6 Darktrace Jobs

Investigate, hunt, and lead escalated incident response using advanced threat detection from SIEM, EDR, NDR platforms. Develop and manage custom detection use cases aligned to threat frameworks and customer environments. Key Responsibilities: Monitoring, Investigation & Triage Triage and correlate alerts from SIEM (QRadar/Sentinel), EDR, and NDR Identify lateral movement, C2 activity, and data exfiltration Lead incident investigations and initiate containment measures Threat Hunting & Detection Engineering Proactive hunting using logs, flow data, and behavior analytics Apply MITRE ATT&CK for hypothesis-driven hunts Develop, test, and optimize custom detection rules Maintain a backlog aligned with emerging threats Tool Proficienc y SIEM: Advanced KQL/AQL queries, rule tuning, alert optimization EDR: Defender for Endpoint binary/process analysis, endpoint containment NDR: Darktrace/LinkShadow behavioral baselining, detection logic SOAR: Sentinel Playbooks / Cortex XSOAR for automated workflows Cloud Security: Azure AD alerts, MCAS, Defender for Cloud, M365 Defender Threat Intelligence Integration IOC/TTP enrichment Threat intel feed integration Contextual alert correlation Reporting & RCA Draft technical incident reports and RCAs Executive-level summaries for major incidents Cloud Security (Optional): Investigate alerts like impossible travel, app consent abuse Respond to cloud-native security incidents using Defender for Cloud, MCAS Create advanced SOAR workflows and playbook Tool Familiarity QRadar Microsoft Sentinel Microsoft Defender for Endpoint LinkShadow or Darktrace EOP/Exchange protection Antivirus platforms Defender for Identity / Defender for Cloud Advanced SOAR workflows (Sentinel playbooks / Cortex XSOAR) Network forensic tools like Wireshark / Zeek Certifications (Preferred): GCIH / GCIA / CEH Microsoft SC-200 / SC-100 QRadar Admin or equivalent Shift Readiness: 24x7 rotational shifts, including on-call support for escalations and major incidents Soft Skills: Strong analytical and documentation skills Proactive communicator Independent problem-solver and critical thinker

As an L1 SOC Analyst, you will be responsible for monitoring alerts and triaging basic security events from SIEM, EDR, and NDR platforms. Your role includes identifying suspicious activities, escalating incidents as per defined SOPs, and supporting the security operations team in daily monitoring tasks. Key Responsibilities: Monitor alerts from SIEM (QRadar, Microsoft Sentinel), EDR (Microsoft Defender for Endpoint), and NDR (LinkShadow/Darktrace) platforms Triage basic security events and validate incidents using established playbooks Escalate potential threats to L2 analysts based on severity and context Review and respond to AV/EDR alerts and execute predefined security queries Log incidents, document actions, and maintain ticketing system with accurate updates Enrich alerts with known threat intelligence and IOCs (IP, domain, file hashes) Support incident response efforts for phishing, malware, brute-force attacks, etc. Collaborate with team members and shift leads to ensure 24x7 monitoring coverage Tool Experience (Preferred): SIEM Tools: Basic use of QRadar and Microsoft Sentinel EDR/XDR: Microsoft Defender for Endpoint, Antivirus consoles NDR: LinkShadow or Darktrace (basic familiarity) Other Tools: Microsoft Exchange Online Protection (EOP), Azure AD Sign-In Logs (optional) Certifications (Preferred): CompTIA Security+ Microsoft SC-900 Shift Readiness: This role requires flexibility to work in 24x7 rotational shifts , including nights, weekends, and holidays. Required Skills: Understanding of basic cybersecurity concepts Familiarity with security alert triage and incident logging Basic knowledge of Indicators of Compromise (IOCs) Fast learner with strong attention to detail Effective communicator and team player

Primary Skills: 10+ years in penetration testing, 4+ years in stakeholder management, attack surface management tool (Crowdstrike Falcon, Darktrace, Qualsys etc) Job details: Lead and plan attack surface detection for NAB group Provide direction for NAB in usage of Attack surface scanning Promote the usage of ASM scanning

Managed Services SOC Manager Job Summary: The Security Operations Center (SOC) Security L-2 Analyst serves in a SOC team, is responsible for conducting information security investigations as a result of security incidents identified by the Level-1 security analysts who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone). The L2 SOC Security Analyst is expected to have a solid understanding of information security and computer systems concepts and should be ready to work in shifts. An engineer in this position act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques. Job Description : Responsible for conducting information security investigations as a result of security incidents identified by the Level 1 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone), Act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques. Should have experience in Developing new correlation rules & Parser writing Experience in Log source integration Act as the lead coordinator to individual information security incidents. Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Center. Document incidents from initial detection through final resolution. Participate in security incident management and vulnerability management processes. Coordinate with IT teams on escalations, tracking, performance issues, and outages. Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats. Communicate effectively with customers, teammates, and management. Prepare Monthly Executive Summary Reports for managed clients and continuously improve their content and presentation. Provide recommendations in tuning and optimization of security systems, SOC security process, procedures and policies. Define, create and maintain SIEM correlation rules, customer build documents, security process and procedures. Follow ITIL practices regarding incident, problem and change management. Staying up-to-date with emerging security threats including applicable regulatory security requirements. Maintain an inventory of the procedures used by the SOC and regularly evaluate the SOC procedures and add, remove, and update the procedures as appropriate Publish weekly reports to applicable teams Generate monthly reports on SOC activity Secondary skills like AV, HIPS, DCS, VA/ PT desirable Required Technical Expertise Must have experience in SIEM Management tool (QRADAR) Should have certifications like, ITIL, CCNA, CEH, VA (Product) Certification, CISM Process and Procedure adherence General network knowledge and TCP/IP Troubleshooting Ability to trace down an endpoint on the network, based on ticket information Familiarity with system log information and what it means Understanding of common network services (web, mail, DNS, authentication) Knowledge of host based firewalls, Anti-Malware, HIDS General Desktop OS and Server OS knowledge TCP/IP, Internet Routing, UNIX / LINUX & Windows NT

Job Title: Level 3 Security and Infrastructure Engineer Location: India Job Description: We are looking for an experienced Level 3 Security and Infrastructure Engineer with a strong focus on Security Operations to join our team. This role involves monitoring and managing security operations while also supporting critical infrastructure. The ideal candidate will be adept at analyzing SIEM logs, working with Darktrace, and implementing security action plans, alongside managing Windows, Linux, Office 365, and AWS Cloud Infrastructure. The role will focus approximately 60% on Security Operations and 40% on Infrastructure Management . Key Responsibilities: Security Operations (60%) Continuously monitor, analyze, and respond to security events using SIEM tools . Use Darktrace or similar AI-based security tools to identify anomalies and mitigate risks. Lead incident response efforts , including root cause analysis, containment, and remediation. Conduct regular security assessments, including log analysis, threat hunting, and vulnerability scans. Develop and maintain actionable incident response playbooks and ensure team readiness. Collaborate with internal teams to ensure security compliance with SOC-2 and HITRUST standards. Proactively recommend and implement security improvements to strengthen the overall organizational security posture. Infrastructure Management (40%) Manage and maintain Linux (LAMP), Windows Active Directory environments, including Group Policies, DNS, and security configurations. Administer Office 365 applications and services, ensuring secure configurations and uptime. Deploy, monitor, and optimize AWS Cloud Infrastructure , including EC2, S3, IAM, and security groups. Support infrastructure projects involving migrations, upgrades, and automation while aligning them with security best practices. Provide Level 3 escalation support for infrastructure-related issues and incidents. Required Skills & Qualifications: Bachelors degree in Computer Science, Information Technology, or relevant experience in related field. 2+ years of experience in security operations and infrastructure management. Experience with SIEM tools and interpreting security logs. Solid understanding of security frameworks and threat detection methodologies. Proficiency in managing Linux, Windows AD , Office 365 , and AWS cloud environments . Strong analytical and troubleshooting skills for both security and infrastructure challenges. Excellent communication skills with the ability to document and present findings clearly. Hands-on experience with Darktrace or similar AI-based security platforms is a bonus. Preferred Skills: Industry certifications such as CISSP , CEH , AWS Security Specialty , or Microsoft Certified: Security, Compliance, and Identity Fundamentals . Experience with scripting languages like Python, PowerShell, or Bash for automation and security tool integration. Familiarity with endpoint detection and response (EDR) tools. Understanding of DevSecOps practices and cloud-native security tools. What We Offer: A challenging and rewarding role focused on securing cutting-edge IT environments. Competitive salary and benefits package. Opportunities for growth and professional development in both security and infrastructure domains. If you are passionate about advancing your career in Security Operations while contributing to infrastructure management, we encourage you to apply! Join us in protecting and scaling secure IT environments for the future!

Role & responsibilities Design, deploy and maintain the Darktrace NDR Platform. Integrate the solution with existing tools & technologies (FW, endpoint solutions, SIEM, etc.) Configure & optimize detection algorithms & policies to align with organizations network environment, Perform regular system health checks & upgrade to ensure platform stability & security. Manage platform user accounts, roles, access control. Generate & distribute performance reports & operational summaries. Support Incident response when required.