307 Incident Response Jobs - Page 11

We are looking for a highly skilled and experienced Senior Consultant with 3 to 8 years of experience to join our team in Bengaluru. The ideal candidate will have expertise in Cloud Security solutions, particularly in Microsoft Sentinel. ### Roles and Responsibility Architect and implement cloud security monitoring platforms like MS Sentinel. Provide consulting services to customers throughout the testing, evaluation, pilot, production, and training phases to ensure successful deployment. Serve as an SME on Cloud Security solutions for customers, utilizing solution capabilities in daily operational work. Secure overall cloud environments by applying cybersecurity tools and best practices. Advise customers on best practices and use cases for using the solution to meet their end-state requirements. Develop content, including processes for automated security event monitoring and alerting, along with corresponding event response plans. ### Job Requirements Customer service-oriented with a commitment to meeting customer commitments and seeking feedback for improvement. Expertise in content management within MS Sentinel. Good knowledge of threat modeling and experience in creating use cases under Cyber kill chain and Mitre attack framework. Expertise in integrating critical devices/applications, including unsupported (in-house built), by creating custom parsers. Experience in developing migration plans from Splunk/QRadar/LogRhythm to MS Sentinel. Deep understanding of implementing best practices for designing and securing Azure platform. Proficiency in scripting languages such as Python, Bash, and PowerShell. Extensive knowledge of different security threats. Good knowledge and experience in security monitoring and cyber incident response. A B.Tech./B.E. degree with sound technical skills is required. Strong command over verbal and written English language. Demonstrate both technical acumen and critical thinking abilities. Strong interpersonal and presentation skills. Certification in Azure; any other cloud vendor certification is a plus. People/project management skills are ideally desired.

We are looking for a highly skilled and experienced Senior Consultant to join our Tech Consulting team in ServiceNow Practice. The ideal candidate will have 2-7 years of experience. ### Roles and Responsibility Serve as a ServiceNow developer on cross-functional development teams, developing workflow solutions across various modules. Collaborate with application teams to design and implement data interfaces with other enterprise application systems. Develop integration solutions for multiple ServiceNow modules. Create and configure Business Rules, UI Policies, UI Actions, Client Scripts, and ACLs, including advanced scripting. Develop and manage operational metrics reporting and dashboards. Support the development and analysis of customer requirements and assist with user story creation. Perform application testing and maintain system design and operations documentation. ### Job Requirements Minimum 2 years of experience in ServiceNow development. Experience working on more than one application, including SecOps, Security Incident Response (SIR), Vulnerability Response (VR). Good understanding of Agile methodologies for software development. Excellent communication and teamwork skills. Ability to work collaboratively with project teams to ensure successful, technically sound projects completed on time and within budget. Strong technical skills in ServiceNow administration, implementation, and application development. ServiceNow Admin certified (CSA). Certified Implementation Specialist (CIS) for any module. Certified Application Developer.

We are looking for a highly skilled and experienced Senior Consultant to join our Tech Consulting team in the ServiceNow Practice. The ideal candidate will have 2-7 years of experience. ### Roles and Responsibility Serve as a ServiceNow developer on cross-functional development teams, developing workflow solutions across various modules. Collaborate with application teams to design and implement data interfaces with other enterprise application systems. Develop integration solutions for multiple ServiceNow modules. Create and configure Business Rules, UI Policies, UI Actions, Client Scripts, and ACLs, including advanced scripting. Develop and manage operational metrics reporting and dashboards. Support the development and analysis of customer requirements and assist with user story development. Perform application testing and create/maintain system design and operations documentation. Utilize Agile methodologies for software development. ### Job Requirements Minimum 2 years of experience in ServiceNow development. Experience working on more than one application, including Secops, Security incident response SIR, Vulnerability response VR. Strong knowledge of ServiceNow Admin certified (CSA), Certified Implementation Specialist (CIS for any module), and Certified Application Developer. Excellent communication and teamwork skills. Ability to work in an Agile environment. Strong understanding of IT services and consulting industry trends and technologies.

We are looking for a highly skilled and experienced Security Analyst to join our team in Bengaluru. The ideal candidate will have 7-10 years of experience in incident response, computer forensics, and malware reverse engineering. ### Roles and Responsibility Perform forensic and malware analysis to detect, investigate, and resolve security incidents. Engage in proactive threat hunting and provide expert security assessments using EDR, SIEM, and other tools. Communicate with IT stakeholders during incident response activities to ensure effective containment, remediation, and accurate identification of compromise indicators. Report on incident metrics, analyze findings, and develop reports to ensure comprehensive resolution and understanding of security events. Act as an escalation point for incident response, lead shifts, mentor junior team members, and contribute to team skill enhancement. Analyze security events, provide feedback on security controls, and drive process improvements to strengthen the organization's security posture. ### Job Requirements Undergraduate or Postgraduate Degree in Computer Science, Engineering, or a related field (MCA/MTech/BTech/BCA/BSc CS or BSc IT). At least 7 years of overall experience with a minimum of 5 years specialized in incident response, computer forensics, and malware reverse engineering. Proficiency in operating within a Security Monitoring/Security Operations Center (SOC) environment, including experience with CSIRT and CERT operations. Demonstrated experience in investigating security events, threats, and vulnerabilities. Strong understanding of electronic investigation and forensic methodologies, including log correlation, electronic data handling, investigative processes, and malware analysis. In-depth knowledge of Windows and Unix/Linux operating systems, and experience with EDR solutions for threat detection and response. Possession of or willingness to obtain professional certifications like GREM, GCFE, GCFA, or GCIH. Experience with security incident response in cloud environments, including Azure. Knowledge of legal considerations in electronic discovery and analysis. Proficiency in scripting or programming (e.g., Shell scripting, PowerShell, C, C#, Python). Solid understanding of security best practices for network architecture and server configuration. Demonstrates integrity in a professional environment. Strong ethical behavior. Ability to work independently. Possesses a global mindset for working with diverse cultures and backgrounds. Knowledgeable in industry-standard security incident response processes, procedures, and lifecycle. Positive attitude and Excellent teaming skills. Excellent social, communication, and writing skills. Good presentation skills. Excellent investigative, analytical, and problem-solving skills. Supervising Responsibilities: Coordinate escalations and collaborate with internal technology teams to ensure timely resolution of issues. Provide mentoring and training to other team members as required, supporting their development and ensuring consistent team performance.

We are looking for a highly skilled and experienced Senior OT Analyst to join our team, with 2-5 years of experience in the field. ### Roles and Responsibility Monitor and analyze ICS/OT alerts generated by IDS tools such as Defender for IoT, Nozomi, Claroty, etc. Identify unusual or suspicious activity, security breaches, or indicators of compromise. Triage and prioritize alerts based on severity and potential impact. Collaborate with SOC analysts and incident response teams to address and mitigate security incidents. Perform pcap analysis to investigate and validate OT alerts. Develop and maintain standard operating procedures (SOPs) for OT alert analysis and triage. Conduct regular security assessments and use cases validations to assure evolving threat coverage and remediation controls in OT systems. Conduct threat hunting activities to identify potential security threats within the OT environment. Provide expert guidance on ICS/OT security best practices and contribute to the continuous improvement of SOC processes. Document all security incidents comprehensively, providing detailed analysis and recommendations to prevent future occurrences. Design and maintain incident response plans and recovery procedures specific to OT incidents. Collaborate closely with IT security counterparts to ensure a cohesive security posture across both IT and OT domains. Stay updated with the latest trends and developments in ICS/OT security. Develop and deliver OT cybersecurity awareness training programs for operational staff. ### Job Requirements Strong knowledge of industrial control systems (ICS), SCADA systems, and other OT technologies. Good understanding of how OT and IT devices interact with each other and how OT devices work. Experience with SIEM tools and log management. Knowledge of regulatory requirements and standards related to ICS/OT security is desirable. Experience with network security solutions, including firewalls and intrusion detection systems (IDS). Analytical skills to screen through data and logs to identify patterns indicative of cyber threats or threat actor methods. Effective communication skills for interacting with technical and non-technical colleagues and stakeholders. Problem-solving attitude, with the ability to manage incidents under pressure. Knowledge of OT-specific malware, Mitre ICS tactics & techniques, and procedures used by threat actors. Relevant certifications are desirable.

We are looking for a skilled Email Security Engineer with 5 to 10 years of experience to join our team in Bengaluru. The ideal candidate will have a strong focus on Microsoft Defender for Office 365 (MDO) technologies and be able to enhance email security, optimize delivery, and integrate various security technologies and protocols. ### Roles and Responsibility Architect, implement, and manage solutions with a focus on Microsoft Defender for Office 365 (MDO), including anti-phishing policies, safe links, and attachments. Configure and optimize MDO services and integrate with other security solutions such as Cisco, Proofpoint, and Fortra. Implement and manage protections for Microsoft Teams, SharePoint, and OneDrive. Manage email authentication protocols (SPF, DKIM, DMARC) and implement encryption solutions like S/MIME and Office 365 Message Encryption. Handle L4 email security incidents, develop incident response plans, and provide technical guidance. Monitor systems, analyze metrics, and optimize for performance and compliance. Conduct proof of concepts (PoCs), product evaluations, and manage requests for comment (RFCs). Prepare and deliver presentations to leadership and support the security awareness training program. Work independently on projects from conception to completion and manage vendor relationships. ### Job Requirements Bachelor’s degree in Computer Science, Information Security, or related field, or equivalent work experience. Minimum 5 years of experience in email security engineering, with proven experience in incident response and managing security solutions. Strong analytical, problem-solving, and communication skills. Ability to collaborate effectively with diverse teams and deliver presentations to senior leadership. Proficiency in PowerShell, Python, and understanding of network protocols (TCP/IP, SMTP, etc.). Expertise in Microsoft Exchange Online and Defender for Office 365. Proficient in email security tools and platforms, anti-spam, malware detection, phishing prevention, encryption, and DLP. Experience with SPF, DKIM, DMARC, and email security solutions from Cisco, Proofpoint, and Fortra. Knowledge of MDO protections for Teams, SharePoint, and OneDrive. Desired Certifications: CISSP, CESS, or Microsoft 365 Certified: Security Administrator Associate. ### Additional Information Occasional on-call support or off-hours work may be required. Join our team and play a vital role in safeguarding our organization's email communication against emerging threats. If you are passionate about email security, possess strong technical skills, and are committed to maintaining a secure digital environment, we encourage you to apply.

We are looking for a highly skilled and experienced Senior CyberArk Operations Support Analyst to join our team. The ideal candidate will have 5-10 years of experience in managing complex CyberArk environments, with a strong understanding of PAM principles, CyberArk architecture, and cybersecurity best practices. ### Roles and Responsibility Lead the administration and advanced support of the CyberArk PAM solution, including complex troubleshooting, policy management, and platform optimization. Design and implement enhancements to the CyberArk infrastructure to improve security, efficiency, and compliance with industry standards. Oversee the onboarding of new accounts, platforms, and integrations into the CyberArk environment, ensuring adherence to strict security guidelines. Conduct regular system audits to identify potential vulnerabilities and recommend remediation strategies. Mentor junior analysts and provide guidance on best practices and technical challenges. Develop and maintain comprehensive documentation for system configurations, procedures, and service records. Coordinate with cross-functional teams to support enterprise-wide cybersecurity initiatives and projects. Manage critical incidents involving privileged accounts, including root cause analysis and preventive measures. Stay updated on emerging threats and technologies in the PAM space and evaluate their impact on the organization. Lead planning and execution of system upgrades, patches, and maintenance activities, minimizing disruption to business operations. Support compliance and regulatory activities by providing expertise and documentation as needed. Develop and maintain a comprehensive disaster recovery and business continuity plan for the CyberArk infrastructure, ensuring minimal downtime and quick restoration of services in case of an outage. Collaborate with the cybersecurity architecture team to design and implement a robust privileged access management strategy that aligns with the organization's overall security posture. Lead security incident investigations related to privileged accounts, including forensic analysis, and collaborate with the incident response team to develop a coordinated response plan. Proactively monitor the CyberArk environment for unusual activities and potential threats using advanced security tools and techniques. Serve as the subject matter expert for CyberArk within the organization, providing insights and recommendations to senior management on PAM-related matters. Participate in vendor management, including evaluating software solutions, negotiating contracts, and managing relationships with CyberArk and other security vendors. Drive continuous improvement initiatives by regularly reviewing and updating CyberArk policies and procedures to reflect the evolving threat landscape and business needs. Facilitate cross-training and knowledge sharing sessions within the team to ensure redundancy in critical skill sets and promote a culture of continuous learning. Engage with the broader cybersecurity community to stay informed about new vulnerabilities, attack vectors, and defense mechanisms related to privileged access management. Influence and enforce security policies and procedures across the organization, ensuring privileged access is managed in accordance with best practices and regulatory requirements. Assist in budget planning and management for the CyberArk operations team, including forecasting future needs for resources, tools, and training. ### Job Requirements Advanced knowledge of CyberArk PAM solutions, with relevant certifications such as CyberArk Certified Delivery Engineer (CDE), Defender, or Sentry. Proven experience in managing complex CyberArk environments, including components such as EPV, CPM, PSM, and AIM. Strong understanding of network security, identity and access management (IAM), and related technologies (e.g., SIEM, firewalls, multi-factor authentication). Expertise in scripting and automation to streamline operations and incident response. Excellent analytical, problem-solving, and decision-making skills. Leadership qualities and experience in mentoring or managing junior staff. Strong communication and presentation skills, with the ability to convey technical information to non-technical stakeholders. Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.

We are looking for a highly skilled and experienced Cyber Security Consultant to join our team in Bengaluru. The ideal candidate will have 5-8 years of experience in supporting Data Security Technology, with a strong background in Information Security concepts related to Governance, Risk & Compliance. ### Roles and Responsibility Build and deploy DATA PROTECTION solution concepts and deployment requirements. Deploy and administer endpoint protection tools. Collaborate with vendors to support DATA PROTECTION technology, including troubleshooting and upgrades. Monitor and respond to alerts from Data Protection systems and other technologies. Follow incident response processes through event escalations. Respond to escalations by the Incident Response Team. Maintain leading DATA LOSS PREVENTION/CASB systems. Assist clients in privacy-related incident response activities and support their teams as an interim member (e.g., security officer, security manager, security analyst). ### Job Requirements Bachelor's or master’s degree in Computer Science, Information Systems, Engineering, or a related field. At least 5-8 years of experience in supporting Data Security Technology. Experience in administering DLP, CASB tools, including configuring policies, upgrading, and patching for leading vendors such as Digital Guardium, McAfee, Forcepoint, Netskope, Symantec CloudSOC, MCAS, etc. Technical/Vendor certification is an added advantage. Knowledge of core Information Security concepts related to Governance, Risk & Compliance. Ability to work independently and adapt to a changing environment. Demonstrated integrity in a professional setting. Strong analytical and problem-solving skills. Excellent verbal and written communication skills. Proficient in documentation and PowerPoint. Good social, communication, and technical writing skills. Ability to interface with internal and external clients. Flexible to work on rotational shifts and some weekend work may be required based on job needs. Professional certificate or active pursuit of related professional certifications such as CompTia Security+, CEH, CISSP, or Vendor/Technical certification; certified candidates are expected to complete one of the business-required certifications within 12 months of hire.

We are looking for a highly skilled and experienced Cyber Exercise Analyst to join our team in Bengaluru. The ideal candidate will have 2-4 years of experience in cyber security, with a strong background in risk strategy, digital identity, cyber defense, application security, and technology solutions. ### Roles and Responsibility Collaborate with cross-functional teams to develop and implement comprehensive cyber security strategies. Conduct thorough analysis of complex data sets to identify potential threats and vulnerabilities. Develop and maintain detailed documentation of cyber security processes and procedures. Provide expert guidance on cyber security best practices to stakeholders at all levels. Stay up-to-date with emerging trends and technologies in cyber security. Participate in incident response efforts to mitigate the impact of security breaches. ### Job Requirements Strong understanding of cyber security principles, including risk management and compliance. Experience with cyber security tools and technologies, such as SIEM systems and intrusion detection systems. Excellent analytical and problem-solving skills, with the ability to interpret complex data sets. Effective communication and collaboration skills, with the ability to work with diverse stakeholders. Ability to stay current with emerging trends and technologies in cyber security. Strong attention to detail, with a focus on delivering high-quality results. Expert knowledge of red teaming, tabletop exercises, cyber incident response, and threat intelligence processes. Experience in test documentation, red team report creation, threat intelligence report creation, and analysis for red teaming. Skilled in using information technology/security, proficient in writing technical documentation including manuals, policies, and procedures. Good time management skills and versatility to present to technical audiences. Knowledge of TIBER-EU is an added advantage.

We are looking for a skilled Senior (Endpoint Detection and Response) professional with 6 to 12 years of experience. The ideal candidate will have excellent teamwork skills, passion, and drive to succeed in combatting cyber threats. ### Roles and Responsibility Collaborate with team members to find creative and practical solutions to customers' challenges and needs. Design, implement, and operate EDR solutions such as Carbon Black, Tanium, Crowdstrike, Cortes XDR, Microsoft Defender ATP, MacAfee, Symantec, and similar technologies. Provide consulting services during testing, evaluation, pilot, production, and training phases to ensure successful deployment. Perform remote and on-site gap assessments, customization, installation, and integration of EDR solutions. Develop expertise in EDR use cases, including automated security event monitoring and alerting processes. Lead teams through various project phases and adapt to market trends. ### Job Requirements Minimum 6 to 12 years of experience in network administration or a related field. Strong oral, written, and listening skills are essential for effective consulting. Experience in cybersecurity operations, network security monitoring, host security monitoring, malware analysis, adversary hunting, modern adversary methodologies, all-source intelligence analysis, analytical methodologies, confidence-based assessments, and writing analytical reports is required. Working knowledge of Cuckoo, CAPE, or other sandbox platforms is necessary. Experience with security orchestration automation and response tools (Phantom, Resilient, XSOAR) and incident response platforms/DFIR toolsets is expected. Ability to lead teams and adapt to market trends. Certification in EDR or SIEM Solution is mandatory. Certifications in core security-related disciplines are an added advantage. A strong background in network administration is needed, with the ability to work at all layers of the OSI model and explain communication at any level. Knowledge of Vulnerability Management, basic Windows setup, Windows Domains, trusts, GPOs, server roles, Windows security policies, basic Linux setup, user administration, Linux security, and troubleshooting is required. Good understanding of programming/scripting languages such as Python, JavaScript, Bash, PowerShell, Ruby, Perl, etc. A degree in computer science, mathematics, engineering, or a similar field is preferred. At least 4 years of working in a security operations center.

Role & responsibilities SOC L2 Qradar : Incident Triage and Escalation : Review security alerts and incidents, determine severity, and escalate to the appropriate teams (e.g., L3, incident response) when necessary. Security Monitoring : Leverage SIEM tools like QRadar to actively monitor security events, correlate data, and detect abnormal patterns or potential threats. Root Cause Analysis : Investigate security incidents thoroughly to identify the root cause, using log analysis and threat intelligence to gain deeper insights. Incident Response : Coordinate and contribute to the response efforts during active security incidents, ensuring rapid mitigation and recovery. Threat Hunting : Proactively search for hidden threats within the network, looking for unusual activity or patterns that may indicate compromise or vulnerabilities. Log Analysis : Deep dive into logs (from firewalls, IDS/IPS, endpoints, etc.) to detect suspicious behavior and correlate events for comprehensive insights. False Positive Reduction : Work on refining SIEM alerts to minimize false positives, improving detection efficiency and alert quality. Collaboration with L3 and Other Teams : Communicate findings and assist L3 analysts or other internal teams with deeper investigations and remediation actions. Documentation and Reporting : Accurately document incidents, their findings, and remediation steps, and generate reports for management and stakeholders. Continuous Learning and Improvement : Stay updated on the latest security threats, attack techniques, and tools, and contribute to improving security processes and detection capabilities.

Greetings from IT.. I am now hiring a Threat Detection Engineer for my Clients. Location: Bangalore, Gurugram. Experience: 6-13 Years N[P: Immediate-30 days Primary skills: Threat hunting, threat intelligence, Splunk In-depth knowledge of external attacks and detection techniques to be able to run analysis of the requirements provided by threat intelligence / SOC teams, generate list of rules that could be implemented (based on self analysis of a threat and avaiable log sources), work with SOC team to operationalize and Purple Team to test.. Familiarity with MITRE ATT&CK framework and Tactics, Techniques, and Procedures (TTPs). Experience with security tools such as Splunk, MDE , Databricks to be able to write custom detections to detect various threats (preferably MDE). Kindly share your resume at chanchal@oitindia.com

We are seeking a talented individual to join our GIS Team at MMC Corporate This role will be based in Gurgaon. This is a hybrid role that has a requirement of working at least three days a week in the office. What can you expect? As a Cybersecurity Detection and Automation Engineer, you will be responsible for the consultation, creation, documentation and tuning of new and existing detection mechanisms to identify and mitigate threats within our Security Information and Event Management (SIEM) tool and our Managed Detection and Response (MDR) tool. Additionally, you will be responsible for supporting the growing automation efforts within GCD. We will count on you for: Excellent critical thinking skills, with proven analytical expertise and the ability to learn adaptively Demonstrated effective verbal, written and interpersonal communication skills with the ability to communicate security concepts to both technical and non-technical audiences Experience with security technologies and alerts, such as intrusion prevention and detection systems, web proxies, SIEM, SOAR, EDR, firewalls, web application scanner, vulnerability scanners, forensics tools, open-source tools, or other security technologies Experience analyzing and articulating cyber attacks Demonstrated experience with programing languages (e.g., Python, PowerShell) for automation Implementation and customization of Security Orchestration, Automation, and Response (SOAR) platforms Knowledge in one or more of the following domains: Network Operations and Architecture, Operating Systems, Identity and Access Management, Programming, Cloud Computing, Databases, or Cryptography What you need to have: Ability to operate independently in a dynamic, evolving environment with multiple inputs and tasks simultaneously Knowledge of common attacks, current threats, threat actors, and industry trends Familiarity with common security frameworks and models, such as MITRE ATT&CK, Lockheed Martin Cyber Kill Chain, The Diamond Model of Intrusion Analysis and NIST Cybersecurity Framework Previous automation projects related to the Security space Working knowledge with multiple SIEMs and EDRs What makes you stand out? Cybersecurity Detection and Automation Engineer Why join our team: We help you be your best through professional development opportunities, interesting work and supportive leaders. We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities. Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being.

Assist in the management of Identity and Access Management (IDM) systems to ensure secure and efficient user authentication and authorization. Monitor and support user access controls and security permissions across systems and applications. Implement and troubleshoot IDM solutions, including user provisioning, role-based access control, and lifecycle management. Collaborate with IT and security teams to ensure compliance with organizational security policies and regulatory requirements. Participate in incident response and investigate potential security breaches related to identity management. Assist in the development and maintenance of IDM documentation, including processes and procedures. Provide user support for IDM-related issues, including account lockouts and permission discrepancies. Contribute to ongoing improvements in IDM systems, ensuring that they remain up-to-date with the latest security features and industry standards. Conduct routine audits and access reviews to ensure proper user access rights are maintained. Ensure alignment of IDM strategies with business needs and IT security goals

About Zscaler Serving thousands of enterprise customers around the world including 40% of Fortune 500 companies, Zscaler (NASDAQ: ZS) was founded in 2007 with a mission to make the cloud a safe place to do business and a more enjoyable experience for enterprise users. As the operator of the world’s largest security cloud, Zscaler accelerates digital transformation so enterprises can be more agile, efficient, resilient, and secure. The pioneering, AI-powered Zscaler Zero Trust Exchange™ platform, which is found in our SASE and SSE offerings, protects thousands of enterprise customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Named a Best Workplace in Technology by Fortune and others, Zscaler fosters an inclusive and supportive culture that is home to some of the brightest minds in the industry. If you thrive in an environment that is fast-paced and collaborative, and you are passionate about building and innovating for the greater good, come make your next move with Zscaler. Our Engineering team built the world's largest cloud security platform from the ground up, and we keep building. With more than 100 patents and big plans for enhancing services and increasing our global footprint, the team has made us and our multitenant architecture today's cloud security leader, with more than 15 million users in 185 countries. Bring your vision and passion to our team of cloud architects, software engineers, security experts, and more who are enabling organizations worldwide to harness speed and agility with a cloud-first strategy. We're looking for an experienced Staff Security Researcher to join our Zscaler Threat Hunting team. Reporting to the Director, Zscaler Threat Hunting, you'll be responsible for: Analyze emerging threats, adversarial behaviors, and tactics, techniques, and procedures (TTPs) to understand attacker methodologies and improve detection capabilities Conducting proactive and retroactive threat hunting using Zscaler telemetry drawing from proven experience in behavioral-based threat hunting Researching, analyzing, validating, and clearly documenting threat hunting findings Independently hunting and responding to customers while working flexible schedules, including weekend night shifts and providing on-call support as needed to meet operational demands while getting two days off during the weekdays What We're Looking for (Minimum Qualifications) Proven experience in one or more of the following - threat hunting, incident response, security operations, malware analysis, blue teaming, purple teaming or network defence Hands-on experience in a Security Information and Event Management (SIEM) tool, such as Splunk, Microsoft Sentinel, or ElasticSearch Familiarity with MITRE ATT&CK framework and modern Tactics, Techniques, and Procedures (TTPs) Bachelor’s or graduate degree from four-year college or university (preferably in Computer Science, Engineering, or a related discipline), or equivalent security industry work experience What Will Make You Stand Out (Preferred Qualifications) Must be able to validate findings, perform root cause analysis, and deliver recommendations Scripting and automation skills (Python preferable) Must have excellent reporting and analytical skills and experience writing IDS/IPS, YARA signatures Experience in network-based threat detection #LI-Onsite #LI-AC10 At Zscaler, we believe in innovation, productivity, and success. We are looking for individuals from all backgrounds and identities to join our team and contribute to our mission to make doing business seamless and secure. We are guided by these principles as we create a representative and impactful team, and a culture where everyone belongs. Our Benefits program is one of the most important ways we support our employees. Zscaler proudly offers comprehensive and inclusive benefits to meet the diverse needs of our employees and their families throughout their life stages, including: Various health plans Time off plans for vacation and sick time Parental leave options Retirement options Education reimbursement In-office perks, and more! By applying for this role, you adhere to applicable laws, regulations, and Zscaler policies, including those related to security and privacy standards and guidelines. Zscaler is committed to providing equal employment opportunities to all individuals. We strive to create a workplace where employees are treated with respect and have the chance to succeed. All qualified applicants will be considered for employment without regard to race, color, religion, sex (including pregnancy or related medical conditions), age, national origin, sexual orientation, gender identity or expression, genetic information, disability status, protected veteran status, or any other characteristic protected by federal, state, or local laws. See more information by clicking on the Know Your Rights: Workplace Discrimination is Illegal link. Pay Transparency Zscaler complies with all applicable federal, state, and local pay transparency rules. For additional information about the federal requirements, click here . Zscaler is committed to providing reasonable support (called accommodations or adjustments) in our recruiting processes for candidates who are differently abled, have long term conditions, mental health conditions or sincerely held religious beliefs, or who are neurodivergent or require pregnancy-related support.

SOC analyst Job Statement: NopalCyber makes cybersecurity manageable, affordable, dependable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360 platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are tailored to clients needs and budget, and external threat analysis, which provides critical intelligence at no-cost, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service. For attending the walk-in, we request you to fill out this quick registration form(mandatory) https://forms.gle/MEaAUivs2832ka5A8 Job responsibilities: Monitor, analyze, and interpret security/system logs for events, operational irregularities, and potential incidents, and escalate issues as appropriate Responsible for monitoring, detection of analysis through various input tools and systems (SIEM, IDS / IPS, Firewalls, EDR, etc.) Conduct basic red team exercises to test the effectiveness of preventive and monitoring controls Provides support for complex system/network exploitation and defense techniques to include deterring, identifying, and investigating system and network intrusions Support malware analysis, host and network, log analysis, and triage in support of incident response Maintaining and improving the security technologies deployed, including creating use cases, customizing or better configuring the tools based on past and current threats Monitoring threat/vulnerability landscape, security advisories, and acting on them as appropriate Continuously monitors the security alerts and escalation queue, triages security alerts Monitoring and tuning SIEM (content, parsing, maintenance) Monitoring Cloud infrastructure for security-related events Delivers scheduled and ad-hoc reports Develop and coach L1 analysts Author Standard Operating Procedures (SOPs) and training documentation Work the full ticket lifecycle; handle every step of the alert, from detection to remediation Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty Perform threat-intel research, learn new attack patterns, actively participate in security forums. Job specifications: Qualification: Bachelors degree in Engineering or closely related coursework in technology development disciplines Certifications like CISSP, CEH, CISM, GCIH, GCIA are desirable Experience with the following or related tools: SIEM Tools such as Splunk, IBM QRadar, SecureOnix; Case Management Tools such as Swimlane, Phantom, etc.; EDR tools such as Crowdstrike, Sentinel, VMware, McAfee, Microsoft Defender ATP, etc; Network Analysis Tools such as Darktrace, FireEye, NetWitness, Panorama, etc. Experience: 3-10 years of SOC related work experience Desired Skills: Full understanding of SOC L1 responsibilities/duties and how the duties feed into L2/L3. The ability to take lead on incident research when appropriate and be able to mentor junior analysts. Advanced knowledge of TCP/IP protocols and event log analysis Strong understanding of Windows, Linux and networking concepts Experience analyzing both log and packet data to include the use of WireShark, tcpdump and other capture/analysis tools Good understanding of security solutions including SIEMs, Web Proxies, EDR, Firewalls, VPN, authentication, encryption, IPS/IDS etc. Functional understanding of Cloud environments Ability to conduct research into IT security issues and products as required Working in a TAT based IT security incident resolution practice and knowledge of ITIL Knowledge and experience with scripting and programming (Python, PERL, etc.) are also highly preferred Malware analysis and reverse engineering is a plus Personal Attributes Self-starter and quick learner requiring minimal ramp-up Excellent written, oral, and interpersonal communication skills Highly self-motivated, self-directed, and attentive to detail Ability to effectively prioritize and execute tasks in a high-pressure environment

SIEM tools to identify potential threats;VAPT tools, Incident Handling, Forensic Analysis;CEH CSA;CySA+;CISA;incidents and breaches; operating systems, network devices, and security devices.Familiarity with Security Information and Event Management

IS Specialist OT Security What you will do Let’s do this. Let’s change the world. In this vital role you will [responsible for developing and implementing security strategies that protect industrial control systems (ICS), SCADA networks, and other manufacturing infrastructure components. This role ensures the integrity, availability, and confidentiality of OT environments by integrating security monitoring, risk management, and compliance efforts into industrial operations. The OT Security Engineer works closely with Security Operations, Engineering and Infrastructure, and Operations to safeguard systems against cyber threats. Key responsibilities include implementing security best practices for OT, managing vulnerabilities, and collaborating with stakeholders to enhance the security posture of OT environments. . Roles & Responsibilities: Define, lead, and implement security strategies for OT environments, focusing on Industrial Control Systems (ICS) and SCADA. Implement and manage OT-specific security monitoring tools, ensuring real-time detection and response to cyber threats. Collaborate with engineering and operational teams to integrate security measures into OT network architectures. Assess and mitigate vulnerabilities in OT environments, ensuring compliance with industry standards (e.g., NIST 800-82, IEC 62443). Support security incident response efforts, including forensic analysis and remediation of threats in industrial environments. Coordinate with vendors, partners, and government agencies to address OT cybersecurity challenges. Develop security policies, procedures, and guidelines tailored to OT environments. Provide training and awareness programs to operational teams regarding OT cybersecurity best practices. Maintain relationships with vendors and strategic partners to enhance security capabilities. What we expect of you We are all different, yet we all use our unique contributions to serve patients. The [vital attribute] professional we seek is a [type of person] with these qualifications. Basic Qualifications: Master’s degree with 4- 6years of experience in Information Systems or related field OR Bachelor’s degree with 6- 8years of experience Information Systems or related field OR Diploma with 10– 12years of experience in Information Systems or related field Preferred Qualifications: Must-Have Skills: Solid understanding of ICS, SCADA, and OT security principles Experience with network segmentation, firewalls, and intrusion detection systems in OT environments Knowledge of industrial protocols (e.g., Modbus, DNP3, BACnet, OPC, CIP) and their security implications Understanding of risk management frameworks (e.g., NIST 800-82, IEC 62443, NERC CIP) Experience with security monitoring and detection in OT environments Good-to-Have Skills: Experience with security assessments and penetration testing for OT networks Proficiency in security tools (e.g., Nozomi Networks, Dragos, Claroty, Armis) Knowledge of cloud security and how it integrates with OT environments Scripting and automation skills (e.g., Python, PowerShell) Familiarity with compliance and regulatory requirements for critical infrastructure Professional Certifications (please mention if the certification is preferred or required for the role): GICSP (Global Industrial Cyber Security Professional) – Preferred CISSP (Certified Information Systems Security Professional) – Preferred ISA/IEC 62443 Cybersecurity Certificate – Preferred CompTIA Security+ – Preferred Soft Skills: Excellent analytical and troubleshooting skills Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation Ability to manage multiple priorities successfully Team oriented, with a focus on achieving team goals Strong presentation and public speaking skills What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. Apply now for a career that defies imagination Objects in your future are closer than they appear. Join us. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

SOC T1 Analyst What you will do Let’s do this. Let’s change the world. In this vital role you will responsible for the initial response to security events and incidents within a 24/7 Cybersecurity Operations Center (CSOC). This role involves following established procedures to investigate security events, providing feedback to improve processes, and assisting in the incident response lifecycle. Additionally, the associate will participate in knowledge-sharing sessions and correlate security alerts across platforms. Roles & Responsibilities: Follow established procedures to triage, investigate and respond to security events and incidents. Provide feedback to senior analysts to improve, review, and optimize existing procedures and documentation. Correlate security alerts from various platforms based on common elements. Participate in and lead CSOC Tier 1 knowledge-sharing and learning sessions. Assist incident responders in coordinating the response, containment, eradication, recovery, and lessons learned phases of the incident response lifecycle. What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications: Bachelor’s degree with 1 to 3 yeras of experience in Security Operations or related field OR Diploma with 4 to 7 year of experience in Security Operations or related field Solid understanding of security technologies and their core functionality Experience in analyzing cybersecurity threats with up-to-date knowledge of attack vectors and the cyber threat landscape. Ability to prioritize tasks effectively and solve problems efficiently in a diverse, global team environment. Good knowledge of Windows and/or Linux systems. Preferred Qualifications: Familiarity with CSOC operations and incident response procedures. Experience with security alert correlation across different platforms. Professional Certifications: CompTIA Security+ (preferred) CEH (preferred) GSEC (preferred) MTA Security Fundamentals (preferred) Soft Skills: Strong communication and collaboration skills, especially when working with global teams. Ability to prioritize and manage tasks in high-pressure situations. Critical thinking and problem-solving abilities in cybersecurity contexts. A commitment to continuous learning and knowledge sharing. Work Hours: This position requires you to work a later shift and may be assigned a second or third shift schedule. Candidates must be willing and able to work during evening or night shifts, as required. Potential Shifts (subject to change based on business requirements)Second Shift2:00pm – 10:00pm IST; Third Shift10:00 pm – 7:00 am IST. What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. Apply now for a career that defies imagination Objects in your future are closer than they appear. Join us. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Cloud Security Architecture Good to have skills : Hybrid Cloud Security, Microsoft Azure Security Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build, and protect enterprise systems, applications, data, assets, and people. Your typical day will involve collaborating with various teams to ensure the security of information and infrastructures, while also addressing potential cyber threats. You will engage in proactive measures to safeguard business processes and contribute to the overall security posture of the organization, ensuring that all systems are resilient against evolving cyber risks. Roles & Responsibilities: Expected to be an SME. Collaborate and manage the team to perform. Responsible for team decisions. Engage with multiple teams and contribute on key decisions. Provide solutions to problems for their immediate team and across multiple teams. Conduct regular security assessments and audits to identify vulnerabilities. Develop and implement security policies and procedures to enhance organizational security. Design, implement, and manage baseline security controls for cloud environments (Azure, GCP) Develop and enforce security policies using Infrastructure as Code (IaC) and Policy as Code (PaC) principles Collaborate with development, operations, and security teams to integrate security measures into the DevSecOps toolchain Conduct security assessments of cloud infrastructure to identify vulnerabilities and ensure compliance with security standards Implement automated security testing and monitoring solutions to detect and respond to security incidents Provide guidance and best practices for secure coding and configuration management Stay updated with the latest security threats, vulnerabilities, and industry trends to continuously improve security posture Document security policies, procedures, and incident response plans Professional & Technical Skills: Must To Have Skills: Proficiency in Cloud Security Architecture. Good To Have Skills: Experience with Hybrid Cloud Security, Microsoft Azure Security. Strong understanding of security frameworks and compliance standards. Experience with risk assessment and management methodologies. Familiarity with security tools and technologies for threat detection and response. Proven experience (min. 3 years) in cloud security with focus on GCP and Azure Strong understanding of Infrastructure as Code (IaC) and Policy as Code (PaC) concepts Proficiency in security tools and frameworks (e.g., Terraform, Sentinel) Experience with DevSecOps practices and tools Certification in cloud security (e.g., GCP Professional Cloud Security Engineer, Azure Security Engineer) Experience with security compliance standards (e.g., ISO 27001, SOC 2, GDPR) Knowledge of containerization and orchestration technologies (Docker, Kubernetes) Additional Information: The candidate should have minimum 5 years of experience in Cloud Security Architecture. This position is based at our Hyderabad office. A 15 years full time education is required. Qualification 15 years full time education

Job Summary: We are looking for an experienced SOC Security Analyst SME to join our cybersecurity team. This role involves real-time monitoring, threat hunting, incident response, and implementing modern detective controls to proactively defend against evolving cyber threats. Need Immediate Joiners or with a notice Period of a Month would be preferrable. Work From Office and will have Rotational Shifts. Key Responsibilities: Analyze and respond to security alerts and incidents. Perform deep-dive investigations to identify root causes and suggest mitigations. Design modern detective controls and continuously improve detection capabilities. Conduct proactive threat hunting and improve alerting use cases. Participate in 24/7 incident response rotation and document IR activities. Stay informed on threat actor tactics and industry trends to enhance security posture. Mandatory Skills & Qualifications: Bachelors degree in Computer Science, InfoSec, or related field 57+ years of experience in a Security Operations Center (SOC) or similar role Strong background in threat hunting and security incident analysis Experience with SIEM, SOAR, and XDR tools (e.g., Cortex XSIAM, Torq) Familiarity with cybersecurity frameworks like NIST , MITRE ATT&CK , and kill chain methodology Excellent analytical skills and attention to detail Preferred (Good-to-Have) Skills: Cloud security (Azure, AWS, GCP) Incident response experience in complex environments Endpoint and network forensic analysis Certifications: CISSP, GIAC, CEH Scripting in Python, PowerShell

•Review and triage information security alerts, provide analysis and determine and track remediation and escalate as appropriate •Assist with log management and security information and event management (SIEM) solutions design and configuration Required Candidate profile Scripting in one of the common scripting languages (Python, Bash, Powershell) is an asset. CISSP Certification is a plus.

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Product Security Good to have skills : NA Minimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. You will provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Your typical day will involve utilizing your expertise in product security to ensure the security of our systems and data, identifying vulnerabilities, and implementing effective security measures. Roles & Responsibilities: Expected to perform independently and become an SME. Required active participation/contribution in team discussions. Contribute in providing solutions to work related problems. Identify vulnerabilities in systems and applications and develop strategies to mitigate risks. Implement and maintain security measures to protect systems and data. Conduct security assessments and audits to identify potential threats and weaknesses. Collaborate with cross-functional teams to ensure security best practices are implemented. Stay up-to-date with the latest security trends and technologies. Assist in incident response and recovery efforts. Provide guidance and support to junior security professionals. Professional & Technical Skills: Must To Have Skills:Proficiency in Product Security. Experience with threat modeling and risk assessment methodologies. Strong understanding of network security protocols and technologies. Knowledge of secure coding practices and vulnerability management. Familiarity with security frameworks and compliance standards. Good To Have Skills:Experience with cloud security technologies. Experience with security incident management and forensics. Knowledge of encryption algorithms and cryptographic protocols. Additional Information: The candidate should have a minimum of 3 years of experience in Product Security. This position is based at our Pune office. A 15 years full time education is required. Qualifications 15 years full time education

locationsIndia, Bangalore time typeFull time posted onPosted 30+ Days Ago job requisition idJR0034151 Job Title: Security Researcher - EDR About Trellix: Trellix, the trusted CISO ally, is redefining the future of cybersecurity and soulful work. Our comprehensive, GenAI-powered platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Along with an extensive partner ecosystem, we accelerate technology innovation through artificial intelligence, automation, and analytics to empower over 53,000 customers with responsibly architected security solutions. We also recognize the importance of closing the 4-million-person cybersecurity talent gap. We aim to create a home for anyone seeking a meaningful future in cybersecurity and look for candidates across industries to join us in soulful work. More at . Role Overview: We are looking for a skilled EDR Security Researcher. Your primary responsibility will be to evaluate and improve our EDR product's detection capabilities by identifying detection coverage gaps and developing signatures to address these gaps effectively. About the role Reverse engineer malware to identify malicious code, obfuscation techniques, and communication protocols. Author detection rules for behavior-based detection engines. Conduct deep research on attacker campaigns and techniques to support detection investments and improve customer experience. Write generic threat detections based on static and dynamic detection engines. Demonstrate a strong understanding of cybersecurity threats, attack techniques, and the MITRE ATT&CK framework. Conduct proactive and reactive threat hunting and identify detection issues such as misses or misclassifications from a large-scale dataset. Respond to escalations to resolve detection effectiveness issues (misclassifications, false positives, and false negatives). Engage and collaborate with diverse partner teams to drive great customer experiences and ensure holistic protection. Develop alerting, reporting, and automated detection solutions. Build tools and automation to improve productivity. About you 3+ years of experience writing detection using Snort, Yara, Sandbox, or proprietary detection engines. 2+ years of experience performing threat hunting or deep familiarity with incident response procedures, processes, and tools. 2+ years of experience querying and analyzing (for malware/TTPs) large datasets. Experience in programming or scripting languages (e.g., Python, PowerShell). Experience in utilizing various malware analysis tools and frameworks (e.g., IDA Pro). Experience performing detection engineering across multiple operating systems, including Windows, Linux, and macOS. Excellent verbal and written communication skills in English. Company Benefits and Perks: We work hard to embrace diversity and inclusion and encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees. Retirement Plans Medical, Dental and Vision Coverage Paid Time Off Paid Parental Leave Support for Community Involvement We're serious about our commitment to diversity which is why we prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Oracle Advanced Access Controls Good to have skills : Oracle Security, Oracle Governance Risk and Compliance (GRC) Minimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary As an Oracle Security Manager, you will work with our clients in defining their Fusion FIN / HCM / SCM security posture by creating custom roles as required.Work on RMC cloud - AAC, AFC, FRC as required. Roles & Responsibilities:-Manage a team of Cloud Security Administrators, ensuring they have the resources, training, and support needed to excel. -Partner with key stakeholders across the organization to understand and address security risks and compliance requirements. -Develop and implement comprehensive incident response plans and procedures. -Drive continuous improvement of the security program through regular audits, assessments, and risk management practices. Professional & Technical Skills: Must Have Skills: Proficiency in Oracle Security in FIN / HCM / SCM. Strong knowledge of Oracle ERP architecture, with hands-on experience in role customization. String knowledge of RMC modules of AAC, AFC & FRC. Solid experience in design discussions, creating design documents, and performing unit testing Ability to troubleshoot and resolve technical issues within the team and in collaboration with Oracle support. Proficiency in Segregation of Duties (SOD) and custom role creation, maintenance Familiarity with identity governance processes, role management, and security protocols is essential. Experience in troubleshooting and optimizing complex systems is a must. Detail-oriented, strong problem-solving abilities, excellent collaboration and communication skills, proactive, and able to work effectively in team-oriented environments. Focused on delivering projects on time and to specification. Additional Information: The candidate should have a minimum of 7 years of experience in Oracle Security & RMC. Overall IT work experience should be 12 years or above A 15 years full time education is required. Bachelor's degree in Computer Science, Information Technology, or a related field. Oracle RMC Certifications are a plus. Qualification 15 years full time education