307 Incident Response Jobs - Page 13

Dear Professional, We are excited to present a unique opportunity at Cognizant, a leading IT firm renowned for fostering growth and innovation. We are seeking talented professionals with 5 to 10 years of experience in Splunk Administration,Splunk Development,Splunk Enterprise Security,Splunk Dashboard Creation,AlertLogic SIEM ,Threat Detection,Incident Response,Log Management,Security Analytics,Compliance Reporting,Real-time Monitoring,Alert Logic MDR,LogRhythm SIEM,LogRhythm Administration,LogRhythm Threat Detection, LogRhythm Incident Response to join our dynamic team. Your expertise in these areas is highly sought after, and we believe your contributions will be instrumental in driving our projects to new heights. We offer a collaborative environment where your skills will be valued and nurtured. To proceed to the next step of the recruitment process, please provide us with the following details with Updated resume to sathish.kumarmr@cognizant.com Please share below details (Mandatory) : Full Name(As per Pan card): Contact number:Email Current Location: Interested Locations: Total Years of experience: Relevant years of experience: Current company: Notice period: NP negotiable: if yes how many days they can negotiate? : If you are Serving any Notice period Means please mention Last date of Working: Current CTC- Expected CTC- Availability for interview on Weekdays ? Highest Qualification? Additionally, we would like to schedule a virtual interview with you on 2nd August 2024. Kindly confirm your availability for the same. We look forward to the possibility of you bringing your valuable experience to Cognizant. Please respond at your earliest convenience. Thanks & Regards, Sathish Kumar M R HR-Cognizant Sathish.KumarMR@cognizant.com

L2 SOC Analyst focusses on security alerts that need deeper analysis. Most of the alerts come from L1 analysts. L2 analysts also monitor alerts on sensitive assets and follow known APT. He takes part in the global SOC strategy event log collection and also participates to correlation rules and playbook definition and maintenance. He participates to the continuous improvement of the service. Role & responsibilities Experience working with ITSM ticketing system. Demonstrated understanding of various tools like SIEM, HIPS/NIPS, EDR, Packet Analysis, Network monitoring tool, AV. Demonstrated ability to improve and developpe detection rules. Demonstrated understanding of common Internet protocols and applications. Demonstrated scripting skills (bash, python). Demonstrated ability to improve and develop detection rules. Demonstrated ability to improve and develop playbooks Demonstrate understanding of internal Windows & Linux platforms Demonstrate understanding of TTPs and threads Experience with security architecture best practices Interested candidate share their profile on jyoti.mehra@safrangroup.com with CTC & Notice period details.

Cybersecurity Incident Response Analyst/ Threat Intelligence (Senior Person) Skills: Strong understanding of threat intelligence and cyber threat analysis methodologies. Experience in monitoring and analyzing security alerts from SIEM, EDR, IDS/IPS, and other security solutions. Proficiency in triaging security incidents, engaging stakeholders across business and technology teams. Knowledge of cybersecurity frameworks such as Mitre ATT&CK framework, Pyramid of Pain, NIST, ISO 27001, and regulatory standards like PCI DSS and GDPR . Familiarity with incident response processes for Tier 1 and Tier 2 operations, including containment, eradication, and recovery. Proven experience in Threat hunting and detection engineering. Ability to correlate security events and identify potential cyber threats. Short JD: The Cybersecurity Operations Analyst will be responsible for performing threat intelligence tasks, analyzing security alerts across multiple security solutions, and triaging incidents by collaborating with stakeholders across business and technology teams. You will follow the incident response process for Tier 1 and Tier 2 operations, ensuring timely identification, investigation, and mitigation of cyber threats.

Key Responsibilities Conduct email analysis and reverse engineer to identify and mitigate threats. Perform static and dynamic analysis Analyze network traffic and develop heuristic signatures to detect malicious activities. Investigate security incidents, including data breaches, system intrusions, and policy violations. Collaborate with cross-functional teams to improve detection capabilities and response. Develop and implement incident response plans and coordinate incident investigations. Classify, Maintain and update real-time block lists and URL block lists. Write and review regular expressions for phish, spam and fraud detection. Perform URL and email grading to assess and categorize potential threats. Engage in security response activities to address and resolve security incidents. Conduct threat hunting to proactively identify and address potential detection gaps. Basic Qualifications Bachelor's or Master's degree in Computer Science, Computer Engineering, Information Security, or a related field. Strong understanding of computer security, network architecture, and threat landscape. Familiarity with operating systems internals (Windows, MacOS, Linux, Android, iOS). Strong knowledge of networking concepts and OSI layers. Understanding of enterprise IT architecture, operating systems, and file systems. Excellent analytical skills and ability to identify patterns and trends. Strong research skills and ability to analyze and present complex data. Good logical reasoning and deep analytical skills. Good communication skills and attention to detail. Ability to perform well under stress, particularly in critical response situations. Basic qualities of a researcher, including curiosity, persistence, and attention to detail. Technical Skills Threat Analysis and Incident Response : Ability to analyze email threats, identify indicators of compromise (IOCs), and respond to incidents promptly. Phishing Detection and Mitigation : Expertise in identifying and mitigating phishing attacks, including spear-phishing and whaling. Malware Analysis : Skills in analyzing email-borne malware, understanding its behavior, and developing countermeasures. Cryptography : Knowledge of encryption techniques to secure email communications and protect sensitive data. Network Security : Understanding of network protocols and security measures to detect and prevent email-based attacks. Programming and Scripting : Proficiency in languages like Kusto, Python, PowerShell, or Bash for automating security tasks and analyzing email logs. Regulatory Compliance : Familiarity with regulations such as GDPR, HIPAA, and others that impact email security practices. Tools Secure Email Gateways (SEGs) : Tools like Microsoft Defender for Office, Proofpoint, Mimecast, or Barracuda to filter and block malicious emails. Email Encryption Tools : Solutions like PGP (Pretty Good Privacy) or S/MIME (Secure/Multipurpose Internet Mail Extensions) for encrypting email content. Threat Intelligence Platforms : Tools other than VirusTotal, MX Tool box like ThreatConnect or Recorded Future to gather and analyze threat intelligence data. Sandboxing Solutions : Tools like Windows Sandbox, FireEye or Palo Alto Networks WildFire to safely analyze suspicious email attachments. Anti-Phishing Tools : Solutions like PhishMe or Cofense to detect and respond to phishing attempts. Security Information and Event Management or Incident Response Tools

GRC Lead will manage and strengthen our Governance, Risk, and Compliance (GRC) initiatives for Managed Security Services (MSS) within the Telecom sector. The GRC Lead will be responsible for ensuring that the services we provide to our telecom clients adhere to industry standards, regulatory requirements, and robust risk management practices. This individual will play a key role in aligning our security services with client business objectives, improving our security posture, and ensuring compliance with telecom-specific regulations and frameworks. You have: 7+ years of experience in Governance, Risk, and Compliance (GRC), with at least 3 years in telecom or Managed Security Services (MSS) with a degree in Telecommunication Engineering, Computer Science, Information Security, or a related field (B.E/B.Tech/M.E/M.Tech/MCA). Expertise in telecom-specific security technologiesFirewalls, IDS/IPS, SIEM, encryption, access management, and incident response platforms. Experience working with security and compliance frameworksISO 27001, NIST CSF, PCI-DSS, GDPR, NIST SP 800-53, ETSI EN 303 645, also telecom infrastructure, including MPLS, 5G, IoT, and SDN/NFV. Familiarity with GRC tools such as RSA Archer, ServiceNow GRC, or MetricStream. Experience in telecom risk management processes, regulatory assessments, and vendor risk governance. It would be nice if you also had: Industry certifications such as CISM, CISA, CISSP, CRISC, ISO 27001 Lead Auditor/Implementer, TOGAF, or ITIL. Experience in stakeholder management, including executive communication, regulatory liaison, and conflict resolution with auditors or vendors. Strong analytical, negotiation, and project management skills in a cross-functional, multicultural telecom environment. Provide security governance leadership tailored to telecom networks, including mobile, 5G, SDN/NFV, and MPLS environments. Lead risk assessment, threat modeling, and management activities for telecom networks and emerging technologies like IoT and cloud. Ensure compliance with global and local telecom regulatory requirements (e.g., TRAI, DoT, GDPR, FCC, ETSI) through audits, reviews, and reporting. Manage and maintain telecom-specific security policies, technical and administrative controls, and compliance frameworks (ISO 27001, NIST, PCI-DSS). Act as the prime security and compliance interface towards customers, internal teams, auditors, subcontractors, and third-party suppliers. Develop and maintain a risk register, tracking treatment plans and mitigation strategies across client environments. Provide proactive consultation and guidance to customers regarding security best practices and compliance requirements. Oversee incident and crisis response activities to minimize business impact and regulatory exposure, ensuring adherence to notification guidelines. Ensure vendor security due diligence, contract compliance, and ongoing third-party risk monitoring within the telecom supply chain.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : CyberArk Privileged Access Management Good to have skills : NA Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of the cloud security controls and transition to cloud security-managed operations. Roles & Responsibilities:-mplement, configure, and manage PAM solutions such as CyberArk or BeyondTrust to ensure privileged access is secure, auditable, and compliant with regulatory standards.Work closely with IT, DevOps, and security teams to design and integrate secure access control systems into existing IT infrastructure.Perform security assessments and identify potential vulnerabilities in privileged accounts, systems, and services.Develop and enforce policies for privileged account management, password rotation, and access control.Monitor the activity of privileged accounts to detect any unusual or unauthorized behavior, escalating issues when necessary.Work with auditing teams to ensure compliance with security regulations and standards (e.g., NIST, PCI-DSS, GDPR).Provide guidance and support to the organization regarding security best practices for privileged access.Develop and maintain detailed documentation on the configuration, deployment, and operational procedures for PAM solutions.Participate in incident response efforts, identifying, containing, and mitigating security incidents involving privileged accounts.Stay current on emerging security threats and PAM technologies, applying this knowledge to enhance the organization's security posture. Professional & Technical Skills: Must To Have Skills: Proficiency in CyberArk Privileged Identity Access Management Strong understanding of cloud security principles Experience in designing and implementing security solutions Knowledge of security compliance standards Hands-on experience with security tools and technologies Additional Information: The candidate should have a minimum of 7.5 years of experience in CyberArk Privileged Identity Access Management This position is based at our Bengaluru office A 15 years full time education is required Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : SailPoint IdentityIQ Good to have skills : NA Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build, and protect enterprise systems, applications, data, assets, and people. You will provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Your day will involve ensuring the security of critical assets and mitigating potential risks. Roles & Responsibilities: Expected to be an SME Collaborate and manage the team to perform Responsible for team decisions Engage with multiple teams and contribute on key decisions Provide solutions to problems for their immediate team and across multiple teams Implement security measures to protect systems and data Conduct security assessments and audits Develop and implement security policies and procedures Professional & Technical Skills: Must To Have Skills: Proficiency in SailPoint IdentityIQ Strong understanding of identity and access management Experience with security tools and technologies Knowledge of security frameworks and standards Hands-on experience in incident response and threat detection Additional Information: The candidate should have a minimum of 7.5 years of experience in SailPoint IdentityIQ This position is based at our Bengaluru office A 15 years full-time education is required Qualification 15 years full time education