344 Edr Jobs - Page 5

Minimum 2-4 years of experience in Security Operations Centre Experience across SOC domains use case creation, incident management, threat hunting, threat intelligence etc. Solid understanding of cyber security, network security, end point security concepts Good understanding of recent cyber threats, latest attack vectors Must have experience in any one SIEM (Splunk), EDR and SOAR solution Must have experience in leading/managing SOC shifts Experience in shift roster creation, resource management etc. Will be responsible for critical incident investigation, use case review, mentoring Shift Leads, SLA management etc.

You will be responsible for creating and implementing new threat detection content, rules, and use cases to deploy in the SIEM platform with different data sets such as Proxy, VPN, Firewall, DLP, etc. In addition, you will assist with process development and process improvement for Security Operations by creating/modifying SOPs, Playbooks, and Work instructions. Your role will also involve developing custom content based on threat intelligence and threat hunting results, as well as identifying gaps in the existing security controls and proposing new security controls. Your expertise in SIEM Engineering and knowledge of integrating various log sources with any SIEM platform will be crucial. Furthermore, you will be expected to perform custom parsing of logs being ingested into the SIEM Platform. To succeed in this role, you should have at least 3 years of experience in Content development and experience in delivering and/or building content on any of the SIEM tools like Splunk, ArcSight, QRadar, Nitro ESM, etc. A deep understanding of the MITRE ATT&CK Framework is essential. Experience in SOC Incident analysis with exposure to information security technologies such as Firewall, VPN, Intrusion detection tools, Malware tools, Authentication tools, endpoint technologies, EDR, and cloud security tools is required. You should also have a good understanding of networking concepts and experience in interpreting, searching, and manipulating data within enterprise logging solutions. In this role, you will be expected to have an in-depth knowledge of security data logs and the ability to create new content on advanced security threats as per Threat Intelligence. You should be able to identify gaps in the existing security controls and have experience in writing queries/rules/use cases for security analytics on platforms like ELK, Splunk, or any other SIEM platform. Familiarity with EDR tools like Crowdstrike and understanding of TTPs like Process Injection are desirable. Excellent communication, listening, facilitation skills, investigative mindset, and problem-solving abilities are essential for this role. Preferred qualifications include understanding of the MITRE ATT&CK framework, demonstrable experience in Use case/rule creation on any SIEM Platform, and familiarity with Chronicle Backstory, YARA, or Crowdstrike rules.,

As a Security Analyst/Engineer, you will be responsible for supporting the security operations of the organization by assisting in the monitoring, detection, and response to security incidents. This role offers a blend of security analysis and engineering tasks, providing a progression from foundational knowledge to more advanced responsibilities, enabling you to contribute significantly to the organization's cybersecurity efforts. You will be involved in various key responsibilities, including security monitoring and analysis. This involves monitoring security events and alerts from sources such as SIEM, IDS/IPS, antivirus systems, and endpoint detection platforms. Additionally, you will conduct initial analysis of security events, collaborate with senior analysts to investigate and respond to security incidents like malware infections, phishing attempts, and unauthorized access. In incident response activities, you will provide technical assistance during security incidents for containment, eradication, and recovery efforts. You will also document incident response procedures, develop post-incident reports, and implement proactive measures to enhance incident detection and response capabilities, such as developing playbooks for common attack scenarios. Supporting the vulnerability management process will be part of your responsibilities, including assisting in vulnerability scanning, assessment, and remediation efforts. You will help prioritize and track the resolution of identified vulnerabilities, collaborate with system owners and IT teams for timely patching and mitigation, and conduct security assessments and penetration tests to identify weaknesses in systems, applications, and network infrastructure. Furthermore, you will assist in the administration and configuration of security tools and technologies, participate in evaluating and testing new security technologies, optimize the configuration and tuning of security tools, and recommend enhancements based on industry best practices and organizational requirements. You will also support security awareness and training initiatives by assisting in the development of educational materials and delivering security awareness briefings to staff. The ideal candidate should have a Bachelor's degree in computer science, Information Security, or related field, along with 3-5 years of experience in a cybersecurity role. Strong understanding of cybersecurity principles, proficiency in security tools and technologies, excellent analytical and problem-solving skills, effective communication, and stakeholder management abilities are essential. Certifications such as CompTIA Security+, CEH, or equivalent are a plus. Demonstrated experience in conducting security analysis, incident response, and vulnerability management in a complex environment, hands-on experience with security tool optimization, security assessments, and penetration testing, as well as a proven track record of incident response efforts are desired qualifications for this role. This position offers a valuable opportunity for career growth and development in the field of cybersecurity, with the possibility to progress into more specialized roles such as Senior Security Analyst, Incident Responder, or Security Engineer. Continued learning and professional certifications will be encouraged to enhance skills and knowledge in the cybersecurity domain. Joining the global cyber security team at Carmeuse will provide you with the opportunity to contribute to the organization's digitalization strategy while ensuring security. Working with a team of regional senior security managers and cyber architects, you will be involved in security design, delivery, and operations to safeguard Carmeuse's digital IT & OT footprint, participating in innovative initiatives to strengthen operations. Reporting to Victor Alexandrescu, the leader of the team, you will benefit from his extensive experience and practical knowledge. Victor's management style focuses on efficiency, continuous improvement, and proactive problem-solving, aiming to optimize processes and enhance team performance. The organization offers a permanent contract, flexible working hours, home working policy, competitive salary package and benefits, growth opportunities, strong HR and training policy, and work-life balance. The recruitment process includes steps such as resume and cover letter analysis by Georges Mensah-Boateng, a first "Teams" interview with personality questionnaires, a second interview with Victor Alexandrescu and Aurelie Mordant, and a final interview with Stavros Georgakopoulos, Rusty Gavin, and Eugene Marchenko to assess your suitability for the role.,

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. As part of our EY-Cyber security in the Risk Consulting team, your role will be primarily responsible for the daily monitoring and/or maintenance of the enterprise Data Protection tools/solutions. The main duties of the person in this role will include proper care and administration of the Data Protection tools, monitoring and responding to the alerts that generate from the tool. This person will interface with IT Operations, Network Operations, Infrastructure teams, Legal, Risk Management, etc. We're looking for Security Analyst in the Risk Consulting team to work on various privacy/data protection related projects for our customers across the globe. In line with EY's commitment to quality, consultant shall confirm that work is of the highest quality as per EY's quality standards and is reviewed by the next-level reviewer. As an influential member of the team, consultant shall help to create a positive learning culture, coach and counsel junior team members and help them to develop. Your key responsibilities include building DATA PROTECTION solution concepts and deployment requirements, deploying DATA PROTECTION tools and implementing endpoint protection, working with vendors to support the DATA PROTECTION technology, administration of the Data Protection tools, monitoring and responding to alerts generated from the Data Protection systems, understanding and following the incident response process through event escalations, responding to escalations by the Incident Response Team, following processes to maintain the leading DATA LOSS PREVENTION/CASB system, assisting clients in privacy-related incident response activities, and supporting the client's team by acting as an interim team member. To qualify for the role, you must have a Bachelor's or master's degree in Computer Science, Information Systems, Engineering, or a related field, at least 5-8 years of experience in supporting Data Security Technology, at least 4-6 years of experience in Information Security concepts related to Governance, Risk & Compliance, Data Loss Prevention, CASB Technology support, and Event Handling, experience in Administration of the DLP, CASB tools, technical/vendor certification will be an added advantage, experience in utilizing and good knowledge of other data protection technology, ability to independently research and solve technical issues, demonstrated integrity in a professional environment, and the ability to work in and adapt to a changing environment. Ideally, you'll also have a professional certificate or be actively pursuing related professional certifications such as the CompTia Security+, CEH, CISSP or Vendor/Technical certification. If not, certified candidates are expected to complete one of the business required certifications within 12 months of hire, expect some weekend work and 20%-30% travel based on job requirement, work at the office mandatory 5 days a week as per client requirement, and be flexible to work on rotational shifts. EY offers a team of people with commercial acumen, technical experience, and enthusiasm to learn new things in this fast-moving environment with consulting skills, an opportunity to be a part of a market-leading, multi-disciplinary team of 1400+ professionals, opportunities to work with EY Consulting practices globally with leading businesses across a range of industries.,

experience in cyber security Information security with security posture. Assessment. advance threat detection, Incident response and responding to critical security incident endpoint security capabilities with Carbon black EDR tools.

Bachelors degree in Computer Science, Information Security, or related field; or equivalent practical experience. Experience in a SOC or cybersecurity analyst role. Proficient in using Microsoft Sentinel, MS Unified SecOps/XDR, and other SIEM/EDR platforms. Strong knowledge of KQL and experience creating detection rules. Hands-on experience handling alerts and incidents from MDE & MDO. Ability to perform advanced analysis of logs, network flows, and security telemetry. Excellent problem-solving, analytical, and communication skills. Certifications such as CompTIA Security+, CEH, or equivalent are preferred. Mandatory Skills: Security Information Event Management. Experience: 5-8 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: EDR - Cybereason. Experience: 3-5 Years.

Role & responsibilities 6+ years of experience in cybersecurity operations with solid L3-level incident handling. Hands-on expertise with endpoint security solutions (CrowdStrike, SentinelOne, Microsoft Defender ATP, Carbon Black, etc.). Strong proficiency in conducting demos and technical evaluations for R&D or pre-deployment scenarios. In-depth understanding of SIEM platforms, EDR, network security, and intrusion detection. Experience with malware analysis, threat intelligence, and reverse engineering is a plus. Knowledge of Windows, Linux, and cloud environments (AWS/Azure/GCP). Familiarity with security frameworks (NIST, MITRE ATT&CK, SANS). Scripting skills (Python, PowerShell, Bash) for automation. Relevant certifications preferred: CISSP, OSCP, CEH, GCIA, GCIH .

Hiring a Zscaler Engineer for a remote full-time contractual position with a working shift from 05:30 PM IST to 02:30 AM IST. The candidate should have 35 years of hands-on experience with Zscaler technologies including ZIA, ZPA, and ZCC. The role involves designing and maintaining Zero Trust Architecture, configuring Zscaler Client Connector (ZCC), integrating with MDM/EDR tools, and performing security audits. Strong networking fundamentals, troubleshooting skills across endpoints and cloud layers, and a sound understanding of DNS, VPNs, firewalls, and access control are essential. Zscaler certifications are preferred. Immediate joiners are highly desirable. Location: Remote- Bengaluru,Hyderabad,Delhi / NCR,Chennai,Pune,Kolkata,Ahmedabad,Mumbai

SOC Analyst - Sentinel - L2 Chennai/ Bangalore/ Kochi/ Hyderabad Responsibilities Thoroughly investigate security incidents escalated by L1 analysts, going beyond initial alerts to understand the full scope and impact. Analyze complex security events, logs, and incident data from various sources integrated into Azure Sentinel. Determine if a security event is a genuine incident and classify its severity. Utilize Azure Sentinel's investigation graph to explore entities, connections, and timelines of attacks. Proactively search for undetected threats within the organization's Azure environment and connected data sources using Kusto Query Language (KQL) in Azure Sentinel. Lead and coordinate incident response activities, including containment, eradication, and recovery from security incidents Develop and maintain incident response playbooks within Azure Sentinel. Execute automated response actions through Sentinel playbooks, such as blocking IPs, isolating compromised systems, or enriching incident data. Collaborate with other security teams (e.g., L1, L3, forensic teams), IT, and business stakeholders to resolve incidents effectively. Document findings, actions taken, and lessons learned to improve future incident response procedures. Desired Skills and Qualifications Required: Deep expertise in Microsoft Sentinel: Including data connectors, analytics rules, workbooks, hunting queries, incidents, and automation (Logic Apps/Playbooks). Kusto Query Language (KQL) mastery: Essential for advanced threat hunting, data analysis, and rule creation in Sentinel. Understanding of Azure security services: Strong knowledge of Azure Security Center/Defender for Cloud, Azure Active Directory (now Microsoft Entra ID), Azure Monitor, Azure Networking, and other relevant Azure services. SOAR (Security Orchestration, Automation, and Response): Experience in building and optimizing playbooks using Azure Logic Apps within Sentinel. MITRE ATT&CK Framework: Ability to map security events and detections to MITRE ATT&CK tactics and techniques for comprehensive threat analysis. Cloud Security Concepts: A solid understanding of cloud computing security principles, especially within the Azure ecosystem. General SOC Skills Strong analytical and problem-solving skills. Excellent communication (verbal and written) and interpersonal skills. Please share your resume to "priyanga.govindharaj@aspiresys.com"

As a candidate for this position, you should hold a Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related field, with a preference for a Masters degree. Your role will involve leading and mentoring the SOC team to promote a culture of continuous improvement and collaboration. Overseeing the day-to-day operations of the SOC is crucial, ensuring efficient incident detection, response, and recovery processes. Collaboration with IT and business units is essential to integrate cybersecurity measures into existing and new technology deployments. Your responsibilities will also include managing cybersecurity projects, selecting and implementing cutting-edge security tools and technologies. Regular security assessments, penetration testing, and proactive threat hunting are key tasks to identify and mitigate potential security vulnerabilities. Relevant cybersecurity certifications such as CISSP, CISM, CEH, or GIAC are desired, along with at least 10 years of experience in cybersecurity, including a minimum of 3 years in a leadership role within an SOC environment. In-depth knowledge and experience with cybersecurity regulations and standards are expected. Proficiency in managing and configuring security technologies such as SIEM, firewall, IDS/IPS, EDR, and vulnerability management tools is required. You should have a demonstrated ability to lead and develop high-performing teams. Additional responsibilities include preparing lab/demo environments, conducting research and development on security tools and best practices, and being flexible to work in US Shift. Excellent problem-solving, communication, and presentation skills are necessary for this role.,

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an L1 SOC Analyst you are the first line of defense in monitoring and triaging security alerts. You will work primarily with Sumo Logic SIEM and SOAR tools to identify potential security incidents, validate alerts, and escalate them according to the defined SOPs. You will ensure real-time visibility and log health while flagging suspicious activity promptly. This role is essential to ensuring timely detection and reducing noise from false positives Roles & Responsibilities:--Basic Security Knowledge:Understanding of key concepts (malware, phishing, brute force, etc.-SIEM Familiarity:Exposure to Sumo Logic UI and understanding how to read/query logs-Exposure to CrowdStrike Falcon Console:Ability to view and interpret endpoint alerts-Alert Triage:Ability to differentiate between false positives and real threats-Communication Skills: Clear written documentation and verbal escalation-Ticketing Systems:Familiarity with platforms like JIRA, ServiceNow, or similar-Basic understanding of cybersecurity fundamentals-Basic Scripting:Awareness of PowerShell or Python for log parsing-SOAR Exposure:Familiarity with automated triage workflows-Security Certifications:Security+, Microsoft SC-900, or similar certification-Operating System Basics:Windows and Linux process and file system awareness Professional & Technical Skills: -Monitor real-time alerts and dashboards in Sumo Logic SIEM-Perform initial triage on alerts and determine severity/priority-Escalate validated security incidents to L2 analysts per defined SOPs-Follow pre-defined SOAR playbooks to document or assist in response-Ensure alert enrichment fields are populated like host info, user details, etc.-Conduct basic log searches to support alert analysis-Perform daily health checks on log sources and ingestion pipelines-Maintain accurate ticket documentation for each alert handled-Participate in shift handovers and team sync-ups for awareness-SIEM:Basic log searching, correlation rule awareness-SOAR:Familiarity with playbook execution-Security Concepts:Basic understanding of malware, phishing, brute force-Tools:CrowdStrike EDR, Sumo Logic Additional Information:- The candidate should have minimum 2 years of experience in Security Information and Event Management (SIEM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As the SOC L3 Analyst you will lead the technical handling of critical security incidents. Youll be responsible for deep-dive analysis, root cause investigation, forensics, and containment using tools such as CrowdStrike, Sumo Logic SIEM, and SOAR. You will be responsible for onboarding and managing log sources, building SIEM use cases (custom + in built), and developing automation in SOAR to support incident response and threat detection workflows Roles & Responsibilities:-End-to-End Incident Response Ownership:Ability to handle incident lifecycle (detect, contain, remediate)-Subject matter expert for handling the escalated critical or actual true positive incidents.-CrowdStrike Deep Dive:Using Real Time Response (RTR), Threat Graph, custom IOA rules-Strong command over Sumo Logic SIEM content engineering:Creating detection rules, dashboards, and field extractions-Threat Hunting:Behavior-based detection using TTPs-SOAR Automation:Designing playbooks, integrations with REST APIs, ServiceNow, CrowdStrike-Threat Intel Integration:Automation of IOC lookups and enrichment flows-Forensic Skills: Live host forensics, log correlation, malware behavioral analysis-Deep experience in advanced threat detection and incident response-Scripting Proficiency:Python, PowerShell, Bash for automation or ETL-Error Handling & Debugging:Identify and resolve failures in SOAR or data pipelines-Proficiency in CrowdStrike forensic and real-time response capabilities-Experience Sumo Logic SOAR for playbook optimization-Use case development in Sumo Logic SIEM Professional & Technical Skills: -Lead high-severity incident response, coordinating with stakeholders and IT teams-Perform endpoint forensic triage using CrowdStrike Real Time Response (RTR)-Conduct detailed log analysis and anomaly detection in Sumo Logic-Customize or create new detection rules and enrichments in SIEM-Develop/Tune SOAR playbooks for advanced scenarios, branching logic, and enrichment-Perform root cause analysis and support RCA documentation-Mentor L1 and L2 analysts through case walk-throughs and knowledge sharing-Generate post-incident reports and present findings to leadership-Lead investigations and coordinate response for major incidents-Perform root cause analysis and post-incident reviews-Develop advanced detection content in Sumo Logic-Optimize SOAR playbooks for complex use cases-Onboard and maintain data sources in Sumo Logic SIEM and ensure parsing accuracy-Build custom dashboards, alerts, and queries aligned with SOC use cases-Create and maintain field extractions, log normalization schemas, and alert suppression rules-Integrate external APIs into SOAR (e.g., VirusTotal, WHOIS, CrowdStrike)-Monitor log health and alert performance metrics; troubleshoot data quality issues-Collaborate with L3 IR and Threat Intel teams to translate threat use cases into detections-Participate in continuous improvement initiatives and tech upgrades-Conduct playbook testing, version control, and change documentation-CrowdStrike:Custom detections, forensic triage, threat graphs-SIEM:Rule creation, anomaly detection, ATT&CK mapping-SOAR:Playbook customization, API integrations, dynamic playbook logic-Threat Intelligence:TTP mapping, behavioral correlation-SIEM:Parser creation, field extraction, correlation rule design-Scripting:Python, regex, shell scripting for ETL workflows-Data Handling:JSON, syslog, Windows Event Logs-Tools:Sumologic SIEM, Sumo logic SOAR & Crowdstrike EDR-Exp in in SOC/IR including 4+ in L3 role (IR + SIEM Content Engineering & SOAR) Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Job Discription: Minimum of 8 years of experience. Strong understanding of SIEM tools. Solid knowledge of EDR solutions. Experience in managing and mentoring a SOC team. Proven experience in leading the incident response process. Strong analytical skills, with a basic understanding of forensics, networking, and Windows processes

Skills required for MS Defender: L2 MS Defender for Endpoints (EDR/ATP),Other Monitoring Tools Office 365,Active Directory, Microsoft Intune, Anti-Virus, Trend Micro

About the Role We are seeking a highly skilled Security Analyst (Level 2) to join our MSSP SOC team. The ideal candidate will have expertise in SIEM (Splunk, QRadar), XDR/EDR solutions, and security analysis with hands-on experience in investigating and responding to security alerts. This role requires proficiency in reviewing and analyzing Level 1 alerts, providing detailed recommendations, and engaging with customers for incident handling. The candidate should also have basic SIEM administration knowledge and Python scripting skills for troubleshooting and playbook development. Key Responsibilities Threat Detection & Response: Analyze and investigate security alerts, events, and incidents generated by SIEM, XDR, and EDR solutions. Incident Investigation & Handling: Conduct in-depth security incident investigations, assess impact, and take appropriate actions. Incident Escalation & Communication: Escalate critical incidents to Level 3 analysts or senior security teams while maintaining detailed documentation. Content Management: Develop and fine-tune correlation rules, use cases, and alerts in SIEM/XDR platforms to improve detection accuracy. Malware Analysis: Perform basic malware analysis and forensic investigation to assess threats. Customer Request Handling: Collaborate with customers to address security concerns, provide recommendations, and respond to inquiries. SIEM Administration: Assist in the administration and maintenance of SIEM tools like Splunk or QRadar, ensuring smooth operations. Automation & Playbooks: Utilize Python scripting for automation, troubleshooting, and playbook development to enhance SOC efficiency. Reporting & Documentation: Prepare detailed reports on security incidents, trends, and mitigation strategies. Basic Qualifications B.E/B. Tech degree in computer science, Information Technology, Masters in Cybersecurity 3+ years of experience in a SOC or cybersecurity operations role. Strong knowledge of SIEM tools (Splunk, QRadar) and XDR/EDR solutions. Hands-on experience in threat detection, security monitoring, and incident response. Knowledge of network security, intrusion detection, malware analysis, and forensics. Basic experience in SIEM administration (log ingestion, rule creation, dashboard management). Proficiency in Python scripting for automation and playbook development. Good understanding of MITRE ATT&CK framework, security frameworks (NIST, ISO 27001), and threat intelligence. Strong analytical, problem-solving, and communication skills. Ability to work in a 24x7 SOC environment (if applicable) Preferred Qualifications Certified SOC Analyst (CSA) Certified Incident Handler (GCIH, ECIH) Splunk Certified Admin / QRadar Certified Analyst CompTIA Security+ / CEH / CISSP (preferred but not mandatory

• 2–4 years of hands-on experience in a SOC or related cybersecurity role. • Working knowledge of SIEM tools such as Splunk, , QRadar, etc., for alert triage and log review. • Exposure to EDR tools SentinelOne.

Dream11 is seeking a skilled Senior Security Engineer - Security Operations to strengthen our defense against evolving threats. If you have over 5 years of experience in SecOps, incident response, or threat hunting, and a strong background in SIEM implementation, you'll be crucial in maintaining security compliance and building automated defense frameworks. Your Role Integrate data sources, analyze logs, write/fine-tune alerts, and maintain security compliance across the infrastructure. Manage and implement SIEM solutions for both on-premise and cloud architectures. Develop and optimize the incident response framework , including processes, playbooks, and documentation. Develop and optimize the threat hunting/intelligence framework , including processes, playbooks, and documentation. Build automated frameworks to remediate threats without human intervention based on incident response policies. Effectively communicate with internal and external stakeholders to drive the security operations roadmap . Qualifiers 5+ years of work experience in SecOps/Incident Response/Threat hunting (Blue Team)/SIEM tool implementation . Working knowledge of security technologies like EDR/Firewalls/Antivirus/SOAR .

Job Description: Description Airbus started its Digital journey. The objective being to transform the company and to prepare it for the future. This transformation includes new global governance, new ways of working and the implementation of digital business services and platforms. As a part of this transformation journey we have set up a GIC in the silicon valley of India - Bangalore. This state of the art GIC is responsible for driving excellence in IT for Airbus. To manage these complex environments and teams are managed by the group manager. Currently Airbus is looking for a Group Manager- Security Defence Centre, to join the Bangalore, India location. He/She will be part of the Information Management (IM) function and is responsible for the day to day innovation, build & operation of the Global Cyber Security Team located in INDIA. He/ She will be the business operations manager IM Cyber Security group, which involves operational management of budget, Supplier management, risk/issue management and change control support. The successful candidate shall establish team goals by evaluating, identifying & understanding the business strategy and technical trends as well. He/she shall accomplish the team results/performance by communicating job expectations, planning, monitoring, coaching and leading the team in the right direction. Qualification & Experience Graduate/Post Graduate with 12+ years of experience in IT Security, Cyber or equivalent field. Expert level: Business / affairs Management Project Management Leadership Skills Ability to engage and coach people Experience in building new teams and defining the road maps Intermediate level: Service Delivery Management - Security Operations Centre Cyber Security Software/tool Development Experience Security Monitoring & Detection techniques. Understanding Threat hunting & Threat modelling. Other: Knowledge of Aerospace domain (desirable but not mandatory) In depth understanding of the IM cybersecurity ecosystem: Windows security,Unix security, Kubernetes/dockers/containers security,Identity and access management,Architecture design,Infra & application security frames,application,monitoring, risk management & mitigation activities. Knowledge on implementing and managing the solutions for continuous threat monitoring and remediation activities at global scale for Airbus and entities. Knowledge on Agile/ SAFe principle and Service Management best practices Understanding and experienced in managing the technologies like Firewalls, Bastion, DLP, IAM, MFA, EDR, Encryption, antimalware, IDS/IPS, proxies , sand-boxes. Quality management System awareness is desirable Capability to understand and deliver new business and customer requirements in the Digital domain Ability to shift between domains and multi-skills experience is highly desirable. Professional Networking Skills Basic French knowledge is desirable Responsibilities Hold the full responsibility to lead Global Cybersecurity team in right direction to achieve the success Managing co-ordination of the partners and working groups engaged globally in projects Manage global communications and alignment with widely spread global stakeholders Take the accountability of developing and maintaining a detailed project plan Provide an enterprise perspective when identifying and addressing business needs Strong passion for technology, modern platform mind-set and solving customer problems Ensure that project deliverables are in line with the project plan Manage project scope and change control and escalating issues where necessary Manage resource capabilities and assignment (AI internal resources and In situ Supplier) Work closely with the global business team to ensure the project meets business needs Effectively manages project risk through mitigation planning Motivates team to work together in the most efficient manner Conduct the performance evaluation of the team Overall Cost /budget Estimation and control Experience in designing, integrating and managing IT solutions Ability to provide solutions, determine overall design direction and provide recommendations for complex issues Awareness of the role of Information Management plays in enabling the business objectives to be met Develop and implement procedures and procure tools pertinent to the effective and efficient operation. Ability to prepare, maintain and analyse service reports to address any possible delays/issues before it occurs. Liaises with, and updates progress to, project board/senior management Manage all aspects including project training within the defined budget Help team to identify their appropriate career path Develop competencies of the Team and prepare for future competencies Continuously look new opportunities and new customers within the frame of Global In-house Centre Technology Services Solutions Manage and lead the team on day to day operational basis and drive continuous process improvement Lead the team using a performance management and development process with the right training program. Provide effective performance feedback through employee recognition, rewards, and disciplinary action when its required. Work with Human Resources Team to interview and recruit right team based on the business need Coach, mentor, provide oversight and direction to the team accordance with the organisation's policies and procedures Develop the team to take the delegation and empower them to take responsibility for their jobs and goals Success Metrics Success will be measured in a variety of areas, including but not limited to Bring innovative cost effective solutions Achieve the customer satisfaction Agile mind-set, collaborative way of working. Consistently ensure the on-time delivery and quality (first-time-right) of the projects. This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Companys success, reputation and sustainable growth. Company: Airbus India Private Limited Employment Type: Permanent Experience Level: Professional Job Family: Leadership By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus. Airbus is, and always has been, committed to equal opportunities for all. As such, we will never ask for any type of monetary exchange in the frame of a recruitment process. Any impersonation of Airbus to do so should be reported to emsom@airbus.com . At Airbus, we support you to work, connect and collaborate more easily and flexibly. Wherever possible, we foster flexible working arrangements to stimulate innovative thinking.,

Job Title: Sr. Office 365 Support Specialist Business Function/Sub Function: IT Infra & Operation Location: Noida, India Position Overview: We are looking for a highly accomplished IT Infrastructure, Operations, and ITSM Specialist to join the GEDU IT Infra & Operations Team at our Noida office. This role requires a dynamic professional with expertise in IT infrastructure, operations, network support, and IT service management, along with hands-on experience in Microsoft Azure, Office 365, and endpoint security solutions. The ideal candidate should have a strong technical background, proven leadership skills, and a user-centric approach. They will be responsible for leading IT support teams, ensuring the stability and security of IT infrastructure, and driving operational excellence. Working across multiple time zones as per business needs, they will collaborate with product managers, architects, and R&D teams to enhance IT services and align technology strategies with business objectives. This role demands a proactive mindset, the ability to manage critical IT projects, and a focus on continuous improvement, automation, and security compliance. If you are passionate about delivering seamless IT experiences, driving innovation, and building robust IT operations, we encourage you to apply. Key Responsibilities: IT Operations Management Oversee the design, implementation, and maintenance of IT infrastructure, including cloud, on-premises and hybrid environments. Manage Azure Active Directory, Entra ID, Office 365, and endpoint security solutions to ensure seamless IT operations. Monitor system performance, availability, and security to proactively address potential risks and minimize downtime. Ensure effective backup, disaster recovery, and business continuity planning for IT services. IT Service Management (ITSM) & Support Lead incident, problem, change, and service request management in alignment with ITIL best practices. Establish and enforce ITSM processes and SLAs to ensure prompt and effective resolution of IT issues. Maintain and update ITSM documentation, including SOPs, knowledge base articles, and system documentation. Collaborate with cross-functional teams to enhance service efficiency and user experience. Security, Compliance & Identity Management Implement and manage security baselines, compliance policies, and endpoint security solutions (e.g., Microsoft Defender, Purview). Oversee Multi-Factor Authentication (MFA), Single Sign-On (SSO), and Privileged Identity Management (PIM) for enhanced security. Ensure compliance with global security standards and regulatory requirements. Manage Zero Trust principles and enforce security hardening practices. Team Leadership & Vendor Management Lead and mentor a team of IT support engineers, ensuring high performance and continuous skill development. Manage relationships with third-party vendors and service providers, ensuring SLA adherence and prompt resolution of escalations. Drive collaborative problem-solving and knowledge sharing across the IT team. Automation & Process Optimization Develop and automate IT workflows using PowerShell scripting and Microsoft Graph API. Continuously optimize IT processes and drive innovation to improve operational efficiency. Identify opportunities to reduce manual effort and enhance self-service capabilities. Project & Stakeholder Management Manage IT infrastructure projects, upgrades, and migrations based on business requirements. Collaborate with business leaders, product managers, and R&D teams to align IT strategies with organizational goals. Provide regular reports and insights on IT performance, risks, and improvement plans. Qualifications: Bachelors degree in computer science, Information Technology, Engineering, or a related field. Masters degree in IT Management or related disciplines is a plus. Professional Certifications (Preferred but not mandatory): Microsoft Certifications : Microsoft Certified: Azure Administrator Associate (AZ-104) Microsoft Certified: Identity and Access Administrator (SC-300) Microsoft 365 Certified: Modern Desktop Administrator Associate IT Service Management (ITSM) & Security Certifications : ITIL v4 Foundation (or higher) for ITSM best practices CompTIA Security+ or CISSP for security management Networking Certifications : Cisco CCNA/CCNP, Aruba, or Arista networking certifications are a plus Work Experience: 7 to 10 years of experience in Office 365 Administrator, Operations, ITSM, and Cloud Administration. Hands-on experience in Microsoft Azure, Office 365, Entra ID, Intune, and Endpoint Security. Strong knowledge of ITIL processes, service management tools, automation, and PowerShell scripting. Proven experience in leading IT support teams, managing IT projects, and collaborating with cross-functional teams. Key Skills & Competencies: Deep expertise in cloud, hybrid IT environments, and IT service management. Strong problem-solving skills and the ability to troubleshoot complex technical issues. Excellent communication, leadership, and stakeholder management skills. Ability to work across different time zones as per business needs. Strong analytical mindset, with a focus on continuous improvement and automation.

Job title: Associate Consultant (SOC) Location: Navi Mumbai Number of Vacancies: 1 Educational Qualifications: BE-IT / B Tech /BSc. Comps/ BCA or equivalent Key Skills: Cyber Security Incident Analysis and Response Experience: 2-4 yrs. Essential Duties and Responsibilities: Perform real time monitoring, incident handling, investigation, analysis, reporting, and escalations of security events. Integrate log sources with SIEM s create use cases. Identify suspicious/malicious activities through logs. Preparation of Incident tracker and follow-up with client IT team for mitigation. Communicate with the clients to resolve the queries related to incidents. Prepare s Review Daily, Weekly and Monthly Reports/Dashboard. Create s Review advisories and ensure organization is protected from latest threats s vulnerabilities. Work Experience Requirements: Understanding of Cyber Security Concepts and Incident Response framework and processes. Hands on experience in monitoring events and investigating incidents daily. Experience in identifying, analyzing, and responding to security incidents within defined SLA. Hands-on experience working on SIEM / EDR Tools like Crowdstrike, QRadar etc. Configuring use cases s creating playbooks for security monitoring will be an added advantage. Experience of working in a 24x7 Security Operations Center (rotational shifts). Good communication and collaboration skills. Team Management Skills.

Responsibilities: * Collaborate with sales team on proposal development * Conduct risk assessments using NIST framework * Present solutions at customer meetings * Manage presales process from demo to close Health insurance

Role & responsibilities Overview: The Team Lead - Information Security ensures the efficient execution of security operations by driving proactive incident management and strategic security initiatives. This role demands strong technical expertise and analytical thinking to enhance security posture and operational efficiency. Key Responsibilities: Lead the classification, documentation, and resolution of security incidents. Analyze, assign, and escalate high-complexity security issues as needed. Establish incident response protocols and ensure adherence to response timelines. Investigate complex security issues, determine root causes, and implement preventive measures. Collaborate with third-party vendors and escalate unresolved security incidents. Conduct vulnerability assessments and evaluate security risks. Enhance existing security controls and recommend risk mitigation strategies. Provide regular updates on security incidents, mitigation actions, and operational improvements. Develop executive-level security reports and presentations. Provide guidance on security tool optimization and integration into the organizations security framework. Lead security incident investigations and provide strategic recommendations. Cross-Functional Collaboration: Work with IT, compliance, and security teams to integrate security solutions into business operations. Lead the coordination of security initiatives with various departments. Technical Leadership and Mentorship: Provide technical guidance and mentorship to security analysts and team members. Foster a culture of continuous learning and development within the team. Stay updated on emerging cybersecurity threats, trends, and best practices. Recommend and implement security enhancements based on evolving threat landscapes. Experience Requirements: 6-8 years of experience in security operations, incident response, and risk management. Hands-on experience with SIEM tools like CrowdStrike, MS Sentinel, Splunk, QRadar, or LogRhythm. Expertise in EDR tools, Email Security tools, and forensic network analysis. Strong background in SOC operations, including triage, alert investigation, and incident qualification. In-depth knowledge of security technologies: DLP, IDS/IPS, Email Security, SWG/Proxy, CASB, CSPM, SASE, SSE, and SIEM. Experience with cloud security solutions and platforms such as AWS, Azure, or Google Cloud Platform. Proficiency in operating system security for Windows, MacOS, and Linux distributions. Strong problem-solving skills with the ability to analyze and resolve complex security issues. Strong expertise in ITIL and Change Management. Skills and Competencies: Strong technical knowledge in SIEM, EDR, Incident Response, and Email Security tools (ProofPoint, FireEye, CrowdStrike). Ability to optimize SOC operations and security workflows. Excellent communication and collaboration skills. Proficiency in MS Office for reporting and documentation. Relevant certifications such as CS, Threat Hunting, or equivalent technical certifications. Qualifications: Bachelor’s degree in computer science, Information Security, Electronics & Communication, or a related field & 8+ years of experience in managing and operating security solutions in enterprise environments. Preferred candidate profile

Job Description: Threat Hunting analyst performs a wide variety of security duties with a primary focus on threat actor-based tactics, techniques, and procedures. The ability to manage multiple simultaneous threat hunts spanning several platforms with various TTPs is a key function of this role. Knowledge sharing and mentoring of team members is a critical and necessary skill. Must have the ability to operate under pressure and influence the team dynamic when responding to incidents. Should be able to work to enhance and improve the team and processes over time in a well-established manner. Roles and responsibilities : Perform hypothesis-based threat hunts using popular MITRE attack framework Perform intel-based threat hunting Conduct threat simulation exercises to test current security control Create diamond models to model threat activity Work directly with leadership to develop and improve existing internal processes Develop new processes that will add value to threat hunting team Provide proactive assistance to junior analysts to help them develop their skillset Develop advanced correlation rules for threat detection using CQL (CrowdStrike Query Language) Create and utilize threat intel report to conduct manual hunts across available data sources Perform static and dynamic analysis of malicious files Work proactively on critical security incidents Perform vulnerability review and risk assessment Core experience with Crowdstrike or SPLUNK L3 level experience into investigation, recommendation and take decisions related to Security Incident Investigation, Worked with Leadership Manage End-2-End Security Incident Investigation Experience in creating MITRE Attack Framework Knows basics of Vulnerability Analysis & Risk Assessment Manual Hunt Actively search for threats that may not have been detected by automated security tools. Detect hidden or undisclosed threats using advanced techniques and tools. Develops hypotheses about potential threats based on threat intelligence and industry trends. Performs an in-depth analysis of the network and system to uncover IOCs and APTs. Works closely with other cybersecurity teams to improve detection capabilities and share findings. Have a high level of knowledge in scripting (e.g. Python, PowerShell) to automate threat hunting tasks. Deeply analyze the tactics, techniques, and procedures (TTPs) of the attacker. Advanced Threat Detection Scripting and Programming Knowledge Advanced PowerShell, Bash, and Cmd Analysis Threat Intelligence, Malware Analysis, Vulnerability Analysis, Cloud Security, Data Analysis Required skills : Ability to perform threat hunting using MITRE attack framework Ability to identify/detect/explain malicious activity that occurs within environments with high accuracy/confidence level Ability to develop advanced correlation rules for threat detection. Must be expertise in creating queries using SPL (Search processing language used by Splunk) or CQL (CrowdStrike Query language) Ability to create threat intelligence reports based on available threat intel Ability to perform static and dynamic analysis of possible malicious files Ability to perform Vulnerability analysis and risk assessment Should have strong log analytical skills Should be able to demonstrate good incident response skills in case of critical security incidents Moderate understanding of Windows and Linux operating systems, as well as command line tools Strong verbal as well as written communication skills Basic understanding of malware analysis Year of Experience : 5+ years (Security Operations + Threat Hunting - [Minimum 2 years should be in threat hunting]) Tools - CrowdStrike, Splunk, Logscale Humio Certification : GIAC / Offensive Security certifications preferred CTHP (CTHP (Certified Threat Hunting Professional): An advanced certification for threat hunters.) , C|TIA (Certified Threat Intelligence Analyst), GIAC Certified Threat Intelligence (GCTI), Certified Threat Hunting Professional (CTHP). One of this is a must have. Programing language - Python (Good to have) Qualification : Bachelor of Engineering in any stream

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L2 Analyst has responsibility to closely track the incidents and support for closure. 10.Working with logsource and usecase management in integrating log sources and developing & testing usecase 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Developing SOP / instruction manual for L1 team 13.Guiding L1 team for triage/analysis and assist in clousure of cybersecurity alert and incidents 14.Handle XDR alerts and followup with customer team for agent updates 15.Escalate more complex incidents to L3 SME for deeper analysis. Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.3-7 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques. Preferred technical and professional experience Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications