3 Endpoint Forensics Jobs

Job Title: Specialist I, Cyber Defense Operation Centre (TCF) Job Description We are looking for an experienced and proactive SOC Analyst - Level 2 (L2) to join our Managed Security Services Provider (MSSP) team. In this role, you will handle advanced security investigations, lead incident response for escalated cases, fine-tune detection capabilities, and mentor L1 analysts. You will be expected to have strong technical expertise across security platforms, incident handling processes, and threat analysis to ensure timely and accurate response to security incidents in a 24x7 environment. Key Responsibilities Investigate and respond to escalated security incidents from L1 analysts, ensuring timely containment, eradication, and recovery. Perform in-depth log and packet analysis to identify root causes and attack vectors. Correlate alerts across multiple data sources (SIEM, EDR, IDS/IPS, cloud, threat intel) for context-rich investigations. Conduct malware analysis (static/dynamic) and assess potential impact on client systems. Create and refine incident response playbooks, use cases, and correlation rules. Collaborate with threat intelligence teams to enrich investigations and proactively identify emerging threats. Lead the onboarding and configuration validation for new clients and POCs. Support tuning of SIEM and EDR rules to reduce false positives and improve detection accuracy. Mentor and provide technical guidance to L1 analysts, ensuring knowledge transfer and skill growth. Document detailed investigation reports for incidents, ensuring compliance with client and regulatory requirements. Tools & Technologies SIEM: Palo Alto XSIAM/XDR, Splunk, Microsoft Sentinel, QRadar, LogRhythm EDR: CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint, Palo Alto Cortex XDR Network Security: IDS/IPS (Snort, Suricata), Next-Gen Firewalls (Palo Alto, Fortinet, Cisco) Threat Intelligence: VirusTotal, Anomali ThreatStream, Recorded Future, MISP Forensics: FTK, EnCase, Volatility, Autopsy (awareness) Case Management: ServiceNow, JIRA, TheHive Cloud Security: AWS Security Hub, Azure Security Center, GCP Security Command Center Vulnerability Management: Qualys, Tenable Nessus, Rapid7 InsightVM Required Skills & Qualifications Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience). Experience: 2-4 years in a SOC, incident response, or security operations role. Strong understanding of cyber attack techniques, MITRE ATT&CK framework, and incident handling methodologies. Proficiency in log analysis, endpoint forensics, and network traffic analysis. Experience with SIEM and EDR tool configuration, alert tuning, and custom rule creation. Working knowledge of scripting languages (Python, PowerShell, Bash) for automation and analysis is a plus. Preferred Certifications: GCIA, GCIH, CEH, CompTIA CySA+, Microsoft SC-200, or equivalent. Key Attributes for Success Strong problem-solving skills and ability to work on complex incidents under pressure. Excellent written and verbal communication for clear incident reporting and stakeholder updates. Collaborative mindset with the ability to mentor junior analysts and contribute to team development. Proactive in learning and adapting to evolving threats, tools, and best practices. Location: IND Gurgaon - Bld 14 IT SEZ Unit 1, 17th C & D and Gd Flr D Language Requirements: Time Type: Full time If you are a California resident, by submitting your information, you acknowledge that you have read and have access to the

You are a highly skilled and experienced Cybersecurity Engineer with expertise in SentinelOne Endpoint Detection and Response (EDR) solutions. Your role will involve deploying, administering, optimizing, and troubleshooting SentinelOne environments in complex enterprise infrastructures. Your responsibilities include leading the installation, configuration, and policy deployment of SentinelOne across diverse enterprise systems. You will manage and maintain the SentinelOne management console and endpoint agents to ensure optimal performance and operational health. In case of complex endpoint issues, you will conduct deep-dive troubleshooting and forensic analysis to identify and resolve threats or system faults. As a Cybersecurity Engineer, you will proactively identify, investigate, and respond to suspicious activities and security incidents using SentinelOne's EDR capabilities and forensic tools. You will integrate SentinelOne with SIEM/SOAR platforms to enhance alert correlation, automate responses, and improve overall threat visibility. Collaboration is key in this role, as you will work closely with internal security teams and clients to fine-tune configurations, optimize detection rules, and adapt SentinelOne policies to evolving threat landscapes. Additionally, you will be responsible for developing and maintaining detailed documentation for deployment architectures, configuration standards, incident response procedures, and best practices. To qualify for this position, you should have a minimum of 5 years of cybersecurity experience, with a focus on endpoint security and EDR platforms. You must demonstrate expertise in administering and implementing SentinelOne in large-scale enterprise environments, along with a deep understanding of cyber threat landscapes, malware analysis, and modern attack vectors. Strong knowledge of L3 troubleshooting, threat containment strategies, incident response workflows, SIEM/SOAR integration, and endpoint forensics is essential. Relevant industry certifications such as SentinelOne Certified Admin/Engineer, GIAC (GCFA, GCIA, GCIH), CompTIA Security+ / CySA+, CEH / CISSP are preferred but not mandatory.,

As an Endpoint Security Engineer at our organization based in Hyderabad, you will play a crucial role in implementing, managing, and maintaining security solutions for all endpoint devices. Your responsibilities will include designing and implementing endpoint security strategies to safeguard against various threats, managing and configuring endpoint security tools, monitoring security alerts, conducting vulnerability assessments, performing endpoint security audits, and developing and enforcing security policies. You will collaborate with other security teams to ensure a comprehensive approach to securing endpoints and provide guidance and training to employees on best practices for endpoint security. Additionally, you will generate reports on endpoint security posture, incident metrics, patch compliance, and threat landscape. We are looking for a candidate with a strong background in endpoint security, cybersecurity, or related fields, experience with EDR solutions, proficiency in managing endpoint protection platforms, hands-on experience with vulnerability management and patching systems, and knowledge of mobile device management and data loss prevention technologies. Familiarity with endpoint forensics, malware analysis, SIEM tools, operating systems, networking protocols, and network security technologies is also required. The ideal candidate should possess excellent communication and interpersonal skills, attention to detail, ability to work independently, and analyze and respond to security incidents effectively. This is a full-time position with occasional on-call support required for incident management and collaboration with OEM Teams and Distributors. If you have experience in Endpoint Implementation, Configuration, Troubleshooting, DLP, and implementation, we encourage you to apply. The application deadline for this position is 19/07/2025.,