As an experienced Imperva Database Activity Monitoring (DAM) Resident Engineer (L3), your primary responsibility will be to provide on-site technical support, advanced troubleshooting, configuration, optimization, and operational management of Imperva's database security solutions. Your role will involve deep technical expertise in Imperva SecureSphere / DAM, strong knowledge of database security, and hands-on experience in enterprise deployments. You will serve as the main technical advisor for database security posture, ensuring smooth operations, compliance alignment, and proactive risk mitigation. Key Responsibilities: - Manage, maintain, and optimize Imperva DAM / SecureSphere environments including Gateways, Agents, and MX Management Server. - Perform advanced troubleshooting of database monitoring, policy violations, agent connectivity, and performance issues. - Analyze database activity logs to identify anomalous behavior, policy violations, and potential data breaches. - Deploy and upgrade Imperva components, apply patches in production/non-production environments, and review security policies based on business requirements. - Ensure compliance reporting and audit readiness for standards like PCI DSS, GDPR, HIPAA, SOX, etc. - Conduct vulnerability assessments, provide remediation recommendations, and collaborate with InfoSec and DBA teams to strengthen database access controls. - Monitor system health, scalability, and tuning of gateways and agents, implement capacity planning, HA, and failover strategies, and conduct periodic policy reviews for improved detection accuracy. - Act as L3 escalation point for Imperva DAM issues, provide Root Cause Analysis (RCA), corrective action plans for critical incidents, and support SOC and SIEM teams with threat detection integration. - Create and maintain SOPs, design documents, operational runbooks, conduct knowledge transfer and mentoring for L1/L2 engineers and customer teams, and support change management and release planning activities. Required Technical Skills: - Expertise in Imperva SecureSphere / DAM, database technologies (Oracle, MSSQL, MySQL, DB2, PostgreSQL), and database auditing concepts. - Hands-on experience with Linux, Windows Server, networking fundamentals, integration tools like SIEM, ServiceNow, AD/LDAP, and scripting (Bash, Python, SQL). - Imperva Certified Technical Specialist (ICTS) or Imperva Certified Implementation Engineer (ICIE) preferred, additional certifications advantageous. Soft Skills: - Strong customer-handling and communication skills, analytical thinking, problem-solving attitude, ability to work independently in high-pressure environments, and proven track record in managing multiple stakeholders and delivering SLAs. Qualifications: - Bachelor's degree in Computer Science, Information Security, or related field. Benefits Include: - Cell phone reimbursement, flexible schedule, health insurance, internet reimbursement, leave encashment, life insurance, paid sick time, and Provident Fund. (Note: Additional details about the company were not included in the provided job description.),
Hiring: OT/ICS SOC Analysts (L1 & L2) We are looking for skilled and motivated OT/ICS Security Analysts (L1 and L2) to join our cybersecurity operations team. The role involves monitoring, incident investigation, protocol analysis, and working closely with OT engineers to protect critical industrial environments. Experience with Claroty or similar OT security platforms will be a strong advantage. Role Overview The position covers responsibilities across both Tier-1 (L1) and Tier-2 (L2) levels, depending on experience. L1 focuses on monitoring and triage, while L2 handles deep investigations, rule tuning, and coordinated remediation. ResponsibilitiesL1 – Tier-1 (First Line) Perform 24x7 monitoring of Claroty alerts and dashboards. Conduct initial alert triage to identify true and false positives. Add contextual details to alerts, such as asset owner, site, and maintenance activities. Execute approved low-impact containment actions when required. Create and update tickets with accurate details, evidence, and recommended next steps. Follow runbooks, SOPs, and escalate incidents to L2/OT teams when necessary. L2 – Tier-2 (Second Line) Perform detailed investigations, RCA, and incident validation. Coordinate with OT engineers, SMEs, and asset owners to drive remediation activities such as configuration changes, segmentation updates, and firmware updates. Tune detection rules, reduce false positives, and improve baseline models. Maintain and enhance playbooks, runbooks, and detection signatures. Conduct advanced packet analysis and reconstruct sessions using pcaps. Correlate Claroty telemetry with SIEM, NMS, and other monitoring systems. Manage asset inventory, reconciliation, anomaly detection tuning, and forensic data collection. Minimum Experience and BackgroundL1 Requirements 1 to 3 years of experience in IT/OT monitoring, SOC/NOC operations, or similar roles. Exposure to industrial or critical infrastructure environments is preferred. Basic understanding of networking fundamentals (TCP/IP, VLANs, routing). Conceptual familiarity with ICS protocols such as IEC 61850, DNP3, Modbus, IEC 60870-5-104. Willingness to work in rotational shifts. L2 Requirements 3 to 6+ years of experience in ICS/OT security or SOC operations. Demonstrated experience in handling incidents in industrial environments. Hands-on experience with Claroty or similar OT security platforms. Strong networking and protocol analysis skills. Familiarity with power system devices, substation architecture, and OT networks. Required Technical SkillsL1 Skills Understanding of Claroty UI workflows: alerts, asset view, inventory, topology, and risk dashboards. Ability to read and interpret packet/flow data and key fields in pcaps/logs. Basic SIEM knowledge: creating and reading alerts, adding context. Basic Windows and Linux troubleshooting. Familiarity with OT devices such as RTUs, IEDs, PLCs, and HMIs. L2 Skills Deep understanding of ICS/SCADA protocols (IEC 61850, DNP3, Modbus, IEC 60870-5-104). Advanced packet analysis using Wireshark and ability to reconstruct sessions. Experience with Claroty functions: asset discovery, risk scoring, anomaly detection, session monitoring, forensic retrieval. Ability to create and update detection rules, playbooks, and containment steps. Knowledge of secure OT change management practices. Familiarity with IEC 62443 framework and OT security concepts. Preferred Certifications (L1 and L2) Claroty product training (administrator/operator/advanced). ICS/SCADA certifications such as SANS ICS, GICSP, or equivalent. Networking and security certifications (CCNA, CCNP, CISSP). Security fundamentals such as CompTIA Security+. Work Environment Exposure to industrial OT environments such as power grids and substations. 24x7 SOC operations with rotating shifts for L1 analysts. If you are interested in building your career in OT cybersecurity and contributing to the protection of industrial systems, we encourage you to apply. Job Types: Full-time, Permanent Pay: From ₹1,800,000.00 per year Benefits: Cell phone reimbursement Commuter assistance Flexible schedule Food provided Health insurance Internet reimbursement Leave encashment Life insurance Paid sick time Paid time off Provident Fund Work from home Work Location: In person