218 Edr Jobs - Page 8

Project Role : Security Delivery Practitioner Project Role Description : Assist in defining requirements, designing and building security components, and testing efforts. Must have skills : Accenture MxDR Ops Security Threat Analysis Good to have skills : NA Minimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Key Responsibilities Work as part of analysis team that works 24x7 on a rotational shift Perform security monitoring by analyzing logs, traffic and alerts generated by variety of device technologies Timely response to customer requests like detection capabilities, tuning, etc. Research new threats and provide recommendations to enhance detection capabilities Strong desire for continuous learning on vulnerabilities, attacks and countermeasures Identify opportunities for process improvement Response activities on EDR based on client requirementsTechnical Experience Experience in an SOC operations with customer-facing responsibilities Deep understanding on cyber security fundamentals, security devices, network defense concepts and threat landscape Hands-on experience in SIEM, SOAR and threat hunting tools Desirable knowledge in any scripting language and EDR products Preferable GCIA, GCFA, CISSP Relevant experience required is 1 to 3 years.Professional Attributes Strong customer service and interpersonal skills Strong problem-solving skills Ability to communicate clearly at all levels, demonstrating strong verbal and written communication skills. Adaptability to accept changeEducational Qualification Minimum a bachelor's or a master's degree in addition to regular 15- year full time education Qualifications 15 years full time education

Your key responsibilities Operational support using SIEM solutions (Splunk, Sentinel, CrowdStrike Falcon LogScale), EDR Solution (Defender, CrowdStrike, Carbon Black), NSM (Fidelis, ExtraHop) for multiple customers. First level of monitoring and triaging of security alerts Initial data gathering and investigation using SIEM, EDR, NSM solutions. Provide near real-time analysis, investigation and, reporting security incidents for customer Skills and attributes for success Customer Service oriented - Meets commitments to customers; Seeks feedback from customers to identify improvement opportunities. Good hands-on knowledge of SIEM technologies such as Splunk, Azure Sentinel, CrowdStrike Falcon LogScale from a Security analysts point of view Exposure to IOT/OT monitoring (Claroty, Nozomi Networks etc.) is a plus Good knowledge and experience in Security Monitoring Good knowledge and experience in Cyber Incident Response Knowledge in Network monitoring technology platforms such as Fidelis XPS, ExtraHop Knowledge in endpoint protection tools, techniques, and platforms such as Carbon Black, Tanium, CrowdStrike, Defender ATP etc. To qualify for the role, you must have B. Tech./ B.E. with sound technical skills Ability to work in 24x7 shifts Strong command on verbal and written English language. Demonstrate both technical acumen and critical thinking abilities. Strong interpersonal and presentation skills. Hands-on experience in SIEM, EDR and NSM solution Certification in any of the SIEM platforms Knowledge of RegEx, Perl scripting and SQL query language. Certification - CEH, ECSA, ECIH, Splunk Power User

Job Title: SOC Manager Location: Bangalore Department: Security Operations Center About Zybisys : At Zybisys, we are dedicated to providing top-tier cybersecurity services to our clients. We are looking for a skilled and experienced SOC Manager to lead our Security Operations Center (SOC) team in supporting customer onboarding, service implementation, continuous monitoring, and ensuring compliance with industry standards Role Overview: The SOC Manager will oversee the implementation, monitoring, and management of security operations for multiple clients. This role requires managing customer SOC services, ensuring timely onboarding, continuous monitoring, and compliance with security standards. You will lead the team in incident detection, response, and mitigation while ensuring the highest level of customer satisfaction. Key Responsibilities: SOC Operations Leadership: Lead and manage SOC operations for multiple client accounts, ensuring seamless service delivery, compliance, and performance. Client Onboarding & Implementation: Oversee the onboarding of new clients to the SOC service, ensuring smooth implementation of security protocols, tools, and monitoring systems. Incident Detection and Response : Supervise the detection, response, and remediation of security incidents for clients, providing detailed analysis and post-incident reviews. Continuous Monitoring & Threat Intelligence: Ensure the continuous monitoring of client systems for vulnerabilities, utilizing modern SIEM tools, intrusion detection/prevention systems (IDS/IPS), and other security technologies to proactively defend against emerging threats. Compliance & Reporting: Ensure SOC operations meet industry standards (e.g., GDPR, HIPAA, PCI-DSS) and regularly update clients on security posture through reports and executive briefings. Team Leadership & Mentorship: Lead, train, and mentor SOC team members, fostering continuous learning and certifications. Security Automation: Drive initiatives to automate security operations and reduce response time through SOAR tools and other technologies. Cross-Functional Collaboration: Work closely with clients, IT teams, and external vendors to ensure security is integrated into all systems, applications, and workflows. Key Skills and Qualifications: Certifications: CISSP, CISM, CEH, CTIA, CCSP or similar. Experience: Minimum 10+ years of experience in cybersecurity, with at least 5+ years in a leadership or managerial role within a SOC or security operations environment. Proven experience in client onboarding, security monitoring, and compliance. Technical Expertise: Hands-on experience with SIEM tools (Splunk, IBM QRadar), IDS/IPS, firewalls, EDR, and other security technologies. Leadership & Communication: Strong leadership, management, and communication skills, with the ability to present technical information to non-technical stakeholders. Analytical Skills: Strong problem-solving abilities and experience in conducting root cause analysis and developing action plans post-incident. Preferred Skills: Experience with cloud security (AWS, Azure, Google Cloud). Familiarity with security frameworks (ISO 27001, NIST, SOC 2 TYPE-2, PCI-DSS, GDPR). Experience with red teaming, penetration testing, and vulnerability assessments. Why Join Zybisys? Zybisys offers an exciting and dynamic work environment where you can contribute to innovative cybersecurity services. Join us to lead a team that supports clients with their security needs while growing your career in the cybersecurity industry.

5+ years of exp in a Security Analyst or related role.Hands-on exp with security monitoring, vulnerability management, penetration testing tools & incident response.Excellent understanding of network protocols (TCP/IP,DNS,HTTP, etc.).Exp in Risk Mgt. Required Candidate profile Maintain & manage security tools(e.g.Next gen AV,EDR,SIEM & Network protocol).Compliance with security standards & frameworks(e.g.,ISO 27001).Certified (Optional)-CEH,CISM,ISO 27001:2022 Lead Auditor.

Please find the Job Description for EDR : 1. -Good working knowledge of EDR solutions such as MDATP, FireEye, CrowdStrike Falcon, Carbon Black. 2. -Must be well-versed with Operating System concepts i.e. Windows/Linux/MacOS 3. -Ability to distinguish between False Positives and False Negatives detections with respect to logs available. 4. -Good Exposure to OSINT tools, sandboxing, encoding-decoding techniques for independent investigation. 5. -Must be able to Investigate and Triage EDR related alerts with an ability to share detailed investigation reports to clients within SLA. 6. -Knowledge of Cyber kill chain and MITRE ATT&CK techniques and tactics used by adversary to evade detection. 7. -Awareness of various stages of Incident Response which involves in-depth analysis and RCA submission on security incidents. 8. -Good understanding of Malware Analysis i.e. static and dynamic and its variants. 9. -Exposure to adversary simulation and red teaming tools such as Caldera, PowerShell Empire, Cactus Torch 10. -Understanding of Database language i.e. KQL is a Plus. 11. -Understanding of Network Security concepts and popular encryption standards. 12. -Excellent communication skills for cross-group and interpersonal skills with ability to articulate business need for detection improvements. 13. -Exposure to reverse engineering of malware samples is a plus. 14. -Certification in OSCP, OSCE, GREM, GCIH, GCFA will be highly preferred. ***Willing to work in rotational shift timings.// To be added if required.

*Bachelors degree in computer science, Information Technology, Information Security, or related field (or equivalent experience) *Knowledge on Splunk, Firewall, and any Security tools along with CloudFlare WAF *Knowledge on Cloud Security * Experience working in a technical support or helpdesk role is preferred * Familiarity with enterprise security tools such as SIEM, IDS/IPS, EDR, web application firewall, identity and access management solutions, etc. * Basic understanding of networking concepts and protocols (TCP/IP, DNS, DHCP, etc.) * Proficiency in at least one scripting language (e.g., Python, PowerShell) is a plus * Certifications such as CompTIA Security+, CISSP, CCSP or GIAC are advantageous but not required * Ability to prioritize and manage multiple tasks simultaneously * Strong problem-solving skills and a methodical approach to troubleshooting * Adaptability and willingness to learn new technologies and processes * Commitment to providing exceptional customer service and support

Job DescriptionDescription: JOB DESCRIPTION of Endpoint Security Support Executive Job Title (Designation): Assistant Manager II Endpoint Security Support Executive Department: Information Technology Reports to: Senior Manager Experience: 2 /3 Years of work experience Required Qualification: Diploma in Engineering/Any Graduation Degree Preferred Qualification: Diploma in Engineering/Any Graduation Degree Skill, Knowledge & Trainings: Excellent command / highly proficient in spoken and written English Should have Exceptional customer service skills. Troubleshooting skills for Windows Operating Systems (OS). Should have working knowledge of softwares/tools used for management of Antivirus, Inventory, Application control, Windows Patches & Builds & Browser security. Proficient knowledge of computer systems and its peripherals. Microsoft trainings on Server / Client OS Fundamentals & Security preferred. Core Competencies: Excellent in teamwork with a strong sense of responsibility, accountability, reliability, and commitment Self-motivated & Self starter Ability to quickly adapt to new technologies Ability to thrive on challenges/pressure Ability to manage task flow and complete assigned project on time Demonstrate solid time management, communication, decision making, human relations, organizational skills and ability to set and manage priorities in a results-oriented way Have an analytical nature in order to determine the underlying reason for a particular problem. Solve non-standard issues that may require analytical and conceptual thinking Functional Competencies: Security Products Related Support for the following. Antivirus / EndPoint Detection & Response (EDR), Extended Detection & response (XDR). Endpoint Patch Management. Application Whitelisting Solution. Data Loss Prevention (DLP) Management. Performing Health-check exercises to ensure Compliance enforcement & adherence of all systems beings managed. Logging call with OEMs / Service providers for various issues and vulnerability related closure. Additional Competencies Strong technical knowledge of Microsoft product line including Windows & Client Operating Systems & MS Office IT asset tracking knowledge and related documentation. Expertise in advance level troubleshooting of incidents impacting end users. Capacity management of Servers hosted in virtualized environments. Adhere to system security practices. Support multiple users in a timely and efficient manner, following timely escalation process/procedures. Research, resolve, respond to, and document appropriate user inquiries, as requested. Escalate or re-assign issues as needed to appropriate resources for resolution. Good knowledge of Local Area Network infrastructure. Knowledge on basic handling of Virtual hosted Servers. Effective Co-ordination with various support teams/departments /vendors. Proficiency in Email and Telephonic communication. Ability to multi-task and prioritize workload Ability to make independent decisions when required for problem resolution. Job Purpose: Maintenance of Compliance of End user Windows systems by effective management of Security products of Antivirus, EDR & XDR, Windows Security Patches, Application Whitelisting solution & Data Leakage Solution. Area of Operations Key Responsibility Onsite & Remote Technical support to users & Onsite consultants Using centralized ticketing system for receiving & closing support related calls. Ensure support tickets are responded to in a timely manner and resolved in accordance to predefined company standards. Running day to day Server & Application checklists as part of Server / application management. Submission of monthly / quarterly reports for applications / servers being managed. Maintenance & Submission of various documentation & reports for Audits. Maintaining the build environments for all products and platforms. Adhere to Asset Management procedures, ensuring assets are fully tracked & information is maintained throughout its lifecycle in a timely fashion. Plan, execute and finalize procurement for technology spending across the organization. Experience in obtaining quotes from vendors and negotiations. Management of End user centralized Application Softwares used for Browser management, Asset Inventory management, Antivirus management. Patch management. Management of Voice Recording Systems (VRS). Management of onsite AMC vendor team to ensure call resolution is within agreed Service Level greement (SLA). Setup and support for hosting meeting via softwares such as Cisco Webex / Zoom. Audio / video conference systems setup such as Polycom / Blue Jeans. Vendor management. Replacement / Upgrade of hardware / software in line with organizations Asset Obsolescence policy & procedure. Assessment of VA/PT (Vulnerability Assessment / Penetration Test) reports and related work for closure of vulnerabilities. Day to Day investigation work related to SOC (Security Operation Centre) alerts & reports. Planning & Executing BCP for various applications being managed. Performing Health-check exercises to ensure Compliance enforcement & adherence of all systems beings managed. Provide technical support to onsite and remote personnel to ensure prompt restoration of service on a variety of systems and applications. Installation, configuration, maintenance and troubleshooting of existing endpoint environments including imaging and complete system setups.

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Managed Services Information Security Analyst is a seasoned subject matter expert, responsible for working with security tools and other security teams to monitor, analyze, interpret and report on the incoming client data for the purpose of delivering security information and recommendations to the clients, enabling the organization to deliver the contracted security services. This role includes performing tasks such as security incident detection and response, security event reporting, threat hunting, content maintenance (tuning) and interacting with clients to ensure their understanding of the information generated, recommending client system changes as well as answering security related queries from the clients. What you'll be doing Key Responsibilities: Works as part of a global Cyber Defense Centre (CDC) team that works 24/7 on rotational shifts. Works with client stakeholders and relevant internal teams to tune the MSSP platform and client SIEM to enable more efficient detection, analysis and reporting. Monitors security tools to review and analyze security logs from client environments. Generates continuous improvement ideas for supported security tools/technologies, to enable improvements to the company services, employee experience and client experience. Adheres to SOPs, customer Run Books and standard processes to ensure a globally consistent delivery whilst also proposing changes and improvements to these standards. Utilizes and documents best practices and amends existing documentation as required. Identifies opportunities to make automations which will help the clients and security delivery teams. Performs security incident handling and response from several vectors including End Point Protection and Enterprise Detection and response tools, attack analysis, malware analysis, network forensics, computer forensics., Utilizes a broad range of skills in LAN technologies, Windows and Linux O/S’s, and general security infrastructure. Ensures usage of knowledge articles in incident diagnosis and resolution and assists with updating as and when required. Performs defined tasks to inform and monitor service delivery against service level agreements and maintain records of relevant information. Undertakes threat hunting activities across both individual client estates, as well as cross client hunting. Manages unresolved incidents and follows up until incidents are resolved. Works closely with client delivery teams to support their activities related to client delivery. Cooperates closely with colleagues to share knowledge and build a cohesive and effective team environment, benefiting the individual, the business and the client. Performs any other related task as required. Knowledge and Attributes: Seasoned knowledge on implementation and monitoring of a company supported SIEM or security tools/technologies/concepts. Seasoned knowledge on security architecture, worked across different security technologies. Seasoned knowledge and understanding of the operation of modern computer systems and networks and how they can be compromised. Displays excellent customer service orientation and pro-active thinking. Displays problem solving abilities and is highly driven and self-organized. Excellent attention to detail. Excellent analytical and logical thinking. Excellent spoken and written communication abilities. Team player with the ability to work well with others and in group with colleagues and stakeholders. Ability to remain calm in pressurized situations. Ability to keep current on emerging trends and new technologies in area of specialization. Academic Qualifications and Certifications: Bachelor's degree or relevant qualification in Information Technology or Computing or a related field. Security certifications such as (but not limited to) AZ-500, SC-200, Security+, CEH, CISSP, CISM or similar Certification in different networking technologies such as CCNA, JNCIA, ACCA, PCNSA, CCSA is advantageous. Required Experience: Seasoned experience in SOC Analysis Operations. Seasoned experience in SIEM usage for investigations. Seasoned experience in Security technologies such as (but not limited to) Firewall, IPS, IDS, Proxy. Seasoned experience in dealing with technical support to clients. Seasoned experience in handling security incidents end to end. Seasoned experience in configuring/managing security controls, such as SIEM, Firewall, IDS/IPS, EDR, NDR, UTM, Proxy, SOAR, Honeypots and other security tools. Seasoned experience in Security Analysis or Engineering preferably gained within a global services organization. Workplace type : Hybrid Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

*Bachelors degree in computer science, Information Technology, Information Security, or related field (or equivalent experience) *Knowledge on Splunk, Firewall, and any Security tools along with CloudFlare WAF *Knowledge on Cloud Security * Experience working in a technical support or helpdesk role is preferred * Familiarity with enterprise security tools such as SIEM, IDS/IPS, EDR, web application firewall, identity and access management solutions, etc. * Basic understanding of networking concepts and protocols (TCP/IP, DNS, DHCP, etc.) * Proficiency in at least one scripting language (e.g., Python, PowerShell) is a plus * Certifications such as CompTIA Security+, CISSP, CCSP or GIAC are advantageous but not required * Ability to prioritize and manage multiple tasks simultaneously * Strong problem-solving skills and a methodical approach to troubleshooting * Adaptability and willingness to learn new technologies and processes * Commitment to providing exceptional customer service and support

Position Title: IT Security Analyst (L2/L3 Support) Position Location: Mumbai Andheri(E) . Hours of operation: Rotational shifts shift 7am -3pm/3pm -11pm/11pm to 7am. Description of the role : The Security Monitoring Analyst is responsible for manning the India SOC for our client based in the US. The key responsibilities include: Handling of all alerts - SIEM , IPS/IDS solutions, EDR the Resource is expected to monitor, investigate, respond and resolve these alerts. Resolving general support requests device control, URL whitelisting, lockouts etc. Completion of daily checklists as well as preparation and sending of daily reports. Monitor patching status and respond to patch failures by either redeploying the patch or escalating to the relevant teams. Run Vulnerability scans, review the reports and parse through these to remove false alarms Key requirements: The individual is expected to be a graduate (Engineering preferred). 2+ years of experience in IT security monitoring. Experience in working with Intrusion Detection/Prevention Systems is a must. Experience in Darktrace would be preferred. Experience of working with a SIEM tool is must. Experience in patch management and IBM BigFix would be an advantage. Experience with vulnerability scanners and their reporting management would be beneficial. Excellent verbal and written English is a must. The candidates will be communicating with users based in the US and must communicate effectively. Candidates with professional certifications such as CompTIA Security+ would be preferred.

Role: Security Engineer / Senior What youll do for us Execute routine operational security tasks, ensure ongoing compliance, and conduct security assessments across a variety of technologies and third-party vendors. Serve as the primary point of contact for Endpoint Security . Oversee and report on security tool performance (e.g., SIEM, EDR/XDR, IAM ). Lead security incident triage, investigation, and response efforts, leveraging EDR solutions for enhanced detection and remediation. Proactively search for and identify potential threats within the environment. Perform in-depth analysis of malware to understand behavior, impact, and mitigation strategies. Conduct forensic analysis and manage evidence collection. Support compliance initiatives , including privileged access reviews and change monitoring. Track and report on operational metrics related to security alerts and incidents. Perform security reviews across infrastructure, applications, and third-party services. Contribute to various programs and initiatives aimed at advancing the companys information security policies and standards. Champion security best practices and raise security awareness across the organization. What youll have 5+ years of experience in security analysis, security operations, or a forensics role. In-depth knowledge of SOC operations and Endpoint Security. Proven experience with network, systems, and application security. Familiarity with industry-standard security and control frameworks such as ISO 27001/2, NIST, and CIS. Strong interpersonal skills and the ability to communicate complex security and risk concepts to both technical and non-technical audiences. High level of personal integrity and discretion in handling confidential information. Self-motivated, dependable, and able to work independently with minimal supervision. A genuine passion for security and a strong commitment to seeing projects and investigations through to completion. Enjoyment of collaborative work in a team-oriented environment What we’ll do for you: Flat organization: With a very strong entrepreneurial culture (and no corporate politics). Great people and unlimited fun at work. Possibility to really make a difference in a scale-up environment. Support network: Work with a team you can learn from every day. Diversity: We pride ourselves on our international working environment. AI is firmly on every CEO's agenda, o9 @ Davos & Reflections: https://o9solutions.com/articles/why-ai-is-topping-the-ceo-agenda/ Work-Life Balance: https://youtu.be/IHSZeUPATBA?feature=shared Feel part of A team: https://youtu.be/QbjtgaCyhes?feature=shared How the process works... We will share a link to create your profile on workday & Respond with your interest to us. We’ll contact you either via video call or phone call - whatever you prefer, with the further schedule status. During the interview phase, you will meet with the technical panel for 60 minutes. We will contact you after the interview to let you know if we’d like to progress your application. There will be 2 rounds of technical discussion followed by a Managerial round. We will let you know if you’re the successful candidate. Good luck!

Role: Security Delivery Specialist Level: 9 Location: Bengaluru, Hyderabad, Chennai, Pune, Mumbai, Delhi Experience: 8+ Years Main Skill: Infrastructure Vulnerability management (Qualys / Nessus) / Cloud Security posture Management (CSPM) Position Summary We are seeking an experienced candidate to oversee the Accenture's infrastructure Tool Operations - vulnerability management as part of the IS Tools and Operations team and cloud security posture management (CSPM). This role involves managing the operational processes that identify, assess, and mitigate vulnerabilities across Accenture IT infrastructure and cloud environments. You will be responsible for ensuring that our Vulnerability and compliance posture is in line with industry best practices, regulatory requirements, and organizational policies. As a Specialist you will work closely with cross-functional teams, including other security teams, IT teams, DevOps, and engineering, to ensure that both cloud and on-prem infrastructure vulnerabilities are identified and addressed in a timely manner. Your role will be critical in enhancing the security and compliance posture of our cloud environments, including AWS, Azure, and Google Cloud. Key Responsibilities: Infrastructure Vulnerability Management: Oversee the identification, assessment, and remediation of vulnerabilities in cloud and on-prem infrastructure using industry-leading vulnerability scanning tools. Prepare and deliver compliance reports to management, detailing the organization's compliance status and areas for improvement Develop and maintain infrastructure vulnerability management processes and operations, ensuring continuous improvement and alignment with best practices. Oversee the Compliance reporting with various vulnerability management and other cyber security tools and provide the periodic updates to the senior management Support Business on remediation queries on Vulnerability and Compliance Work closely with DevOps, engineering, and other technical teams to respond and remediate the infrastructure and cloud vulnerabilities and reduce the risk to Accenture Support Business on remediation queries on Vulnerability and Compliance within specified timelines Perform periodic internal reviews of operating procedures and share outcome/ identify improvements Oversee and Hands-on for cloud and other On Prem IT infrastructure vulnerability remediation using industry leading vulnerability scanning tools. Perform advanced troubleshooting and analysis of scan results (Qualys, Nessus) including false positives/negatives, to ensure accurate reporting Utilize Qualys , Nessus , and other vulnerability scanning tools to conduct regular vulnerability assessments on servers, networks, endpoints, and applications Cloud Security Posture Management: Oversight the vulnerability management program for cloud environments using security posture management to continuously assess and enhance the security posture of cloud environments (AWS, Azure, Google Cloud) Leverage tools like CSPM (Cloud Security Posture Management) solutions to monitor and improve security posture across cloud platforms Collaborate with cloud architects and engineers to ensure that cloud infrastructure is secure, compliant, and follows security best practices Reporting & Metrics: Create and maintain dashboards to provide visibility into the vulnerability management program and cloud security posture. Track and report on progress, risks, and compliance reporting related to vulnerability management and cloud security posture. Periodic operational reporting to senior management. (weekly / Monthly / quarterly) Continuous improvements into the existing internal operational processes and reporting the same to senior management Review and update/create SOP's and identify improvement areas for existing processes Team Leadership & Development: Lead and mentor a team of security analysts, providing guidance on vulnerability management and cloud security best practices. Foster a culture of continuous learning and development within the team. Ensure that team members stay up to date with the latest vulnerability scanning tools, cloud security threats, trends, and technologies. Influence training plans to align with company goals Technical Skills: Strong knowledge on cyber security basics (OS level Security, protocols etc) Comprehensive understanding of security principles, techniques, and technologies Experience with Cyber security / cloud security frameworks and standards (e.g., CIS benchmark, ISO 27001, NIST) and cloud native security tools. Experience with Cloud Security Posture Management (CSPM) tools like Prisma cloud, checkpoint or similar. Knowledge of network security, firewalls, access controls, and encryption technologies. Deeper understanding of patching/ vulnerability remediation and tools such as Firemon, MFNA etc. Proficiency in vulnerability assessment and management methodologies and tools such as Qualys, tenable, EDR, Splunk etc. Experience in one or more information security technologies like Vulnerability Management, Server Configuration Compliance, Patch Management, Information Security Standards for OS and Applications Soft Skills: Excellent communication and presentation skills, with the ability to explain complex security concepts to both technical and non-technical stakeholders. Strong problem-solving skills, with a focus on driving solutions and improvements. Ability to lead and collaborate in a cross-functional environment. Strong organizational skills, with the ability to manage multiple projects and deadlines. Good to Have Skills: Knowledge/Certifications on Containers (AKS or EKS or GKE) Scripting knowledge (Python/Powershell/Bash) Knowledge on ITIL processes Knowledge on ISO 27K processes and controls Preferred Qualifications: Relevant cyber security and cloud security tools certifications or CISSP, CCSK, AWS Certified Security Specialty, CSPM Prisma cert or equivalent are highly desirable. Bachelor's degree in cyber security, Information Technology, or a related field. Experience with automation tools (e.g., Terraform, Ansible, etc.) to enforce security policies in cloud environments. Experience in risk management and compliance frameworks (e.g., SOC 2, ISO 27001, NIST). Qualifications Preferred Qualifications: Relevant cyber security and cloud security tools certifications or CISSP, CCSK, AWS Certified Security Specialty, CSPM Prisma cert or equivalent are highly desirable. Bachelors degree in cyber security, Information Technology, or a related field. Experience with automation tools (e.g., Terraform, Ansible, etc.) to enforce security policies in cloud environments. Experience in risk management and compliance frameworks (e.g., SOC 2, ISO 27001, NIST).

Job Responsibilities: Monitor, analyze, and interpret security/system logs for events, operational irregularities, and potential incidents, and escalate issues to the appropriate teams when necessary. Oversee the detection and analysis of security events through various input tools and systems (SIEM, IDS/IPS, Firewalls, EDR, etc.). Conduct Red Team exercises to test and evaluate the effectiveness of preventive and monitoring controls in a simulated real-world attack environment, providing actionable feedback to improve defense strategies. Provide expert-level support for complex system/network exploitation and defense techniques , including deterring, identifying, investigating, and responding to system and network intrusions. Support in-depth malware analysis , focusing on both host and network-based threats, conducting log analysis, and performing triage in support of incident response activities. Maintain and enhance security technologies deployed across the organization, including customizing and fine-tuning SIEM use cases, parsing rules, and security tool configurations based on evolving threat intelligence. Monitor and assess the threat and vulnerability landscape , staying informed on new security advisories, zero-day vulnerabilities, and emerging threats, taking appropriate action to mitigate risks. Continuously monitor and triage security alerts , managing the escalation queue to ensure swift and efficient incident resolution. Monitor and fine-tune SIEM systems , improving content, parsing, and overall system maintenance to ensure accurate event correlation and detection of complex threats. Oversee security-related events in Cloud infrastructure, including IaaS, PaaS, and SaaS environments, responding to and mitigating security incidents in cloud environments. Deliver scheduled and ad-hoc reports on security posture, incident response outcomes, and security metrics, highlighting key findings, trends, and areas of improvement. Provide mentorship and guidance to L1 and L2 analysts , helping them grow their skills and knowledge of advanced threat detection, incident response, and security technologies. Develop and update Standard Operating Procedures (SOPs) , incident response playbooks, and training documentation to ensure consistent, effective incident handling across all SOC tiers. Work through the full ticket lifecycle , from initial alert detection to final resolution, ensuring thorough documentation, follow-ups, and corrective actions as necessary. Generate end-of-shift reports , ensuring seamless knowledge transfer to subsequent shifts and maintaining continuity in incident management. Perform threat-intelligence research to stay up-to-date with emerging attack patterns, vulnerabilities, and threat actor tactics, techniques, and procedures (TTPs). Actively participate in security forums , contributing to the exchange of knowledge and best practices with the wider cybersecurity community. Job Specifications: Qualifications: Bachelors degree in Engineering, Computer Science, Cybersecurity, or closely related coursework in technology disciplines. Certifications such as CISSP, CEH, CISM, GCIH, GCIA, or other industry-recognized certifications are highly desirable. Extensive experience with the following tools and technologies: SIEM Tools : Splunk, IBM QRadar, SecureOnix, etc. Case Management Tools : Swimlane, Phantom, ServiceNow, etc. EDR Solutions : Crowdstrike, SentinelOne, VMware Carbon Black, McAfee, Microsoft Defender ATP, etc. Network Analysis Tools : Darktrace, FireEye, NetWitness, Panorama, etc. Cloud Security : AWS, Azure, Google Cloud Platform (GCP), and associated security monitoring tools. Experience: 4+ years of SOC experience in progressively responsible roles with expertise in security monitoring, incident response, and threat detection/mitigation. Hands-on experience in conducting threat-hunting activities and vulnerability assessments . Proven ability to handle complex security incidents and effectively collaborate with cross-functional teams to mitigate cyber risks. Desired Skills: In-depth knowledge of SOC L1 and L2 responsibilities , with the ability to take the lead in complex incident investigations and escalate issues as needed. Advanced understanding of TCP/IP protocols , event log analysis , and the ability to interpret logs from various devices and systems. Strong understanding of Windows , Linux , networking concepts , and the interaction between different operating systems and networks . Experience analyzing network traffic and utilizing tools like Wireshark , tcpdump , and other packet capture and analysis utilities. Advanced understanding of security solutions like SIEMs, web proxies, EDR, Firewalls, VPNs, multi-factor authentication (MFA), encryption, IPS/IDS, etc. Functional knowledge of Cloud environments , and the specific security risks associated with IaaS, PaaS, SaaS offerings. Ability to research IT security issues and products , staying up to date with new attack vectors, cybersecurity tools, and evolving threats. Solid experience working in a TAT-based security incident resolution environment , with knowledge of ITIL and incident response best practices. Experience with scripting (e.g., Python, PERL, PowerShell) for automation, tool customization, and analysis is highly preferred. Malware analysis and reverse engineering skills are an added advantage. Personal Attributes: Highly self-motivated and proactive, with the ability to independently manage multiple tasks while maintaining attention to detail. Strong communication skills , both written and verbal, with the ability to effectively document findings, present reports, and communicate complex technical details to non-technical stakeholders. Ability to effectively prioritize tasks in a high-pressure, time-sensitive environment, with a focus on rapid, efficient incident resolution. Strong problem-solving skills , and a natural inclination to investigate and understand the root cause of security incidents. Team player , with the ability to work collaboratively with peers, other IT teams, and external partners, ensuring cohesive incident management and response. Passion for cybersecurity , with a keen interest in staying at the forefront of emerging security trends and technologies.

Role & responsibilities Detailed Job Description ============= • 24/7/365 analysis and response for Security Events. • Provide security event monitoring, analysis, triage incident alerting, and reporting using Security console / Monitoring tool. • Fine-tune of false-positive alerts & update false positive knowledge database. • Creating monitoring trends, baselines. • Monitor Security Events from IDS/IPS, firewall, windows, Linux, etc. • Working on Phishing/spam emails. • Develop and maintain response playbooks with input from MSK Information Security office. • Conduct initial triage and pre-approved/determined remediation or escalation (as appropriate) for various incident. types including denial of service, hacking, malware, phishing, unauthorized access, etc. • Identify gaps in existing monitoring/alerting and work with MSK Information Security office to address the same. • Develop additional alerts/correlations as needed to better respond to emerging threats. • Implement automation as needed to help streamline response. • Track and report on metrics for incident response activities. • Manage, investigate and respond to alerts from SIEM environment. • Assist in integrating new log sources in the SIEM tool. • Assist in setting up additional SIEM alert rules and finetuning. • Inform on monitoring and reporting leading practices and develop use cases on how to use SIEM technologies. • Identify security events and work with IT security and business groups, per the incident management and escalation processes in ITSM tool. • Perform System Health & Performance of SIEM solution. • Monitoring of ServiceNow ticket queues and associated/MSK mailboxes. • Weekly reports for adherence to established SLAs • Configuration changes or minor upgrades through documented SOPs and mutually agreed under L1 scope of work • Representation in daily Ready for Business (RFB), Change Approval Board (CAB) and Major Incident meetings"

We are seeking a Security Operations Engineer with expertise in Endpoint Security (EDR) solutions such as CrowdStrike, Trend Micro , and similar platforms. The ideal candidate will be responsible for the administration, maintenance, and optimization of endpoint security tools across Windows, Linux, and Mac environments. This role is part of a Global Security Incident Response Team (GSIRT) , requiring strong analytical skills, troubleshooting capabilities, and excellent communication (written & verbal in English). Roles and Responsibilities Endpoint Security Administration: Deploy, configure, and manage Endpoint Detection & Response (EDR) solutions such as CrowdStrike and Trend Micro. Monitor security alerts, analyze threats, and respond to incidents efficiently. Ensure endpoint security tools are updated, patched, and optimized. Compliance & Best Practices: Ensure compliance with organizational security policies and SLA’s. Keep track of the KPI metrices and alignment with organizational goals. Provide recommendations for enhancing endpoint security posture. Collaboration & Communication: Work with global teams to improve security processes and response mechanisms. Document procedures, knowledge base, incident reports, and security best practices. Required Skills and Qualifications: A bachelor's degree in Computer Science, Engineering, Information Technology, or a related field is required. 4 to 8 years of experience in information security with a focus on endpoint security and incident response. Strong hands-on experience with EDR solutions (e.g., CrowdStrike, Trend Micro, Microsoft Defender ATP, SentinelOne, etc.). Proficiency in Windows, Linux, and Mac security administration. Scripting knowledge in PowerShell, Shell scripting, or Python (bonus). Experience in security monitoring, threat hunting, and incident handling. Strong analytical, troubleshooting, and problem-solving skills. Excellent communication skills – written & verbal English Preferred Qualifications: Experience with cloud platforms (e.g., AWS, Azure, GCP) in a security context. Experience with Splunk, cloud platforms, or relevant security technologies.

About KPMG in India KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries. Role & responsibilities: The candidate should be hands-on in managing Security Operations, SOC, Identify access management, Risk Management Should have worked on Blueprinting and Designing of SOC frameworks and implementation of SOC/SIEM solution and Enterprise Architecture Should be hands-on on security processes with good client and Market facing experience in India geography Should have worked on Designing, solutioning and Implementation of Cyber Security Frameworks - Security Operations Strategy, Vulnerability Management - Application & Infrastructure and Threat Intelligence and Analytics Preferred candidate profile : Should have worked on the below - M&A experience - Actively monitoring, analyzing & escalating SIEM alerts based on correlation rules, Active threat hunting on network flow, user behavior and threat intelligence Candidate should have expert level domain knowledge (Cyber Security), Threat Hunting, SIEM - Azure Sentinel, SIEM - (RSA / Splunk / LogRhythm), Ability to Comprehend Logs (HTTP, SMTP, Network), Operating systems and servers, Organizes Technical Sessions / Talks. Candidate should able to familiar with python Scripting & Windows Active Directory (Optional). Vulnerability Management Services - External & internal Vulnerability scanning, VMS tool Qualys & Kenna Administration, Application server & Vulnerability scanning Candidate should have expert level domain knowledge (Cyber Security), Vulnerability scans and recognizing vulnerabilities in security systems, Network analysis tools to identify vulnerabilities, Develop insights about the context of an organizations threat environment, Risk management processes, Network attack and a network attacks relationship to both threats and vulnerabilities. Candidate should have advance level understanding of Impact/risk assessments. Security Operations and Management experience - SOC Experience in Identity access, privilege access, vulnerability management Client facing - front end with the client- focused on engagements + Sales, BD + Capability Development Qualification: B.Tech / M.Tech/ MCA professional with 6-15 years of experience in the relevant role Should have strong hands on MS Power Point and MS Project Hands on experience and certification in any one SIEM (IBM QRadar, ArcSight, Azure Sentinel, Splunk) Security Certifications like CISSP, CISM, GIAC, Security+ etc Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.Role & responsibilities

About KPMG in India KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience Role & responsibilities: The candidate should be hands-on in managing Security Operations, SOC, Identify access management, Risk Management Should have worked on Blueprinting and Designing of SOC frameworks and implementation of SOC/SIEM solution and Enterprise Architecture Should be hands-on on security processes with good client and Market facing experience in India geography Should have worked on Designing, solutioning and Implementation of Cyber Security Frameworks - Security Operations Strategy, Vulnerability Management - Application & Infrastructure and Threat Intelligence and Analytics Preferred candidate profile : Should have worked on the below - M&A experience - Actively monitoring, analyzing & escalating SIEM alerts based on correlation rules, Active threat hunting on network flow, user behavior and threat intelligence Candidate should have expert level domain knowledge (Cyber Security), Threat Hunting, SIEM - Azure Sentinel, SIEM - (RSA / Splunk / LogRhythm), Ability to Comprehend Logs (HTTP, SMTP, Network), Operating systems and servers, Organizes Technical Sessions / Talks. Candidate should able to familiar with python Scripting & Windows Active Directory (Optional). Vulnerability Management Services - External & internal Vulnerability scanning, VMS tool Qualys & Kenna Administration, Application server & Vulnerability scanning Candidate should have expert level domain knowledge (Cyber Security), Vulnerability scans and recognizing vulnerabilities in security systems, Network analysis tools to identify vulnerabilities, Develop insights about the context of an organizations threat environment, Risk management processes, Network attack and a network attacks relationship to both threats and vulnerabilities. Candidate should have advance level understanding of Impact/risk assessments. Security Operations and Management experience - SOC Experience in Identity access, privilege access, vulnerability management Client facing - front end with the client- focused on engagements + Sales, BD + Capability Development Qualification: B.Tech / M.Tech/ MCA professional with 6-15 years of experience in the relevant role Should have strong hands on MS Power Point and MS Project Hands on experience and certification in any one SIEM (IBM QRadar, ArcSight, Azure Sentinel, Splunk) Security Certifications like CISSP, CISM, GIAC, Security+ etc Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.

Develop and sustain incident response strategy covering the complete organization from policy, procedure, and playbooks perspective. Be a point of contact in case of an incident and managing incident from detection to closure, post -incident analysis and further communication to all relevant stakeholders to prevent any further damage. Planning and executing threat hunting will be the primary focus of this role along with in-depth investigation and support to incidents escalated from SOC. Leading the technical and incident responders into cybersecurity and taking responsibility for the timely identification of threats and minimising the same. Ensuring the completion of post-incident reviews, assessing the effectiveness of controls, detection and response capability, and supporting the required improvement in people, process and technology. Experience in conducting cyber incident drills. Collaborated with internal and external stakeholders (as applicable) for incident response and investigation Deep understanding of the technologies such as Next gen AV, EDR, Vulnerability Management, HIPS, NIDS, Web proxy, DNS, DHCP, AD, Databases, Full packet capture, host based & amp; network-based forensics and encryption. Technical know-how on the organizations network, application, Data, systems and infrastructure. Be the Subject Matter Expert (SME) on incident response processes, tools and approaches to the wider team and other stakeholders. Must be able to conduct a detailed analysis of various security related events like Phishing, Malware, DoS/ DDoS, Application specific attacks, Ransomware etc. Creation of reports, dashboards, metrics related to the security incidents and presentation to Senior Management. Experience working in large scale complex environment Think about cyberattacks and propose remedial steps based on the attack pattern. Broad level of knowledge of security technologies. Excellent knowledge of methodologies, processes and tools associated with supporting this function effectively.

Hiring, Head of Information Security Job Purpose The Head of Information Security is tasked with creating and sustaining the enterprise vision, strategy, and program to safeguard the integrity, availability, and confidentiality of the organization's information assets. This involves implementing and maintaining comprehensive security measures and practices. This leadership position includes overseeing the development and execution of a strong cybersecurity framework, leading a team of security professionals, and working collaboratively with other departments to mitigate risks. Roles and responsibilities Strategy & Governance Development and implement a comprehensive information security strategy aligned with the organization goals and leading industry practices. Establish and maintain information security policies, standards and procedures to ensure compliance with relevant regulations and frameworks. Manage budget for IT security related activities and initiatives, ensure ROI on the same. Establish IT security governance frameworks, policies and procedures to ensure integrity and availability of information assets. Security Architecture Design Oversee design and implementation of a robust and resilient security architecture including network security, infrastructure and information security, and application security. Evaluate and select appropriate security technologies, tools and vendors to protect the organizations information assets. Review and assess the security controls and configurations of existing systems and applications and provide recommendations for improvement. Collaborate with enterprise architects/ technology partners to ensure security is integrated into the design and development of new systems and applications. Security Operations & Incident response Oversee the day-to-day operations of the organizations security infrastructure and develop incident response plans to address and mitigate security incidents effectively. Drive regular security, risk & vulnerability assessments to identify vulnerabilities and weaknesses in the organizations systems and infrastructure. Manage and resolve security incidents and lead incident response efforts, including investigations, containment, eradication and recovery in case of cyber attack Security incident & Threat Intelligence Stay updated on the latest security threats, vulnerabilities, and industry trends through continuous benchmarking and research. Proactively identify emerging threats and vulnerabilities and develop strategies to mitigate their impact. Collaborate with internal and external stakeholders to conduct penetration testing, vulnerability assessment and security audits. Develop standard operating procedures for incident response during ransomware attacks Vendor & Third-Party Risk Management Assess and manage security risks associated with third-party vendors and service providers. Provide input during vendor evaluation and selection based on their security capabilities and compliances with security standards. Compliance & Regulatory Requirements Ensure organization’s compliance with relevant laws, regulations and industry standards pertaining to information security. Monitor and interpret changes in security regulations and standards and assess their impact on the IT landscape. Lead and coordinate audits, assessments and certification processes related to information security. Collaboration Work closely with IT, legal, compliance, and business units to integrate security practices into daily operations. Act as the primary point of contact for security-related matters with external partners, vendors, and regulatory bodies Security awareness and Training Collaborate with learning & development team to implement security awareness and training programs about information security risks, leading practices and policies. Conduct regular security awareness campaigns, monitor and evaluate the effectiveness of security awareness efforts. Conduct Cyber War game drills with business users to enhance preparedness for handling ransomware attacks. People Management Provide direction and guidance to the team and foster a collaborative and high-performance environment. Qualification and Experience : A post-graduate or bachelor's degree in engineering with 18-22 years of work experience, including 7-10 years in leading a cybersecurity organization, is required. The role demands extensive experience in identifying and mitigating information & cyber security risks and a comprehensive understanding of regulatory requirements. Professional security certifications like CISA, CISSP, CISM, ISO 27001:2013 LA, etc., are highly desirable. Familiarity with security technologies is crucial, including firewalls, network access control, IDAM & ITDR, EDR, secure web gateways, email security gateways, data leak prevention (DLP), MFA, WAF, DDoS, PAM, SIEM & SOAR, and micro-segmentation. Other Skills: Excellent Communication, Presentation & inter-personal Skills Should possess knowledge of various Security Solutions (Endpoint Protection, Advanced Threat Protection, Data Leak Prevention), Network Security, Databases, OS, etc. Knowledge of the industry's standards and regulations in the Healthcare or Pharma industry is preferred.

Job Title : Solution Architect- Security Experience Required : 5+ Years (with 3+ years in a Solution Architect role) Certifications Required :OEM Certifications from Security vendors like PaloAlto, Splunk, Cisco, Trelix, Forcepoint,crowdstrike, Microsoft etc.. Mandate Skills: EDR (Endpoint Detection and Response): Cisco, Paloalto Cortex, CrowdStrike, SentinelOne, etc. DLP (Data Loss Prevention): Trelix, Forcepoint, Symantec, etc. Cloud Security: PaloAlto PrismaCloud, TrendMicro, etc. SIEM (Security Information and Event Management): Splunk Email & Web Security: Cisco, Proofpoint, Zscaler, etc. SASE (Secure Access Service Edge): PaloAlto, Cisco, Zscaler, etc. Should work on RFPs, Define SOWs Job Summary: We are looking for a highly skilled and motivated Security Solution Architect to join our growing team. This role offers the opportunity to design, implement, and oversee cybersecurity solutions for enterprise-level IT infrastructures. The ideal candidate will possess an extensive background in cybersecurity, a proven ability to work closely with clients, and a passion for leveraging security technologies to meet business objectives. If you're a technical leader with a solution-focused mindset, we want to hear from you. Key Responsibilities: Design & Implement Security Solutions : Architect and develop comprehensive cybersecurity solutions tailored to client needs, following best practices and industry standards. Security Assessments : Conduct thorough security assessments, identify vulnerabilities, and recommend effective remediation strategies. Create Security Architecture Artifacts : Develop and maintain security architecture models, templates, and documentation that support best practices for secure IT systems. Collaboration Across Teams : Collaborate with internal teams and clients to ensure seamless integration of security technologies within existing infrastructures. Continuous Learning & Adaptation : Stay informed on the latest cybersecurity threats, industry trends, and new technologies to ensure our solutions remain cutting-edge. Pre-sales Support : Provide deep technical expertise in pre-sales activities, including solution design and security architecture for proposals. Risk Management : Lead risk assessments, identifying and implementing strategies for mitigating security risks. Ensure Compliance : Ensure solutions meet regulatory requirements and follow frameworks such as ISO 27001, NIST, etc. Mentorship & Leadership : Act as a guide and mentor to junior team members, helping them grow in their technical and security expertise. Soft Skills : Excellent communication, problem-solving, and strategic thinking skills. Collaborative Mindset : Ability to work independently and collaborate effectively within cross-functional teams

Job Responsibilities: 1. Perform deep analysis to security incidents to identify the full kill chain 2. Perform remediation steps according to the findings or initiate steps for remediation 3. Prepare RCA for major incidents 4. Handle L2 and above level technical escalations from L1 Operations team and resolve within SLA. 5. Identify the security gaps and need to recommend new rules/solution to L3/Customer 6. Need to suggest finetuning for existing alert rules based on the high count/wherever required 7. Create and manage the Incident handling playbook, process runbooks and ad-hoc documents whenever needed 8. Recommend finetuning for alerts with logic and threshold, and possibly the query as well for the SIEM 9. Recommend new usecases with logic and threshold, and possibly the query as well for the SIEM 10. Respond to clients requests, concerns, and suggestions 11. Proactively support L1 team during an incident. 12. Performs and reviews tasks as identified in a daily task list. 13. Ready to work in 24x7 rotational shift model including night shift 14. Incident detection, triage, analysis and response. 15. Coordinating with customers for their security related problems and providing solutions. 16. Share knowledge to other analysts in their role and responsibilities 17. Provide knowledge transfer to L1 such as advance hunting techniques, guides, cheat sheets. Knowledge Experience: Minimum 5+ Years of experience in Security Operations Security event monitoring, alert triage, and thorough incident investigation. Research and understand log sources for effective security monitoring. Isolate issues, respond to incidents, and mitigate threats swiftly. Adjust SIEM rules for better alert and incident specifications. Optimize SIEM capabilities, aid in audit/logging, and generate timely reports. Conduct vulnerability scans, prioritize, and plan remediation. Proactively search for suspicious activities through Threat Hunts. Offer valuable Threat Intelligence to verify security concerns. Identify endpoint threats using EDR/AV analysis and Cybereason scans. Develop and maintain security operation standards, procedures, and playbooks.

About The Role :: Job Title:Cyber Threat Intelligence Analyst Corporate Title:Associate Location:Pune, India Role Description As a Threat Intelligence Analyst in the Threat Intelligence and Assessment function, you will play a critical role in safeguarding the organization from cyber threats. In this role, you will be responsible for identifying, assessing, and mitigating threats, you will provide mitigation recommendations in response to evolving threats. You will be required to analyse complex technical issues and develop bank specific solutions while collaborating with diverse teams and stakeholders. This role will also consist of delivering against projects and strategic initiatives to continuously enhance the banks capabilities in responding to threats. What we'll offer you As part of our flexible scheme, here are just some of the benefits that youll enjoy, Best in class leave policy. Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities Pro-actively identify threats and track threat actors, TTPs, and ongoing campaigns to produce timely actionable intelligence. Produce threat assessments to support threat mitigation activities. Analyse multiple data/intelligence sources and sets to identify patterns of activity that could be attributed to threats and develop informed recommendations. Conduct analysis on files/binaries, packet captures, and supporting materials to extract relevant artifacts, observables, and IOCs. Proactively drive improvements of internal processes, procedures, and workflows. Participate in the testing and integration of new security monitoring tools. Meet strict deadlines to deliver high quality reports on threats, findings, and broader technical analysis. Take ownership for personal career development and management, seeking opportunities to develop personal capability and improve performance contribution. Develop and maintain relationships with internal stakeholders, external intelligence sharing communities. Your skills and experience 3+ years of experience in cybersecurity, with a focus on threat intelligence, analysis, and mitigation Strong operational background in intelligence related operations with experience in Open-Source Intelligence (OSINT) techniques Operational understanding of computing/networking (OSI Model or TCP/IP). Knowledge on the functions of security technologies such as IPS/IDS, Firewalls, EDR, etc A good or developing understanding of virtual environments and cloud (e.g., VSphere, Hypervisor, AWS, Azure, GCP) Demonstrated knowledge and keen interest in tracking prominent cyber threat actor groups, campaigns and TTPs in line with industry standards Knowledge of or demonstratable experience in working with intelligence lifecycle, intelligence requirements and Mitre ATT&CK Framework Non-Technical Experience Investigative and analytical problem solving skills Excellent verbal and written communication; to both technical and non-technical audiences. Self-motivated with ability to work with minimal supervision. Education and Certifications Preferred - Degree in computer science, networking, engineering, or other field associated with cyber, intelligence or analysis. Desired Experience or Certifications CISSP, CISM, GIAC, GCTI, GCIH, GCFE, GCFA, GREM, GNFA, Security+, CEH How we'll support you Training and development to help you excel in your career. Coaching and support from experts in your team. A culture of continuous learning to aid progression. A range of flexible benefits that you can tailor to suit your needs. About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

RAS DRC - IT Security Engineer- Bangalore /Gurgaon Job summer: The Security Engineer is responsible for ensuring the BDOs network and information systems are protected from external and internal threats. In this role, the Security Engineer is charged with engineering solutions and systems and building policies and procedures. Job Duties : Recommends and implements changes to enhance network and open systems security for BDO Protects network resources against unauthorized access, modification, or destruction Performs day-to-day monitoring and management of security devices and applications Collaborates with IT partners to create and execute the Firms technical security strategy Partners with Infrastructure Services professionals to evaluate and recommend security patches for operating systems, network devices, and applications Coordinates with other departments inside BDO (such as Legal and Human Resources) to create and enforce policies and procedures related to information security Performs intrusion testing on corporate network, both external and internal, report findings back to upper management Provides assistance with establishing standards for hardware and software where there are implications to security (i.e., wireless access control) Reports security assessment metrics to upper management on a regular basis Collaborate with internal departments at BDO to communicate BDOs security program to customers and prospects. Adheres to BDO and department policies and procedures Other duties as required Technical Set and Education Details : Education: High school diploma/GED, required Bachelors degree, preferred Experience: Five (5) years of experience providing IT systems security support, required License/Certifications: CISSP certification, preferred Software: Demonstrated knowledge with one (1) or more of the following, preferred: Firewall technologies such as Cisco ASA, Cisco FTD, Palo Alto VPN administration Intrusion Prevention Systems / WAF Web proxy / Web Filtering solutions Endpoint protection products (application control, EDR, NGAV) Scripting experience (Powershell, Python) SOAR and automation technologies Vulnerability and patch management SIEM administration and log management Understanding of incident response concepts Understanding of attack frameworks and methodology Microsoft Azure and Cloud Security Posture Management Windows and Linux operating systems General understanding of network protocols Ticketing systems such as ServiceNow Other Knowledge, Skills & Abilities: Strong verbal and written communication skills Self-motivated to improve skills and functionality of assigned security systems Excellent interpersonal and customer relationship skills Capacity to work in a deadline-driven environment while handling multiple complex projects/tasks simultaneously with a focus on details

*Bachelors degree in computer science, Information Technology, Information Security, or related field (or equivalent experience) *Knowledge on Splunk, Firewall, and any Security tools along with CloudFlare WAF *Knowledge on Cloud Security * Experience working in a technical support or helpdesk role is preferred * Familiarity with enterprise security tools such as SIEM, IDS/IPS, EDR, web application firewall, identity and access management solutions, etc. * Basic understanding of networking concepts and protocols (TCP/IP, DNS, DHCP, etc.) * Proficiency in at least one scripting language (e.g., Python, PowerShell) is a plus * Certifications such as CompTIA Security+, CISSP, CCSP or GIAC are advantageous but not required * Ability to prioritize and manage multiple tasks simultaneously * Strong problem-solving skills and a methodical approach to troubleshooting * Adaptability and willingness to learn new technologies and processes * Commitment to providing exceptional customer service and support

Work Locations: Hyderabad & Bangalore only (local candidates are required as the final round will be in-person) Minimum 4yrs of experience of SOC L2 is required for this position. JD: Work you'll do As a Fusion Level 2 Consultant you will support the Security Operations Center (SOC) as the first line of defense to identify potential information security incidents. Monitor client sources of potential security incidents, health alerts with monitored solutions and requests for information. This includes the monitoring of real-time channels or dashboards, periodic reports, email inboxes, helpdesk or other ticketing system, telephone calls, chat sessions. Follow client and incident-specific procedures to perform triage of potential security incidents to validate and determine needed mitigation. Escalate potential security incidents to client personnel, implements countermeasures in response to others, and recommend operational improvements. Keep accurate incident notes in case management system. Maintain awareness of the clients technology architecture, known weaknesses, the architecture of the security solutions used for monitoring, imminent and pervasive threats as identified by client threat intelligence, and recent security incidents. Provide advanced analysis of the results of the monitoring solutions, asses escalated outputs and alerts from Level 1 Analysts. Perform web hunting for new patterns/activities. Advise on content development and testing. Provide advice and guidance on the response action plans for information risk events and incidents based on incident type and severity. Ensure that all identified events are promptly validated and thoroughly investigated. Provide end-to-end event analysis, incident detection, and manage escalations using documented procedures. Devise and document new procedures and runbooks/playbooks as directed. Assist the Shift Leads and fulfill Shift Lead responsibilities in their absence. Maintain monthly Service Level Agreements (SLAs). Maintain compliance with processes, runbooks, templates and procedures-based experience and best practices. Assist Cyber Hunting team with advanced investigations as needed. Provide malware analysis (executables, scripts, documents) to determine indicators of compromise, and create signatures for future detection of similar samples. Continuously improve the service by identifying and correcting issues or gaps in knowledge (analysis procedures, plays, client network models), false positive tuning, identifying and recommending new or updated tools, content, countermeasures, scripts, plug-ins, etc. Perform peer reviews and consultations with Level 1 analysts regarding potential security incidents. Serve as a subject matter expert in at least one security-related area (e.g. specific malware solution, python programming, etc.) Actively seek self-improvement through continuous learning and pursuing advancement to a SOC Shift Lead. Provide shift status and metric reporting. Support weekly Operations calls. Adhere to internal operational security and other policies. Perform light project work as assigned. Required skills 4-6 years working in a SOC and/or strong security technology operations experience. Certified Information Systems Security Professional (CISSP), Certification in Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Ethical Hacker (CEH) or equivalent. Able to work shifts on a rotating basis for 24/7 support of clients. Experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc. Knowledge of Advanced Persistent Threats (APT) tactics , technics and procedures. Understanding of possible attack activities such as network probing / scanning, DDOS, malicious code activity , etc. Understanding of common network infrastructure devices such as routers and switches. Understanding of basic networking protocols such as TCP/IP, DNS, HTTP. Basic knowledge in system security architecture and security solutions. Preferred skills Excellent interpersonal and organizational skills. Excellent oral and written communication skills. Strong analytical and problem-solving skills. Self-motivated to improve knowledge and skills. A strong desire to understand the what as well as the why and the how of security incidents. Qualification Bachelors degree is required. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology.