant to take our client's project forward and support the account. Taking on and further developing/deploying of our client's Privileged Access Management solution based on CyberArk technology. Lead Consultant with demonstrable experience of CyberArk Privileged Access Management solution experience. HLD and LLD experience. Ability to work with the internal Project team and end customer to continue design and deployment activities and further enhance the PAM solution. Documentation skills. Security Policy and Governance experience and appreciation. Identity & Access Management/IDAM experience and knowledge. Design and deliver high quality security architecture and infrastructure setups and/or sub-systems to agreed deadlines. Assist customers in developing a secured privileged access management infrastructure and also to define policies to protect their applications/platforms/targets from unauthorized access Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise 8+ years of industry experience in Design, Development, Customization, Configuration, end- to-end implementation of any Identity Management and Governance products. Minimum 5+ years relevant experience in implementing and managing Saviynt IGA solution. Knowledge on User Lifecycle Management, Provisioning, Deprovisioning, Reconciliation, Password management, Access Certification, RBAC, SOD, Role Management, Access Request, Delegation, Auditing, Reporting and user activity Monitoring Experience in MySQL and Unix Shell/Perl scripting Knowledge of Web Services (REST/SOAP), Directories (LDAP, AD), etc Preferred technical and professional experience Experience / Knowledge in Ping, Azure MFA, SailPoint IdentityNow Experience with at least one of the following development environments/languagesJ2EE, Java, PowerShell, JavaScript Directory experience (AD, Azure AD, LDAP) SaaS deployment experience

About Company Choosing Capgemini means choosing a company where you will be empowered to shape your career in the way you'd like, where you'll be supported and inspired by a collaborative community of colleagues around the world, and where you'll be able to reimagine what's possible. Join us and help the world's leading organizations unlock the value of technology and build a more sustainable, more inclusive world. Job Title: SOC L2 Total Exp- 4 to 7 Years Location- Bangalore Your Role SOC Analyst - Key Skills & Experience Experience : 3+ years in SOC analysis prior network/system admin experience is a strong plus. Technical Expertise : Strong in Active Directory, Kerberos, ADCS, Windows security logs, network technologies, and cloud security (Azure & O365). Tool Proficiency : Hands-on with Azure Sentinel, Microsoft KQL, and Microsoft E5 Security Stack (Defender suite) SIEM & EDR mandatory, NDR a plus. Detection & Analysis : Skilled in writing detection queries (SPL, EKQL, MS-KQL, ArcSight), interpreting PCAPs, regex, malware/phishing analysis, and threat actor TTPs (MITRE ATT&CK). Threat Response : Capable of creating detection hypotheses, tuning rules, and improving playbooks for effective incident response. Your Profile Incident Response : Analyze and document security incidents, escalate when needed, and ensure smooth handover to L3 teams. Threat Detection : Perform research and data analysis to identify threats and coordinate remediation efforts. Stakeholder Support : Assist IT teams and end users in understanding security issues and applying mitigation strategies. Threat Hunting : Conduct deep dives beyond routine incidents and propose corrective actions. Cyber Intelligence : Leverage threat intelligence to suggest detection use cases and improve security posture. What You'll Love About Working Here You can shape yourwith us. We offer a range of career paths and internal opportunities within Capgemini group. You will also get personalized career guidance from our leaders.You will get comprehensive wellness benefits including health checks, telemedicine, insurance with top-ups, elder care, partner coverage or new parent support via flexible work.At Capgemini, you can work on in tech and engineering with industry leaders or create to overcome societal and environmental challenges.

Job Description As a Threat Hunter, you will be responsible for proactively identifying, analysing, and mitigating potential threats across our environments. You will lead threat hunts, leverage data from multiple sources, and apply advanced techniques to detect suspicious behaviour and uncover threats. Collaborating with cross-functional teams, youll refine detection strategies and enhance our overall security posture. This is an exciting opportunity to make a significant impact by driving proactive security measures. Responsibilities • Performing day-to-day operations as a trusted advisor on advanced threat hunt for team • Leading "hunt missions" using threat intelligence, data from multiple sources and results of brainstorming sessions to discover evidence of threats, insider misconduct, or anomalous behavior • Utilizing advanced threat hunting techniques and tools to detect, analyze, and respond to anomalous activities. This includes Identifying threat actor groups and characterizing suspicious behaviors as well as being able to identify traits, C2, and develop network and host-based IOCs or IOAs. • Finding evidence of threats or suspicious behavior and leveraging data to improve controls and processes; this will require a blend of investigative, analytical, security, and technical skills to be successful. • Evaluating and making recommendations on security tools and technologies needed to analyze potential threats to determine impact, scope, and recovery. • Ensuring gaps in detections are socialized with Cyber Security stakeholders; this includes identifying dependencies, recommendations, and collaborating to mitigate threats. • Should have understanding and experience on MITRE ATT&CK Framework based Threat Hunting. • Acting as subject matter expert in internal and external audit reviews. This includes producing and presenting artifacts and executive summaries to support the overall mission. • Participating in Purple Team, Threat Hunt, and tabletop exercises. • Working closely with key cross-functional stakeholders to develop and utilize proactive and mitigating measures to prevent, detect and respond to potential threats to Verizon on prem and cloud environments. • Mentoring and advising team members by educating them on advanced techniques on threat hunting. • Experience in threat Hunting to find presence of adversaries within organizational infrastructure. • Promoting an environment of collaboration and individual accountability when it comes to problem-solving, decision-making, and process improvements. Qualifications • Bachelor's and/or masters degree in IT Security, Engineering, Computers Science, or related field/experience • 5+ years overall technical experience in threat hunting. • Deep understanding of common network and application stack protocols, including but not limited to TCP/IP, SMTP, DNS, TLS, XML, HTTP, etc. Hinduja Global Solutions Limited “For internal use only” 1 of 1 HGS-SECURE/MSSP/HGS-UK/PROPOSAL/0001 “Un-controlled if printed”. • Comprehensive knowledge utilizing system, cloud, application and network logs. • Experience working with IOCs, IOA, and TTPs. • Proficient knowledge of the cyber threat landscape including types of adversaries, campaigns, and the motivations that drive them. • Proficient knowledge of different programming languages, like, KQL, Python, PowerShell etc. • Experience working with analysis techniques, identifying indicators of compromise, threat hunting, and identification of intrusions and potential incidents. • Fundamental understanding of tactics, technologies, and procedures related to Cyber Crime, Malware, Botnets, Hacktivism, Social Engineering, APT or Insider Threat • Knowledge of operating system internals, OS security mitigations & understanding of Security challenges in Windows, Linux, Mac, Android & iOS platforms • Knowledge on query structures like Strong understanding of cyber based adversarial frameworks including MITRE ATT&CK and Lockheed Martin’s Cyber Kill Chain. • Knowledgeable with Regular Expressions, YARA and SIGMA rules, AQL and KQL type and at least one common scripting language (PERL, Python, PowerShell) • Excellent analytical and problem-solving skills, a passion for research and puzzle-solving • Excellent cross-group and interpersonal skills, with the ability to articulate business need for detection improvements Certifications Certifications such as below or similar threat-hunting credentials are highly desirable. Certified Threat Hunting Professional eCTHP Certified Incident Responder (eCIR) Certified Digital Forensics Professional eCDFP GIAC Certified Incident Handler Certification (GCIH) GIAC Enterprise Incident Response (GEIR) Network+, Security+, CISSP, CISM, GCIH, GCFA, GCFE, GREM and/or or cloud-specific certifications (ex: AWS Certified Security - Specialty, Microsoft Certified: Azure Security Engineer Associate, Google Cloud Certified Professional Cloud Security Engineer

Job Title: Cybersecurity Vulnerability & Patch Management Engineer (Onsite PST Hours) Location: Bangalore, India Work Hours: 8:00 AM 5:00 PM PST (India Time: 9PM 5 AM IST) Reports To: SecOps Leader, Cybersecurity (US-based) About the Role: The Senior Cybersecurity Vulnerability & Patch Management Engineer role is a key position within CA One Tech Cloud Clients . This role involves designing scalable applications and ensuring the delivery of high-quality projects. Key Responsibilities: Manage enterprise-wide vulnerability lifecycle using TenableOne Rapid response to zero-day threats with scripting via CrowdStrike RTR Execute patch deployment using Automox across OS and cloud workloads Develop PowerShell/Python scripts for automation and rollback procedures Perform Azure Sentinel threat hunting using KQL Lead weekly vulnerability/patch management meetings and prepare executive dashboards Collaborate with global IT, SecOps, DevOps, and Engineering teams Required Skills: 5+ years in enterprise patch and vulnerability management Hands-on experience with TenableOne , Automox , CrowdStrike Falcon Complete , Azure Sentinel , and KQL Proficient in PowerShell and/or Python Strong understanding of Azure Cloud security posture and incident response CISSP certification (mandatory) Preferred: Knowledge of Infrastructure-as-Code (Terraform/ARM) Experience in regulated industries or manufacturing Additional certifications: Azure Security Engineer, CrowdStrike Certified Please share your resume to Sirishad@ca-one.com

At EY, youll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And were counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. As part of our EY-cyber security team, you shall work as a Senior CMS-TDR Analyst who will assist clients in detecting and responding to security incidents with the support of their SIEM, EDR, and NSM solutions. Your key responsibilities include operational support using SIEM solutions (Splunk, Sentinel, CrowdStrike Falcon LogScale), EDR (CrowdStrike, Defender, Carbon Black), and NSM (Fidelis, ExtraHop) for multiple customers. You will specialize in second-level incident validation and more detailed investigation, perform incident coordination and communication with clients to ensure effective containment, eradication, and recovery, provide SIEM support activities including adhoc reporting and basic troubleshooting, advise customers on best practices and use cases, and provide near real-time analysis, investigating, reporting, remediation, coordinating, and tracking of security-related activities for customers. Skills and attributes for success include being customer service-oriented, having good knowledge of SIEM technologies such as Splunk, Azure Sentinel, CrowdStrike Falcon LogScale from a Security analyst's point of view, troubleshooting issues associated with SIEM solutions, ability to work with minimal levels of supervision, exposure to IOT/OT monitoring (Claroty, Nozomi Networks, etc.), good knowledge and experience in Security Monitoring and Cyber Incident Response, knowledge in ELK Stack, Network monitoring technology platforms such as Fidelis XPS, ExtraHop, and endpoint protection tools, techniques, and platforms such as Carbon Black, Tanium, CrowdStrike, Defender, etc. To qualify for the role, you must have a B. Tech./ B.E. with sound technical skills, ability to work in 24x7 shifts, strong command of verbal and written English language, demonstrate both technical acumen and critical thinking abilities, strong interpersonal and presentation skills, a minimum of 3 years of hands-on experience in SIEM/EDR/NSM solutions, certification in any of the SIEM platforms, knowledge of RegEx, Perl scripting, and SQL query language, and certification in CCSA, CEH, CISSP, GCIH. At EY, were dedicated to helping our clients, from startups to Fortune 500 companies, and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects, receive support, coaching, and feedback from engaging colleagues, have opportunities to develop new skills and progress your career, and enjoy the freedom and flexibility to handle your role in a way that's right for you. EY exists to build a better working world, helping to create long-term value for clients, people, and society and build trust in the capital markets. Working across assurance, consulting, law, strategy, tax, and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.,

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NA Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Manager You will oversee daily operations of a Security Operations Center (SOC), manage threat detection, response, and coordinate escalations across hybrid environments. The role involves deep hands-on engagement with SIEM, EDR, cloud security platforms, and advanced email security solutions like Proofpoint, IronPort, and Cofense. You will ensure rapid detection, containment, and remediation of security incidents while also mentoring junior analysts and improving operational processes. Roles & Responsibilities:-Must Have Skills: A Sentinel Specialist is primarily responsible for implementing and managing Microsoft Sentinela cloud-native SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) solution.-Deploy, configure, and manage Azure Sentinel for threat detection and incident response.- Integrate Sentinel with various data sources using native and custom connectors.-Create and fine-tune analytic rules, workbooks, and playbooks to automate threat detection and response.-Optimize Sentinel performance through query tuning and cost management.- Collaborate with IT and security teams to improve security posture and ensure compliance.- Stay updated with cybersecurity trends and integrate threat intelligence feeds.- Lead a team of SOC analysts, acting as escalation point for critical incidents.-Monitor alerts from SIEM tools such as Azure Sentinel, RSA NetWitness.-Operate and analyze endpoint threats using EDR tools like Microsoft Defender for Endpoint, CrowdStrike Falcon.- Utilize Microsoft Defender for Cloud to assess and enforce security posture across cloud infrastructure.-Collaborate with IT, DevOps, and engineering teams to implement secure configurations and cloud best practices.- Create detailed incident reports, dashboards, and threat landscape briefings.-Develop and maintain security playbooks, SOPs, and shift handover documentation.- Support proactive tuning of detection rules, policies, and integrations across security tools.-Lead and manage the security operations team (SOC).- Develop and enforce security policies, protocols, and procedures.- Monitor and respond to security incidents and breaches.-Prepare reports and metrics for senior leadership. Professional & Technical Skills: -Proficiency in Kusto Query Language (KQL).- Hands-on experience with SIEM/SOAR tools, especially Microsoft Sentinel.- Familiarity with cloud platforms (Azure preferred).- Scripting knowledge (PowerShell, Python, YAML, JSON).- Understanding of cybersecurity frameworks like MITRE ATT&CK or NIST.- Expertise with EDR platforms:Microsoft Defender for Endpoint, CrowdStrike Falcon.- Proficiency in managing email security and phishing defense platforms:Proofpoint TAP/ETP,Cisco IronPort (ESA,Cofense Triage, Vision, Reporter- Familiarity with threat intelligence platforms:MISP, Recorded Future.-Understanding of OS and network log formats, HTTP/SMTP traffic, and Windows/Linux security.- Basic scripting knowledge (Python, PowerShell, Bash) for automation and threat hunting.-Deep understanding of cybersecurity tools and practices.Certification Requirements (Must Have One or More):- Microsoft Certified:Security Operations Analyst Associate (SC-200)- Microsoft Certified:Azure Security Engineer Associate (AZ-500)- Certified SOC Analyst (CSA) EC-Council-CompTIA Security+, CySA+, or CASP+- GIAC Certifications:GCIH, GCIA, GCFA (optional)- CrowdStrike Certified Falcon Responder (CCFR) or equivalent (for EDR specialization) Additional Information:- The candidate should have minimum 7.5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru, Gurugram, Hyderabad, Mumbai, Noida. No other location Preferred- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Delivery Lead Project Role Description : Leads the implementation and delivery of Security Services projects, leveraging our global delivery capability (method, tools, training, assets). Must have skills : Microsoft Azure Sentinel Good to have skills : Security Information and Event Management (SIEM) Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Delivery Lead, you will be responsible for leading the implementation and delivery of Security Services projects. Your typical day will involve coordinating with various teams to ensure that projects are executed efficiently, utilizing our global delivery capabilities, including methods, tools, training, and assets. You will engage with stakeholders to align project goals with organizational objectives, ensuring that security measures are effectively integrated into the overall project framework. Your role will also require you to monitor project progress, address any challenges that arise, and facilitate communication among team members to foster a collaborative work environment. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Develop and implement best practices for security project delivery.- Mentor junior team members to enhance their skills and knowledge. Professional & Technical Skills: - Must To Have Skills: Proficiency in Microsoft Azure Sentinel.- Good To Have Skills: Experience with Security Information and Event Management (SIEM) Operations.- Strong understanding of cloud security principles and practices.- Experience with incident response and threat management.- Familiarity with compliance frameworks and security standards. Additional Information:- The candidate should have minimum 5 years of experience in Microsoft Azure Sentinel.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Splunk Security Information and Event Management (SIEM) Good to have skills : Microsoft Azure Sentinel Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Be a key player in ensuring the security of the organization's digital assets and infrastructure. Roles & Responsibilities:- Expected to be an SME, collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Implement security measures to protect systems, networks, and data.- Conduct security assessments and audits to identify vulnerabilities and risks.- Develop and implement security policies, procedures, and best practices.- Stay updated on the latest security trends, threats, and technologies. Professional & Technical Skills: - Must To Have Skills: Proficiency in Splunk Security Information and Event Management (SIEM).- Good To Have Skills: Experience with Microsoft Azure Sentinel.- Strong understanding of security principles and practices.- Knowledge of network security protocols and technologies.- Experience in incident response and threat hunting.- Ability to analyze and interpret security data for actionable insights. Additional Information:- The candidate should have a minimum of 5 years of experience in Splunk Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Title: Data Operations Lead - Devops Location: Hyderabad/ Mumbai Responsibilities: 1.Minimum of 5-7 years of Hands-on Azure Administration and Governance. 2.Well versed with Hybrid Cloud workloads management with good understanding of Azure Networking(setting up VNETS, NSG's, NAT, Route tables), AKS orchestration, App services, Logic Apps, Storage accounts, Key Vaults .Hands on experience in well-defined Deployment to different Azure services using Azure Pipelines. 3.Possess knowledge of IaC using Bicep or TF . 4.Hands on experience in Different Cloud based monitoring and Observability tool and instrumentation(Preferably Azure like LAW, Azure monitor ). 5.Possess hands on expertise in any one of scripting languages : Shell/PowerShell/Python. 6. Hands on experience in Automation of different manual tasks while operating on Azure. 7.Good Understanding of Cost Management and optimization on the cloud . 8.Good Understanding of different Security specific resources ,their Configurations and their Set up on Azure based of best practices (Microsoft Defender for Cloud, Azure sentinel, Security Center etc). 9.Must Possess at least one Azure certification (Preferred): AZ400/AZ104/AZ700 Good to Have : 1.Knowledge on Azure Data Factory, Azure Synapse, Azure HD Insights. 2.Knowledge on Big Data fundamentals . 3.Well curated troubleshooting and problem-solving approach.

Overview We are seeking a Associate Technical Support Engineer to join the Critical Start Technologies Private Ltd. team, operating under the Critical Start umbrella, for our India operations. This person would help deliver successful security outcomes while providing an exceptional customer experience. The ideal candidate will be a detail-oriented individual with experience providing email, telephone, and chat-based support to security and IT teams in a SaaS or Enterprise environment. This candidate will have experience managing inbound support requests, responding to automated alerts from internal systems, investigating break/fix requests, and documenting necessary information for escalation to engineering teams for effective resolution. A strong ability to problem-solve, collaborate effectively, and engage the right people without overcommitting resources, while ensuring customers are kept informed, is essential for this role. Please note, this role will require working during IST night shifts (5:30pm - 2:30am IST). Responsibilities The Associate Technical Support Engineer will provide the first line of support to Critical Start customers, ensuring accurate and timely ticket handling for break/fix, bug, and enhancement requests across Endpoint, SIEM, and security-focused tools. You will collaborate with internal teams to restore services for critical systems and act as incident manager for major issues from initiation to resolution, including delivering a root cause analysis (RCA) to customers. This role involves managing ticket queues to meet or exceed KPIs, communicating customer risks to Sales and Customer Success, and contributing to knowledge sharing through documentation. Additionally, you will collaborate with R&D, Development, and Product teams to relay feedback, participate in ongoing training to support your professional growth, and create, author, and review knowledge articles that empower team members and enhance the customer experience. Qualifications Required Qualifications: 2+ years of experience in customer support, customer success, or account management with a SaaS, Cloud, or Security provider (MSP/MSSP). 2+ years of direct experience in technical customer support. Proven experience in facilitating communication, problem resolution, and incident management. Strong written and verbal communication skills. A collaborative approach to problem-solving, ensuring the right people are involved without adding unnecessary complexity. Familiarity with using ticketing systems to intake, track, manage, and resolve customer requests and incidents. Ability to build relationships and communicate effectively with internal teams to help deliver positive customer outcomes. Ability to participate in on-call rotations to provide timely support and ensure continuous service availability. Ability to work IST night shift (5:30pm - 2:30am IST) . Desired Qualifications: AI cybersecurity experience is an additional advantage. 2+ years of experience with Azure Sentinel, Splunk, or a similar SIEM platform; including configuration, log source health validation, and connector configuration. Experience working with SIEM products, preferably Splunk Enterprise, SplunkCloud, Microsoft Sentinel, SumoLogic, and/or Devo. Experience in setting up and configuring forwarding solutions, such as Heavy Forwarders, Universal Forwarders, Microsoft AMAs, and Devo Relays. Proficiency in search query languages, such as SPL, KQL, and SQL. Working knowledge of Linux command-line interface (CLI).

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Managed Cloud Security Services Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary As a Security Team Lead, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations. You will engage in discussions to align security strategies with organizational objectives, ensuring that all security measures are effectively integrated into the cloud environment. Your role will also require you to stay updated on the latest security trends and technologies to enhance the overall security posture of the organization. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Develop and maintain comprehensive documentation of cloud security policies and procedures.- Conduct regular security assessments and audits to ensure compliance with established security standards.- Configuration, management and monitoring of Azure Firewall to control and monitor network traffic effectively.- Monitoring of Azure WAF to protect web applications.- Working on Microsoft Sentinel to effectively perform triaging for security incidents from an L3 perspective.- Manage secure score and compliance score in Microsoft Defender for Cloud to ensure the security and compliance of cloud resources.- Provide application teams with insights for remediation on the basis of agreed measures. Professional & Technical Skills: - Must To Have Skills: Proficiency in Managed Cloud Security Services.- Strong understanding of cloud security frameworks and best practices.- Experience with risk assessment and management in cloud environments.- Knowledge of compliance standards such as ISO 27001, NIST, and GDPR.- Familiarity with security tools and technologies for cloud environments.- Knowledge of Azure Sentinel, Azure Firewall, Azure WAF, Microsoft Defender. Additional Information:- The candidate should have minimum 5 years of experience in Managed Cloud Security Services.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Accenture MxDR Ops Security Threat Analysis Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :Accenture Managed Extended Detection and Response (MxDR) provides 24x7 cyber security monitoring for clients in more than 85 countries. Accenture's MxDR is a true multi-tenant, cloud-based service that provides all the technology, people, and processes a client needs. For this role, Accenture is looking to hire an experienced Manager to be involved as part of our MxDR service. Roles & Responsibilities:Utilize technology, functional and industry knowledge to diagnose complex client issues and develop appropriate recommendations Co-create strategic, tactical, and operational solutions at the intersection of technology, people, and businessDevelop implementation plans and leading teams to execute project deliverables to schedule, budget and performance goals Act independently to determine methods and procedures on new assignments Manage medium- to large-sized teams and/or work efforts within Accenture and for Clients Professional & Technical Skills: Manages teams while retaining hands on abilityProven experience in Incident management and handling escalationsDemonstrates effective management, retention, and growth of multiple strategic clients.Make decisions on client delivery procedures/outcomes.Outstanding interpersonal communications (written and oral) and client/stakeholder management skills Ability to work with global stakeholders, demonstrating maturity and impeccable professionalism Proven ability to work creatively and analytically in a problem-solving environment Proven ability to integrate into and foster a team-oriented environment Passionate about strategy and transformation of clients Ability to communicate clearly at all levels, demonstrating strong verbal and written communication skills.Adaptability to accept change Additional Information:At least 5 years of leadership experience (Manager/Supervisor) The candidate should have minimum 12 years of experience in Accenture MxDR Ops Security Threat AnalysisGood academic skills Knowledge on SIEMs like Splunk, Azure Sentinel or Google ChronicleExperience in SOC operations Professional certifications in GIAC, CISM or Cloud would be an added advantage This position is based at our Chennai office.A 15 year full time education is required. Qualification 15 years full time education

The Network Engineer plays a crucial role in the organization, reporting directly to the Network Manager. As a technical expert in networking engineering, you will be responsible for design and implementation of network changes. Your primary focus will be on ensuring defined standards, managing the technical lifecycle of products and services, and delivering change/transformation while ensuring a smooth transition to Network Operations. Key responsibilities include defining and documenting Network Engineering Standards, creating Low Level Design documents, developing Implementation Plans, managing Procurement activities, and ensuring the smooth Transition/Handover to Operations. Additionally, you will be responsible for Technical Lifecycle Management, supporting Architecture in creating a Delivery Roadmap, scoping activities for High Level Design, and undertaking Proof of Concept activities. With a minimum of 8 years of hands-on experience in network solutions within a global enterprise scale organization, you will bring expertise in design engineering and building resilient network solutions. Knowledge of network principles, global financial services, regional compliance standards, risk and compliance concepts, automation, and orchestration is essential. Understanding Layer 2, Layer 3 & Layer 4-7 networks and various networking technologies is required. Technical expertise in Network Routing, Switching, Network Security, Cisco, Juniper Routers & Switches, Checkpoint, Cisco ASA Firewalls, and Cisco, Silver-Peak SD-WAN is necessary. Certification in CCNA, CCNA Security, CCNP Routing & Switching, Check Point CSSE, SD-WAN, and ITILv3 foundation or higher is mandatory. Desirable skills include knowledge of Public Cloud, Azure Sentinel, and certifications like CCIE Routing & Switching, CCIE Data Center. Personal attributes such as being highly organized, proactive under pressure, problem management skills, positive attitude, teamwork, integrity, and effective communication are crucial for success in this role. As a Network Engineer, you will collaborate with global teams, challenge the status quo, and uphold professional standards. Embracing the philosophy of treating customers fairly, adhering to the organization's policies and procedures, and working effectively as part of the IT community are integral to the role.,

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud security challenges. Roles & Responsibilities:1)Design and implement Microsoft Sentinel architecture, including data connectors, analytics rules, and workbooks.2)Integrate Sentinel with various data sources, including Azure services on-premises systems, and third-party security products.3)Develop and maintain data connectors, APIs and custom integrations.4)Configure and optimize incident response workflows, including automated response actions and playbooks.5)Collaborate with security operations teams to implement Sentinel-based security monitoring and incident response processes.6)Provide training and support to security teams on Sentinel features and functionality7)Continuously monitor and optimize Sentinel performance, scalability, and reliability8)Develop and maintain custom dashboards, reports, and workbooks to provide security insights and metrics. 9)Integrate Azure Logic Apps with Azure Sentinel to automate security workflows and incident response.10)Develop custom connectors for Logic apps to integrate with Azure Sentinel and other security tools. 11)Collaborate with security teams, developers, and operation teams to ensure seamless integration and deployment of Logic Apps with Azure Sentinel12)Configure and maintain Sentinel workspaces, including data connectors, analytics rules. 13)Optimize Sentinel workspace performance, scalability, and security.14)Develop and maintain reports and dashboards to provide visibility into security metrics and trends.15)Strong knowledge of KQL and experience writing complex queries. Proficiency in Microsoft Sentinel, Azure Security Center and Azure Monitor- Experience with data analytics, machine learning, and threat intelligence. Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Develop and maintain comprehensive documentation of security architecture and frameworks.- Conduct regular assessments and audits to ensure compliance with security policies and standards. Professional & Technical Skills: - Must To Have Skills: Proficiency in Sentinel SIEM & KQL query.- Strong understanding of cloud security principles and practices.- Experience with security incident response and management.- Familiarity with compliance frameworks such as ISO 27001, NIST, or GDPR.- Knowledge of network security protocols and technologies. Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).- This position is based in Pune.- A 15 years full time education is required. Qualification 15 years full time education

We are seeking a skilled Qradar SOC Analyst / Consultant - L2 with 3-6 years of experience to join our dynamic Security Operations Center in Gurgaon/Gurugram. The ideal candidate will have hands-on experience with IBM QRadar SIEM

Job Description: As an MDR professional, you will play a key role in SIEM engineering, detection, and integration. Your responsibilities will include developing and optimizing detection rules and use cases in Azure Sentinel and Microsoft Defender for Endpoint. By analyzing security logs, you will identify threats and vulnerabilities, fine-tuning alerts for improved accuracy. Additionally, writing KQL queries to detect malicious activity across cloud and endpoint environments will be a crucial part of your role. In terms of incident investigation and response, you will provide advanced support to SOC L1/L2 teams in triaging complex security incidents. Collaboration with the IR team to contain and remediate security threats will also be a part of your responsibilities. Moreover, participating in proactive threat hunting to enhance detection capabilities will be essential to improving overall security posture. Your duties will also involve the configuration and management of Defender for Endpoint, Azure Sentinel, and related security tools to enhance threat detection. Implementing additional Azure security tools to broaden detection coverage will be part of your daily tasks. Integrating threat intelligence feeds to improve the detection of APTs and targeted attacks will be a critical aspect of your role. Staying updated on emerging threats and integrating new intelligence into detection strategies will be necessary to stay ahead of potential security risks. Collaboration with security teams to enhance detection and response processes will be a regular part of your work. Documenting and reporting on detection efforts, threat analysis, and incident response activities will be crucial for maintaining transparency and accountability. Continuous improvement will be a key focus, as you will mentor and train SOC L1/L2 analysts on advanced detection techniques and use cases for Azure Sentinel and Microsoft Defender for Endpoint. Your knowledge about security trends, attack vectors, and best practices within the SOC will be instrumental in driving continuous enhancement of security operations. If you are passionate about cybersecurity and ready to take on a challenging role in MDR, apply now to be a part of our dynamic team.,