261 Crowdstrike Jobs - Page 7

Job Summary As a Cyber Security Specialist you will play a critical role in safeguarding our organizations digital assets. With a focus on Cyber Threat Intelligence Services you will work to identify and mitigate potential threats. Your expertise in Cyber Security and Cloud along with experience in CrowdStrike will be essential in ensuring the security of our systems. This hybrid role offers the flexibility of working both remotely and on-site during day shifts. Responsibilities Lead the development and implementation of advanced cyber threat intelligence strategies to protect organizational assets. Oversee the monitoring and analysis of security threats using CrowdStrike and other advanced tools. Provide expert guidance on cloud security best practices to ensure data integrity and confidentiality. Collaborate with cross-functional teams to design and implement robust security architectures. Conduct regular security assessments and audits to identify vulnerabilities and recommend improvements. Develop and maintain incident response plans to effectively manage and mitigate security breaches. Coordinate with external partners and stakeholders to enhance threat intelligence capabilities. Implement security policies and procedures to comply with industry standards and regulations. Analyze security incidents and provide detailed reports to senior management. Train and mentor junior security team members to build a strong security culture within the organization. Stay updated with the latest cyber security trends and technologies to proactively address emerging threats. Support the integration of security solutions into existing IT infrastructure to enhance overall protection. Drive continuous improvement initiatives to optimize security operations and reduce risk exposure. Qualifications Possess a deep understanding of cyber threat intelligence services and their application in a corporate environment. Demonstrate proficiency in using CrowdStrike for threat detection and response. Exhibit strong knowledge of cloud security principles and practices. Have a proven track record of conducting security assessments and audits. Show experience in developing and implementing incident response plans. Display excellent communication skills for effective collaboration with cross-functional teams. Hold a relevant degree in Cyber Security Information Technology or a related field. Certifications Required Certified Information Systems Security Professional (CISSP) Certified Cloud Security Professional (CCSP)

Operational Maturity : Develop clear documentation for processes, metrics, and outcomes, ensuring adherence to SLAs and compliance requirements. Foster continuous improvement in threat detection and SIEM management. Threat Detection Leadership : Provide technical leadership across threat detection and SIEM, with a focus on enhancing incident handling processes, detection engineering, threat interdiction capabilities and metrics. Security Tool Operations : Own and manage security tool alerts, ensuring comprehensive coverage and effectiveness across the enterprise while continuously improving detection and prevention mechanisms. Cloud and DevOps Security : Drive security capabilities by embedding security into DevOps workflows, leveraging cloud-native tools, and advancing automation for detection and response. Continuous Improvement : Stay current and share best practices on how to use modern methods to address security gaps. Leverage artificial intelligence to reduce manual work. Performance Metrics : Facilitate and monitor key performance metrics and reporting frameworks to ensure the efficiency and effectiveness of the program, facilitating resource allocation and increasing the maturity of the security. Change Management : Follow change management process in managing security platforms Collaboration : Collaborate with cross-functional teams to ensure security solutions meet operational and cultural goals. Collect and analyze feedback to continuously refine tools, platforms, and support processes. WHO YOU ARE Bachelors degree in Cyber Security, information technology or related field; 5+ years of experience in cybersecurity, with a focus on threat detection and SIEM. Hands-on experience with CrowdStrike Platform; NG SIEM an advantage Strong knowledge of IT security principles and compliance standards. Proven ability to balance strategic vision with hands-on implementation. Exceptional communication, and problem-solving skills. A driven and self-starting individual who can work independently and take initiative. Experience working across multiple countries and time zones is an advantage.

Key Responsibilities: Investigate and analyze escalated security alerts and events from L1 analysts. Perform in-depth threat analysis using SIEM, EDR, IPS Conduct triage and root cause analysis of security incidents. Respond to and contain incidents according to the incident response plan. Provide guidance and mentorship to L1 SOC Analysts. Maintain and update security documentation and playbooks. Collaborate with IT and other departments during investigations and remediation. Required Skills & Qualifications: 3 to 6 years of experience in a SOC or cybersecurity operations environment Hands-on experience with SIEM tools (Crowd strike, Rapid 7) Experience with endpoint detection tools, IDS/IPS, firewalls, and vulnerability scanners Knowledge of malware analysis, attack vectors, and common TTPs (MITRE ATT&CK) Familiarity with security frameworks like HIPAA, NIST, ISO 27001 Strong analytical and problem-solving skills Excellent communication and documentation skills Ability to work in 24/7 rotational shifts

Position: Senior System Support Executive - Hubli Position Summary The Senior System Support Executive is responsible for delivering technical support to end users across various enterprise applications and systems. This role ensures the resolution of technical issues efficiently and aligns IT services with business objectives. Key Responsibilities • Possess expert-level knowledge of Windows Server environments, including Active Directory, DHCP, DNS, WSUS, and WDS. • Take end-to-end ownership of employee technical issues and ensure timely resolution within service level expectations. • Provide real-time support to employees via chat, aiding in troubleshooting, root cause analysis, and issue resolution. • Contribute to Problem Management by identifying recurring incidents and proposing long-term solutions. • Drive continual improvement initiatives within the IT Operations Support function. • Conduct training sessions and prepare user-friendly documentation to enhance end-user self-service. • Create and maintain technical documentation to contribute to the departments knowledge base, promoting effective knowledge sharing. • Collaborate with Network and Systems Engineering teams to provide hands-on support for network and server infrastructure. • Perform scheduled system audits and routine maintenance checks on user systems. • Manage OS patching and maintain vendor relationships for timely support and escalations. • Oversee IT inventory and asset configuration documentation. • Demonstrate the ability to operate both independently and within a team structure. • Develop and document workarounds for unresolved incidents. • Communicate with users to assess and translate technical problems into actionable solutions. • Uphold consistency and reliability in service delivery. • Exhibit strong interpersonal, communication, and time management skills. • Apply effective decision-making and organizational capabilities to manage priorities and incidents. Technical Proficiencies • Hands-on experience with: Gsuite/any email systems, Fortinet Firewall,Switches, Crowdstrike, BitLocker, Ivanti Endpoint Management, AD. Preferred Qualifications • 57 years of proven experience in IT Infrastructure support. • A degree in B.E., B.Tech, MCA, MSc-IT, or an equivalent field. • Industry certifications such as CCNA, MCSA, or CompTIA N+ are advantageous. • Strong analytical, verbal, and written communication skills. • Proven troubleshooting capabilities and a methodical problem-solving approach.

Must-Have Skills: Experience with SIEM vendors such as QRadar, Sentinel, Splunk Incident response and threat hunting expertise Strong knowledge of attack patterns, Tools, Techniques, and Procedures (TTPs) Experience in writing procedures, runbooks, and playbooks Strong analytical and problem-solving skills Hands-on experience with system logs, network traffic analysis, and security tools Proficiency in identifying Indicators of Compromise (IOCs) and Advanced Persistent Threats (APTs) Good-to-Have Skills: Experience setting up SIEM solutions and troubleshooting connectivity issues Familiarity with security frameworks and best practices Ability to collaborate with IT and security teams effectively Responsibilities: Act as an escalation point for high and critical severity security incidents Conduct in-depth investigations to assess impact and understand the extent of compromise Analyze attack patterns and provide recommendations for security improvements Perform proactive threat hunting and log analysis to detect potential threats Provide guidance on mitigating risks and improving security hygiene Identify gaps in security processes and propose enhancements Ensure end-to-end management of security incidents Document and update incident response processes and define future outcomes Participate in war room discussions, team meetings, and executive briefings Train team members on security tools and incident resolution procedures Required Skills L3 SOC Analyst, Qradar OR Sentinel OR Splunk or Google Chronicle) - Any 2 of the SIEM tools required EDR tools (Crowdstrike OR Defender OR SentinelOne) - Any 2 of the EDR tools required

Role & responsibilities Please find the Job Description for EDR : 1. -Good working knowledge of EDR solutions such as MDATP, FireEye, CrowdStrike Falcon, Carbon Black. 2. -Must be well-versed with Operating System concepts i.e. Windows/Linux/MacOS 3. -Ability to distinguish between False Positives and False Negatives detections with respect to logs available. 4. -Good Exposure to OSINT tools, sandboxing, encoding-decoding techniques for independent investigation. 5. -Must be able to Investigate and Triage EDR related alerts with an ability to share detailed investigation reports to clients within SLA. 6. -Knowledge of Cyber kill chain and MITRE ATT&CK techniques and tactics used by adversary to evade detection. 7. -Awareness of various stages of Incident Response which involves in-depth analysis and RCA submission on security incidents. 8. -Good understanding of Malware Analysis i.e. static and dynamic and its variants. 9. -Exposure to adversary simulation and red teaming tools such as Caldera, PowerShell Empire, Cactus Torch 10. -Understanding of Database language i.e. KQL is a Plus. 11. -Understanding of Network Security concepts and popular encryption standards. 12. -Excellent communication skills for cross-group and interpersonal skills with ability to articulate business need for detection improvements. 13. -Exposure to reverse engineering of malware samples is a plus. 14. -Certification in OSCP, OSCE, GREM, GCIH, GCFA will be highly preferred.

Key Skills: Vulnerability, DLP, Crowdstrike, Malware, Cyber Security, Threats, Cyber Threat, SIEM, Siemens Ops center Roles and Responsibilities: Operational Maturity: Create clear documentation for processes, metrics, and outcomes, ensuring adherence to Service Level Agreements (SLAs) and compliance requirements. Promote continuous improvement in threat hunting and DLP management. DLP Leadership: Offer technical leadership in developing and enhancing the DLP program at Fortive. Establish metrics to measure the program's success. Security Tool Operations: Manage and oversee relevant security tools, ensuring comprehensive coverage and effectiveness across the enterprise while continuously enhancing detection and prevention mechanisms. Cloud and DevOps Security: Drive security capabilities by embedding security into DevOps workflows, leveraging cloud-native tools, and advancing automation for detection and response. Continuous Improvement: Stay current and share best practices in both threat hunting and data loss prevention. Leverage artificial intelligence to reduce manual work. DLP Programme: Collaborate with other security teams, legal, IT, and key stakeholders to document and drive a DLP program to protect Fortive data. Change Management: Adhere to change management processes in managing security platforms. Ensure proper lifecycle management of threat hunting artifacts. Collaboration: Work with cross-functional teams in both proactive and reactive security scenarios. Collect and analyze feedback to continuously refine tools, platforms, and support processes. Skills Required: 5+ years of experience in cybersecurity, with a focus on DLP and threat detection. Hands-on experience with CrowdStrike Platform; NG SIEM an advantage. Strong knowledge of IT security principles and compliance standards. Familiarity with at least one DLP solution. Demonstrated ability to balance strategic vision with hands-on implementation. Exceptional communication and problem-solving skills. A driven and self-starting individual who can work independently and take initiative. Experience working across multiple countries and time zones is an advantage. Education: Bachelor's degree in Cyber Security, Information Technology or related field.

Job Description . Lead with consultative customer conversations and proactively identify cyber security sales opportunities in company's existing account base & new accounts. • Own, develop and execute all areas of the sales cycle for cyber security opportunities. • Understand and map customer business objectives, IT strategy, technical and commercial requirements to relevant technology solutions. • Clearly articulate how security solutions can deliver customer business value. • Collaborate with cross-functional teams like coverage, pre-sales, delivery teams etc. for overall success of business. • Contribute to the development and growth of the company's cyber security proposition. Requirements Minimum of bachelor's degree in engineering and MBA or equivalent Minimum 5+ Years of experience managing sales of cybersecurity solutions across OEM or Systems Integration organizations. Existing relationships with CIO/CISO/Security decision-makers and with key cybersecurity OEMs Ability to develop strategy, be creative, have technical aptitude, solve problems, and adapt. Enthusiastic and self-motivated. Excellent interpersonal, verbal and written communication skills

Key Responsibilities: Monitor security events and alerts from various security tools including Splunk, Tanium, CrowdStrike, Imperva, and Prisma. Analyze and triage security incidents to determine their severity and impact on lottery systems. Conduct initial incident response activities, including containment, eradication, and recovery. Investigate potential security incidents to determine root cause and recommend remediation actions. Collaborate with global SOC teams to ensure effective incident response and continuous improvement. Create and maintain incident reports, documenting findings, actions taken, and lessons learned. Assist in the development and refinement of SOC processes, procedures, and playbooks. Stay current with emerging threats, vulnerabilities, and security technologies to proactively protect the organization. Participate in regular SOC team meetings and provide input on improving security posture. Qualifications: Bachelors degree in computer science, Information Technology, Cybersecurity, or a related field. 2+ years of experience in a SOC environment or related cybersecurity role. Familiarity with security tools such as Splunk, Tanium, CrowdStrike, Imperva, and Prisma. Strong analytical skills with the ability to investigate and resolve security incidents. Knowledge of cybersecurity concepts, including threat intelligence, malware analysis, and vulnerability management. Good communication skills and ability to work in a global, team-oriented environment. Relevant certifications such as CompTIA Security+, CSA, or equivalent are a plus.

Endpoint Security Specialist Job Title : Endpoint Security Specialist Location : Chennai, Hyderabad, Bangalore Experience : 0-3 Role Summary: Protects endpoint devices (laptops, servers, mobile) from cyber threats. Key Responsibilities: Design and implement endpoint protection strategies. Monitor and manage antivirus, EDR, and DLP tools. Respond to endpoint-related incidents. Maintain awareness of emerging threats Skills Required: Knowledge of Windows/Linux OS security. Experience with endpoint protection platforms (CrowdStrike, Sentinel One). Familiarity with encryption and certificate management. Qualifications: Bachelors in IT or Cybersecurity. Certifications: CISSP, CEH, or GIAC.

Greetings from TCS! Dear Professional, This is Deepa Natarajan, part of Strategic hiring team of Tata Consultancy Services. Hope you and your family are doing good. Role : Crowdstrike Analyst/SME Desired Experience Range : 4-15 years Joining Location : Pan India We are currently planning to do an In-person Drive on 5th July 2025 at the below mentioned locations. Date : 5th July 2025 Venue Details : Hyderabad: TCS Synergy Park Phase1 ,Premises No 2-56/1/36, Gachibowli, Opposite IIIT Hyderabad Campus, Seri Lingampally, RR District, Hyderabad, Telangana 500019 Bangalore: TCS L-Center, Vydehi RC-1 Block, EPIP Industrial Area, 82, 6th Rd, KIADB Export Promotion Industrial Area, Whitefield, Bengaluru, Karnataka 560066 Chennai: TCS Siruseri ATL Building- 1/G1, SIPCOT IT Park Navalur, Siruseri, Tamil Nadu 603103 Mumbai: TCS OLYMPUS, Hiranandani Estate, Thane West, Thane, Maharashtra 400615 Noida: TCS Yamuna, First floor, Assotech Business Cressterra, VI Plot 22, Sector 135, Noida, Uttar pradesh- 201301 Kolkata: TCS Gitanjali Park | IT/ITES SEZ, Plot-IIF / 3 Action Area-II, New Town, Rajarhat, Kolkata-700156, West Bengal, India Pune : Tata Consultancy Services, Sahyadri Park SP1, S3 Builiding, Rajiv Gandhi Infotech Park, Hinjewadi Phase 3, Pune 411057 Kindly fill in the below details and revert to deepa.natarajan3@tcs.com (with Updated CV). - Very Important to consider the profile. (Note: The details are collected to do a basic HR screening to initiate discussion for your candidature) Minimum Qualification: 15 years of full-time education Highest Fulltime Graduation: Current Location: Preferred Location: Current Organization: Total Years of exp: Relevant years of exp: Current CTC: Expected CTC: Notice Period: Any gaps/breaks in career/Education: Do you attend any interviews recently with TCS (YES/NO): Willing to attend in-person interview at the above-mentioned locations (YES/NO): If yes, mention the location you are planning to report on the day of interview:

Role & responsibilities About the Role: We are hiring a Senior SOC Engineer to lead incident response, threat detection, and automation initiatives for Rocket EMS's global security operations. This is not an analyst roleyou’ll be hands-on, driving SIEM/SOAR optimization, advanced threat hunting, and direct response to cyberattacks across endpoints, cloud, and identity systems. Key Responsibilities: Design and build SOC infrastructure using Microsoft Sentinel and SOAR Lead deep investigations using CrowdStrike Falcon, MDE, Tenable, and Palo Alto/Fortinet firewalls Perform threat hunting using MITRE ATT&CK framework and dark web intelligence Develop KQL queries and automation scripts in PowerShell/Python Integrate and respond to incidents across Azure and Microsoft 365 environments Collaborate with MSOC and global teams for escalations and knowledge sharing Required Skills: 7+ years in cybersecurity roles, focused on SOC/IR/Threat Hunting Expertise with Microsoft Sentinel , CrowdStrike Falcon , MDE , Tenable Deep understanding of MITRE ATT&CK , lateral movement, and APTs Scripting experience in KQL , Python , PowerShell Strong communication, leadership, and mentoring skills Preferred: Certifications: GCFA, GCIH, GCTI, CISSP, AZ-500, MS-500, OSCP, or MITRE ATT&CK Defender Experience with Palo Alto XSOAR and cloud-based threat monitoring

Role Summary: Protects endpoint devices (laptops, servers, mobile) from cyber threats. Key Responsibilities: Design and implement endpoint protection strategies. Monitor and manage antivirus, EDR, and DLP tools. Respond to endpoint-related incidents. Maintain awareness of emerging threats Skills Required: Knowledge of Windows/Linux OS security. Experience with endpoint protection platforms (CrowdStrike, Sentinel One). Familiarity with encryption and certificate management. Qualifications: Bachelors in IT or Cybersecurity. Certifications: CISSP, CEH, or GIAC.

Job Title: Senior Cyber Defense Operations Analyst Location: Bengaluru, India Experience: 8+ years Job Type: Full-time Department: Cybersecurity / Information Security / SOC Job Summary: We are seeking a highly skilled and experienced Senior Cyber Defense Operations Analyst to join our cybersecurity team in Bengaluru. The ideal candidate will lead and coordinate cyber defense activities, manage incident response efforts, monitor threats, and provide strategic guidance to strengthen our cyber defense posture. This is a hands-on technical and leadership role within a fast-paced, mission-critical environment. Key Responsibilities: Lead day-to-day operations of Cyber Defense including threat detection, response, and mitigation. Manage and mentor a team of SOC analysts and incident responders. Monitor SIEM and other security tools for indications of compromise, suspicious behavior, and known threats. Coordinate and manage high-severity incidents and support root cause analysis and post-incident reviews. Develop and implement advanced threat detection use cases and response playbooks. Work closely with IT, Infrastructure, and AppSec teams to address vulnerabilities and security gaps. Participate in threat hunting and proactive intelligence-driven defense activities. Collaborate with global security teams to align local and enterprise-wide defense strategies. Ensure compliance with internal security policies, industry standards, and regulatory frameworks (e.g., ISO 27001, NIST, GDPR). Regularly review and improve security operations processes and toolsets. Provide executive-level reporting on threat landscape, incident metrics, and defense posture. Required Qualifications: 8+ years of experience in cybersecurity with a strong focus on Security Operations or Cyber Defense. Proven experience with SIEM (e.g., Splunk, QRadar, LogRhythm), EDR (e.g., CrowdStrike, SentinelOne), and SOAR platforms. Strong understanding of MITRE ATT&CK, cyber kill chain, and threat intelligence frameworks. Expertise in incident response, digital forensics, malware analysis, and threat hunting. Familiarity with cloud security (AWS, Azure, or GCP), including monitoring and defending cloud-native environments. Experience with scripting (Python, PowerShell, etc.) for automation and analysis. Strong understanding of TCP/IP, network protocols, and security architectures. Certifications such as CISSP, GCIA, GCIH, CEH, or similar are highly desirable. Preferred Qualifications: Experience working in a global or large-scale enterprise security environment. Knowledge of DevSecOps and integration of security into CI/CD pipelines. Understanding of data privacy regulations relevant to cybersecurity (e.g., GDPR, HIPAA). Leadership experience in managing small-to-mid sized security teams. Benefits: Competitive salary and performance-based bonuses Health and wellness benefits Flexible work hours and hybrid work options Learning and development support (certifications, courses) Opportunity to work with cutting-edge cybersecurity technologies Please share your updated profiles to naseeruddin.khaja@infosharesystems.com

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Operations Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Level 2 SOC Analyst, your role involves deeper investigation of security alerts and confirmed incidents. You will validate escalated events using Sumo Logic and CrowdStrike Falcon, enrich them with context, and work closely with L3 analysts to assist in containment and timely remediation. You will also assist in improving detection fidelity and supporting SOAR automation. Roles & Responsibilities:-Intermediate Sumo Logic SIEM query and dashboarding skills-Alert Triage & Investigation:Experience investigating escalated alerts using SIEM or EDR-Hands-on experience with CrowdStrike EDR investigations-Incident Response and Containment:Take necessary actions to contain, eradicate and recover from security incidents.-Malware Analysis:Perform malware analysis using the sandboxing tools like CS etc.-SOAR Execution:Running and modifying basic playbooks in Sumo Logic SOAR-Incident Reporting and Documentation:Strong reporting skills with accurate detail capture to provide the RCA for the true positive security incidents with detailed documentation.-Communication & Collaboration:Send emails to request information, provide updates, and coordinate with different teams to ensure tasks are completed efficiently.-MITRE ATT&CK Mapping:Ability to classify incidents with tactics/techniques-Alert fine tuning recommendations to reduce false positive noise-Investigate alerts escalated by L1 to determine scope, impact, and root cause-Perform in-depth endpoint and network triage using CrowdStrike-Use CrowdStrike Falcon to perform endpoint analysis and threat validation-Correlate multiple log sources in Sumo Logic to trace attacker activity-Execute or verify SOAR playbooks for containment actions (isolate host, disable user)-Enrich events with asset, identity, and threat intelligence context-Document investigation workflows, evidence, and final conclusions-Support L3 during major incidents by performing log or memory triage-Suggest improvements in alert logic or SOAR workflow to reduce false positives-Conduct threat research aligned to alert patterns and business context-Enhance alert fidelity with threat intel and historical context-Document investigation findings and communicate with stakeholders Professional & Technical Skills: -Exposure to threat hunting techniques-Scripting to assist SOAR playbook tuning-Triage Automation:Ability to identify playbook gaps and recommend improvements-Cloud Security Basics:Awareness of log patterns from AWS/Azure-Log Analysis:Correlation and trend identification in Sumo Logic-Certifications:SC-200, CySA+, ECSA or relevant advanced certification-SIEM:Advanced queries, dashboards, correlation logic-SOAR:Execute and troubleshoot playbooks-Tools:CrowdStrike (RTR, detections, indicators), Sumo Logic SIEM-Threat Analysis:IOC enrichment, TTP identification-Primary Skill:Incident Investigation and Enrichment Additional Information:- The candidate should have minimum 3 years of experience in Security Information and Event Management (SIEM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Endpoint Extended Detection and Response Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a Lead EDR Engineer with expertise in Microsoft Defender for Endpoint (MDE) to lead its implementation, administration, and incident response. As the MDE expert, you will manage enterprise-wide deployment, optimize configurations, guide incident response efforts, and drive endpoint security strategy in collaboration with cross-functional teams. You will lead EDR strategy design, mentor security teams, and drive defense against advanced threats using MITRE ATT&CK-aligned frameworks. Roles & Responsibilities:-Lead deployment and configuration of Microsoft Defender for Endpoint across all supported platforms.-Customize and manage endpoint security policies, attack surface reduction rules, and threat protection settings.-Monitor security alerts and endpoint telemetry to detect and analyze threats.-Conduct investigations using Microsoft 365 Defender and advanced hunting (KQL) capabilities.-Respond to incidents by initiating remediation actions (e.g., isolate endpoints, remove malware, collect forensic data/Artifacts).-Collaborate with the SOC to provide timely incident resolution and root cause analysis.-Tune detection rules and policies to reduce false positives and enhance protection.-Maintain up-to-date documentation, playbooks, and response procedures.-Provide recommendations to improve the organizations endpoint security posture.-Mentor junior analysts and engineers on best practices for MDE and incident response workflows.-Provide executive-level reporting on threat trends, incident metrics, and risk posture.-Perform gap analysis on endpoint security to identify and address areas of improvement.-Build and maintain SOAR playbooks to auto-contain threats (e.g., isolate devices, revoke tokens).-Stay current on emerging threats and align defense strategies with frameworks like MITRE ATT&CK. Professional & Technical Skills: -68+ years of experience in MDE/EDR implementations and security operations.-Strong background in SOAR automation (Microsoft Logic Apps).-Deep technical knowledge of endpoint protection, threat detection, and incident response workflows.-Proficiency in Microsoft security stack:M365 Defender, Intune, Azure AD, and Sentinel. -Strong command of KQL for custom detections and threat hunting.-Experience with scripting (PowerShell), automation, and EDR tooling integrations is a plus.-Experience with Halcyon and CrowdStrike EDR is a plus and considered an added advantage.- Prefered Certifications SC-200:Microsoft Security Operations Analyst,SC-100:Microsoft Cybersecurity Architect,AZ-500:Microsoft Azure Security Technologies,MITRE ATT&CK Defender (MAD) certs,CISSP, CEH, or equivalent industry certifications Additional Information:- The candidate should have minimum 5 years of experience in Endpoint Extended Detection and Response.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Operations Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education\ Summary :As an L1 SOC Analyst you are the first line of defense in monitoring and triaging security alerts. You will work primarily with Sumo Logic SIEM and SOAR tools to identify potential security incidents, validate alerts, and escalate them according to the defined SOPs. You will ensure real-time visibility and log health while flagging suspicious activity promptly. This role is essential to ensuring timely detection and reducing noise from false positives Roles & Responsibilities:--Basic Security Knowledge:Understanding of key concepts (malware, phishing, brute force, etc.-SIEM Familiarity:Exposure to Sumo Logic UI and understanding how to read/query logs-Exposure to CrowdStrike Falcon Console:Ability to view and interpret endpoint alerts-Alert Triage:Ability to differentiate between false positives and real threats-Communication Skills: Clear written documentation and verbal escalation-Ticketing Systems:Familiarity with platforms like JIRA, ServiceNow, or similar-Basic understanding of cybersecurity fundamentals-Basic Scripting:Awareness of PowerShell or Python for log parsing-SOAR Exposure:Familiarity with automated triage workflows-Security Certifications:Security+, Microsoft SC-900, or similar certification-Operating System Basics:Windows and Linux process and file system awareness Professional & Technical Skills: -Monitor real-time alerts and dashboards in Sumo Logic SIEM-Perform initial triage on alerts and determine severity/priority-Escalate validated security incidents to L2 analysts per defined SOPs-Follow pre-defined SOAR playbooks to document or assist in response-Ensure alert enrichment fields are populated like host info, user details, etc.-Conduct basic log searches to support alert analysis-Perform daily health checks on log sources and ingestion pipelines-Maintain accurate ticket documentation for each alert handled-Participate in shift handovers and team sync-ups for awareness-SIEM:Basic log searching, correlation rule awareness-SOAR:Familiarity with playbook execution-Security Concepts:Basic understanding of malware, phishing, brute force-Tools:CrowdStrike EDR, Sumo Logic Additional Information:- The candidate should have minimum 2 years of experience in Security Information and Event Management (SIEM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Operations Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an L1 SOC Analyst you are the first line of defense in monitoring and triaging security alerts. You will work primarily with Sumo Logic SIEM and SOAR tools to identify potential security incidents, validate alerts, and escalate them according to the defined SOPs. You will ensure real-time visibility and log health while flagging suspicious activity promptly. This role is essential to ensuring timely detection and reducing noise from false positives Roles & Responsibilities:--Basic Security Knowledge:Understanding of key concepts (malware, phishing, brute force, etc.-SIEM Familiarity:Exposure to Sumo Logic UI and understanding how to read/query logs-Exposure to CrowdStrike Falcon Console:Ability to view and interpret endpoint alerts-Alert Triage:Ability to differentiate between false positives and real threats-Communication Skills: Clear written documentation and verbal escalation-Ticketing Systems:Familiarity with platforms like JIRA, ServiceNow, or similar-Basic understanding of cybersecurity fundamentals-Basic Scripting:Awareness of PowerShell or Python for log parsing-SOAR Exposure:Familiarity with automated triage workflows-Security Certifications:Security+, Microsoft SC-900, or similar certification-Operating System Basics:Windows and Linux process and file system awareness Professional & Technical Skills: -Monitor real-time alerts and dashboards in Sumo Logic SIEM-Perform initial triage on alerts and determine severity/priority-Escalate validated security incidents to L2 analysts per defined SOPs-Follow pre-defined SOAR playbooks to document or assist in response-Ensure alert enrichment fields are populated like host info, user details, etc.-Conduct basic log searches to support alert analysis-Perform daily health checks on log sources and ingestion pipelines-Maintain accurate ticket documentation for each alert handled-Participate in shift handovers and team sync-ups for awareness-SIEM:Basic log searching, correlation rule awareness-SOAR:Familiarity with playbook execution-Security Concepts:Basic understanding of malware, phishing, brute force-Tools:CrowdStrike EDR, Sumo Logic Additional Information:- The candidate should have minimum 2 years of experience in Security Information and Event Management (SIEM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Splunk Security Information and Event Management (SIEM) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and overseeing the transition to cloud security-managed operations. You will engage in discussions to align security strategies with organizational objectives, ensuring that all security measures are effectively implemented and maintained. Roles & Responsibilities:-Administer a globally distributed and heterogeneous SIEM environment, preferably Securonix/Splunk-Knowledge on Automation app deployment to multiple sites, Monitoring the central infrastructure-Design and customize complex search queries, develop dashboards, data models, reports and optimize their performance-Administration of core SIEM Components (Deployment Server, Indexer)-Understanding of threat models and threat intelligence-Improve detection capabilities by building and enhancing alert rules-Work on RFPs and estimations related to SOC solutions-Good knowledge on popular EDR tools such as CrowdStrike and Microsoft Defender Professional & Technical Skills: -Experience working in SOC/SIEM-Incident handling, use case management development, risk assessment, playbook recommendation, fine-tuning -7+ years SIEM/SOC operations experience for very large enterprises-Act as a single POC for any major security incident-Knowledge on MITRE/CKC framework implementation-Security Analytical skills-Should have excellent customer handling skills-Basic understanding of Incident Response and other security technologies -User behavior/Malware Analysis, Knowledge on ServiceNow and Splunk Admin Additional Information:- The candidate should have minimum 7.5 years of experience in Splunk Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Operations Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As the SOC L3 Analyst you will lead the technical handling of critical security incidents. Youll be responsible for deep-dive analysis, root cause investigation, forensics, and containment using tools such as CrowdStrike, Sumo Logic SIEM, and SOAR. You will be responsible for onboarding and managing log sources, building SIEM use cases (custom + in built), and developing automation in SOAR to support incident response and threat detection workflows Roles & Responsibilities:-End-to-End Incident Response Ownership:Ability to handle incident lifecycle (detect, contain, remediate)-Subject matter expert for handling the escalated critical or actual true positive incidents.-CrowdStrike Deep Dive:Using Real Time Response (RTR), Threat Graph, custom IOA rules-Strong command over Sumo Logic SIEM content engineering:Creating detection rules, dashboards, and field extractions-Threat Hunting:Behavior-based detection using TTPs-SOAR Automation:Designing playbooks, integrations with REST APIs, ServiceNow, CrowdStrike-Threat Intel Integration:Automation of IOC lookups and enrichment flows-Forensic Skills: Live host forensics, log correlation, malware behavioral analysis-Deep experience in advanced threat detection and incident response-Scripting Proficiency:Python, PowerShell, Bash for automation or ETL-Error Handling & Debugging:Identify and resolve failures in SOAR or data pipelines-Proficiency in CrowdStrike forensic and real-time response capabilities-Experience Sumo Logic SOAR for playbook optimization-Use case development in Sumo Logic SIEM Professional & Technical Skills: -Lead high-severity incident response, coordinating with stakeholders and IT teams-Perform endpoint forensic triage using CrowdStrike Real Time Response (RTR)-Conduct detailed log analysis and anomaly detection in Sumo Logic-Customize or create new detection rules and enrichments in SIEM-Develop/Tune SOAR playbooks for advanced scenarios, branching logic, and enrichment-Perform root cause analysis and support RCA documentation-Mentor L1 and L2 analysts through case walk-throughs and knowledge sharing-Generate post-incident reports and present findings to leadership-Lead investigations and coordinate response for major incidents-Perform root cause analysis and post-incident reviews-Develop advanced detection content in Sumo Logic-Optimize SOAR playbooks for complex use cases-Onboard and maintain data sources in Sumo Logic SIEM and ensure parsing accuracy-Build custom dashboards, alerts, and queries aligned with SOC use cases-Create and maintain field extractions, log normalization schemas, and alert suppression rules-Integrate external APIs into SOAR (e.g., VirusTotal, WHOIS, CrowdStrike)-Monitor log health and alert performance metrics; troubleshoot data quality issues-Collaborate with L3 IR and Threat Intel teams to translate threat use cases into detections-Participate in continuous improvement initiatives and tech upgrades-Conduct playbook testing, version control, and change documentation-CrowdStrike:Custom detections, forensic triage, threat graphs-SIEM:Rule creation, anomaly detection, ATT&CK mapping-SOAR:Playbook customization, API integrations, dynamic playbook logic-Threat Intelligence:TTP mapping, behavioral correlation-SIEM:Parser creation, field extraction, correlation rule design-Scripting:Python, regex, shell scripting for ETL workflows-Data Handling:JSON, syslog, Windows Event Logs-Tools:Sumologic SIEM, Sumo logic SOAR & Crowdstrike EDR-Exp in in SOC/IR including 4+ in L3 role (IR + SIEM Content Engineering & SOAR) Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Endpoint Extended Detection and Response Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a skilled and detail-oriented CrowdStrike Endpoint Security Administrator to manage, maintain, and optimize our deployment of CrowdStrike Falcon. This role involves operational administration of the platform, proactive threat detection, and ensuring endpoint security across the enterprise. Roles & Responsibilities:-Administer and manage the CrowdStrike Falcon platform including configuration, tuning, and policy management.-Monitor alerts and dashboards for suspicious activity and work with incident response teams as needed.-Deploy and upgrade CrowdStrike agents across Windows, macOS, and Linux systems.-Create and maintain documentation for policies, procedures, and system configurations.-Integrate CrowdStrike with SIEMs, ticketing systems, and other security tools.-Perform regular audits and health checks to ensure endpoint coverage and compliance.-Respond to endpoint-related security incidents and assist with forensic investigations.-Collaborate with IT teams to ensure secure configuration and patch management across endpoints.-Hands-on experience with CrowdStrike Falcon (policy management, sensor deployment, event analysis).-Familiarity with EDR/XDR concepts and tools. Professional & Technical Skills: - Must To Have Skills: Proficiency in Endpoint Extended Detection and Response.- Strong understanding of cloud security principles and best practices.- Experience with security frameworks such as NIST, ISO 27001, or CIS.- Familiarity with incident response and threat hunting methodologies.- Knowledge of compliance requirements related to cloud security. Additional Information:- The candidate should have minimum 5 years of experience in Endpoint Extended Detection and Response.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Analyze and triage security incidents to determine their severity and impact on Infrastructure systems. Primary point of contact for Cyber Security Incident response in the Cyber Security Escalations team. Provide a first point of contact for L3 security escalations from the SOC team, ensuring a thorough review, escalation Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Conduct in-depth analysis of security events, collaborating directly with different stakeholders to escalate and thoroughly investigate incidents. Participate in Security Incident Response Team in the identification, containment, eradication, and resolution of security issues, This involves understanding the scope, impact, and root cause of incidents to tailor the response effectively, Collaborate with SOC teams to ensure effective incident response and continuous improvement. Assist in the development and refinement of SOC processes, procedures, and playbooks, Create and maintain incident reports, documenting findings, actions taken, and lessons learned Preferred technical and professional experience Stay current with emerging threats, vulnerabilities, and security technologies to proactively protect the organization. Notify Client of incident and required mitigation works. Track and update incidents and requests based on client’s updates and analysis results. Good understanding on Phishing email analysis and their terminologies Having knowledge on EDR solutions (Preferred CrowdStrike), Participate in regular SOC team meetings and provide input on improving security posture. Communicate vertically and horizontally to keep stakeholders informed and involved on Security Operations matters

Role Overview: Position: L3 SOC Analyst Location: Mumbai, India Experience: 5-8 years in SOC roles, with a strong focus on Incident Response and Threat Hunting. Key Responsibilities: Incident Response: Deep expertise in handling end-to-end incident response detection, investigation, containment, eradication, and recovery. Attack Vectors: Solid understanding of phishing, malware, ransomware , and how to respond effectively to these threats. Cyber Kill Chain: Strong knowledge of the cyber kill chain framework, including how adversaries progress through the stages of an attack. Adversary Tactics: Familiarity with adversary techniques and tactics, particularly using frameworks such as MITRE ATT&CK to mitigate threats. SIEM & EDR Tools: Extensive experience with SIEM tools like Splunk and ArcSight , and EDR solutions like CrowdStrike or Microsoft Defender . Scenario Handling: Capable of tackling complex, scenario-based challenges with a strategic mindset. Preferred Qualifications: 3-7 years of experience working in a SOC or handling Incident Response . Expertise in detecting and analyzing indicators of compromise (IOCs). Strong L2 or L3 analyst experience is a must A candidate who has worked on critical incidents and has an in-depth knowledge about the same

PF Detection is mandatory Primary Skills: 10+ years in penetration testing, 4+ years in stakeholder management, attack surface management tool (Crowdstrike Falcon, Darktrace, Qualsys etc) Job details: Lead and plan attack surface detection for NAB group Provide direction for NAB in usage of Attack surface scanning Promote the usage of ASM scanning

Role & responsibilities Incident Management: Lead the end-to-end incident response lifecycle, including detection, analysis, containment, eradication, and recovery. Threat Investigation: Analyze and investigate a variety of attack vectors, such as: Identity attacks include credential abuse, privilege escalation, and MFA bypass. Web Attacks: SQL injection, cross-site scripting (XSS), remote code execution. Network Attacks: DDoS, lateral movement, traffic manipulation. Cloud Threats: IAM misconfigurations, exposed services, container security vulnerabilities. Collaboration & Coordination: Work closely with SOC analysts, threat intelligence teams, forensics, and engineering groups during and after security incidents. Root Cause Analysis: Conduct comprehensive investigations to determine the root cause of incidents and provide actionable remediation recommendations. Process Improvement & Documentation: Document all incident response procedures and lessons learned. Contribute to the continuous improvement of our detection and response capabilities. Proactive Security Measures: Participate in threat hunting and purple team exercises to enhance overall security preparedness. Preferred candidate profile A minimum of 5 years of hands-on experience in cybersecurity incident response or security operations. Proven expertise in investigating and mitigating incidents across one or more areas: identity, web, network, or cloud. Proficiency with SIEM, EDR, and SOAR tools (e.g., Splunk, Sentinel, CrowdStrike). Experience in hybrid or cloud-first environments (AWS, Azure, or GCP). Strong understanding of frameworks and methodologies such as MITRE ATT&CK, the cyber kill chain, and threat modeling. Excellent written and verbal communication skills, with the ability to document and convey technical details clearly to both technical and non-technical stakeholders.