1461 Incident Response Jobs - Page 12

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : ServiceNow Governance, Risk, and Compliance (GRC) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : BTECH Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations, ensuring that all security measures align with organizational standards and compliance requirements. You will also engage in discussions to refine security strategies and address any emerging challenges in the cloud environment, contributing to a secure and efficient operational landscape. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Develop and maintain comprehensive documentation of cloud security architecture and controls.- Conduct regular assessments of cloud security measures to ensure compliance with industry standards and regulations. Professional & Technical Skills: - Must To Have Skills: Proficiency in ServiceNow Governance, Risk, and Compliance (GRC).- Strong understanding of cloud security principles and best practices.- Experience with risk assessment methodologies and compliance frameworks.- Ability to design and implement security controls in cloud environments.- Familiarity with incident response and security monitoring tools. Additional Information:- The candidate should have minimum 3 years of experience in ServiceNow Governance, Risk, and Compliance (GRC).- This position is based at our Nagpur office.- A BTECH is required. Qualification BTECH

Skills: Web, Mobile, Network & Cloud Security Assessments, Vulnerability Assessment, Pen Testing, Threat Modelling, OWASP Top 10, ASVS, Source Code Reviews. Tools: Burp Suite, Kali Linux, Metasploit, NMAP, Nessus, Nexpose, Wireshark, sqlmap. Languages: Java, Python, Golang. Threat Detection and Analysis: Monitor network traffic, system logs, and security alerts to detect and analyze potential security threats, such as malware, intrusions, and unauthorized access.Incident Response: Develop and execute incident response plans to address and mitigate security incidents and breaches.Vulnerability Assessment: Identify vulnerabilities in software, hardware, and network configurations, and recommend patches and security updates.Security Monitoring: Continuously monitor and analyze security events, assess system vulnerabilities, and recommend security enhancements.Security Policies and Procedures: Develop and enforce security policies, standards, and procedures to ensure a consistent and secure computing environment.Access Control: Implement and manage access control systems, including user authentication, authorization, and password policies.Security Tools: Utilize a range of security tools, such as intrusion detection systems (IDS), intrusion prevention systems (IPS), firewalls, antivirus software, and data encryption.

Job Summary: We are seeking a skilled and proactive Security Track Consultant to join our cybersecurity consulting team. The ideal candidate will be responsible for providing security assessments, tracking and managing vulnerabilities, ensuring compliance with standards, and supporting the implementation of security solutions across various client environments. Key Responsibilities: Coordinate and track remediation of security vulnerabilities across systems and applications. Collaborate with internal teams and clients to understand security risks and implement mitigations. Conduct security assessments and prepare detailed reports with recommendations. Maintain and update security tracking tools and dashboards. Monitor compliance with security policies, standards, and frameworks (e.g., ISO 27001, NIST, CIS). Support incident response and forensic investigations when required. Work with technical teams to ensure timely remediation of findings from penetration tests, audits, and risk assessments. Provide guidance on secure architecture and best practices during system development or implementation. Prepare documentation and presentations for stakeholders and clients.

Job Profile Summary Perform real-time monitoring and analysis of security events from multiple sources. Identify source or cause and provide recommendations for secure infrastructure through policy, practices, risk management, engineering, and improved operations. Responsible for adhering to company security policies and procedures and any other relevant policies and standards as directed. Critical Competencies Excellence: Exceeds expectations by consistently demonstrating accountability, discipline, high performance, and a proven track record of exceptional results Customer-driven: Prioritizes customer needs and satisfaction through collaborative and proactive problem-solving, and an unwavering commitment to customer success Expertise: Possesses deep understanding of customer needs and continually grows and enhances skills to provide customer-focused solutions Agility: Quickly adapts and responds to dynamic customer needs and expectations through innovative solutions. Compassion: Cultivates a positive and supportive environment to effectively work together towards a common goal, fostering trust within Rackspace and with external stakeholders Key Responsibilities Other Incidental tasks related to the job, as necessary. Monitor and analyze log files from a variety of sources, including but not limited to NIDS, HIDS, firewall logs, and system logs (Windows and Unix) to identify possible threats to network security Triage security events: assess the priority and determine risk Receive escalations of events from lower level analysts Use the Cyber Kill Chain, current intelligence information, and investigative techniques to proactively review customers environments searching for anomalous behavior Identify, modify, and manipulate applicable system components within Windows, Unix, or Linux (e.g., passwords, user accounts, files) Reconstruct cyber events, assess cyber threat and scope of impact, identify and track any internal lateral or external movement, and develop response solutions Interact with security community to obtain technical cyber threat intelligence; track cyber threat actors/campaigns based on technical analysis and open source/third party intelligence Research and track new exploits and cyber threats; conduct cursory and/or in-depth computer forensic investigations (i.e. packet captures, endpoint behaviors, etc.), or collaborate with peers when appropriate for hand-offs/escalations Conduct analysis of malicious code and weaponized documents through behavioral analysis or reverse engineering. Communicate and report on key intelligence, analysis and response activities, relevant metrics, and KPIs Work as a part of an Incident Response Team to investigate and remediate active threats while accurately documenting results using standard incident response techniques and the incident response process Knowledge Intermediate knowledge of various Compliance Regulations/ Standards; PCI, ISO27001, Audit Standard #70, Safe Harbor, HIPPA and FISMA Intermediate knowledge of IT Risk Management, Governance, Risk and Compliance, Information Security, Data Privacy, Vendor Management, and/or Business Continuity Management Skills Analytical Skills Cloud Computing Cybersecurity Database Management ERP Software Skills Audit Skills Investigative Skills Low Voltage Cabling Network/Systems Skills Process Improvement Project Management Risk Assessment/Management Strategic Planning Vendor Management Certifications Sec+, GSEC, and Net+ certifications required Prefer completion of, or work toward, SANS GIAC/GCIA/GCIH/GCFA, etc. or other network/system security certifications Experience 5 - 7 years of experience in the field of role required

As a Senior Associate Information Security Analyst at NTT DATA, you will be a developing subject matter expert responsible for designing and implementing security systems to protect the organization's computer networks from cyber-attacks and maintaining security standards. Your role involves monitoring the organization's computer networks, installing security software, and documenting any security issues or breaches found. You will be responsible for monitoring security alerts and events, investigating potential threats, and escalating incidents as necessary. Additionally, you will assist in implementing and monitoring security controls, performing vulnerability assessments, and supporting the incident response team in investigating security incidents. Your role will also involve ensuring compliance with industry standards such as GDPR and ISO 27001, installing security measures, documenting security breaches, and performing penetration testing. As a Senior Associate Information Security Analyst, you will collaborate with cross-functional teams to integrate security measures into the organization's processes and projects. You will also contribute to security awareness initiatives by creating training materials, conducting workshops, and educating employees about best security practices. Maintaining accurate records of security incidents and actions taken for reporting and audit purposes will be part of your responsibilities. To excel in this role, you should possess good communication skills, analytical thinking, and problem-solving skills. You should have a good understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts, as well as security frameworks and regulations. Academic qualifications such as a Bachelor's degree in information security or related field, along with security certifications like CompTIA Security+, CISSP, or CISM, are advantageous. This is an on-site working position at NTT DATA, a company committed to diversity and inclusion. Join us in making a difference for our clients and society while growing your skills and expertise in information security.,

Agoda is an online travel booking platform that connects travelers with a global network of 4.7M hotels, holiday properties, flights, activities, and more. As part of Booking Holdings and based in Asia, we have a diverse team of 7,100+ employees from 95+ nationalities across 27 markets. At Agoda, we believe in bridging the world through travel, enabling people to enjoy, learn, and experience the amazing world we live in while bringing individuals and cultures closer together. The Security Department at Agoda is responsible for overseeing security, compliance, GRC, and security operations to ensure the safety and protection of the company and its employees. We are currently seeking an experienced and highly motivated Incident Response Specialist to join our team. In this role, you will be tasked with addressing security incidents and threats promptly, strategizing and leading incident engagements, monitoring threats targeting Agoda, and preventing attacks from occurring or escalating. Key Responsibilities: - Handling critical, high, and medium cyber security incidents at Agoda - Drafting incident reports and communicating summaries to senior leadership, end users, and legal teams - Developing playbooks for different cyber security incidents and utilizing automation to reduce MTTR time - Automating incident response tasks and developing custom security tools - Tuning security controls to optimize alerts and reduce false positives - Gathering threat intelligence and performing threat hunting across the enterprise - Supporting legal and regulatory teams as a technical subject matter expert for cyber incidents - Evaluating new technologies and conducting POCs for new security products Requirements for Success: - 5+ years of experience in Cyber Security with a focus on Incident Response and working with 24/7 SOC teams - Strong understanding of NIST, CSF, MITRE, and other cyber security frameworks - Proficiency in programming or scripting skills (e.g., Python or C++) for automating tasks and developing security tools - Hands-on experience with major security incidents and incident response automation - Knowledge of malware analysis and digital forensics is a plus - Certification in Cyber Security, Forensics, and Incident Response (e.g., CISSP, ECSA, GISP, GCIH, GCFE, GCFA) is advantageous - Excellent communication skills in English (both oral and written) - Ability to be flexible, fast-moving, adaptable, and skilled in multitasking Agoda offers a relocation package to Bangkok, Thailand, along with a range of benefits including a hybrid working model, WFH Set Up Allowance, remote working opportunities, accommodation discounts, and more. Join us in our mission to make travel easy and rewarding for everyone and contribute to a dynamic and innovative work environment that values diversity, creativity, and collaboration. Equal Opportunity Employer,

As an L1 SOC Analyst with 3 to 5 years of experience, you will be responsible for expertise in Triage, Threat Detection and Response, Threat Hunting, and SOC Assessment. Your role will involve utilizing your in-depth knowledge of Sentinel and Crowdstrike, along with security event collection, monitoring, analysis, issue investigation, and incident response leveraging automated SOAR tools. Your primary duties will include real-time monitoring, data enrichment, event correlation, OS/application event analysis, and IOC based threat hunting. Additionally, you will be tasked with email analysis, investigation, and phishing detection. You will play a key role in incident workflow management, issue escalation, and assisting stakeholders with issue containment, remediation, and risk mitigation. In this role, you will provide valuable input into enhancing threat detection rules and optimizing response playbooks. You will actively participate in operational meetings and war-room sessions, offering insights into issue eradication and security posture improvement. Key Skills required for this role include proficiency in Microsoft Defender E5 Security Suite, Microsoft Sentinel, and security suite. Your expertise in these areas will be crucial in ensuring the effective operation and security of the organization's systems and data.,

As a Senior Network Security Engineer at mispa Technologies, based in Cochin, Kerala, you will play a crucial role in ensuring the infrastructure operations are in compliance with customer-specific SLAs. Your responsibilities will include identifying, assessing, and implementing solutions to infrastructure and security-related incidents using tools and standards. You will also lead problem management as an escalation point, perform regular analysis, and provide recommendations for the infrastructure. Your role will involve designing and integrating IT solutions based on service design specifications for the client's service. You will contribute to the technological and procedural development of the mispa Security Operations Center Services and implement and operate IT security technologies. Additionally, you will provide internal support as an expert for the Operations Team in case of complex IT-Security problems within the customer environment. To be successful in this role, you should have experience in Firewall Management, including deploying, configuring, maintaining, and troubleshooting FortiGate, and Cisco Firepower/ASA firewalls. You should also have expertise in Centralized Management tools such as Forti Manager, Forti Analyzer, and Cisco FMC. Your role will involve defining, enforcing, and optimizing firewall rules and security policies in line with industry best practices and supporting the design and implementation of secure network infrastructures. You will be responsible for performing firmware upgrades, security patching, and version updates for firewalls in a controlled and compliant manner. Additionally, you will configure and manage Site-to-Site VPNs, SSL VPNs, and IPSec tunnels for secure remote connectivity. Your role will also involve integrating firewalls with security tools, SIEM solutions, and automation frameworks to enhance visibility and incident response. To qualify for this position, you should have a minimum of 5 years of work experience with network and security technologies and a bachelor's degree in technology or Computer Science. Professional Level and/or expert level certification is also required. Problem-solving skills, ability to work under pressure, structured approach, and excellent communication skills are essential for this role. Join our international team at mispa Technologies and be part of a collegial, agile, and open working atmosphere. This is an opportunity to contribute to challenging and exciting customer projects and grow together with us. We actively support your training and further development to help you succeed in your role. If you are interested in this opportunity, please send your application documents to recruitment@mispa.com, stating the earliest possible start date. We look forward to hearing from you.,

Seeking a WAF Management and Governance Lead to oversee the security, operational integrity, and compliance of Web Application Firewall (WAF) systems. You will be responsible for leading the deployment, configuration, and ongoing management of Web Application Firewall solutions. Your role will involve defining, implementing, and refining WAF rulesets to mitigate risks such as SQL injection, cross-site scripting (XSS), and other web threats. It is essential to ensure that WAF policies align with regulatory and industry security frameworks such as OWASP, PCI-DSS, and GDPR. Collaborating with cybersecurity and internal teams to analyze threat patterns and adjust WAF settings for optimal protection is a crucial aspect of the role. You will also be required to evaluate the impact of WAF on application performance and optimize configurations without compromising security. Supporting investigation and response to security incidents related to web applications will be part of your responsibilities. Working closely with IT, security, and application development teams to integrate WAF security seamlessly is also key. Establishing key security performance indicators and providing regular governance reports will be essential for this role. The ideal candidate should have a minimum of 9 years of experience in web security, including WAF deployment and governance. Hands-on experience with leading WAF platforms such as AWS WAF, F5, Cloudflare WAF, and Akamai Kona Security is necessary. A strong understanding of OWASP top 10 threats, secure coding practices, and web security protocols is required. Knowledge of DevSecOps practices, security automation, and regulatory requirements impacting web security governance is essential. Effective communication skills to convey security risks and technical details to non-security stakeholders are also crucial. Possessing certifications such as CISSP, CEH, CCSP, AWS Security Specialty, or equivalent is preferred. Experience in DevSecOps, automation, and integrating WAF into CI/CD pipelines, as well as knowledge of cloud security architectures and API security governance, will be beneficial. Join Wipro as we embark on building a modern, end-to-end digital transformation partner with bold ambitions. We are looking for individuals inspired by reinvention - of themselves, their careers, and their skills. Join a business powered by purpose and a place that empowers you to design your own reinvention. Come to Wipro and realize your ambitions. Applications from people with disabilities are explicitly welcome.,

The Site Reliability Engineer Lead (SRE Lead) will manage a team of SREs to proactively ensure the stability, resilience, and scale of services through automation, testing, and engineering. Leveraging expertise from Product teams, cloud infrastructure (GCP), build and release engineering, software development, and stress/load testing, the SRE Lead will ensure services are available, cost-optimized, and fit for purpose early in the development lifecycle. Collaboration with development, architecture, and service management teams is essential to align technical solutions with Equifax architectural principles, designs, and NFRs, delivering value to customers while maintaining consistent monitoring, logging, and alerting. Building capability and maturing operational ways of working across cross-functional delivery teams with a focus on technical excellence and high-performance culture are key responsibilities of the SRE Lead. Operations experience supporting highly scalable systems, ability to work in a 24x7 environment across global time zones, designing and implementing an effective CI/CD flow, managing Kubernetes clusters, building and maintaining scalable infrastructure on GCP, identifying and optimizing performance bottlenecks, implementing monitoring and logging solutions, participating in incident response, collaborating with product development teams, managing system uptime, building infrastructure as code patterns, creating CI/CD pipelines, automating deployment processes, triaging complex distributed architecture services, leading postmortems, and improving MTTR are among the core responsibilities. Requirements include a Bachelor's degree in Computer Science or related field, 5+ years of experience with containers and public cloud environments (GCP preferred), strong system administration skills, Kubernetes knowledge, programming experience in languages such as Python, Bash, Java, or Go, proficiency in performance analysis, experience with CI/CD tools like Jenkins and Git, monitoring infrastructure and application performance, understanding of application design principles, and basics of network infrastructure and security. Desirable qualifications that could set a candidate apart include experience with GCP/GKE, Composer, certifications in Kubernetes or cloud, expertise in designing large-scale distributed systems, system problem-solving approach, strong communication skills, experience managing Infrastructure as code, passion for automation, experience in secure or regulated industries, and a background in working within a DevOps culture and as part of a team.,

You are urgently sought after to take on the role of L3 SOC Lead at UCO Bank in Kolkata. Your primary responsibility will be to lead the Security Operations Center (SOC) team, ensuring effective monitoring, detection, analysis, and response to cybersecurity threats and incidents. Your extensive experience in SOC operations and security management tools will be crucial in spearheading the team towards operational excellence. Your key responsibilities will include overseeing the SOC team to maintain continuous monitoring, detection, and response to security incidents. You will be tasked with advanced analysis and investigation of security events, as well as developing and implementing SOC processes, procedures, and escalation mechanisms. Collaboration with cross-functional teams for threat intelligence sharing and incident remediation will be essential, alongside managing and optimizing various security tools. As an ideal candidate, you should possess strong hands-on experience with security tools such as ArcSight (SIEM), Data Loss Prevention (DLP), Web Application Firewall (WAF), Database Activity Monitoring (DAM), and others. Your expertise in analyzing and responding to cybersecurity threats and incidents, coupled with in-depth knowledge of security frameworks, incident response, and leadership in SOC operations, will set you apart. In terms of qualifications, a Bachelor's or Master's degree in Computer Science or a related field is required. Possession of professional certifications like CISA, CISSP, CISM, or OEM certifications in IT Security (e.g., Certified Ethical Hacker, GIAC, etc.) is mandatory. The ideal candidate should have 5-7 years of relevant experience in SOC operations, with prior experience in leading a SOC or security team being advantageous. Your role will involve providing technical guidance to SOC analysts, conducting security assessments and audits, and communicating SOC metrics, incident trends, and risk posture to management. Your ability to lead the SOC team effectively and ensure timely incident management will be crucial in maintaining the security posture of UCO Bank.,

As the Deputy Chief Information Security Officer (Deputy CISO) in a Banking & Financial Services industry based in Kolkata, India, you will be responsible for assisting the CISO in defining and implementing the bank's cybersecurity strategy. This includes ensuring alignment with regulatory guidelines such as RBI, SEBI, CERT-In, as well as global security standards like ISO 27001, NIST, and PCI-DSS. Your role will involve the development and maintenance of bank-wide security policies, procedures, and frameworks to enhance security measures. Your key responsibilities will also include conducting risk assessments, vulnerability testing, and penetration testing to effectively manage risk and ensure compliance with security audits and regulatory requirements. You will lead the third-party risk management process for vendor security evaluations and ensure adherence to RBI cybersecurity framework and banking industry security regulations. In the realm of Incident Response & Threat Management, you will be leading the Security Operations Center (SOC) team to monitor, detect, and respond to security incidents. This will involve developing incident response plans, coordinating cyber drills, and collaborating with law enforcement and regulators in case of security breaches. On the Technology & Security Implementation front, you will be tasked with deploying and managing various security tools such as firewalls, IDS/IPS, endpoint security, and encryption tools. Additionally, evaluating and implementing new security technologies like SIEM, SOAR, and Zero Trust Architecture will be part of your responsibilities. Ensuring secure cloud computing, mobile banking security, and fraud prevention measures will also fall under your purview. As a leader, it will be essential for you to provide cybersecurity awareness training for employees and stakeholders, as well as manage and mentor the security team to enhance the overall security posture. Collaboration with IT, risk, compliance, and legal teams will be crucial to strengthen cybersecurity governance within the organization. To excel in this role, you should possess a Bachelors/Masters degree in Cybersecurity, Computer Science, Information Technology, or related fields. Additional certifications such as CISSP, CISM, CISA, CEH, or CRISC are preferred. Technical expertise in banking security regulations, digital banking risks, and fraud detection, along with experience in SIEM, endpoint security, IAM, DLP, and cloud security solutions, will be advantageous. Soft skills such as strong leadership, stakeholder management, ability to handle high-pressure situations, as well as excellent communication and decision-making abilities are also essential for success in this position.,

As a Detection Tuning & Optimization Analyst at Critical Start Technologies Private Ltd., you play a crucial role in identifying and responding to security alerts. Your responsibilities include configuring playbooks and event orchestration technologies, reducing, resolving, and orchestrating events across multiple endpoints and SIEM security products. Your expertise in incident detection and response contributes significantly to the overall security posture of the organization. On a daily basis, you will review security alerts, differentiate between true and false positives, and collaborate with various teams to ensure prompt and effective response. Your role involves continuous monitoring of security events, thorough analysis of alerts, and proactive escalation of incidents to the appropriate teams for investigation and resolution. Your key responsibilities include: - Continuously monitoring events generated by security products to identify potential incidents - Analyzing and investigating security alerts, escalating as needed for further action - Conducting reviews of alerts to identify false positives and optimize detection accuracy - Collaborating with cross-functional teams to implement improvements in detection processes - Maintaining standardized orchestration processes for alert management - Adhering to documentation processes, updating information as necessary, and creating new documentation for undocumented processes - Enhancing team efficiency through continuous improvement of documentation and knowledge sharing Required qualifications for this role include: - 3+ years of experience in a security analyst role - Strong written and verbal communication skills - Proficiency in SIEM tools, EDR, and EPP solutions - Knowledge of network and system security, threat detection, and incident response - Problem-solving, critical thinking, and analytical abilities - Ability to work effectively in a fast-paced environment Desired qualifications such as certifications in security (e.g., CompTIA Security+, CEH) are advantageous for this position. At Critical Start, you will experience a collaborative and inclusive work culture where your contributions are valued. We offer competitive compensation, flexible PTO policies, and various work arrangements. Apply now to join our team and be a part of shaping the future of cybersecurity. Please visit our career site at https://www.criticalstart.com/careers/ to apply for the position.,

Are you passionate about SecOps, automation, and cloud security Do you want to lead cutting-edge security initiatives and drive large-scale security automation As a SecOps Engineering Lead, you will play a pivotal role in defining and executing security automation strategies, driving cloud security initiatives, and leading security operations at scale. You will work at the intersection of Security, DevOps, and Cloud, embedding best-in-class security practices into infrastructure and applications. This role requires a visionary leader who can take ownership, drive innovation, and influence security strategies across teams. You will be responsible for designing and implementing security automation solutions, enhancing cloud security, and optimizing SecOps workflows. We are looking for a self-driven professional who can take end-to-end ownership of security initiatives with minimal guidance. Define and execute the security automation strategy, embedding best-in-class practices across DevSecOps, CI/CD pipelines, and cloud environments. Architect, develop, and implement security solutions using Python to automate threat detection, response, and mitigation at scale. Enhance and automate security workflows by integrating SIEM, SOAR, and EDR solutions to improve real-time threat detection and response efficiency. Implement and optimize security controls in cloud environments (AWS, Azure, GCP), enforcing security-as-code principles and compliance automation. Own the design and maintenance of DevSecOps pipelines, ensuring security is embedded into CI/CD processes and infrastructure automation. Lead cross-functional collaboration, working with Security, DevOps, and Engineering teams to drive security-first principles across customer organizations. Mentor engineers and foster a security-driven culture, driving security awareness and best practices across teams. Continuously evaluate emerging security technologies to enhance security automation, optimize detection capabilities, and future-proof security operations. Required Skills & Qualifications 6+ years of hands-on experience in SecOps, Security Engineering, or Security Automation. Expertise in Python programming for security automation and scripting (JavaScript is optional). Deep knowledge of Cybersecurity & Security Operations (SecOps), including threat detection, incident response, and security orchestration. Proven ability to automate and integrate SIEM, SOAR, and EDR tools to improve detection & response. Hands-on experience with DevSecOps pipelines (CI/CD) and Terraform to enforce security automation at scale. Experience securing cloud environments with security-as-code and compliance automation for at least one major cloud provider (AWS, Azure, or GCP). Preferred Skills (Nice-to-Have) Multi-cloud experience across AWS, Azure, and GCP. Strong understanding of infrastructure security, network security, and security-as-code methodologies. Experience with container security (Kubernetes, Docker, etc.) and cloud-native security controls. Familiarity with threat modeling, cloud security compliance frameworks, and risk assessment methodologies. Why Join Us Be a Security Visionary Lead and define the future of security automation, transforming SecOps strategies in cloud and DevOps environments. Work with Cutting-Edge Security Tech Engage in AI-driven security analytics, threat intelligence automation, and next-gen SecOps solutions. Collaborate with Industry Experts Work closely with top security, cloud, and DevOps engineers to drive innovation in security automation. Accelerate Your Career Step into a high-impact leadership role, shape security roadmaps, and gain visibility across leadership teams. Competitive Compensation & Benefits Get a market-leading salary, comprehensive benefits, and access to professional development opportunities. Apply Now! If you're ready to take on this exciting challenge, apply today!,

Diverse Lynx is looking for SOC Analyst to join our dynamic team and embark on a rewarding career journey Monitor and analyze security events and incidents, identifying and investigating potential threats Maintain the security of our network and systems by implementing security controls and best practices Work closely with the rest of the security team to ensure that our systems and networks are secure and compliant with industry standards Maintain accurate documentation and reports on security events and incidents Communicate effectively with team members and other stakeholders to ensure that security issues are addressed in a timely and effective manner Stay up to date with the latest security technologies and threats

Security Specialist, Incident Response Responsibilities includes • Lead security incident response in a cross-functional environment and drive incident resolution. • Lead and develop Incident Response initiatives that improve Allianz capabilities to effectively respond and remediate security incidents. • Perform digital forensic investigations and analysis of a wide variety of assets including endpoints. • Perform log analysis from a variety of sources to identify potential threats. • Build automation for response and remediation of malicious activity. • Write complex search queries in the EDR as well as SIEM tools for hunting the adversaries. • Works on SOAR cases, automation, workflow & Playbooks. • Integrating and working on Identity solutions. • Developing SIEM use cases for new detections specifically on identity use cases. Minimum Qualifications: • 5-10 years of experience in Security Incident Response, Investigations • Working experience in Microsoft On-prem and Entra ID solutions • Good knowledge in Active Directories and Tier 0 concepts • Very good knowledge of operating systems, processes, registries, file systems, and memory structures and experience in host and memory forensics (including live response) on Windows, macOS and Linux. • Experience investigating and responding to both external and insider threats. • Experience with attacker tactics, techniques, and procedures (MITRE ATT&CK) • Experience analyzing network and host-based security events

We are Hiring for Incident response -L3 8+ Years experience Location Pune Security Specialist, Incident Response Responsibilities includes Lead security incident response in a cross-functional environment and drive incident resolution. Lead and develop Incident Response initiatives that improve Allianz capabilities to effectively respond and remediate security incidents. Perform digital forensic investigations and analysis of a wide variety of assets including endpoints. Perform log analysis from a variety of sources to identify potential threats. Build automation for response and remediation of malicious activity. Write complex search queries in the EDR as well as SIEM tools for hunting the adversaries. Works on SOAR cases, automation, workflow & Playbooks. Integrating and working on Identity solutions. Developing SIEM use cases for new detections specifically on identity use cases. Minimum Qualifications: 5-10 years of experience in Security Incident Response, Investigations Working experience in Microsoft On-prem and Entra ID solutions Good knowledge in Active Directories and Tier 0 concepts Very good knowledge of operating systems, processes, registries, file systems, and memory structures and experience in host and memory forensics (including live response) on Windows, macOS and Linux. Experience investigating and responding to both external and insider threats. Experience with attacker tactics, techniques, and procedures (MITRE ATT&CK) W xperience analyzing network and host-based security eventsW

Job Description We are looking for Email Security Analyst to strengthen our defenses against evolving email threats and ensure rapid effective incident response Key Responsibilities Monitor and analyze email traffic to identify potential threats and ensure optimal filtering accuracy Investigate and respond to email related security incidents coordinating with internal teams to ensure swift resolution Handle escalations from support teams and customers providing expert guidance and actionable insights Develop and refine detection mechanisms using existing tools to address gaps in threat coverage Collaborate with cross functional teams to ensure consistent communication and alignment during incident investigations Maintain detailed documentation of incidents investigations and resolutions to support continuous improvement and knowledge sharing Qualifications 5 years of experience in email or web based security incident investigation and response At least 2-3 years of experience working with large datasets and performing data analysis Proficiency in crafting detection rules using Regular Expressions familiarity with YARA is a plus Deep understanding of email protocols headers and analysis tools especially within O365 environments Experience in handling customer escalations and delivering clear investigative reports Should have an experience of handling a team of 6-8 Strong grasp of the email threat landscape and emerging attack vectors Familiarity with Kusto Query Language KQL for threat hunting and data analysis Ability to interpret data and present findings in a clear insightful manner Strong communication skills both written and verbal with fluency in English Willingness to participate in a global on-call rotations 247 Shifts

Smarsh is the leader in communications compliance, archiving, and analytics. We provide compliance across the broadest set of communications channels with insights on what's being captured. Smarsh customers manage over 500 million daily conversations across 80 channels and growing. Customers include the top 10 U.S., top 8 European, top 5 Canadian, and top 3 Asian banks. The Smarsh advantage is customers stay ahead of compliance and uncover patterns and relationships hidden within their data. At Smarsh, we've been helping our customers manage new forms of communication since 1998. We work closely with regulators including the SEC, FINRA, IIROC, and the PRA and FCA, and with our customers, to ensure that they understand the capabilities of today's technology and that our platform meets their most stringent requirements. Our products include Connected Capture, Connected Archive, Web Archive & Business Solutions. About the team: The Lead Security Operations Analyst plays a critical role in the Security Operations Center (SOC) by handling escalated incidents from the analysts. This role involves in-depth analysis, incident response coordination, mentoring of analysts, real-time security monitoring, threat hunting, and ensuring compliance with the Security policies and standards. Skills and Experience: Experience: 10 plus years of experience in cybersecurity, particularly in security operations. Cybersecurity Expertise: Advanced knowledge of cybersecurity threats, vulnerabilities, malware investigation and incident response, evidence collection, communication, and documentation. Technical Proficiency: Proficiency in operational support, Security Architecture of SIEM, SOAR, EDR, XDR, Firewalls, and other security tools. Analytical Skills: Strong analytical, investigative, and problem-solving skills. Forensic Analysis: Experience with forensic analysis and malware analysis. Certifications: Relevant certifications such as CFCE, CISSP, GCIH, or GCIA. Language Skills: Excellent verbal and writing skills in English. On Call Support: Rotational on-call support for high severity incidents in a 24x7 environment. Roles and Responsibilities: Incident Analysis: Conduct detailed analysis of escalated security incidents. Coordination of end-to-end Security Incident management on escalated incidents, ensuring timely updates to stakeholders and efficient resolution of incidents. Incident Response: Lead the development and implementation of incident response plans. Threat Monitoring and Analysis: Monitor security alerts and events using SIEM and other security tools. Lead and coordinate proactive threat hunting to identify potential risks and vulnerabilities. Analyze and integrate threat intelligence feeds to the platforms and stay updated on emerging threats. Mentorship: Mentor and provide guidance to Security analysts on incident handling. Foster a culture of continuous improvement and learning. Forensic Analysis: Perform forensic analysis and malware analysis of Computers, Cloud, Networks, Mobile devices, and other digital media. Architecture Design: Develop and refine the architecture of Security Tools and platforms. Collaboration: Creatively solve problems collaborating with SecOps, Platform, Delivery, IT, and Engineering team members. Qualifications: Education: Bachelor's degree in computer science, Cybersecurity, or a related field. Certifications: Advanced certifications such as CISSP, OSCP, GCIH, GSOC, or GCIA. Incident Response Experience: 7+ years of experience in Cyber Incident response and investigations. Leadership Skills: Strong leadership and communication skills. Why Smarsh Smarsh hires lifelong learners with a passion for innovating with purpose, humility, and humor. Collaboration is at the heart of everything we do. We work closely with the most popular communications platforms and the world's leading cloud infrastructure platforms. We use the latest in AI/ML technology to help our customers break new ground at scale. We are a global organization that values diversity, and we believe that providing opportunities for everyone to be their authentic self is key to our success. Smarsh leadership, culture, and commitment to developing our people have all garnered Comparably.com Best Places to Work Awards. Come join us and find out what the best work of your career looks like.,

As a Senior Officer / Assistant Manager in Cyber Security, your primary responsibility will be to stay up-to-date with the latest cyber threats, attack techniques, and security technologies. You will be required to analyze threat intelligence feeds to identify potential risks to the organization and proactively recommend security enhancements based on the gathered intelligence. In addition, you will be responsible for monitoring security alerts and events in real-time to detect potential threats or vulnerabilities. If any security incidents or breaches occur, your role will involve investigating and analyzing them to assess the extent and impact. You will also be tasked with developing and executing incident response plans to mitigate threats and minimize damage, while maintaining incident logs and producing reports for management and regulatory purposes. Furthermore, you will be expected to maintain accurate records of security incidents, investigations, and remediation efforts. You will also need to prepare and present reports to management on the overall state of cybersecurity within the organization. Collaboration with external auditors and regulatory bodies during compliance assessments will be essential. Your support or knowledge in Cyber Defence tools, Cyber Incident Response and Remediation, VA tools, Technical Vulnerability Assessment, and various security tools like EDR (Crowdstrike), SOC (SIEM & SOAR), WAF, Darkweb Monitoring, DLP, and firewall will be valuable. Additionally, your involvement in supporting technical risk assessment teams will be crucial. To be successful in this role, you should have at least 2 years of experience in Cyber Defence, possess good technical skills in Cyber Defence tools at L2 & L3 levels, and be willing to work extensive hours and support the current team as required for work completion. Benefits for this position will be as per company policy. If you are interested in this opportunity, please reach out to DDeen at deen.dayal@maxhealthcare.com. Regards,

You will be responsible for driving end-to-end cybersecurity integration across the medical device product development life cycle, ensuring that security is incorporated from the initial concept to the final release. Your role will involve developing and maintaining cybersecurity measures for medical products, including creating security requirements specifications, conducting risk assessments, building threat models, and documenting product security architecture. You will conduct comprehensive gap assessments to assess compliance with standards such as IEC 81001-5-1, IEC 60601-4-5, AAMI TIR 57, and AAMI TIR 97, and implement necessary remediation measures. Additionally, you will be involved in performing hands-on vulnerability assessments, penetration testing, and secure code reviews of embedded devices, IoMT components, and connected systems. Collaboration with development, compliance, and regulatory teams will be a key aspect of your role to ensure that product security measures align with internal security policies and external regulatory expectations. You will also support Software Bill of Materials (SBOM) management, conduct software supply chain risk evaluations, and analyze third-party components to ensure software transparency and mitigate risks effectively. Your expertise will be utilized in providing guidance on secure communication protocols, encryption standards, data protection for both at-rest and in-transit data, and cloud-based connectivity of medical systems. You will also contribute to the development of incident response strategies and leverage your knowledge of HIPAA, GDPR, and HL7 to address data privacy and healthcare-specific regulatory concerns. Furthermore, you will play a role in enhancing internal secure development processes, tools, and methodologies continuously, while promoting security best practices within product teams. Your input and efforts will be instrumental in ensuring the cybersecurity readiness and resilience of medical devices throughout their lifecycle.,

We are looking for a dynamic and detail-oriented Command Center Incident Response Engineer to join our 24x7 Security Operations team. The ideal candidate will have hands-on experience in incident response, network security administration, and Wintel (Windows + Intel) security operations at an L2 level. This role is critical in ensuring real-time monitoring, triage, and resolution of security incidents across enterprise environments. Key Responsibilities: Operate within a 24x7 Command Center environment to monitor and respond to security alerts and incidents. Perform L2 triage and analysis of security events using SIEM, EDR, and other monitoring tools. Escalate and coordinate with L3 teams for complex incidents and threat containment. Administer and troubleshoot Windows Server environments, Active Directory, and related services. Support network security operations including firewall rule reviews, VPN troubleshooting, and IDS/IPS monitoring. Maintain incident response documentation, shift handover reports, and playbooks. Collaborate with IT infrastructure teams to ensure timely patching and vulnerability remediation. Participate in periodic threat hunting and proactive security assessments. Ensure compliance with internal security policies and external regulatory requirements. Required Skills & Qualifications: 35 years of experience in a Security Operations Center (SOC) or Command Center environment. Strong understanding of Windows Server administration (L2 level) including AD, GPO, DNS, DHCP. Hands-on experience with network security tools and concepts (firewalls, proxies, IDS/IPS, VPNs). Proficiency with SIEM platforms (e.g., Splunk, QRadar, Sentinel) and EDR solutions. Familiarity with incident response frameworks (e.g., NIST, SANS). Ability to analyze logs, network traffic, and endpoint data to identify and respond to threats. Strong communication skills and ability to work in a high-pressure, fast-paced environment. Preferred Certifications: Security+ CEH Microsoft Certified: Security Operations Analyst Associate ITIL Foundation CCNA Security MCSA: Windows Server

We are seeking a highly skilled and experienced Cyber Security Analyst L3 to join our team. The ideal candidate will have strong expertise in cybersecurity investigation strategies, incident response, malware analysis, and advanced threat investigation techniques. The role also requires proficiency in open-source SIEM tools, EDR platforms, cloud security assessments, and server hardening practices. This position involves working with US-based clients and requires excellent communication skills. Key Responsibilities: Threat Investigation & Incident Response: Develop and implement advanced investigation strategies for cybersecurity incidents. Conduct detailed log analysis to identify threats, anomalies, and potential breaches. Perform malware analysis to understand behavior and mitigate threats. Manage end-to-end incident response processes and root cause analyses. Open-Source SIEM Expertise: Operate and integrate open-source SIEM platforms such as Wazuh, AlienVault, and others. Configure and fine-tune SIEM to enhance log ingestion, rule creation, and threat detection. Endpoint Detection and Response (EDR): Investigate incidents using EDR solutions like Microsoft Defender, CrowdStrike, Carbon Black, and SentinelOne. Analyze endpoint telemetry and execute threat hunting processes. Cloud Security: Conduct cloud security reviews for platforms such as AWS, Azure, and Google Cloud. Provide recommendations to strengthen cloud architecture and user authentication processes. Server Hardening & CIS Benchmarks: Implement server hardening techniques based on CIS benchmarks. Perform security assessments to address identified vulnerabilities. Threat Intelligence & SOAR Integration: Leverage threat intelligence platforms to proactively identify and mitigate potential threats. Work on SOAR (Security Orchestration, Automation, and Response) platforms to automate incident handling processes. Incident Handling & Communication: Lead incident handling efforts, coordinating with internal and external stakeholders. Provide clear, concise, and actionable communication to technical and non-technical audiences. Linux & Log Analysis: Review and analyze Linux system logs to identify potential security issues. Investigate unauthorized access attempts and system anomalies. Client Management: Collaborate with US-based clients, ensuring their cybersecurity needs are met. Deliver regular reports, updates, and recommendations to clients. Required Skills and Qualifications: 10+ years of hands-on experience in cybersecurity, incident response, and threat investigation. Expertise in open-source SIEM platforms like Wazuh, AlienVault, and their integration. Proficiency with EDR solutions such as Microsoft Defender, CrowdStrike, Carbon Black, and SentinelOne. Strong knowledge of cloud security best practices and architecture reviews. Experience in server hardening following CIS benchmarks. Familiarity with SOAR platforms and threat intelligence tools. Solid understanding of Linux systems and log review methodologies. Excellent communication skills for client interactions and technical reporting. Proven ability to work with international clients, especially in the US. Preferred Certifications: Certified Information Systems Security Professional (CISSP) Certified Incident Handler (GCIH) Certified Ethical Hacker (CEH) Microsoft Certified: Azure Security Engineer Associate AWS Certified Security Specialty This role provides an excellent opportunity for growth and exposure to advanced cybersecurity practices while working with a global team. Apply now to join a dynamic and forward-thinking organization!

Role & responsibilities We are seeking a highly motivated and experienced Security Operations Center (SOC) Manager to lead our 24x7 security operations team. The ideal candidate will possess a strong background in security operations, excellent leadership skills, and a proven ability to manage complex projects and deliver exceptional service. This role requires a focus on detail, a proactive approach to problem-solving, and the ability to maintain a high-performing, customer-centric team. Responsibilities: Team Leadership and Management: Manage and lead a 24x7 SOC team, ensuring optimal staffing levels and shift coverage. Recruit, train, and mentor SOC analysts and engineers, fostering a culture of continuous learning and professional development. Conduct regular performance evaluations, provide constructive feedback, and implement performance improvement plans as needed. Motivate and inspire team members, boosting morale and creating a positive work environment. Handle escalated incidents and provide guidance to the team during critical situations. Operational Management: Oversee the daily operations of the SOC, ensuring timely and effective incident detection, analysis, and response. Develop and maintain SOC policies, procedures, and workflows, ensuring adherence to industry best practices and compliance requirements. Monitor and analyze SOC metrics, identifying trends and areas for improvement. Manage and prioritize security incidents, ensuring efficient resolution and minimizing impact to the organization. Ensure the SOC meets or exceeds service level agreements (SLAs) and key performance indicators (KPIs). Project and Task Management: Plan, execute, and manage security operations projects, ensuring on-time and within-budget delivery. Prioritize tasks and manage workload effectively, ensuring the team meets deadlines and objectives. Develop and maintain project documentation, including project plans, status reports, and lessons learned. Coordinate with other IT teams and stakeholders to ensure seamless integration of security operations. Customer Satisfaction and Service Delivery: Ensure the SOC delivers high-quality service and maintains excellent customer satisfaction. Develop and maintain strong relationships with internal and external stakeholders. Proactively identify and address customer needs and concerns. Communicate effectively with stakeholders, providing regular updates on security incidents and operations. Attention to Detail and Reporting: Maintain meticulous records of security incidents, investigations, and actions taken. Generate regular reports on SOC performance, including incident metrics, trends, and recommendations. Ensure accuracy and completeness of all SOC documentation. Qualifications: Bachelor's degree in computer science, Information Security, or a related field (or equivalent experience). Minimum of 10 years of experience in Network, Cybersecurity & operations, with at least 3 years in a management role. Strong understanding of security concepts, technologies, and best practices. Proven ability to lead and motivate a team in a 24x7 environment. Excellent project management and task management skills. Strong analytical and problem-solving skills. Excellent communication and interpersonal skills. Ability to work effectively under pressure and in a fast-paced environment. Relevant certifications (e.g., CISM, PMP, ITIL, Security+, GSOM & relevant technical certifications) are highly desirable. Experience with SIEM, SOAR, and other security tools. Skills: Leadership Team Management Project Management Incident Response Security Analysis SIEM/SOAR Communication Problem-Solving Attention to Detail Customer Service. Preferred candidate profile

Join our dynamic team as a Cyber Security Analyst where you will play a crucial role in safeguarding our digital assets. With a focus on Security Operations Center (SOC), you will monitor and respond to security incidents, ensuring the integrity and confidentiality of our systems. This hybrid role offers the opportunity to work both remotely and on-site with occasional travel required. Your responsibilities will include monitoring security alerts and incidents using SOC tools, analyzing security incidents to determine root causes, collaborating with IT teams to develop and implement security measures, conducting regular security assessments, providing expert guidance on security best practices, developing incident response plans, utilizing Microsoft Sentinel for threat detection, preparing detailed reports on security incidents, staying updated on cybersecurity threats and trends, participating in policy development, conducting training sessions, and coordinating with external partners and vendors for comprehensive security coverage. To qualify for this role, you should possess a strong understanding of SOC and Security Information and Event Management (SIEM) technologies, demonstrate expertise in cybersecurity principles and practices, have hands-on experience with C-SOC and Microsoft Sentinel, exhibit knowledge of compliance standards such as SOC1 Type1&2 SAAE18 and SSAE16, show proficiency in conducting security assessments and audits, display excellent analytical and problem-solving skills, and communicate effectively with technical and non-technical stakeholders. The certifications required for this position are Certified Information Systems Security Professional (CISSP) and Certified SOC Analyst (CSA).,