16 Gcih Jobs

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. We are counting on your unique voice and perspective to help EY become even better. Join us and build an exceptional experience for yourself and a better working world for all. As a CMS-TDR Senior at EY, you will work as a Senior Analyst within our cyber security team. Your role will involve assisting clients in detecting and responding to security incidents with the support of SIEM, EDR, and NSM solutions. Your key responsibilities will include: - Operational support using SIEM solutions (Splunk, Sentinel, CrowdStrike Falcon LogScale), EDR (CrowdStrike, Defender, Carbon Black), and NSM (Fidelis, ExtraHop) for multiple customers. - Specializing in second-level incident validation and detailed investigations. - Performing incident coordination and communication with clients to ensure effective containment, eradication, and recovery. - Providing SIEM support activities, including ad hoc reporting and basic troubleshooting. - Advising customers on best practices and use cases to achieve customer end-state requirements. - Providing near real-time analysis, investigating, reporting, remediating, coordinating, and tracking security-related activities for customers. Skills and attributes for success include: - Customer service orientation, meeting commitments, and seeking feedback for improvement. - Good knowledge of SIEM technologies such as Splunk, Azure Sentinel, CrowdStrike Falcon LogScale from a security analyst's perspective. - Troubleshooting issues associated with SIEM solutions. - Ability to work with minimal supervision. - Exposure to IoT/OT monitoring (Claroty, Nozomi Networks) is a plus. - Experience in security monitoring and cyber incident response. - Knowledge in ELK Stack, network monitoring technology platforms (Fidelis XPS, ExtraHop), and endpoint protection tools (Carbon Black, Tanium, CrowdStrike, Defender). To qualify for this role, you must have: - A B.Tech./B.E. degree with sound technical skills. - Ability to work in 24x7 shifts. - Strong command of verbal and written English. - Technical acumen and critical thinking abilities. - Strong interpersonal and presentation skills. - Minimum 3 years of hands-on experience in SIEM/EDR/NSM solutions. - Certification in any of the SIEM platforms. - Knowledge of RegEx, Perl scripting, and SQL query language. - Certifications such as CCSA, CEH, CISSP, GCIH, GIAC. Working at EY offers: - Inspiring and meaningful projects. - Education, coaching, and personal development opportunities. - Support, coaching, and feedback from engaging colleagues. - Opportunities for skills development and career progression. - Freedom and flexibility to shape your role according to your needs. EY is dedicated to building a better working world by creating long-term value for clients, people, and society and building trust in the capital markets. Our diverse teams across 150 countries provide trust through assurance and help clients grow, transform, and operate in various sectors. We ask better questions to find new answers for the complex issues facing our world today.,

Skills SIEM tools (Splunk), SentinalOne, CASB tool (NetSkope), DLP OWASP, CWE, SANS, NISTGoogle, Microsoft, AWS scripting languages like Python, PowerShell security certifications (Security+, CEH, ECIH, GCIH Wireshark and packet sniffing tools (Java, Shell, JavaScript, Python threat analysis python cloud security software siem tools information security event log analysis adaptability siem planning scripting securitypeople management skill system java team work gcp leadership splunk logging aws programming communication skills architecture Education BE/B.Tech/MCA/M.Sc./M.Tech in Computer Science or related discipline Year of Experience: Minimum7 to 10 years of experience in the security domain with exposure to Security Products About the Team & Role: Position Overview: We are seeking a highly experienced and proactive Information Security Manager to lead our security initiatives. This role requires deep expertise in threat analysis, SIEM tools (Splunk, SentinelOne), and major security frameworks (OWASP, NIST). The ideal candidate will be responsible for identifying and mitigating technical risks, enhancing security tools, preparing intelligence reports, and providing technical leadership to a team. Candidates should have a minimum of 10 years in the security domain, strong experience with cloud security (Google, Microsoft, AWS), scripting (Python, PowerShell), and security event log analysis. Excellent communication and problem-solving skills are essential. Preferred qualifications include SIEM and vulnerability management experience, relevant security certifications (Security+, CEH, GCIH), and a Bachelor's degree in a related field. What will you get to do here? Initial point of contact for client requirements and operational escalation Proactively identify technical and architectural risks, and work effectively to mitigate them Research, plan, and implement new tool features to make security tools more effective and add value Prepare and present Security Intelligence Reports Provide technical direction to Associates and Analysts within the team Assist in investigations of high-level, complex violations of information security policies Report security performance against established security metrics Provide deep subject matter expertise in architecture, policy, and operational processes for threat analysis and client escalation Provide guidance and support to 3rd-level technical support, including architecture review, rules and policy review/tuning Establish and communicate extent of threats, business impacts, and advise on containment and remediation Collaborate with other BUs on security gaps and educate teams on cybersecurity importance Manage platforms and vendors What qualities are we looking for? Minimum 10 years of experience in the security domain with exposure to Security Products Experience with methodologies and tools for threat analysis of complex systems, such as threat modeling SME knowledge of SIEM tools (Splunk), SentinalOne, CASB tool (NetSkope), DLP, etc. Understanding of major security frameworks (OWASP, CWE, SANS, NIST, etc.) SME-level knowledge of the current threat landscape Experience securing applications deployed on cloud platforms (Google, Microsoft, AWS) Knowledge and experience with scripting languages like Python, PowerShell Experience with security operations program development Proficiency with security event log analysis and various event logging systems Excellent verbal and written communication skills Ability to learn and retain new skills in a changing technical environment Willingness to learn new technology platforms SIEM experience and Vulnerability Management Recognized network and security certifications (Security+, CEH, ECIH, GCIH, etc.) Experience with Wireshark and packet sniffing tools Python development experience Bachelor's degree in Computer Science, Engineering, or a related field Strong proficiency in programming languages (Java, Shell, JavaScript, Python) Excellent problem-solving skills and attention to detail Strong communication and teamwork abilities Expertise with privacy software

We are reaching out regarding an exciting opportunity in Cybersecurity Operations Leadership with a global organization known for innovation and resilience in cyber defense. In this role, you'll lead a 24x7 global Security Operations Center (SOC) and drive strategy and execution across threat detection, incident response, forensics, and automation using tools like Splunk, Phantom, CrowdStrike, and Tanium. Youll work closely with audit and compliance teams and ensure security operations are aligned with regulatory and industry best practices (NIST, MITRE ATT&CK, ISO 27001). Key Highlights: Lead SOC teams and security incident response globally Enhance SIEM/SOAR platforms, automate detection & response Hands-on experience with forensic tools, cloud security (AWS/Azure), and vulnerability management Strategic reporting, playbook creation, and regulatory compliance Preferred certifications: CISSP, CISM, GCIH, GCFA, CEH, or equivalent Experience: 10–15 years with at least 3–5 years in Cybersecurity Operations If you’re passionate about building world-class cybersecurity defense mechanisms and enjoy leading high-performing teams, we’d love to speak with you!

Senior SOC Eng to lead incident response, threat detection & automation initiatives for Rocket EMS's globl security operatn. SIEM/SOAR optimization, advanced threat hunting & direct response to cyberattacks across endpoints, cloud & identity systems.

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L2 Analyst has responsibility to closely track the incidents and support for closure. 10.Working with logsource and usecase management in integrating log sources and developing & testing usecase 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Developing SOP / instruction manual for L1 team 13.Guiding L1 team for triage/analysis and assist in clousure of cybersecurity alert and incidents 14.Handle XDR alerts and followup with customer team for agent updates 15.Escalate more complex incidents to L3 SME for deeper analysis. Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.3-5 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques. Preferred technical and professional experience Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications

Company Name- CIPL (www.cipl.org.in) We have opening for our one government client Ministry of Home Affairs. Client Name- I4C (Indian Cybercrime Coordination Centre) Designation- Cybercrime Threat Intelligence Analyst - Hyderabad , Vacancy -1 Cybercrime Investigator/ Cyber Crime Investigation Researcher - Delhi , Vacancy- 2 Detect emerging Cybercrime threats based upon analysis, data feeds crime reporting and sources (internal & external intelligence sources). Working within the team and the wider Inf-ormation Security group to build new tools for intelligence gathering. * Knowledge of innovative technologies like block-chain, Artificial Intelligence/Machine Learning, IOT Security, Cloud Security will be an added advantage. * Knowledge of cryptography protocols. * Ability to derive intelligence out of data and reports generated and ability to conduct research in that direction and development of tools to handle such threats and overcome such risks. * Building and maintaining senior management dashboards to provide a clear understanding of team activities and threat landscape. * Identify and suggest appropriate infrastructure with suitable mitigation strategies for cyber crime * Evaluate target systems to analyze results of scans, identify and recommend resolutions * Producing periodic Cybercrime threat analysis reports with mitigation measures. * Programming skills with proficiency in one or more of the following, Python, Java, C++. * Excellent knowledge of digital hardware, computer programming, cyber security practices, databases & operating systems artifacts. * Review unlawful and suspicious content in open source and escalate violations to the appropriate govt. department. * Collect, organize, analyze and develop reliable actionable intelligence about cybercrime, criminals, criminal infrastructure from open sources. Must have advanced understanding of how to use open-source including social media for intelligence. * Ability to draft Sop's/ RFP/ Advisory Manuals/ Reports pertaining to Cyber Security/Inf-ormation Security/Cybercrime Investigation. * Proven ability to work both independently and as a team and present/develop ideas. * Ability to work effectively with technical and non-technical stakeholders. * Ability to communicate (verbal and written) with stakeholders in non-technical terms. * Experience with multiple social media platf-orms. * Using data from social media, open sources, search engines, public records, and the deep web to compile detailed reports on cybercrime, criminals and criminal infrastructure.

Job Title: Senior Cyber Defense Operations Analyst Location: Bengaluru, India Experience: 8+ years Job Type: Full-time Department: Cybersecurity / Information Security / SOC Job Summary: We are seeking a highly skilled and experienced Senior Cyber Defense Operations Analyst to join our cybersecurity team in Bengaluru. The ideal candidate will lead and coordinate cyber defense activities, manage incident response efforts, monitor threats, and provide strategic guidance to strengthen our cyber defense posture. This is a hands-on technical and leadership role within a fast-paced, mission-critical environment. Key Responsibilities: Lead day-to-day operations of Cyber Defense including threat detection, response, and mitigation. Manage and mentor a team of SOC analysts and incident responders. Monitor SIEM and other security tools for indications of compromise, suspicious behavior, and known threats. Coordinate and manage high-severity incidents and support root cause analysis and post-incident reviews. Develop and implement advanced threat detection use cases and response playbooks. Work closely with IT, Infrastructure, and AppSec teams to address vulnerabilities and security gaps. Participate in threat hunting and proactive intelligence-driven defense activities. Collaborate with global security teams to align local and enterprise-wide defense strategies. Ensure compliance with internal security policies, industry standards, and regulatory frameworks (e.g., ISO 27001, NIST, GDPR). Regularly review and improve security operations processes and toolsets. Provide executive-level reporting on threat landscape, incident metrics, and defense posture. Required Qualifications: 8+ years of experience in cybersecurity with a strong focus on Security Operations or Cyber Defense. Proven experience with SIEM (e.g., Splunk, QRadar, LogRhythm), EDR (e.g., CrowdStrike, SentinelOne), and SOAR platforms. Strong understanding of MITRE ATT&CK, cyber kill chain, and threat intelligence frameworks. Expertise in incident response, digital forensics, malware analysis, and threat hunting. Familiarity with cloud security (AWS, Azure, or GCP), including monitoring and defending cloud-native environments. Experience with scripting (Python, PowerShell, etc.) for automation and analysis. Strong understanding of TCP/IP, network protocols, and security architectures. Certifications such as CISSP, GCIA, GCIH, CEH, or similar are highly desirable. Preferred Qualifications: Experience working in a global or large-scale enterprise security environment. Knowledge of DevSecOps and integration of security into CI/CD pipelines. Understanding of data privacy regulations relevant to cybersecurity (e.g., GDPR, HIPAA). Leadership experience in managing small-to-mid sized security teams. Benefits: Competitive salary and performance-based bonuses Health and wellness benefits Flexible work hours and hybrid work options Learning and development support (certifications, courses) Opportunity to work with cutting-edge cybersecurity technologies Please share your updated profiles to naseeruddin.khaja@infosharesystems.com

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a skilled Incident Response Analyst with hands-on experience in Microsoft Sentinel to detect, investigate, and respond to security incidents. The role requires strong capabilities in log analysis and deep investigations to support the SOC team in protecting client environments. Roles & Responsibilities:-Monitor and investigate security alerts using Microsoft Sentinel SIEM.-Perform detailed log analysis from network devices, endpoints, and security tools.-Conduct incident triage, root cause analysis, and escalation as needed.-Collaborate with SOC analysts and other teams to contain and remediate threats.-Apply knowledge of attack techniques to identify and respond to threats effectively.-Assist in documenting incident response actions and reporting findings. Professional & Technical Skills: -4+ years experience in incident response or SOC analyst role.-Hands-on experience with Microsoft Sentinel or similar SIEM platforms.-Strong skills in log analysis and incident investigation.-Understanding of attack frameworks like MITRE ATT&CK is a plus.-Good communication skills and ability to work in a team environment.-Relevant security certifications (e.g., GCIH, SC-200) are a bonus. Additional Information:- The candidate should have minimum 3 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, while also addressing any emerging security challenges that may arise during the implementation process. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Assist in the development of security policies and procedures to enhance the overall security posture.- Evaluate and recommend security technologies and tools to improve cloud security measures.- Communication:Strong verbal and written communication skills, with the ability to present complex security concepts to non-technical stakeholders. Professional & Technical Skills: - Incident Response:Lead and manage security incident response efforts, including investigation, containment, and remediation of security incidents.- Threat Detection:Utilize advanced security tools and techniques to detect and analyze potential threats, ensuring timely identification and mitigation.- Security Operations:Oversee the daily operations of the Security Operations Center (SOC), ensuring efficient monitoring and response to security alerts.- Playbook Development:Collaborate with the SOAR team to develop and refine playbooks for incident enrichment, integration, and testing.- Reporting:Prepare and present weekly, fortnightly, and monthly SOC reports to leadership, highlighting key metrics and incident trends.- Knowledge Transfer:Provide training and knowledge transfer to new team members, ensuring they are equipped to handle day-to-day monitoring and alert analysis.- Stakeholder Collaboration:Work closely with stakeholders to resolve escalated incidents and improve security protocols.- Continuous Improvement:Identify areas for improvement within security operations and implement strategies to enhance overall security posture.- Technical Skills: Proficiency in using security tools such as SIEM, EDR, and SOAR platforms. Experience with Google SecOps is highly desirable.- Certifications:Relevant certifications such as GCIH, or GCIA are preferred. Additional Information:- The candidate should have Minimum of 5 years of experience in security operations, incident response, and threat detection.- This position is based at our Bengaluru office.- Bachelor's/ Masters degree in Computer Science, Information Security, or a related field. Qualification 15 years full time education

Greetings from Teamware Solutions a division of Quantum Leap Consulting Pvt. Ltd We are hiring a Consultant_DLP (Data Loss Prevention) Work Mode: Onsite; 5 days WFO Geography they support - US Work timings: 24x7 Rotational Shift Locations: Bengaluru Experience: 4 -8 Years ( Only Male ) Notice Period: Immediate to 15 days Qualification: BTECH/BCA/MBA/MCA strong knowledge of TPRM Interview process: 2-3 rounds Responsibilities Monitor and respond to alerts generated from the DLP systems to other technologies Understand and follow the incident response process through event escalations Follow processes to maintain the DLP system Utilize Splunk and Symantec DLP to respond to, investigate, triage and prevent client data loss via email and web Implement DLP fine-tuning rules/policies via Symantec DLP Track and present DLP metrics and findings on a monthly basis to senior management 3+ years of experience in information security preferably in the areas of incident response, investigations Experience working with SIEM solutions (Splunk, LogRhythm, QRadar, etc.) Hands on experience & working knowledge of ZScaler tools (Preferably) Certifications (e.g., GCIH, CISSP, CCSP) are preferred Familiarity performing packet analysis Zscaler : Zscaler provides users with seamless,secure and reliable access to applications and data. Please let me know if you are interested in this position and send me the resumes to netra.s@twsol.com

About Us Our purpose at Avient Corporation is to be an innovator of materials solutions that help our customers succeed, while enabling a sustainable world. Innovation goes far beyond materials science; its powered by the passion, creativity, and diverse expertise of 9,000 professionals worldwide. Whether youre a finance wizard, a tech enthusiast, an operational powerhouse, an HR changemaker, or a trailblazer in materials development, youll find your place at Avient. Join our global team and help shape the future with sustainable solutions that transform possibilities into realities. Your unique perspective could be the key to our next breakthrough! Job Summary The Senior Manager of Security Operations and Identity Management is responsible for 24x7 security monitoring and the administration of identity management processes. This role includes overseeing the architectural design, deployment, execution, and optimization of solutions in alignment with risk requirements and compliance obligations. Essential Functions Ensure that SIEM and SOAR environments are “fit for purpose” and continually enhanced to cover known and emerging MITRE ATT&CK techniques Manage the global SOC team responsible for 24x7 alerting, triage, investigation and Incident Response. Monitor and improve Key Performance Indicators (KPIs) Track SOC Maturity and partner with CISO to establish road map for growing SOC capabilities and automation Manage the Cyber Threat Intelligence program Oversee forensics, litigation support, and e-discovery capabilities in support of requests from Legal Lead the team responsible for identity lifecycle functions, identifying and implementing best practices to automate repetitive processes Oversee IAM architecture design, deployment and delivery of capabilities to achieve target levels of cyber maturity and efficiency, working with vendors, partners and other 3rd parties Ensure compliance with required regulations and frameworks across all divisions and markets, driving timely remediation of any IAM deficiencies Other duties as assigned Education and Experience Qualifications Bachelor’s degree in information technology, engineering, business management, operations management, or related field or discipline 10+ years' experience in cyber security with 3+ years in a management role Solid understanding of IAM principles, design and engineering, including Single sign-on (SSO), Multi-Factor Authentication (MFA), Privileged Access Management (PAM) Working knowledge of multiple IAM systems (traditional and cloud) Experience implementing Zero Trust capabilities in complex operating environments Additional Qualifications Security certifications (CISSP, CISM, GCIH, GSEC, etc) Experience with modern cloud detection and response tools and processes Operational Technology (OT) experience

Job Description SecurityHQ is a global cybersecurity company. Our specialist teams design, engineer and manage systems that promote clarity and an inclusive culture of trust, build momentum around improving security posture, and increase the value of cybersecurity investment. Around the clock, 365 days per year, our customers are never alone. Were SecurityHQ. Were focused on engineering cybersecurity, by design Responsibilities Lead response to complex, high-impact security incidents in AWS, including unauthorized access, data breaches, malware infections, DDoS attacks, phishing, APTs, zero-day exploits, and cloud misconfigurations. Perform in-depth analysis of security incidents, including advanced log analysis, digital forensic investigation, and root cause analysis. Develop and implement containment, eradication, and recovery plans for complex security incidents, minimizing disruption and improving security posture. Coordinate with internal and external stakeholders during incident response activities. Document incident details, analysis findings, and remediation actions, including detailed forensic reports and security posture assessments. Identify and recommend security improvements to prevent future incidents and enhance cloud security posture, including: AWS security best practices Security tool implementation and configuration (with a focus on CSPM tools) Vulnerability management Security awareness training Threat hunting strategies Security architecture enhancements CSPM implementation and optimization Develop and maintain AWS-specific incident response plans, playbooks, and procedures, emphasizing automation, orchestration, and continuous security posture improvement. Stay current on cloud security, digital forensics, and cloud security posture management. Mentor junior security analysts in incident response and security posture management. Participate in on-call rotation, providing expert-level support and guidance on security posture. Develop and deliver training on incident response, forensic best practices, and cloud security posture management. Conduct proactive threat hunting and security posture assessments. Contribute to the development of security tools and automation to improve incident response efficiency, effectiveness, and security posture. Essential Skills Expert-level understanding of AWS services, including: EC2, S3, RDS, VPC, Lambda CloudTrail, CloudWatch, Config, Security Hub, GuardDuty IAM, KMS AWS Organizations, AWS Control Tower Extensive experience with SIEM systems (e.g., Datadog, Qradar, Azure Sentinel) in a cloud environment, with a focus on security posture monitoring. Mastery of log analysis, network analysis, and digital forensic investigation techniques, including experience with specialized forensic tools (e.g., EnCase, FTK, Autopsy, Velociraptor) and CSPM tools. Strong experience with scripting (e.g., Python, PowerShell) for automation, analysis, tool development, and security posture management. Deep familiarity with security tools and technologies, including: IDS/IPS EDR Vulnerability scanners Firewalls Network forensics tools CSPM tools Excellent communication and interpersonal skills, with the ability to convey highly technical information to technical and non-technical audiences, including executive leadership and legal counsel, regarding incident response and security posture. Exceptional problem-solving and analytical skills; ability to remain calm, focused, and decisive under high-pressure situations, including those involving significant security posture deficiencies. Ability to work independently, lead a team, and collaborate effectively to improve the organization's security posture. Expert-level understanding of AWS services, including: EC2, S3, RDS, VPC, Lambda CloudTrail, CloudWatch, Config, Security Hub, GuardDuty IAM, KMS AWS Organizations, AWS Control Tower Extensive experience with SIEM systems (e.g., Datadog, Qradar, Azure Sentinel) in a cloud environment, with a focus on security posture monitoring. Mastery of log analysis, network analysis, and digital forensic investigation techniques, including experience with specialized forensic tools (e.g., EnCase, FTK, Autopsy, Velociraptor) and CSPM tools. Strong experience with scripting (e.g., Python, PowerShell) for automation, analysis, tool development, and security posture management. Deep familiarity with security tools and technologies, including: IDS/IPS EDR Vulnerability scanners Firewalls Network forensics tools CSPM tools Excellent communication and interpersonal skills, with the ability to convey highly technical information to technical and non-technical audiences, including executive leadership and legal counsel, regarding incident response and security posture. Exceptional problem-solving and analytical skills; ability to remain calm, focused, and decisive under high-pressure situations, including those involving significant security posture deficiencies. Ability to work independently, lead a team, and collaborate effectively to improve the organization's security posture. Education Requirements & Experience Master's degree in Computer Science, Cybersecurity, or a related field. AWS Security certifications (e.g., AWS Certified Security - Specialty). Relevant security certifications (e.g., CISSP, GCIH, GCIA, GREM, GNFA, OSCP). Experience leading incident response teams and security posture improvement initiatives. Experience with cloud automation and orchestration (e.g., AWS Systems Manager, Lambda) for incident response and security posture management. Knowledge of DevSecOps principles and practices, including security integration into CI/CD pipelines and infrastructure as code (IaC) security. Experience with container security (e.g., Docker, Kubernetes) in AWS, including forensic analysis and security posture assessment. Experience with reverse engineering and malware analysis, focused on identifying threats that impact cloud security posture. Strong understanding of legal and regulatory issues related to digital forensics, incident response, and cloud security posture (e.g., data privacy, chain of custody, compliance requirements).

We're seeking an experienced professional to join our Pune, India office as a Senior Security Operations Analyst with a strong background in Security Information and Event Management (SIEM) platforms, specifically in Microsoft Sentinel and Wiz. The ideal candidate will be responsible for leading advanced threat detection, response, and monitoring activities. This role will be critical in enhancing our cybersecurity posture and ensuring the ZS environment remains secure against emerging threats. What You'll Do Manage the day-to-day operations of Microsoft Sentinel, including rule creation, log ingestion, data analytics, and alert triaging. Develop and tune detection rules, use cases, and analytics within Sentinel to improve threat visibility and detection capabilities. Leverage Wiz Defend to detect and respond to runtime threats across cloud workloads and Kubernetes environments in real-time. Continuously monitor and investigate alerts generated by Wiz Defend to enhance threat detection, triage, and incident response capabilities. Perform proactive threat hunting to identify and mitigate advanced threats. Conduct in-depth incident investigations and coordinate response efforts to ensure swift remediation. Collaborate with internal stakeholders and the Threat Intelligence team to identify and mitigate potential security threats. Generate reports and dashboards to communicate SOC performance metrics and security posture to leadership. Continuously improve SOC processes and playbooks to streamline operations and response efforts. Mentor junior SOC analysts and provide guidance on security best practices. This role requires participation in a rotational shift. Flexibility and availability to respond to urgent incidents outside of assigned shifts, as needed. What You'll Bring Strong analytical and problem-solving abilities. Excellent communication and interpersonal skills to effectively collaborate with cross-functional teams. Proven ability to remain calm and efficient under a high-pressure environment. Proficient in using SIEM tools, such as Microsoft Sentinel. Experience with data migration strategies across SIEM platforms. Experience on Cloud Security Operations and Incident Response platforms such as Wiz. In-depth understanding of cyber threats, vulnerabilities, and attack vectors. Proficient in creating KQL queries and custom alerts within Microsoft Sentinel. Expertise in developing SIEM use cases and detection rules. Skilled in incident response and management procedures. Experienced in conducting deep-dive investigations and root cause analysis for incidents. Adept at collaborating with stakeholders to resolve complex cybersecurity challenges. Ability to automate routine SOC processes to enhance operational efficiency. Experienced in mentoring and guiding junior analysts in security operations. Knowledge of major cloud platforms (AWS, Azure, GCP), including their security models, IAM roles, virtual private cloud (VPC) configurations, and cloud-native security tools. Good to Have Skills and Abilities Excellent interpersonal (self-motivational, organizational, personal project management) skills. Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System. Ability to analyze cyber threats to develop actionable intelligence. Skill in using data visualization tools to convey complex security information. Academic Qualifications Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience). 4+ years of experience in a Security Operations Center (SOC) environment, with a focus on SIEM management. Strong hands-on experience with Microsoft Sentinel, including data connectors, KQL queries, analytics rules, and workbooks. Experience with SIEM migration. Expertise in incident response, threat detection, and security monitoring. Solid understanding of Windows, Linux, and cloud security concepts. Relevant certifications (e.g., CompTIA Security+, Microsoft Certified: Security Operations Analyst, GCIA, GCIH, OSDA, GCFA) are preferred. Preferred Security Cloud Certifications: AWS Security Specialty.

The Group Security (GS) Cybersecurity Defense Center (CDC) team is looking for a Security Operations Center (SOC) Analyst, responsible for execution of incident response, investigative analysis of security incidents, reporting, continuous improvement, and post-incident activities. Will work closely with the CDC Engineering Team, internal Nokia teams, external Security Suppliers, and various technology vendors. Group Security (GS) is part of Strategy & Technology and Nokias central knowledge center for Nokias cybersecurity policies and standards, the cybersecurity architecture and roadmap, and the monitoring and alerting of security incidents. You have: 5+ years of experience in a Security Operations Center (SOC) or similar role 2+ years of experience working with one or more of following systemsMicrosoft Sentinel, Microsoft Defender for Endpoint (MDE), Microsoft Defender for Identity (MDI), SentinelOne or Rapid7 Deep knowledge of incident response methodologies and forensic analysis techniques Strong understanding of cloud security principles and experience with major cloud platforms (AWS, Azure, GCP) Expertise in leveraging automation tools for enhancing security operations It would be nice if you also had: Certifications such as CompTIA Cybersecurity Analyst (CySA+), GIAC Certified Incident Handler (GCIH), or Certified SOC Analyst (CSA) Mentoring experience with junior analysts Execute complex security investigations using log analysis and threat intelligence across all Nokia assets Collaborate with SOC Engineers to drive automation and implement AI-powered security solutions Apply cloud security best practices and zero-trust architecture principles in security operations Engage with senior stakeholders to communicate security risks and improve incident response efforts Lead advanced threat hunting initiatives leveraging expertise in security tools and techniques Contribute to the continuous development of SOC processes, technologies, and techniques for enhanced security Mentor and guide junior analysts to foster a culture of learning and professional growth Facilitate post-incident activities, ensuring comprehensive reporting and continuous improvement of security measures

Senior Security Operations Analyst We are seeking an experienced professional to join our Pune, India office as a Senior Security Operations Analyst with a strong background in Security Information and Event Management (SIEM) platforms, specifically in Microsoft Sentinel and Wiz. The ideal candidate will be responsible for leading advanced threat detection, response, and monitoring activities. This role will be critical in enhancing our cybersecurity posture and ensuring the ZS environment remains secure against emerging threats. What youll do: Manage the day-to-day operations of Microsoft Sentinel, including rule creation, log ingestion, data analytics, and alert triaging Develop and tune detection rules, use cases, and analytics within Sentinel to improve threat visibility and detection capabilities Leverage Wiz Defend to detect and respond to runtime threats across cloud workloads and Kubernetes environments in real-time Continuously monitor and investigate alerts generated by Wiz Defend to enhance threat detection, triage, and incident response capabilities Perform proactive threat hunting to identify and mitigate advanced threats Conduct in-depth incident investigations and coordinate response efforts to ensure swift remediation Collaborate with internal stakeholders and the Threat Intelligence team to identify and mitigate potential security threats Generate reports and dashboards to communicate SOC performance metrics and security posture to leadership Continuously improve SOC processes and playbooks to streamline operations and response efforts Mentor junior SOC analysts and provide guidance on security best practices This role requires participation in a rotational shift Flexibility and availability to respond to urgent incidents outside of assigned shifts, as needed What youll bring: Strong analytical and problem-solving abilities Excellent communication and interpersonal skills to effectively collaborate with cross-functional teams Proven ability to remain calm and efficient under a high-pressure environment Proficient in using SIEM tools, such as Microsoft Sentinel Experience with data migration strategies across SIEM platforms Experience on Cloud Security Operations and Incident Response platforms such as Wiz In-depth understanding of cyber threats, vulnerabilities, and attack vectors Proficient in creating KQL queries and custom alerts within Microsoft Sentinel Expertise in developing SIEM use cases and detection rules Skilled in incident response and management procedures Experienced in conducting deep-dive investigations and root cause analysis for incidents Adept at collaborating with stakeholders to resolve complex cybersecurity challenges Ability to automate routine SOC processes to enhance operational efficiency Experienced in mentoring and guiding junior analysts in security operations Knowledge of major cloud platforms (AWS, Azure, GCP), including their security models, IAM roles, virtual private cloud (VPC) configurations, and cloud-native security tools Good to have skills and abilities: Excellent interpersonal (self-motivational, organizational, personal project management) skills Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System Ability to analyze cyber threats to develop actionable intelligence Skill in using data visualization tools to convey complex security information Academic Qualifications: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience) 4+ years of experience in a Security Operations Center (SOC) environment, with a focus on SIEM management Strong hands-on experience with Microsoft Sentinel, including data connectors, KQL queries, analytics rules, and workbooks Experience with SIEM migration Expertise in incident response, threat detection, and security monitoring Solid understanding of Windows, Linux, and cloud security concepts Relevant certifications (e.g., CompTIA Security+, Microsoft Certified: Security Operations Analyst, GCIA, GCIH, OSDA, GCFA) are preferred Preferred Security Cloud Certifications: AWS Security Specialty

Minimum 3 years’ experience working in a large-scale IT environment with focus on Cyber / Information Security. Areas of expertise should include Pre-Sales support, Service & Solution delivery, part of program management (Transition & Transformation) Required Candidate profile Knowledge in SIEM, SOAR, Threat Hunting, EDR, Deception, NTA, NBAD, UEBA. Handson experience on leading analytical platforms like Splunk, IBM QRadar, Hunters, Sumo Logic, Sentinel. Certification:CISSP