4 Gcia Jobs

Here's a reframed job description for a SOC L2/L3 Professional, tailored to your specifications: SOC L2/L3 Professional Location: Bengaluru Experience: 4-6 Years We are looking for a skilled and dedicated SOC L2/L3 Professional with 4-6 years of hands-on experience in a Security Operations Center (SOC) or security technology operations. Based in Bengaluru , you will play a critical role in our 24/7 security defense, contributing to the detection, analysis, and response to sophisticated cyber threats. You will be responsible for advanced incident analysis, threat hunting, and leveraging a wide array of security technologies to safeguard our clients environments. This role requires flexibility to work rotating shifts to ensure continuous support. Key Responsibilities: Perform advanced security incident analysis and response, escalating critical issues to relevant teams and management. Utilize Security Information and Event Management (SIEM) tools to monitor security alerts, investigate anomalies, and identify potential threats. Conduct in-depth analysis of security events from various sources including IDS/IPS, EDR, DLP, WAF, Proxies, and firewalls. Contribute to threat hunting initiatives using threat intelligence to proactively identify hidden threats and vulnerabilities. Operate and optimize security technologies such as Endpoint Detection and Response (EDR), Anti-Virus solutions, Sandboxing, and network/host-based firewalls. Understand and analyze Advanced Persistent Threat (APT) tactics, techniques, and procedures (TTPs) to enhance detection capabilities. Recognize and interpret various attack activities, including network probing/scanning, DDoS attacks, and malicious code activity. Collaborate with internal and external teams during incident response, providing technical expertise and guidance. Document incident details , remediation steps, and contribute to the continuous improvement of SOC processes and playbooks. Maintain up-to-date knowledge of the latest cybersecurity threats, vulnerabilities, and industry best practices. Required Qualifications: 4-6 years of demonstrable experience working in a Security Operations Center (SOC) or in a strong security technology operations role. Bachelor's degree in Computer Science, Information Security, or a related field is preferred. Willingness and ability to work shifts on a rotating basis to provide 24/7 support for clients. Mandatory Skills & Certifications: Certifications (one or more highly preferred): Certified Information Systems Security Professional (CISSP) GIAC Certified Intrusion Analyst (GCIA) GIAC Continuous Monitoring (GMON) Certified Ethical Hacker (CEH) Or equivalent industry-recognized security certifications. Security Technologies Expertise: Security Information and Event Management (SIEM) platforms. Intrusion Detection/Prevention Systems (IDS/IPS). Data Loss Prevention (DLP) solutions. Proxy and Web Application Firewalls (WAF). Endpoint Detection and Response (EDR) tools. Anti-Virus and Sandboxing technologies. Network- and host-based firewalls. Threat Intelligence platforms and their application. Exposure to Penetration Testing concepts and methodologies. Threat Intelligence Knowledge: Understanding of Advanced Persistent Threats (APT) tactics, techniques, and procedures (TTPs). Attack Recognition: Strong understanding of common attack activities such as network probing/scanning, DDoS attacks, and malicious code activity. Networking Fundamentals: Solid understanding of common network infrastructure devices (routers, switches) and basic networking protocols (TCP/IP, DNS, HTTP). Security Architecture: Basic knowledge in system security architecture and security solutions.

Position and Key Responsibilities At RSM, analysts work with large and small companies in variety of industries. They develop strong working relationships with their peers within the security operations center (SOC) while learning their clients businesses and challenges facing their organizations. Analysts work as part of a broader team under the direction of more senior analysts, threat hunters, shift leads, intelligence analysts and SOC managers in support of multiple clients. Working in a mutually respectful team environment helps our analysts perform at their best and integrate their career with their personal life. You will have the opportunity to: Role Responsibilities: Investigate security incidents using SIEM tools, automation, and other cybersecurity technologies (i.e. ServiceNow, Stellar Cyber, Hyas Insight and DNS Protect, sentinel One, ELK Stack, Virus total, Shodan, NetFlow, Passive DNS, Silobreaker, Tenable.io, Hatching Triage Sandbox) Analyze, escalate, and assist in remediation of critical security incidents. Improve and challenge existing processes and procedures in a very agile and fast-paced information security environment serving multiple clients Process IDS alerts and identifying incidents and events in customer data. Setup and execution and analysis of vulnerability scans Perform advanced analysis and investigation into alerts as they are identified Performing initial basic malware analysis utilizing automated means (static and dynamic sandbox analysis or other available tools) Incident intake, ticket updates and reporting of cyber events and threat intelligence Understanding, identifying, and researching indicators of compromise (IOCs) from a variety of sources such as threat intelligence reports and feeds Writing incident reports, process documentation, and interact with clients as required Transcribe and implement atomic indicators into a monitoring environment. Consume policy documentation and determine applicability in a network. Work with protocols at layers 2 and higher in the OSI model, to include ARP TCP, UDP, ICMP, DNS, Telnet, SSH, HTTP, SSL, SNMP, SMTP, and other common protocols that use well-known ports. Develops the playbooks to respond and recovery from various attacks/incidents. Drives the automation efforts focused on the closing cases, responding to Cyber events and analyzing data required to enable efficient response activities. Processing of Cyber Threat Intel that is used across RSM detection platforms to understand and prepare for potential threats. Threat intel is heavily used across RSM platforms drive issue prioritization. Open to working shifts in a 24x7 operations environment. Qualifications and Experience: Minimum B.A. or B.S. degree or equivalent from an accredited university by the time employment commences or prior relevant military / law enforcement experience. Computer science, information technology, information systems management, or other similar degrees preferably with a focus on information security 3-5 years experience working in a security operations center, networking operations center or threat intelligence capacity. Possess at least one security industry certification such as CYSA+, Security+, CISSP, SANS GIAC (GSOC, GCIA, GMON, CGCDA) Knowledge of security standards and information security and compliance frameworks, controls, and best practices, including SSAE 16, SOC 2 and SOC3, OWASP Top 10, SANS, NIST Must have a naturally curious mindset and approach to solving problems. Basic understanding of cloud technologies and their operations Experience supporting various operating systems such as Windows/Linux Understanding of IP network protocols

Senior Security Operations Analyst We are seeking an experienced professional to join our Pune, India office as a Senior Security Operations Analyst with a strong background in Security Information and Event Management (SIEM) platforms, specifically in Microsoft Sentinel and Wiz. The ideal candidate will be responsible for leading advanced threat detection, response, and monitoring activities. This role will be critical in enhancing our cybersecurity posture and ensuring the ZS environment remains secure against emerging threats. What youll do: Manage the day-to-day operations of Microsoft Sentinel, including rule creation, log ingestion, data analytics, and alert triaging Develop and tune detection rules, use cases, and analytics within Sentinel to improve threat visibility and detection capabilities Leverage Wiz Defend to detect and respond to runtime threats across cloud workloads and Kubernetes environments in real-time Continuously monitor and investigate alerts generated by Wiz Defend to enhance threat detection, triage, and incident response capabilities Perform proactive threat hunting to identify and mitigate advanced threats Conduct in-depth incident investigations and coordinate response efforts to ensure swift remediation Collaborate with internal stakeholders and the Threat Intelligence team to identify and mitigate potential security threats Generate reports and dashboards to communicate SOC performance metrics and security posture to leadership Continuously improve SOC processes and playbooks to streamline operations and response efforts Mentor junior SOC analysts and provide guidance on security best practices This role requires participation in a rotational shift Flexibility and availability to respond to urgent incidents outside of assigned shifts, as needed What youll bring: Strong analytical and problem-solving abilities Excellent communication and interpersonal skills to effectively collaborate with cross-functional teams Proven ability to remain calm and efficient under a high-pressure environment Proficient in using SIEM tools, such as Microsoft Sentinel Experience with data migration strategies across SIEM platforms Experience on Cloud Security Operations and Incident Response platforms such as Wiz In-depth understanding of cyber threats, vulnerabilities, and attack vectors Proficient in creating KQL queries and custom alerts within Microsoft Sentinel Expertise in developing SIEM use cases and detection rules Skilled in incident response and management procedures Experienced in conducting deep-dive investigations and root cause analysis for incidents Adept at collaborating with stakeholders to resolve complex cybersecurity challenges Ability to automate routine SOC processes to enhance operational efficiency Experienced in mentoring and guiding junior analysts in security operations Knowledge of major cloud platforms (AWS, Azure, GCP), including their security models, IAM roles, virtual private cloud (VPC) configurations, and cloud-native security tools Good to have skills and abilities: Excellent interpersonal (self-motivational, organizational, personal project management) skills Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System Ability to analyze cyber threats to develop actionable intelligence Skill in using data visualization tools to convey complex security information Academic Qualifications: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience) 4+ years of experience in a Security Operations Center (SOC) environment, with a focus on SIEM management Strong hands-on experience with Microsoft Sentinel, including data connectors, KQL queries, analytics rules, and workbooks Experience with SIEM migration Expertise in incident response, threat detection, and security monitoring Solid understanding of Windows, Linux, and cloud security concepts Relevant certifications (e.g., CompTIA Security+, Microsoft Certified: Security Operations Analyst, GCIA, GCIH, OSDA, GCFA) are preferred Preferred Security Cloud Certifications: AWS Security Specialty

Position Summary: Cigna Information Protection is looking for a Data Loss Prevention (DLP) Lead Analyst. The DLP Lead Analyst monitors user behavior-based cybersecurity events, controls the access and usage of classified data, provides senior technical support and expertise with Cloud/SaaS/CASB integration into the enterprise DLP solution, and serves as a point of escalation for Data Loss incidents. The ideal candidate will have excellent analytical and problem-solving skills, strong communication skills (written and verbal), and a strong technical skill set. The candidate should also have a good understanding of Insider Threat programs along with Gen AI knowledge/ toolsets. Job Description & Responsibilities: Engineering level expertise to provide guidance and direction for Cloud/SaaS/CASB platforms in relation to data loss monitoring, automation, alerting, mitigating security incidents. Provide recommendations for security improvements by assessing current DLP landscape, evaluating trends and products, and anticipating future requirements to reduce enterprise risk. Develop and assist in engineering solutions for DLP related use cases related to automation involving SOAR and SIEM platforms. Develop and maintain log query, offense rules, actionable alerts, and report creation in SIEM platform. Identify, analyze, and verify Data Loss events related to email, web, endpoint channels. Perform security analysis of network traffic data and report on threats for handoff and additional analysis. Threat mitigation through immediate action utilizing enterprise security tools and outreach to partner teams to achieve containment. Work within rotational schedule to ensure full coverage for event monitoring and security report review as needed Provide supporting evidence as needed to support Privacy Office investigations Assist in audit activities to provide evidence, address and remediate Findings Ensure process and procedure guides are up to date and accurate Follow enterprise Change Management workflows to ensure stable production implementation of enhancements Maintain and tune policies/rules within data loss tools to reduce risk to company. Assist with metric collection for weekly/monthly management reporting requirements. Support projects to assist in deployment, tuning and configuration of new technology as needed. Support 24x7 on call for escalated security incidents on a rotational basis. Perform other security duties as required Follow up and review cases until closure which includes investigating and recommending appropriate corrective actions for cyber security incidents and communicating with the implementation staff responsible or taking corrective actions. Manage and escalate Data Loss incidents to Senior Management for awareness and resolution in timely manner. Experience Required: Overall 8 - 11 years of I.T. and/or information security experience 3+ years of experience using enterprise level DLP solutions Experience Desired: Scripting ability in Python and/or Perl and a deep understanding of command line tools such as grep and tcpdump Industry recognized certification in cyber security such as GCIA, GCIH, CISSP or similar Networking certifications (e.g. CCNA - Security, CCNP) and demonstrated practical experience Linux knowledge a plus Education and Training Required: Bachelors degree in Computer Science, Information Technology, or related field Education and / or experience which is equivalent to the above Primary Skills: Strong understanding of Cloud Security concepts and CASB function. Understanding of Insider Threat programs along with Gen AI knowledge. Expertise with a variety of security tools such as CASB, Cloud proxy, Data Loss Prevention platforms, Security Information and Event Management (SIEM) system, email proxy systems, SOAR platforms. Applied scripting expertise in Powershell, VBscript, Python and strong understanding of Regex. Strong understanding of infrastructure designs; including routing, firewall functionality, load balancing, and in-depth understanding of other network protocols. Demonstrated experience with network and endpoint data loss prevention (DLP) tools. Candidate will be required to utilize various security tools to monitor security risks in the Cigna internal network, create cases in case tracking tool and initiate investigation where warranted. Additional Skills: Demonstrated ability to work in a team environment. Self-starter willing to take initiative to go beyond the ask. Ability to effectively prioritize tasks and work independently with minimal daily management interaction. Excellent written and verbal communication skills. Strong judgment and leadership skills. Ability to work effectively with clients and IT management and staff. Ability to participate in customer and partner facing meetings and projects, including those that involve technical topics. Strong analytical skills and inferential thinking. Ability to create and document new processes/procedures and gain intra and inter team buy-in and acceptance. Ability to operate and contribute effectively as a remote member of a global Information Protection team.