131 Crowdstrike Jobs - Page 2

Overview We are looking for a Security Engineer III to join the Critical Start Technologies Private Ltd. team, operating under the Critical Start umbrella, supporting our India operations. This is an exciting opportunity for a skilled security professional with 5–8 years of hands-on experience in security engineering, threat detection, and investigation. We are looking for a curious, technically adept individual who thrives in a fast-paced, high-impact environment. You bring deep technical expertise, a proactive mindset, and a passion for solving complex security challenges using industry-leading tools and frameworks. The ideal candidate is a driven and resourceful security professional who thrives on diving deep into threat activity—whether it’s analyzing port scans or crafting custom detection queries. With a strong understanding of the MITRE ATT&CK framework, you’re capable of building your own detection content and conducting investigations independently, without relying solely on predefined rules. You take initiative, enjoy improving processes, and excel in autonomous, project-based environments. Your analytical mindset, technical curiosity, and collaborative spirit enable you to contribute meaningfully to both team goals and larger security objectives. Responsibilities Investigate and validate alerts generated by industry-standard EDR and SIEM platforms, ensuring data quality and investigative clarity for our Security Operations Center (SOC). Proactively identify opportunities to improve alert fidelity through detection tuning, custom rule development, and the creation of IOCs and IOAs. Author and maintain clear, user-centric investigation procedures to guide SOC analysts and drive consistency in alert handling. Collaborate cross-functionally with Engineering and Product teams to enhance security tools and improve platform efficacy. Conduct periodic quality assurance checks on alerts—especially during platform updates or vendor API changes—to maintain actionable fidelity. Design, write, and translate threat detection content across tools including but not limited to Splunk, Microsoft Sentinel, Devo, Microsoft 365 Defender, Palo Alto Cortex XDR, CrowdStrike, and SentinelOne. Lead internal knowledge-sharing sessions and mentor junior team members to foster a culture of collaboration and continuous learning. Operate effectively in a global, agile team spanning multiple time zones, balancing independence with team collaboration. Qualifications Required Qualifications: 5+ years of experience in cybersecurity with a focus on threat detection, security engineering, or incident investigation. Hands-on experience with multiple EDR and SIEM tools such as Splunk, Microsoft Sentinel, Devo, Microsoft 365 Defender, Palo Alto Cortex XDR, CrowdStrike, SentinelOne, Carbon Black, or Cylance. Proficiency in one or more query languages (e.g., SPL, KQL, Sumo Logic). Experience building use cases for SIEM platforms and a solid grasp of log source types including firewalls, operating systems, and proxies. Strong verbal and written communication skills with the ability to convey complex concepts to both technical and non-technical stakeholders. Ability to work independently while effectively collaborating with distributed teams. Familiarity with tools like GitHub, Jira, and Confluence. Preferred Qualifications: Professional certifications such as OSCP, CISSP, or equivalent. Experience creating parsers or custom log processing logic. Exposure to agile development environments and DevSecOps culture.

As a Cyber Security Specialist, you will play a critical role in safeguarding our organization's digital assets, focusing on Cyber Threat Intelligence Services to identify and mitigate potential threats. Your expertise in Cyber Security and Cloud, along with experience in CrowdStrike, will be essential in ensuring the security of our systems. This hybrid role offers the flexibility of working remotely and on-site during day shifts. You will lead the development and implementation of advanced cyber threat intelligence strategies to protect organizational assets. Additionally, you will oversee the monitoring and analysis of security threats using CrowdStrike and other advanced tools, providing expert guidance on cloud security best practices to ensure data integrity and confidentiality. Collaborating with cross-functional teams, you will design and implement robust security architectures, conduct regular security assessments and audits, and develop incident response plans to effectively manage and mitigate security breaches. Coordinating with external partners and stakeholders, you will enhance threat intelligence capabilities and implement security policies and procedures to comply with industry standards and regulations. Analyzing security incidents and providing detailed reports to senior management, you will also train and mentor junior security team members to build a strong security culture within the organization. Staying updated with the latest cyber security trends and technologies, you will proactively address emerging threats, support the integration of security solutions into existing IT infrastructure, and drive continuous improvement initiatives to optimize security operations and reduce risk exposure. Qualifications: - Possess a deep understanding of cyber threat intelligence services and their application in a corporate environment - Demonstrate proficiency in using CrowdStrike for threat detection and response - Exhibit strong knowledge of cloud security principles and practices - Have a proven track record of conducting security assessments and audits - Show experience in developing and implementing incident response plans - Display excellent communication skills for effective collaboration with cross-functional teams - Hold a relevant degree in Cyber Security Information Technology or a related field Certifications Required: - Certified Information Systems Security Professional (CISSP) - Certified Cloud Security Professional (CCSP),

Experience in working with tools like CrowdStrike, Proofpoint, Proxy, SIEM like Google SecOps, Azure Sentinel and understanding of SOAR/MDR platforms (Demisto, Resilient etc.) Good knowledge of cyber kill chain, recent threats and MITRE ATT&CK techniques and tactics. Experience in Manual Threat Hunting, effective dashboard, views, reports, alarm understanding. Regularly review standard operating procedures. Helping client in mitigating critical incidents. Advanced Device Health Management, Threat Intel feeds knowledge. Good functional knowledge of cloud, linux, windows, EDR, sandbox, firewall, IDS/IPS, AV, WAF, AD, DNS etc. Must have any one of CEH/ECSA/CHFI/ACISE. Excellent communication and presentation skills. Open to work on 24x7 shifts from office. Preferred Skills: Azure Sentinel SIEM,SOAR Concept,Cyber Security,SOC Monitoring

Role & responsibilities Core Responsibilities Monitor security dashboards and alerts to identify potential threats. Respond to security incidents by following established response plans. Conduct threat hunting to proactively identify vulnerabilities and potential threats. Collaborate with other departments, such as network engineering and incident response teams, for coordinated threat response. Analyze security incidents and document findings to prevent future occurrences. Develop and maintain security monitoring tools and processes. Implement and optimize SIEM, SOAR, EDR, and Threat Intelligence platforms. Conduct vulnerability assessments and penetration tests to identify weaknesses. Create and maintain incident response procedures and playbooks. Provide detailed reports on security incidents and emerging threats. Stay updated with the latest cybersecurity trends and threats. Experience 7-9 years of experience in cybersecurity, with a focus on SOC operations. Extensive experience with security monitoring tools and incident response. Proficiency in threat hunting and vulnerability analysis. Strong knowledge of network protocols, operating systems, and common cybersecurity threats. Experience with SIEM, SOAR, EDR, and Threat Intelligence platforms. Ability to conduct in-depth threat intelligence analysis and develop containment strategies. Experience in conducting vulnerability assessments and penetration tests. Excellent analytical and problem-solving skills. Strong communication and collaboration skills. Knowledge of frameworks such as NIST Cybersecurity framework, MITRE ATT&CK, and Lockheed Martin Cyber Kill Chain.

Seeking skilled Vulnerability & Patch Mngmnt Eng to join our offshore cybersecurity team supporting Rocket EMS. Its a strategic, hands-on role requiring expert knowledge in tools like TenableOne, Automox, CrowdStrike Falcon & Azure Sentinel, and KQL

Role & responsibilities About the Role: We are seeking a skilled and proactive Vulnerability & Patch Management Engineer to join our offshore cybersecurity team supporting Rocket EMS. You will lead the end-to-end vulnerability management and patching program across global infrastructure. This is a strategic, hands-on role requiring expert knowledge in tools like TenableOne, Automox, CrowdStrike Falcon, and Azure security solutions. Key Responsibilities: Manage enterprise-wide vulnerability lifecycle using TenableOne Rapid response to zero-day threats with scripting via CrowdStrike RTR Execute patch deployment using Automox across OS and cloud workloads Develop PowerShell/Python scripts for automation and rollback procedures Perform Azure Sentinel threat hunting using KQL Lead weekly vulnerability/patch management meetings and prepare executive dashboards Collaborate with global IT, SecOps, DevOps, and Engineering teams Required Skills: 5+ years in enterprise patch and vulnerability management Hands-on experience with TenableOne , Automox , CrowdStrike Falcon Complete , Azure Sentinel , and KQL Proficient in PowerShell and/or Python Strong understanding of Azure Cloud security posture and incident response Preferred: Knowledge of Infrastructure-as-Code (Terraform/ARM) Experience in regulated industries or manufacturing Additional certifications: Azure Security Engineer, CrowdStrike Certified

Experience: 10+ years Summary :We are seeking a highly skilled and proactive SOC Lead to manage and mature our 24x7 Security Operations Center. This role involves leading a team of 15 analysts (L1L3), supporting multiple customer environments, and driving operational excellence in threat detection, incident response, and SOC process improvement. The ideal candidate will have deep technical expertise in SIEM and EDR tools, strong leadership capabilities, and excellent communication skills. Key Responsibilities: Lead and manage a team of 15-20 SOC analysts (L1, L2, L3) across multiple customer environments.Act as the primary Incident Responder for critical security incidents.Conduct Root Cause Analysis (RCA) and develop Corrective and Preventive Actions (CAPA).Mentor and train junior/fresher SOC analysts to prepare them for advanced roles.Support and co-lead SIEM migration projects in collaboration with SIEM Engineers.Configure and fine-tune SIEM rules and use cases for enhanced threat detection.Integrate and troubleshoot log sources across diverse platforms and environments.Generate and present SOC KPIs and metrics to internal stakeholders and customers.Lead technical tabletop exercises with internal teams and customer stakeholders.Support SOC maturity assessments and contribute to continuous improvement initiatives.Maintain and enhance SOC documentation, playbooks, and standard operating procedures.Collaborate with threat intelligence, vulnerability management, and engineering teams. Required Skills Experience: 10+ years of experience in cybersecurity, with at least 4 years in a SOC leadership role.Proven experience managing multi-tenant or MSSP environments. Hands-on expertise with: SIEMs: QRoC, Sumo Logic, Splunk, Palo Alto SIEMEDR Tools: CrowdStrike, SentinelOneStrong knowledge of: SIEM rule creation and use case developmentLog source onboarding, integration, and troubleshootingIncident response lifecycle and threat detection methodologiesExcellent communication and writing skills; ability to present to customers and executives.Experience in producing and interpreting SOC metrics and dashboards.Familiarity with frameworks such as MITRE ATTCK, NIST, and SANS. Preferred Qualifications:Bachelors degree in computer science, Information Security, or related field.Industry certifications such as CISSP, CISM, GCIA, GCIH, CEH, or equivalent. Experience with scripting (Python, PowerShell) for automation and enrichment. Exposure to cloud security monitoring (AWS, Azure, GCP). Work Environment: Require on-call availability and rotational shifts.

As a Cyber Security Specialist, you will play a critical role in safeguarding our organization's digital assets, focusing on Cyber Threat Intelligence Services to identify and mitigate potential threats. Your expertise in Cyber Security and Cloud, along with experience in CrowdStrike, will be essential in ensuring the security of our systems. This hybrid role offers flexibility in working remotely and on-site during day shifts. You will lead the development and implementation of advanced cyber threat intelligence strategies to protect organizational assets, overseeing the monitoring and analysis of security threats using CrowdStrike and other advanced tools. Providing expert guidance on cloud security best practices, you will collaborate with cross-functional teams to design and implement robust security architectures. Your responsibilities will include conducting regular security assessments and audits, developing and maintaining incident response plans, coordinating with external partners to enhance threat intelligence capabilities, and implementing security policies and procedures to comply with industry standards and regulations. You will also analyze security incidents, provide detailed reports to senior management, train and mentor junior security team members, and stay updated with the latest cyber security trends and technologies. To qualify for this role, you must possess a deep understanding of cyber threat intelligence services and their application in a corporate environment, demonstrate proficiency in using CrowdStrike for threat detection and response, exhibit strong knowledge of cloud security principles and practices, and have a proven track record of conducting security assessments and audits. Additionally, you should show experience in developing and implementing incident response plans, display excellent communication skills for effective collaboration with cross-functional teams, and hold a relevant degree in Cyber Security, Information Technology, or a related field. Certifications Required: - Certified Information Systems Security Professional (CISSP) - Certified Cloud Security Professional (CCSP),

Role & responsibilities About the Role: We are hiring a Senior SOC Engineer to lead incident response, threat detection, and automation initiatives for Rocket EMS's global security operations. This is not an analyst roleyoull be hands-on, driving SIEM/SOAR optimization, advanced threat hunting, and direct response to cyberattacks across endpoints, cloud, and identity systems. Key Responsibilities: Design and build SOC infrastructure using Microsoft Sentinel and SOAR Lead deep investigations using CrowdStrike Falcon, MDE, Tenable, and Palo Alto/Fortinet firewalls Perform threat hunting using MITRE ATT&CK framework and dark web intelligence Develop KQL queries and automation scripts in PowerShell/Python Integrate and respond to incidents across Azure and Microsoft 365 environments Collaborate with MSOC and global teams for escalations and knowledge sharing Required Skills: 7+ years in cybersecurity roles, focused on SOC/IR/Threat Hunting Expertise with Microsoft Sentinel , CrowdStrike Falcon , MDE , Tenable Deep understanding of MITRE ATT&CK , lateral movement, and APTs Scripting experience in KQL , Python , PowerShell Strong communication, leadership, and mentoring skills Preferred: Certifications: GCFA, GCIH, GCTI, CISSP, AZ-500, MS-500, OSCP, or MITRE ATT&CK Defender Experience with Palo Alto XSOAR and cloud-based threat monitoring Interested candidates please share your resume to Sirishad@ca-one.com

Key Skills: Cybersecurity, Incident Response, SIEM, SOAR, MDR, Threat Hunting, Python, Bash, SQL, AWS, Azure, GCP, MITRE ATT&CK, Splunk, QRadar, CrowdStrike, Microsoft Defender, Palo Alto, Datadog. Roles & Responsibilities: Investigate security incidents related to network traffic, IAM violations, and unauthorized access. Analyze security detection rules, alerts, and correlation logic to identify malicious activities. Conduct threat hunting activities to proactively identify potential threats within the environment. Participate in incident response efforts, including containment, eradication, and recovery. Collaborate with the software development & SRE teams. Onboard customers and guide them through integration with MDR platforms. Ensure customer satisfaction and provide strategic security recommendations. This is a fully onsite role that requires high availability and proactive engagement. On-call/rotational work required. Experience Requirement: 3-8 years of experience in cybersecurity operations and advanced threat detection. Experience with SIEM platforms, Security orchestration platforms (SOAR), or specialized MDR providers such as Splunk, QRadar, CrowdStrike Falcon, Datadog, SentinelOne, Microsoft Defender, Palo Alto Cortex XDR, Panther, etc. Experience with threat hunting methodologies. Experience with databases and SQL. Scripting experience with Python and Bash. Ability to work in a team and in a 24/7 environment. Good written and verbal communication skills. MITRE ATT&CK framework knowledge is a plus. Cybersecurity certifications are a plus. Education: Any Graduation.

Shift : Rotational ( 9am-6pm and 3pm-12am) Reporting to : Practice Head Infrastructure & Data Security Role Context: This is an individual contributor (IC) role responsible for solving complex problems and taking a broad perspective to identify innovative solutions for client. This is at senior professional level and works independently with minimal guidance, and requires a high level proficiency security disciplines. Job Description: This position is responsible for day-to-day administration of NextGen AV, EDR & DLP. Troubleshooting experience on various NextGen AV & EDR products like Symantec, CrowdStrike and SentinelOne. Apply investigation techniques to document root cause and impact of security incidents. Hands-on implementation experience of EDR technology across large enterprises. Hands-on implementation experience of DLP technology across large enterprises. Troubleshooting expertise on various EDR OEMs like CrowdStrike, SentinelOne, Symantec & MacAfee. Troubleshooting expertise on various DLP OEMs like Symantec, Forcepoint & MacAfee. Monitor and respond to alerts generated from the DLP systems and other technologies. Collaborate with business groups to help them identify, classify, and secure high value data. Implementation of proactive measures to enhance accuracy and effectiveness of DLP tools. Provides 24x7 on-call support, which has roaster that is rotated. Utilizes existing tools and leverage innovative solutions to automate tasks with an emphasis on scalability and reliability. Provides technical support for activities that improve the security posture of client networks. Updates incident, request and change management records. Participate in problem management and RCA analysis. EDR Configuration, Troubleshooting , L2 Level. EDR Deployment. No Monitoring. DLP not mandatory. Crowdstrike mandatory. End-to-end implementation. Should be able to handle solution single handedly. Questionnaire for pre screening. Are you directly working on operations/solutioning or a part of SOC team. (we dont need from SOC team ) Requirements: Bachelor's degree in engineering, computer science or a related field is required. A minimum of 10+ years of professional experience in DLP, NextGen AV & EDR. Good understanding of organizational network architectures including cloud. Information Security concepts related to Governance, Risk & Compliance. Data Loss Prevention (DLP) technology support and incident management. NextGen AV & EDR technology support and incident management. Self-motivated, attitude of ownership, and a strong desire to learn. Excellent presentation and written communication skills with strong interpersonal skills Demonstrated ability to systematically troubleshoot problems in complex systems and network environments. Technical certification such as Symantec CSP in Data Protection, Certified McAfee Security Specialist or Expert, or RSA Certified McAfee Security Specialist (CMSS - DLP Focus), Websense Data Security Suite (DSS) Professional. Global support is a plus Excellent comm skills Related certification good to have Notice Period : - 0-45 Days.

You will be an integral part of our team as a skilled SOC Analyst Level 2 at our Security Operations Center in Pune. Your primary responsibility will be safeguarding our organization's digital assets by monitoring, analyzing, and responding to security incidents, utilizing Splunk as a key tool. In this role, you will handle complex security incidents, conduct detailed investigations, and provide guidance to L1 analysts. Your tasks will involve using advanced security tools to detect, analyze, and respond to sophisticated cyber threats. Additionally, you will play a crucial role in enhancing SOC processes to ensure the organization remains proactive in addressing evolving cybersecurity challenges. Key responsibilities will include investigating and resolving escalated security incidents, performing root cause analysis, conducting threat hunting activities, utilizing tools like Splunk, CrowdStrike, and Extra Hop, monitoring network traffic, optimizing SIEM rules, securing cloud services, collaborating with cross-functional teams, documenting findings, mentoring junior analysts, staying updated on emerging cybersecurity threats, and continuously improving your skills. To excel in this role, you should have proficiency with various tools such as Cisco AMP, Splunk, Duo, CASB, CrowdStrike, ExtraHop, ServiceNow, and JIRA. Strong knowledge of network and endpoint security principles, along with hands-on experience in incident response, threat hunting, and log analysis, will be essential. We offer a competitive salary and benefits package, a culture focused on talent development, opportunities to work with cutting-edge technologies, employee engagement initiatives, annual health check-ups, and insurance coverage for you and your family. Persistent Ltd. is committed to fostering diversity and inclusion in the workplace, offering hybrid work options, flexible hours, and accessible facilities to support employees with diverse needs. If you are looking to accelerate your growth professionally and personally, make a positive impact using the latest technologies, enjoy collaborative innovation, and unlock global opportunities, join us at Persistent and unleash your full potential.,

Key Responsibilities: Administer and secure Linux servers, including SSH key management. Ensure CIS benchmark and OS security compliance. Implement and manage AWS and Azure cloud security controls. Deploy, configure, and support CyberArk for Privileged Access Management. Manage CrowdStrike Falcon for endpoint security. Design and implement microsegmentation and Zero Trust security models. Troubleshoot and resolve server and security issues. Maintain clear technical documentation.

Role & responsibilities 6+ years of experience in cybersecurity operations with solid L3-level incident handling. Hands-on expertise with endpoint security solutions (CrowdStrike, SentinelOne, Microsoft Defender ATP, Carbon Black, etc.). Strong proficiency in conducting demos and technical evaluations for R&D or pre-deployment scenarios. In-depth understanding of SIEM platforms, EDR, network security, and intrusion detection. Experience with malware analysis, threat intelligence, and reverse engineering is a plus. Knowledge of Windows, Linux, and cloud environments (AWS/Azure/GCP). Familiarity with security frameworks (NIST, MITRE ATT&CK, SANS). Scripting skills (Python, PowerShell, Bash) for automation. Relevant certifications preferred: CISSP, OSCP, CEH, GCIA, GCIH .

Purpose of the Role As a Senior Information Security Analyst supporting the Yum! Cybersecurity team, you will act as a primary escalation point within the SOC for the SIEM platform and major incident investigations. This is a global role that supports over 53,000 restaurants across 150+ countries. The role involves responding to, researching, and addressing complex network security events while collaborating with brand Security and IT teams, as well as third-party service providers. Occasional on-call duties may be required. Responsibilities Investigate and resolve escalated security alerts using enterprise SIEM platforms (e.g., QRadar). Document investigations thoroughly, communicate with stakeholders, and ensure full resolution of issues. Gather, analyze, and summarize threat intelligence for internal stakeholders. Identify SIEM tuning opportunities and develop new use cases. Provide oversight for threat and vulnerability management and communicate risk observations to leadership. Collaborate with Subject Matter Experts across Security Services to optimize processes and improve the security service model. Partner with the Log Collection and Platform team to implement automation and efficiency measures. Lead brand collaboration calls to communicate detection trends, resolution statuses, and follow-up actions. Minimum Requirements: BTECH / Degree in Cybersecurity, Information Technology, or equivalent experience. 8-10 Years experience in a high-performance SOC or cybersecurity operations environment. 2-3 years of foundational IT experience (e.g. service desk, network operations, etc) ertifications such as GCIH, GSOC, GMON, GSEC, CCNA, Security+, or Network+ preferred. Experience with enterprise-grade SIEM platforms (e.g., QRadar, LogRhythm, CrowdStrike). Strong technical knowledge in IDS/IPS, firewalls, routers, and endpoint security. Familiarity with frameworks such as the Cyber Kill Chain. Demonstrated experience with threat analysis, event triage, and incident root-cause identification. Strong interpersonal and communication skills across technical and non-technical audiences. Experience with red/blue team or tabletop exercises. Time management and critical thinking in high-pressure environments. Preferred Requirements

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an L1 SOC Analyst you are the first line of defense in monitoring and triaging security alerts. You will work primarily with Sumo Logic SIEM and SOAR tools to identify potential security incidents, validate alerts, and escalate them according to the defined SOPs. You will ensure real-time visibility and log health while flagging suspicious activity promptly. This role is essential to ensuring timely detection and reducing noise from false positives Roles & Responsibilities:--Basic Security Knowledge:Understanding of key concepts (malware, phishing, brute force, etc.-SIEM Familiarity:Exposure to Sumo Logic UI and understanding how to read/query logs-Exposure to CrowdStrike Falcon Console:Ability to view and interpret endpoint alerts-Alert Triage:Ability to differentiate between false positives and real threats-Communication Skills: Clear written documentation and verbal escalation-Ticketing Systems:Familiarity with platforms like JIRA, ServiceNow, or similar-Basic understanding of cybersecurity fundamentals-Basic Scripting:Awareness of PowerShell or Python for log parsing-SOAR Exposure:Familiarity with automated triage workflows-Security Certifications:Security+, Microsoft SC-900, or similar certification-Operating System Basics:Windows and Linux process and file system awareness Professional & Technical Skills: -Monitor real-time alerts and dashboards in Sumo Logic SIEM-Perform initial triage on alerts and determine severity/priority-Escalate validated security incidents to L2 analysts per defined SOPs-Follow pre-defined SOAR playbooks to document or assist in response-Ensure alert enrichment fields are populated like host info, user details, etc.-Conduct basic log searches to support alert analysis-Perform daily health checks on log sources and ingestion pipelines-Maintain accurate ticket documentation for each alert handled-Participate in shift handovers and team sync-ups for awareness-SIEM:Basic log searching, correlation rule awareness-SOAR:Familiarity with playbook execution-Security Concepts:Basic understanding of malware, phishing, brute force-Tools:CrowdStrike EDR, Sumo Logic Additional Information:- The candidate should have minimum 2 years of experience in Security Information and Event Management (SIEM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Level 2 SOC Analyst, your role involves deeper investigation of security alerts and confirmed incidents. You will validate escalated events using Sumo Logic and CrowdStrike Falcon, enrich them with context, and work closely with L3 analysts to assist in containment and timely remediation. You will also assist in improving detection fidelity and supporting SOAR automation. Roles & Responsibilities:-Intermediate Sumo Logic SIEM query and dashboarding skills-Alert Triage & Investigation:Experience investigating escalated alerts using SIEM or EDR-Hands-on experience with CrowdStrike EDR investigations-Incident Response and Containment:Take necessary actions to contain, eradicate and recover from security incidents.-Malware Analysis:Perform malware analysis using the sandboxing tools like CS etc.-SOAR Execution:Running and modifying basic playbooks in Sumo Logic SOAR-Incident Reporting and Documentation:Strong reporting skills with accurate detail capture to provide the RCA for the true positive security incidents with detailed documentation.-Communication & Collaboration:Send emails to request information, provide updates, and coordinate with different teams to ensure tasks are completed efficiently.-MITRE ATT&CK Mapping:Ability to classify incidents with tactics/techniques-Alert fine tuning recommendations to reduce false positive noise-Investigate alerts escalated by L1 to determine scope, impact, and root cause-Perform in-depth endpoint and network triage using CrowdStrike-Use CrowdStrike Falcon to perform endpoint analysis and threat validation-Correlate multiple log sources in Sumo Logic to trace attacker activity-Execute or verify SOAR playbooks for containment actions (isolate host, disable user)-Enrich events with asset, identity, and threat intelligence context-Document investigation workflows, evidence, and final conclusions-Support L3 during major incidents by performing log or memory triage-Suggest improvements in alert logic or SOAR workflow to reduce false positives-Conduct threat research aligned to alert patterns and business context-Enhance alert fidelity with threat intel and historical context-Document investigation findings and communicate with stakeholders Professional & Technical Skills: -Exposure to threat hunting techniques-Scripting to assist SOAR playbook tuning-Triage Automation:Ability to identify playbook gaps and recommend improvements-Cloud Security Basics:Awareness of log patterns from AWS/Azure-Log Analysis:Correlation and trend identification in Sumo Logic-Certifications:SC-200, CySA+, ECSA or relevant advanced certification-SIEM:Advanced queries, dashboards, correlation logic-SOAR:Execute and troubleshoot playbooks-Tools:CrowdStrike (RTR, detections, indicators), Sumo Logic SIEM-Threat Analysis:IOC enrichment, TTP identification-Primary Skill:Incident Investigation and Enrichment Additional Information:- The candidate should have minimum 3 years of experience in Security Information and Event Management (SIEM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud security challenges. Roles & Responsibilities:-Monitor, analyze security alerts from SIEM platforms and other threat detection systems to identify potential security incidents by following established processes.-Design and optimize complex search queries; create and maintain custom dashboards, alerts, and reports to improve visibility and detection capabilities.-Collaborate with IT, infrastructure, and application teams to manage and resolve security incidents effectively.-Lead and participate in security incident response activities, ensuring accurate documentation and closure of incidents.-Improve SOC operations by enhancing processes, developing playbooks, and updating standard operating procedures (SOPs).-Mentor and support junior analysts by providing guidance and resolving escalated alerts.-Conduct deep-dive investigations into advanced or persistent threats and track incidents through to resolution.-Actively participate in and lead client meetings, providing technical input and updates on ongoing incidents or improvements.-Identify and reduce false positives through alert fine-tuning and continuous rule optimization.-Apply knowledge of threat models, threat intelligence, and attacker techniques (e.g., MITRE ATT&CK) to enhance detection strategies.-Administer core SIEM components, including deployment servers and indexers, ensuring high availability and performance.-Contribute to building and enhancing detection content, such as correlation rules and threat detection logic. Professional & Technical Skills: -Experience working as SOC analyst.- Strong Understanding of tools like SIEM, CrowdStrike, MS Defender, Proofpoint, Azure, IDS/IPS.- Strong Understanding of TCP/IP, DNS, DHCP, HTTP/HTTPs, VPN- Basic understanding of Windows/Linux command line tools.- Log analysis from operating systems, firewalls, etc.- SIEM/SOC operations experience for very large enterprises.- Knowledge on MITRE/CKC framework. Additional Information:- The candidate should have minimum 3 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and facilitating the transition to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud security challenges. Roles & Responsibilities:-Monitor, analyze security alerts from SIEM platforms and other threat detection systems to identify potential security incidents by following established processes.-Collaborate with IT, infrastructure, and application teams to manage and resolve security incidents effectively.-Participate in security incident response activities, ensuring accurate documentation and closure of incidents.-Improve SOC operations by enhancing processes and updating standard operating procedures (SOPs).-Actively participate in client meetings, providing technical input and updates on ongoing incidents or improvements.-Identify false positives through alert fine-tuning and continuous rule optimization.-Apply knowledge of threat intelligence, and attacker techniques (e.g., MITRE ATT&CK) to enhance detection strategies.-Contribute to enhancing detection content, such as correlation rules and threat detection logic. Professional & Technical Skills: - Experience working as SOC analyst.- Good Understanding of tools like SIEM, CrowdStrike, MS Defender, Proofpoint, Azure, IDS/IPS.- Strong Understanding of TCP/IP, DNS, DHCP, HTTP/HTTPs, VPN- Basic understanding of Windows/Linux command line tools.- Log analysis from operating systems, firewalls, etc.- SIEM/SOC operations experience for very large enterprises.- Knowledge on MITRE/CKC framework. Additional Information:- The candidate should have minimum 2 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As the SOC L3 Analyst you will lead the technical handling of critical security incidents. Youll be responsible for deep-dive analysis, root cause investigation, forensics, and containment using tools such as CrowdStrike, Sumo Logic SIEM, and SOAR. You will be responsible for onboarding and managing log sources, building SIEM use cases (custom + in built), and developing automation in SOAR to support incident response and threat detection workflows Roles & Responsibilities:-End-to-End Incident Response Ownership:Ability to handle incident lifecycle (detect, contain, remediate)-Subject matter expert for handling the escalated critical or actual true positive incidents.-CrowdStrike Deep Dive:Using Real Time Response (RTR), Threat Graph, custom IOA rules-Strong command over Sumo Logic SIEM content engineering:Creating detection rules, dashboards, and field extractions-Threat Hunting:Behavior-based detection using TTPs-SOAR Automation:Designing playbooks, integrations with REST APIs, ServiceNow, CrowdStrike-Threat Intel Integration:Automation of IOC lookups and enrichment flows-Forensic Skills: Live host forensics, log correlation, malware behavioral analysis-Deep experience in advanced threat detection and incident response-Scripting Proficiency:Python, PowerShell, Bash for automation or ETL-Error Handling & Debugging:Identify and resolve failures in SOAR or data pipelines-Proficiency in CrowdStrike forensic and real-time response capabilities-Experience Sumo Logic SOAR for playbook optimization-Use case development in Sumo Logic SIEM Professional & Technical Skills: -Lead high-severity incident response, coordinating with stakeholders and IT teams-Perform endpoint forensic triage using CrowdStrike Real Time Response (RTR)-Conduct detailed log analysis and anomaly detection in Sumo Logic-Customize or create new detection rules and enrichments in SIEM-Develop/Tune SOAR playbooks for advanced scenarios, branching logic, and enrichment-Perform root cause analysis and support RCA documentation-Mentor L1 and L2 analysts through case walk-throughs and knowledge sharing-Generate post-incident reports and present findings to leadership-Lead investigations and coordinate response for major incidents-Perform root cause analysis and post-incident reviews-Develop advanced detection content in Sumo Logic-Optimize SOAR playbooks for complex use cases-Onboard and maintain data sources in Sumo Logic SIEM and ensure parsing accuracy-Build custom dashboards, alerts, and queries aligned with SOC use cases-Create and maintain field extractions, log normalization schemas, and alert suppression rules-Integrate external APIs into SOAR (e.g., VirusTotal, WHOIS, CrowdStrike)-Monitor log health and alert performance metrics; troubleshoot data quality issues-Collaborate with L3 IR and Threat Intel teams to translate threat use cases into detections-Participate in continuous improvement initiatives and tech upgrades-Conduct playbook testing, version control, and change documentation-CrowdStrike:Custom detections, forensic triage, threat graphs-SIEM:Rule creation, anomaly detection, ATT&CK mapping-SOAR:Playbook customization, API integrations, dynamic playbook logic-Threat Intelligence:TTP mapping, behavioral correlation-SIEM:Parser creation, field extraction, correlation rule design-Scripting:Python, regex, shell scripting for ETL workflows-Data Handling:JSON, syslog, Windows Event Logs-Tools:Sumologic SIEM, Sumo logic SOAR & Crowdstrike EDR-Exp in in SOC/IR including 4+ in L3 role (IR + SIEM Content Engineering & SOAR) Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role: Cybersecurity Engineer Work Experience: 4 to 7 Years Work location: Bengaluru/Chennai Work Mode: Hybrid Must Have Skills: Crowdstrike Falcon, Security Design, implementation, configuration Primary Responsibilities: Design, implement and improve IQVIA cybersecurity systems Configure, troubleshoot, and maintain security infrastructure Evaluate tools, develop use cases, and document effectiveness of new tools and technologies to meet those use cases Engage and work with vendors on projects and current security controls improvement Initiate, execute and complete project plans Document and maintain designs for security controls Keep abreast with current security threats, trends and controls Required Experience and Qualifications: 4+ years of professional experience in Information Security/IT Systems/Network Administration and Engineering Bachelors degree in computer science, computer engineering, or information technology Hands-on experience in maintenance of Endpoint Detection and Response (EDR) tools in large organizations (mandatory) Knowledge and experience in one or more of the following areas: EDR, endpoint security, automation and scripting, e-mail security, network security, DLP, SOAR, CTI, CASB, CSPM, CWPP Knowledge of information security concepts and best practices, as well as ability to apply these concepts into the business Track record of successfully working in large/complex global organizations Certifications in the information security domain are a great plus Knowledge of cloud architecture and security (AWS, Azure) is desired Educational Qualification: BTech/BSc/BCA/MTech/MSc/MCA

Role & responsibilities Overview: The Team Lead - Information Security ensures the efficient execution of security operations by driving proactive incident management and strategic security initiatives. This role demands strong technical expertise and analytical thinking to enhance security posture and operational efficiency. Key Responsibilities: Lead the classification, documentation, and resolution of security incidents. Analyze, assign, and escalate high-complexity security issues as needed. Establish incident response protocols and ensure adherence to response timelines. Investigate complex security issues, determine root causes, and implement preventive measures. Collaborate with third-party vendors and escalate unresolved security incidents. Conduct vulnerability assessments and evaluate security risks. Enhance existing security controls and recommend risk mitigation strategies. Provide regular updates on security incidents, mitigation actions, and operational improvements. Develop executive-level security reports and presentations. Provide guidance on security tool optimization and integration into the organizations security framework. Lead security incident investigations and provide strategic recommendations. Cross-Functional Collaboration: Work with IT, compliance, and security teams to integrate security solutions into business operations. Lead the coordination of security initiatives with various departments. Technical Leadership and Mentorship: Provide technical guidance and mentorship to security analysts and team members. Foster a culture of continuous learning and development within the team. Stay updated on emerging cybersecurity threats, trends, and best practices. Recommend and implement security enhancements based on evolving threat landscapes. Experience Requirements: 6-8 years of experience in security operations, incident response, and risk management. Hands-on experience with SIEM tools like CrowdStrike, MS Sentinel, Splunk, QRadar, or LogRhythm. Expertise in EDR tools, Email Security tools, and forensic network analysis. Strong background in SOC operations, including triage, alert investigation, and incident qualification. In-depth knowledge of security technologies: DLP, IDS/IPS, Email Security, SWG/Proxy, CASB, CSPM, SASE, SSE, and SIEM. Experience with cloud security solutions and platforms such as AWS, Azure, or Google Cloud Platform. Proficiency in operating system security for Windows, MacOS, and Linux distributions. Strong problem-solving skills with the ability to analyze and resolve complex security issues. Strong expertise in ITIL and Change Management. Skills and Competencies: Strong technical knowledge in SIEM, EDR, Incident Response, and Email Security tools (ProofPoint, FireEye, CrowdStrike). Ability to optimize SOC operations and security workflows. Excellent communication and collaboration skills. Proficiency in MS Office for reporting and documentation. Relevant certifications such as CS, Threat Hunting, or equivalent technical certifications. Qualifications: Bachelor’s degree in computer science, Information Security, Electronics & Communication, or a related field & 8+ years of experience in managing and operating security solutions in enterprise environments. Preferred candidate profile

Job Description: Threat Hunting analyst performs a wide variety of security duties with a primary focus on threat actor-based tactics, techniques, and procedures. The ability to manage multiple simultaneous threat hunts spanning several platforms with various TTPs is a key function of this role. Knowledge sharing and mentoring of team members is a critical and necessary skill. Must have the ability to operate under pressure and influence the team dynamic when responding to incidents. Should be able to work to enhance and improve the team and processes over time in a well-established manner. Roles and responsibilities : Perform hypothesis-based threat hunts using popular MITRE attack framework Perform intel-based threat hunting Conduct threat simulation exercises to test current security control Create diamond models to model threat activity Work directly with leadership to develop and improve existing internal processes Develop new processes that will add value to threat hunting team Provide proactive assistance to junior analysts to help them develop their skillset Develop advanced correlation rules for threat detection using CQL (CrowdStrike Query Language) Create and utilize threat intel report to conduct manual hunts across available data sources Perform static and dynamic analysis of malicious files Work proactively on critical security incidents Perform vulnerability review and risk assessment Core experience with Crowdstrike or SPLUNK L3 level experience into investigation, recommendation and take decisions related to Security Incident Investigation, Worked with Leadership Manage End-2-End Security Incident Investigation Experience in creating MITRE Attack Framework Knows basics of Vulnerability Analysis & Risk Assessment Manual Hunt Actively search for threats that may not have been detected by automated security tools. Detect hidden or undisclosed threats using advanced techniques and tools. Develops hypotheses about potential threats based on threat intelligence and industry trends. Performs an in-depth analysis of the network and system to uncover IOCs and APTs. Works closely with other cybersecurity teams to improve detection capabilities and share findings. Have a high level of knowledge in scripting (e.g. Python, PowerShell) to automate threat hunting tasks. Deeply analyze the tactics, techniques, and procedures (TTPs) of the attacker. Advanced Threat Detection Scripting and Programming Knowledge Advanced PowerShell, Bash, and Cmd Analysis Threat Intelligence, Malware Analysis, Vulnerability Analysis, Cloud Security, Data Analysis Required skills : Ability to perform threat hunting using MITRE attack framework Ability to identify/detect/explain malicious activity that occurs within environments with high accuracy/confidence level Ability to develop advanced correlation rules for threat detection. Must be expertise in creating queries using SPL (Search processing language used by Splunk) or CQL (CrowdStrike Query language) Ability to create threat intelligence reports based on available threat intel Ability to perform static and dynamic analysis of possible malicious files Ability to perform Vulnerability analysis and risk assessment Should have strong log analytical skills Should be able to demonstrate good incident response skills in case of critical security incidents Moderate understanding of Windows and Linux operating systems, as well as command line tools Strong verbal as well as written communication skills Basic understanding of malware analysis Year of Experience : 5+ years (Security Operations + Threat Hunting - [Minimum 2 years should be in threat hunting]) Tools - CrowdStrike, Splunk, Logscale Humio Certification : GIAC / Offensive Security certifications preferred CTHP (CTHP (Certified Threat Hunting Professional): An advanced certification for threat hunters.) , C|TIA (Certified Threat Intelligence Analyst), GIAC Certified Threat Intelligence (GCTI), Certified Threat Hunting Professional (CTHP). One of this is a must have. Programing language - Python (Good to have) Qualification : Bachelor of Engineering in any stream

Job Summary As a Cyber Security Specialist you will play a critical role in safeguarding our organizations digital assets. With a focus on Cyber Threat Intelligence Services you will work to identify and mitigate potential threats. Your expertise in Cyber Security and Cloud along with experience in CrowdStrike will be essential in ensuring the security of our systems. This hybrid role offers the flexibility of working both remotely and on-site during day shifts. Responsibilities Lead the development and implementation of advanced cyber threat intelligence strategies to protect organizational assets. Oversee the monitoring and analysis of security threats using CrowdStrike and other advanced tools. Provide expert guidance on cloud security best practices to ensure data integrity and confidentiality. Collaborate with cross-functional teams to design and implement robust security architectures. Conduct regular security assessments and audits to identify vulnerabilities and recommend improvements. Develop and maintain incident response plans to effectively manage and mitigate security breaches. Coordinate with external partners and stakeholders to enhance threat intelligence capabilities. Implement security policies and procedures to comply with industry standards and regulations. Analyze security incidents and provide detailed reports to senior management. Train and mentor junior security team members to build a strong security culture within the organization. Stay updated with the latest cyber security trends and technologies to proactively address emerging threats. Support the integration of security solutions into existing IT infrastructure to enhance overall protection. Drive continuous improvement initiatives to optimize security operations and reduce risk exposure. Qualifications Possess a deep understanding of cyber threat intelligence services and their application in a corporate environment. Demonstrate proficiency in using CrowdStrike for threat detection and response. Exhibit strong knowledge of cloud security principles and practices. Have a proven track record of conducting security assessments and audits. Show experience in developing and implementing incident response plans. Display excellent communication skills for effective collaboration with cross-functional teams. Hold a relevant degree in Cyber Security Information Technology or a related field. Certifications Required Certified Information Systems Security Professional (CISSP) Certified Cloud Security Professional (CCSP)

Operational Maturity : Develop clear documentation for processes, metrics, and outcomes, ensuring adherence to SLAs and compliance requirements. Foster continuous improvement in threat detection and SIEM management. Threat Detection Leadership : Provide technical leadership across threat detection and SIEM, with a focus on enhancing incident handling processes, detection engineering, threat interdiction capabilities and metrics. Security Tool Operations : Own and manage security tool alerts, ensuring comprehensive coverage and effectiveness across the enterprise while continuously improving detection and prevention mechanisms. Cloud and DevOps Security : Drive security capabilities by embedding security into DevOps workflows, leveraging cloud-native tools, and advancing automation for detection and response. Continuous Improvement : Stay current and share best practices on how to use modern methods to address security gaps. Leverage artificial intelligence to reduce manual work. Performance Metrics : Facilitate and monitor key performance metrics and reporting frameworks to ensure the efficiency and effectiveness of the program, facilitating resource allocation and increasing the maturity of the security. Change Management : Follow change management process in managing security platforms Collaboration : Collaborate with cross-functional teams to ensure security solutions meet operational and cultural goals. Collect and analyze feedback to continuously refine tools, platforms, and support processes. WHO YOU ARE Bachelors degree in Cyber Security, information technology or related field; 5+ years of experience in cybersecurity, with a focus on threat detection and SIEM. Hands-on experience with CrowdStrike Platform; NG SIEM an advantage Strong knowledge of IT security principles and compliance standards. Proven ability to balance strategic vision with hands-on implementation. Exceptional communication, and problem-solving skills. A driven and self-starting individual who can work independently and take initiative. Experience working across multiple countries and time zones is an advantage.