1461 Incident Response Jobs - Page 2

As a DevOps Engineer, you will be responsible for defining and implementing DevOps strategies that are aligned with the business goals. Your role will involve leading cross-functional teams to enhance collaboration between development, QA, and operations. Additionally, you will design, implement, and manage Continuous Integration/Continuous Deployment (CI/CD) pipelines to automate build, test, and deployment processes, thereby accelerating release cycles. Key Responsibilities: - Design and implement CI/CD pipelines to automate build, test, and deployment processes. - Manage Infrastructure as Code using tools such as Terraform, CloudFormation, and Ansible. - Oversee cloud platforms like AWS, Azure, or Google Cloud. - Monitor and address security risks in CI/CD pipelines and infrastructure. - Set up observability tools like Prometheus, Grafana, Splunk, and Datadog. - Implement proactive alerting and incident response processes. - Lead incident response and conduct root cause analysis (RCA). - Document DevOps processes, best practices, and system architectures. - Evaluate and integrate DevOps tools and technologies. - Cultivate a culture of learning and knowledge sharing within the team. Qualifications Required: - Proven experience in implementing DevOps strategies and practices. - Proficiency in CI/CD tools and technologies. - Strong knowledge of Infrastructure as Code tools. - Experience with cloud platforms such as AWS, Azure, or Google Cloud. - Familiarity with observability tools and incident response processes. - Excellent communication and collaboration skills. This job description outlines the key responsibilities and qualifications required for the role of a DevOps Engineer.,

You will be responsible for overseeing and managing risks associated with internal stakeholders, external vendors, suppliers, and partners engaged by the bank. Your critical role will ensure compliance with regulatory Risk Management guidelines, mitigate operational, financial, and cybersecurity risks, and safeguard the bank's reputation. You will work closely with internal stakeholders and external vendors to establish a robust risk management framework, conduct due diligence, and monitor ongoing compliance. - **Policy & Framework**: - Develop and review the Bank's Outsourcing/Third Party/Vendor Risk Management Framework and the Risk Assessment Templates. - Implement the framework in coordination with Internal and External Stakeholders. - **Risk Identification & Assessment**: - Identify and assess IT and cybersecurity risks across critical applications and infrastructure. - Highlight control gaps, suggest mitigation plans, and ensure compliance with internal and external standards. - **Risk Mitigation & Control**: - Develop and implement risk management policies and controls. - Align cybersecurity services with business needs to improve performance and adapt to evolving threats. - **Compliance & Regulatory Oversight**: - Ensure compliance with CERT-IN, ISO 27001, RBI, and other relevant standards. - Establish metrics to demonstrate the value and impact of cybersecurity initiatives. - **Risk Monitoring & Reporting**: - Monitor security posture and track risks. - Report key metrics and improve processes to enhance operational efficiency and service quality. - **Incident Response & Crisis Management**: - Lead response efforts, conduct root cause analysis, and ensure continuity during cybersecurity incidents. - **Incident Management**: - Conduct audits and threat assessments to detect violations and inefficiencies. - Stay updated on emerging threats and technologies to strengthen cybersecurity posture. - **Reporting & Communication**: - Create clear reports on system performance and incidents. - Provide risk-based recommendations to guide business decisions. - **Third-Party Risk Management**: - Evaluate and manage vendor risks. - Integrate cybersecurity practices into business operations to support strategic objectives. You will need to have a minimum of 6+ years of experience in an IT-related area, of which 3+ years should be in the Cyber Security/Information Security domain. Your educational qualification should be a B.Tech / B.E / MCA / M.Sc (IT or Cyber Security related specialisations) / BCA / B.Sc (IT or Cyber Security related specialisations) from a recognized University with a minimum score of 50% or equivalent qualifications. Please note that the place of posting for this role will be Ernakulam/Bangalore, and you may be liable for transfer anywhere in India at the sole discretion of the Bank.,

Role Overview: You will be joining the Defender Experts (DEX) Research team within Microsoft Security, whose mission is to protect customers from advanced cyberattacks by transforming raw signals into intelligence. As a Threat Researcher, you will collaborate with researchers, analysts, and detection engineers to advance managed Sentinel expertise and drive research on emerging cloud threats impacting both Microsoft and third-party products. Your work will directly contribute to developing real-time protections for enterprises worldwide and enhancing threat detection and response capabilities within Microsoft Sentinel. This role offers a unique opportunity to work at scale, tackle complex cloud security challenges, and shape the evolution of threat research within Microsoft Security. Key Responsibilities: - Execute advanced research on emerging cloud-based threats affecting Microsoft and third-party security products across heterogeneous cloud environments. - Develop and refine detection and response strategies using major SIEM platforms, with a focus on Microsoft Sentinel, to ensure comprehensive threat coverage and response capabilities. - Collaborate with internal and external security teams to implement scalable solutions for multi-cloud threat intelligence, detection, mitigation, and response. - Translate complex raw security data into actionable intelligence to enhance cloud security operations for a global customer base. - Mentor and guide researchers and detection engineers on advanced threat hunting and incident response best practices across diverse SIEM ecosystems. - Contribute to industry knowledge and Microsoft's security posture by publishing research, developing threat models, and identifying threats and attack trends in the cloud. Qualifications: - 3+ years of relevant experience in security research, detection engineering, threat lifecycle, and cloud security in large-scale complex cloud environments. - Proven ability in executing advanced research on emerging cloud-based threats affecting Microsoft and third-party security products across heterogeneous cloud environments. - Demonstrated experience in developing and refining detection and response strategies using major SIEM platforms, with a focus on Microsoft Sentinel. - Extensive hands-on experience with cloud platforms, including Azure, and understanding of multi-cloud security challenges and solutions. - Strong practical experience in identifying, analyzing, and mitigating real-world cyber threats in complex cloud environments. - Ability to work independently, deliver complete solutions, articulate technical insights effectively, and influence multidisciplinary teams.,

Customer Services encompasses a range of activities supporting Nokia customers, including technical support, account management, operations, maintenance, network design, deployment, integration, transformation, and training. The team drives revenue growth and enhanced customer satisfaction throughout the service lifecyclefrom planning and design to deployment, integration, optimization, operation, and maintenance. Managed Services is responsible for the ongoing operation and performance of customer networks, proactively proposing and implementing upgrades based on business needs. This includes the technical management and operation of contracted IT and telecommunications services provided to Nokia's end-users, ensuring adherence to agreed service level agreements. You Have: B.E/M.E/B.Tech/M.Tech with 8+ years of experience in Information Security, or a related field, or equivalent experience. Proven experience in a Security Operations Center or incident response environment, with a focus on customer experience. In-depth understanding of security technologies, including firewalls, intrusion detection/prevention systems, and SIEM. Experience with incident management tools and methodologies (e.g., ITIL). Excellent business English communication skills. It would be nice if you also have: Experience with scripting languages (e.g., Python, PowerShell) Relevant security certifications (e.g., CISSP, CISM, Security+) Receive, triage, investigate, and resolve security incidents impacting customer experience, ensuring timely and effective resolution within defined SLAs. Prioritizing incidents based on severity and impact and perform root cause analysis to prevent recurrence. Coordinating with internal and external teams to resolve complex incidents. Provide guidance and support to the team on incident management best practices. Maintaining accurate and detailed incident records. Continuously evaluate and improve incident management processes to enhance efficiency, effectiveness, and customer satisfaction. Communicate effectively with customers regarding incident status, impact, and resolution. Maintain professional and empathetic communication throughout the incident lifecycle. Reporting and Analysis: Generate regular reports on incident trends, frequency, and impact. Analyze data to identify areas for improvement in security posture and customer experience. Collaborate with other Security Operations Center teams, engineering, product development, and customer support to ensure seamless incident resolution. Identify opportunities to automate incident response processes to improve efficiency and reduce resolution times. May contribute to the development and maintenance of automation scripts.

Customer Services encompasses a range of activities supporting Nokia customers, including technical support, account management, operations, maintenance, network design, deployment, integration, transformation, and training. The team drives revenue growth and enhanced customer satisfaction throughout the service lifecyclefrom planning and design to deployment, integration, optimization, operation, and maintenance. Managed Services is responsible for the ongoing operation and performance of customer networks, proactively proposing and implementing upgrades based on business needs. This includes the technical management and operation of contracted IT and telecommunications services provided to Nokia's end-users, ensuring adherence to agreed service level agreements You Have: B.E/M.E/B.Tech/M.Tech with 8+ years of experience in Information Security, or a related field, or equivalent experience. Proven experience in a Security Operations Center or incident response environment, with a focus on customer experience. In-depth understanding of security technologies, including firewalls, intrusion detection/prevention systems, and SIEM. Experience with incident management tools and methodologies (e.g., ITIL). Excellent business English communication skills. It would be nice if you also have: Experience with scripting languages (e.g., Python, PowerShell) Relevant security certifications (e.g., CISSP, CISM, Security+) Receive, triage, investigate, and resolve security incidents impacting customer experience, ensuring timely and effective resolution within defined SLAs. Prioritizing incidents based on severity and impact and perform root cause analysis to prevent recurrence. Coordinating with internal and external teams to resolve complex incidents. Provide guidance and support to the team on incident management best practices. Maintaining accurate and detailed incident records. Continuously evaluate and improve incident management processes to enhance efficiency, effectiveness, and customer satisfaction. Communicate effectively with customers regarding incident status, impact, and resolution. Maintain professional and empathetic communication throughout the incident lifecycle. Reporting and Analysis: Generate regular reports on incident trends, frequency, and impact. Analyze data to identify areas for improvement in security posture and customer experience. Collaborate with other Security Operations Center teams, engineering, product development, and customer support to ensure seamless incident resolution. Identify opportunities to automate incident response processes to improve efficiency and reduce resolution times. May contribute to the development and maintenance of automation scripts.

Job Purpose Information security team member (with skip level reporting to CISO) who is proficient in maintaining & managing Cloud Security, Container security & CICD deployment. Information Security tool management & governance. Understanding of regulatory requirements, maintaining the tool compliance, configuring the tool policy, logs review & alert/incident handling. Driving information Security projects & Monitoring Key Risk Indicators (KRIs) for Information Security. Duties and Responsibilities A-Minimum required Accountabilities for this role Role: The CSPM Specialist is responsible for continuously monitoring and improving the security posture of cloud environments (AWS, Azure, GCP) by identifying misconfigurations, enforcing compliance, and mitigating risks. Key Responsibilities: Security Posture Monitoring: Implement and manage CSPM tools (e.g., Prisma Cloud, Wiz, Orca, Microsoft Defender for Cloud). Continuously assess cloud configurations for security risks and compliance violations. Monitor for drift from secure baselines and enforce remediation workflows. Risk Identification & Remediation: Detect misconfigurations, excessive permissions, and insecure storage or networking setups. Collaborate with cloud engineering and DevOps teams to remediate findings. Prioritize risks based on impact and likelihood. Compliance & Governance: Map cloud resources to compliance frameworks (e.g., CIS Benchmarks, NIST, ISO 27001, GDPR). Generate reports and dashboards for audits and executive visibility. Ensure tagging, encryption, and access control policies are enforced. Automation & Integration: Integrate CSPM tools with SIEM, SOAR, and ticketing systems. Automate alerts, remediation, and policy enforcement using IaC (Terraform, CloudFormation). Develop custom rules and policies for cloud security monitoring. Incident Response & Forensics: Investigate alerts and anomalies flagged by CSPM tools. Support cloud incident response and post-mortem analysis. Maintain logs and evidence for forensic investigations. Role: Focuses on securing containerized environments (e.g., Docker, Kubernetes) and integrating security into the software development lifecycle. Key Responsibilities: Design and implement security controls for containers. Conduct penetration testing and vulnerability scans on container images. Automate security tasks within CI/CD pipelines. Monitor container environments using tools like SIEM and vulnerability scanners. Develop and maintain container security policies. Collaborate with DevOps and security teams. Stay updated on container security threats and best practices Role Overview: Ensures security is embedded throughout the CI/CD pipeline, from code development to deployment. Key Responsibilities: Implement automated security testing and vulnerability scanning in CI/CD. Review code and architecture for security risks. Monitor and respond to security incidents in the pipeline. Collaborate with developers and IT teams to enforce secure coding practices. Develop and maintain secure coding standards and policies. Evaluate and integrate security tools into the pipeline. Stay current with cybersecurity trends and threats.|B-Additional Accountabilities pertaining to the role Manage & maintain security tool policies like like AV/EDR, Vulnerability management tool, FIM, SIEM agent. Maintain compliance as per organization compliance policy Highlight risk & mitigation plan Work with SOC team to investigate security alerts and improve detection rules. Document security policies, configurations, and incident reports. Risk analysis and mitigation Interaction with OEM for Highly Critical technical support. Responsible for Reports & Technical documentation. Should be capable to guide the team/individual on requirement basis. Communicate effectively with stakeholders & cross function teams Responsible for MIS Reports/ Technical documents Vendor Co-ordination Excellent spoken and written English Communication. Strong troubleshooting, analytical, and communication skills Good attitude towards corporate environment. Team player & Mentor to the team. Energetic, self-motivated and self-sufficient in accomplishing tasks. Good analytical and problem solving skills. Key Decisions / Dimensions Identification of right contacts to channelise the issue/problem for closure. Review the alert/incident and categorised True positive / False positive and take require steps. Discuss observation response as applicable & improve security controls. Decide if the policy and procedure documents need changes based on new regulations or audit outcomes. Major Challenges Handling of fast changing environment with variety of cloud service providers Handling of compliance expectations in stringent timelines Handling multiple stakeholders at a time Coordination with third party consultants who assist in auditing and compliance initiatives Required Qualifications and Experience a)Qualifications Minimum 3+ years of experience in Cloud Security Posture management, Cloud workload protection. (CSPM, CWP) Minimum 3+ years in Information / Cyber / application security. b)Work Experience Knowledge & hands-on experience in information security tool compliance & incident management (CSPM (PaloAlto Prisma), AV/EDR, Vulnerability management tool, FIM, SIEM (Microsoft Sentinel) Sound knowledge on IT infrastructure, Information Security concept & tools, ISMS & BCMS frameworks, regulatory guidelines related to IT and cyber for NBFCs Experience in Project management. Positive attitude, Hard Worker and team player Excellent Communication and Leadership Skills Certifications like CEH (Ethical Hacking), Azure/AWS Security, application penetration testing would be an added advantage

Overall management of Google Adwords Building strategies to identify new opportunities Analyze web traffic and implementing SEO/SEM, marketing and sales performance metrics.

Job Purpose Information security tech team member (with skip level reporting to CISO) who is proficient in maintaining & managing WAF technology, Information Security tool management & governance. Understanding of regulatory requirements, maintaining the tool compliance, configuring the tool policy, logs review & alert/incident handling. Driving information Security projects & Monitoring Key Risk Indicators (KRIs) for Information Security. Duties and Responsibilities A-Minimum required Accountabilities for this role Application & Network Security Expertise: Strong hands-on experience in Web Application Firewall (WAF) deployment, configuration, and management (e.g., Akamai, Cloudflare, F5 ASM / Imperva / FortiWeb). Knowledge of Load Balancer (F5 LTM/GTM, Array / Radware ADC) technologies. Knowledge of network security concepts (BOT protection, Zero Trust, DDoS protection, SSL/TLS, IDS/IPS). Experience in secure network design (LAN/WAN segmentation, DMZ, VPN, NAC). Cloud & Hybrid Security: Exposure to public cloud security (AWS/Azure/GCP) Security Groups, NACLs, WAF, Cloud Firewalls. Experience/knowledge in handling of CSPM & CWP incident Knowledge of container & microservices security (Kubernetes, Docker). Security Monitoring & Automation: Experience with SIEM tools (Sentinel / Splunk / QRadar ) for threat detection. Familiarity with automation tools ( SOAR / Ansible / Terraform) for security policy management. Incident Response & Compliance: Handling security incidents related to WAF, DDoS, and firewall breaches. Knowledge of compliance standards (PCI-DSS, OWASP Top 10, NIST). Responsible for Incident, Problem, Change Management & Service Request. Security agent / software compliance like AV/EDR, Vulnerability management tool, FIM, SIEM agent. Knowledge of strong in ITIL Process. B-Additional Accountabilities pertaining to the role Design, implement, and manage WAF policies to protect web applications from attacks (SQLi, XSS, OWAPS top 10 etc.). Manage & maintain security tool policies like like AV/EDR, Vulnerability management tool, FIM, SIEM agent. Maintain compliance as per organization compliance policy Highlight risk & mitigation plan Conduct security assessments (vulnerability scans) for network & web apps. Work with SOC team to investigate security alerts and improve detection rules. Document security policies, configurations, and incident reports. Flexible to extend beyond work hours towards accomplishing assigned tasks. Risk analysis and mitigation Interaction with OEM for Highly Critical technical support. Responsible for Reports & Technical documentation. Should be capable to guide the team/individual on requirement basis. Communicate effectively with stakeholders & cross function teams Responsible for MIS Reports/ Technical documents Vendor Co ordination Excellent spoken and written English Communication. Strong troubleshooting, analytical, and communication skills Good attitude towards corporate environment. Team player & Mentor to the team. Energetic, self-motivated and self-sufficient in accomplishing tasks. Good analytical and problem solving skills. Key Decisions / Dimensions Identification of right contacts to channelise the issue/problem for closure. Review the alert/incident and categorised True positive / False positive and take require steps. Discuss observation response as applicable & improve security controls. Decide if the policy and procedure documents need changes based on new regulations or audit outcomes. Major Challenges Handling of fast changing environment with variety of cloud service providers Handling of compliance expectations in stringent timelines Handling multiple stakeholders at a time Coordination with third party consultants who assist in auditing and compliance initiatives Required Qualifications and Experience a)Qualifications Minimum 3+ years of experience in Web application monitoring (WAF) Minimum 2+ years in Information / Cyber / application security. b)Work Experience Knowledge & hands-on experience in information security tool compliance & incident management (WAF, AV/EDR, Vulnerability management tool, FIM, SIEM agent) Sound knowledge on IT infrastructure, Information Security concept & tools, ISMS & BCMS frameworks, regulatory guidelines related to IT and cyber for NBFCs Experience in Project management. Positive attitude, Hard Worker and team player Excellent Communication and Leadership Skills Certifications like CEH (Ethical Hacking), Azure/AWS Security, WAF/application penetration testing would be an added advantage

Role & responsibilities We are seeking a highly skilled Technical Project Manager with strong experience in Cybersecurity Operations , Vulnerability Management , and Security Operations Center (SOC) environments. The ideal candidate will bridge the gap between technical teams and business stakeholders, driving the execution of cybersecurity projects while ensuring operational excellence in a high-security environment. Required Skills & Experience: 5+ years of experience in Cybersecurity Operations , including hands-on experience in SOC and Vulnerability Management . 2+ years in a Project Manager or Technical Program Manager role within a cybersecurity context. Solid understanding of cybersecurity tools such as SIEM, EDR, vulnerability scanners (e.g., Qualys, Tenable). Familiarity with threat intelligence, incident handling, and MITRE ATT&CK framework. Strong communication and stakeholder management skills. Certifications like PMP , CISSP , CISM , or CompTIA Security+ are a plus.

Your Role We are seeking a highly skilled and experienced SOC Lead / L3 Analyst with deep expertise in SIEM platform engineering , log integration , security incident management , and advanced threat detection with 8+ years of experience for Bangalore location . The ideal candidate will lead critical security incidents, guide junior analysts, and contribute to the strategic evolution of security operations through technology evaluations and process enhancements. Design, implement, and manage SIEM platforms including log ingestion, parsing, normalization, and correlation. Develop and maintain SIEM dashboards, alerts, and reports to support threat detection and compliance. Oversee production management of SIEM infrastructure ensuring high availability and performance. Integrate logs from diverse sources including network devices, endpoints, cloud platforms, and applications. Collaborate with engineering and operations teams to ensure seamless SIEM deployment and maintenance. Lead and manage high-priority and critical security incidents, ensuring timely resolution and documentation. Provide expert guidance to L1/L2 SOC analysts on complex investigations and escalations. Conduct forensic analysis, threat hunting, and deep-dive investigations using tools like EDR, IPS, DLP, etc. Contribute to the development and refinement of incident response runbooks and playbooks. Align detection strategies with frameworks such as MITRE ATT&CK and other industry standards. Identify and close security gaps through mitigation strategies and track remediation efforts to closure. Your Profile Collaborate with regional SOC and CERT teams for coordinated incident response and threat intelligence sharing. Hands-on experience with SIEM platforms (e.g., Splunk, QRadar, ArcSight, Sentinel). Strong knowledge of security technologiesEDR, IPS, DLP, forensic tools, threat intelligence platforms and familiarity with MITRE ATT&CK, NIST, ISO 27001, and other security frameworks.

About Company Choosing Capgemini means choosing a company where you will be empowered to shape your career in the way youd like, where youll be supported and inspired bya collaborative community of colleagues around the world, and where youll be able to reimagine whats possible. Join us and help the worlds leading organizationsunlock the value of technology and build a more sustainable, more inclusive world. Job TitleSOC L2 Total Exp- 4 to 7 Years Location- Bangalore Your Role SOC Analyst Key Skills & Experience Experience 3+ years in SOC analysis; prior network/system admin experience is a strong plus. Technical Expertise Strong in Active Directory, Kerberos, ADCS, Windows security logs, network technologies, and cloud security (Azure & O365). Tool Proficiency Hands-on with Azure Sentinel, Microsoft KQL, and Microsoft E5 Security Stack (Defender suite); SIEM & EDR mandatory, NDR a plus. Detection & Analysis Skilled in writing detection queries (SPL, EKQL, MS-KQL, ArcSight), interpreting PCAPs, regex, malware/phishing analysis, and threat actor TTPs (MITRE ATT&CK). Threat Response Capable of creating detection hypotheses, tuning rules, and improving playbooks for effective incident response. Your Profile Incident Response Analyze and document security incidents, escalate when needed, and ensure smooth handover to L3 teams. Threat Detection Perform research and data analysis to identify threats and coordinate remediation efforts. Stakeholder Support Assist IT teams and end users in understanding security issues and applying mitigation strategies. Threat Hunting Conduct deep dives beyond routine incidents and propose corrective actions. Cyber Intelligence Leverage threat intelligence to suggest detection use cases and improve security posture. What Youll Love About Working Here You can shape yourcareerwith us. We offer a range of career paths and internal opportunities within Capgemini group. You will also get personalized career guidance from our leaders.You will get comprehensive wellness benefits including health checks, telemedicine, insurance with top-ups, elder care, partner coverage or new parent support via flexible work.At Capgemini, you can work on cutting-edge projectsin tech and engineering with industry leaders or createsolutions to overcome societal and environmental challenges.

Responsibilities: * Collaborate with incident response team on DLP-related matters * Implement data loss prevention strategies using Digital Guardian technology * Conduct log analysis and troubleshoot endpoint security issues Health insurance

Role & responsibilities: The Lead Incident Response Team is responsible for overseeing the end-to-end management of technology incidents across the enterprise. This role ensures rapid detection, containment, resolution, and root cause analysis of incidents affecting critical IT services. The position requires strong leadership, technical acumen, and the ability to coordinate across multiple teams under pressure. Act as the primary liaison during major incidents, ensuring timely updates to senior leadership. Ensure adherence to incident management policies, ITIL standards, and regulatory requirements. Define and evolve the incident response strategy in alignment with business continuity and disaster recovery plans. Lead post-incident reviews and drive systemic improvements across the organization. Lead the triage, containment, and resolution of high-impact technology incidents. Activate war rooms and coordinate rapid response efforts across teams. Oversee real-time monitoring tools and ensure effective alerting mechanisms. Recommend and implement automation for incident detection and resolution. Conduct detailed post-incident investigations and root cause analysis. Document incident timelines, impact assessments, and corrective actions. Preferred candidate profile : Experience in managing incidents in hybrid cloud environments. Familiarity with cybersecurity incident response frameworks. Ability to work under pressure and lead cross-functional teams during crises. Certifications such as ITIL, PMP, or SRE are a plus.

Looking 2-6 years experienced DLP Analyst * Implement Symantec DLP solutions for data protection. * Respond to security incidents with incident response procedures. * Manage endpoints using Symantec Endpoint Security suite. Work from home Health insurance

Position Summary We are seeking an experienced SOC Analyst to join our Security Operations team. This role demands an individual with a strong technical background in incident analysis, SIEM administration, and rule fine-tuning. The ideal candidate will have experience working with diverse environments, including Windows, Linux, and network security, and will be well-versed in ELK stack management and troubleshooting beats agents. Key Responsibilities 1. Incident Detection and Analysis: o Conduct deep-dive analysis on security incidents, assessing root causes, and recommending solutions. o Proactively monitor and respond to security alerts, managing incident escalation and resolution processes. o Prepare detailed reports and document incidents to support future analysis and security measures. 2. SIEM Administration and Rule Fine-Tuning: o Oversee SIEM configurations, including tuning rules to optimize alerting and reduce false positives. o Conduct SIEM platform upgrades, troubleshoot performance issues, and ensure platform availability. o Collaborate with IT teams to integrate new data sources into SIEM and enhance visibility. 3. System and Network Security: o Perform continuous monitoring and analysis across Windows and Linux systems and network infrastructures. o Utilize tools for traffic analysis, anomaly detection, and threat identification. o Support configurations and policies within the IT and network environment to strengthen security. 4. ELK Stack and Beats Agent Management: o Manage and troubleshoot ELK Stack components (Elasticsearch, Logstash, and Kibana) to ensure seamless data flow. o Perform regular maintenance and troubleshooting of beats agents, ensuring reliable log ingestion and parsing. 5. Security Policies and Compliance: o Contribute to policy updates, ensuring adherence to organizational and industry compliance standards. o Document and enforce security controls aligned with best practices and regulatory requirements. Skills and Qualifications Education: Bachelors degree in Information Security, Computer Science, or a related field. Experience: o Minimum of 5+ years in SOC operations or a similar cybersecurity role. o Proven experience in SIEM administration, incident analysis, and configuration fine-tuning. o Proficiency in monitoring and troubleshooting Windows and Linux systems and managing network security protocols. o Hands-on experience with the ELK Stack, with expertise in troubleshooting beats agents. Technical Skills: o Familiarity with SIEM tools (e.g., Splunk, QRadar) and network protocols. o Strong command of incident response processes, security frameworks, and best practices. o Knowledge of communication protocols and system integrations for data protection. Certifications (preferred): CISSP, CompTIA Security+, CEH, or similar security certifications. Competencies Strong analytical skills with attention to detail. Excellent verbal and written communication abilities. Ability to work independently and collaboratively in a fast-paced environment. Additional Preferred Skills Knowledge of regulatory compliance standards. Experience in using EDR solutions. Ability to document processes and create incident playbooks. This role offers an opportunity to work on advanced cybersecurity initiatives within a dynamic SOC environment, contributing to enhanced organizational security. Mandatory Key Skills incident analysis,linux system,security framework,beats,protocols,logstash,qradar,kibana,elastic search,soc,splunk,linux,information security,security operations,cissp,siem*,windows troubleshooting*,troubleshooting*,incident response*,network security*

What were looking for We are seeking a skilled and proactive Cyber Threat Intelligence Analyst (3-5 years) to join our team and contribute to delivering a Fanatical Experience to our customers. This role is ideal for an individual with a strong background in threat intelligence gathering, analysis, and reporting, as well as hands-on experience in threat hunting and translating intelligence into actionable insights. Incident Handling and Managing Cloudsek Platform. As a Threat Intelligence Analyst, you will be responsible for identifying and analyzing emerging cyber threats, conducting threat hunting (good to have Sentinel Exp) activities to uncover hidden risks, and producing detailed reports to inform and support security operations. Your expertise will help enhance the overall security posture of our customers through proactive intelligence and actionable recommendations. Key Responsibilities Lead and perform proactive threat hunting across multiple customers or organizational estates using available data and threat intelligence. Create, test, and iterate threat hunting hypotheses to uncover undetected malicious activity. Leverage Cyber Threat Intelligence (CTI) feeds and tooling to track threat actor TTPs and deliver contextual insights relevant to the organization. Design and implement custom detection rules in SIEM platforms, particularly Microsoft Sentinel. Handling Cloud Sek Platform incidents (Dark web detections, Credential Leaks, Compromised Computer.) Collaborate with detection engineers, SOC analysts, and other stakeholders to improve detection content and response workflows. Contribute to incident response activities by supporting triage, investigation, and root cause analysis of cybersecurity events. Support risk and threat modelling initiatives by providing timely threat input and context. Deliver timely high-quality reporting (including executive briefings and technical analysis) on emerging threats and threat actor trends. Manage and curate threat intelligence watchlists, enrich detections with threat data, and assist SOC teams with relevant contextual insights. Support insider threat monitoring and vulnerability risk assessments. Participate in detection engineering efforts by identifying opportunities for new or enhanced analytics. Communicate threat relevance to technical and non-technical stakeholders clearly and concisely. Maintain an active awareness of the evolving cyber threat landscape, particularly as it pertains to your sector. Liaise with Corporate Enterprise Security for indicator and threat sharing. Drive iterative non-technical process improvement and documentation to minimize process friction to eliminate waste and drive consistency. Essential Skills and Experience Experience in Threat Hunting and Cyber Threat Intelligence. (3-5 years) Experience in analyzing large datasets for threat patterns. Strong understanding of threat actor behaviours, attack chains, and TTPs. Practical experience using SIEM platforms (ideally Microsoft Sentinel) and writing KQL queries. Strong Handon on Exp on Cloud Sek Platform, Understanding of threat modelling, risk management, and MITRE ATT&CK framework. Experience supporting or collaborating with Security Operations Center (SOC) teams. Understanding of Windows and/or Linux telemetry and analysis techniques. Knowledge of network protocols and how they may be exploited. Experience executing security incident response workflows and processes. Ability to triage and respond to threat intelligence alerts from multiple sources. Strong written and verbal communication skills to effectively deliver technical and executive-level briefings. Desirable Skills Experience with Microsoft Defender XDR Suite (Defender for Cloud, Server, Endpoint, Office 365, Identity). Microsoft Sentinel Cloud SEK Platform Crowdstrike, Falcon Qualys Familiarity with Microsoft Entra, Purview, and Azure technologies. Knowledge of NIST CSF, and other common security frameworks. Experience working with STIX and TAXII or equivalent for TI normalization and sharing Hands-on experience with detection creation and automation workflows using GitHub. Familiarity with scripting (python, JS, Powershell) for automation/analysis data processing. Experience working in Agile environments and cross-functional teams. Relevant certifications such as: Microsoft : SC-200, AZ-500, MS-500, SC-300 GIAC : GCTI, GCFA, GREM, GCIA Other : CISSP, CISA, CISM, CompTIA Security+/Cloud+, CCSK

Analyze, detect & resolve cyber threats, monitor logs, conduct forensic analysis, handle incidents, ensure SLA adherence, manage audits & train staff. Strengthen security posture with Fortinet Firewall expertise.

Role & Responsibilities: Required Skills/qualifications: 5+ years of experience in Network Security experience, Palo Alto, CISCO, ISE etc Working knowledge of common operating systems (Windows, Linux, etc.) and basic endpoint security principles Hands-on experience with common networking services and protocols (TCP/IP, SSH, FTP, DNS, DHCP, SMTP, SSL, etc.) Experience with maintaining and operating common security technologies (IDS, IPS, Firewalls, Cloud Security, WAF, Endpoint Security, SIEM, etc.) Exceptional organizational abilities and attention to detail The ability to think creatively to find elegant solutions to complex problems Excellent verbal and written communication skills Below cloud skills are expected: o Strong conceptual and hands on knowledge of working in cloud security for any popular public cloud platforms like AWS, GCP, Azure. o Setting up cloud security in AWS, GCP, Azure Network/VPC Design and implementation/configuration Governance around security groups, external IP's, encryption, etc Restrict access to team/function level using least privilege model. o Automation using Terraform/Ansible or other tooling o Expert in troubleshooting and resolving issues related to cloud security o Certification in any Cloud platform would be desirable Preferred Qualifications: 5+ years of experience in Information Security, Security Operations, Incident Response, etc. (or related field) Demonstrated ability to analyze and correlate information from a wide variety of enterprise technologies Demonstrated experience managing firewalls and other security technologies Understanding of common security threats, attack vectors, vulnerabilities and exploits CompTIA Network+/Security+, GIAC (GCIA, GCIH, GSEC, GCFA, GCFE, etc.), CISSP, CEH or related certification(s) desired Keywordsfirewall,troubleshooting,cloud security,information security,network security,security operations,incident response,cisco,ise,aws,tcp,dns,linux,ip,ids,microsoft azure,dhcp,gcp,terraform,siem,ssh,web application firewall,smtp,ftp,ssl,Palo Alto*

As the Manager, Security Operations APAC at Johnson Controls Global Cyber Security (GCS) team, your role will involve leading the security operations and incident response practices for the APAC region. You will collaborate with enterprise stakeholders to ensure timely mitigation and remediation of incidents. Your responsibilities will also include continuous process improvement for security operations and incident response processes, tracking and reporting metrics, and identifying and implementing processes, procedures, and tools to enhance capabilities. Additionally, you will manage team member workloads, partner with global security operations leaders, and respond to new threats. Key Responsibilities: - Lead Security Operations and Incident Response practices for the APAC region - Collaborate with enterprise stakeholders to ensure incidents are mitigated/remediated in a timely manner - Conduct continuous process improvement for Security Operations and Incident Response processes - Collect, track, measure, and report Security Operations and Incident Response metrics - Identify, evaluate, recommend, and implement processes, procedures, and tools to enhance existing Security Operations and Incident Response capabilities - Manage team member workloads to focus on priorities - Partner with Global Security Operations and Incident Response leaders to track, detect, and respond to new and emerging threats Qualifications: - Experience in the leadership and management of technical teams and individuals - Proven record of talent development - Robust knowledge of Incident Response and Security Operations activities - Advanced experience in threat intelligence, threat hunting, threat detection, and enterprise/cloud security - Ability to recognize common attacker tools, tactics, and procedures - Extensive experience with EDR, SIEM, and other cybersecurity toolsets - Minimum of 10 years of experience in Security Operations, Incident Response, or related Cyber Security field preferred - Excellent verbal, written, and interpersonal communication skills, including the ability to communicate security concepts to both technical and non-technical audiences - Ability to work collaboratively across global teams and manage multiple priorities If you are a strategic thinker with a passion for security management, Johnson Controls offers competitive salary and performance-based bonuses, a comprehensive benefits package including health, dental, and vision insurance, opportunities for professional development and career advancement, and a dynamic and collaborative work environment that fosters innovation. Apply now to join our team!,

As a Firewall Administrator at South Indian Bank, your role will be crucial in maintaining the security and integrity of the organization's network perimeter through effective firewall management and incident response capabilities. **Key Responsibilities:** - **Firewall Configuration:** You will be responsible for configuring and maintaining firewall devices based on established policies and standards. - **Monitoring and Analysis:** Monitoring firewall logs and traffic patterns to detect and respond to security threats and vulnerabilities. - **Incident Response:** Responding to security incidents related to firewall breaches or policy violations. - **Policy Management:** Managing firewall policies, rules, and access controls based on organizational requirements and security best practices. - **Troubleshooting:** Troubleshooting firewall-related issues, including connectivity problems, configuration errors, and performance bottlenecks. - **Documentation:** Maintaining accurate documentation of firewall configurations, changes, incident reports, and procedures. - **Collaboration:** Collaborating with other IT teams, such as network engineers, system administrators, and security analysts, to ensure integrated and effective security solutions. - **Compliance:** Ensuring compliance with organizational security policies, as well as industry standards and Regulators. - **Patch Management:** Applying patches and updates to firewall hardware and software to address vulnerabilities and improve performance. - **Training and Knowledge Sharing:** Staying updated with the latest trends and technologies in network security, and sharing knowledge with team members. - **Vendor Management:** Liaisoning with firewall vendors for support, troubleshooting, and product updates. - **Risk Assessment:** Participating in risk assessments and security audits related to firewall infrastructure. - **Audit Point Closure:** Ensuring timely closure of audit observations related to firewall infrastructure. **Qualifications Required:** - 5 years of experience in the relevant field. - Minimum Educational Qualification: B.Tech / B.E / MCA / M.Sc (IT / CS) / BCA / B.Sc (IT / CS / CA) from a recognized University with a minimum score of 50%. - Problem-solving skills and experience in IP networking and static routing, ssh, DNS, http/s, DHCP. - Relevant professional level certification in firewall devices. - OEM Certifications like CISCO/Fortinet/Checkpoint/Palo Alto etc. - Understanding of security threats and risks. - Familiarity with security standards and regulations (e.g., PCI-DSS, HIPAA). - Ability to analyze complex network and security issues. **About the Company:** South Indian Bank, established in Thrissur during the Swadeshi movement, is one of South India's earliest and most trusted banks. The bank is redefining banking through technology, innovation, and digital-first solutions with a strong focus on IT-led transformation. The teams at South Indian Bank work at the forefront of fintech innovation, driving automation, analytics, and next-gen digital platforms that shape the future of banking. **Place of Posting:** Ernakulam/Bangalore (Liable for transfer anywhere in India at the sole discretion of the Bank.),

As an Incident Response Analyst at Autodesk, your role involves monitoring, identifying, assessing, containing, and responding to various information security events. You will work in a large and complex environment, collaborating with teams across the company to address security issues and drive incident response. Your passion for security and growth will be crucial in accepting challenging projects and incidents. **Key Responsibilities:** - Handle day-to-day operations to monitor, identify, triage, and investigate security events using various Endpoint (EDR), Network, and Cloud security tools - Analyze firewall logs, server, and application logs to investigate events and incidents for anomalous activity - Conduct reviews and analysis of proxy logs, Microsoft Windows and Active Directory logs, and malicious code to identify, contain, eradicate, and ensure recovery from incidents - Create and maintain process tools and documentation - Perform all stages of incident response from detection to postmortem - Collaborate with stakeholders to build and enhance the Security Orchestration Platform - Document incident notes in the case management solution - Perform basic forensics and malware analysis based on playbooks and procedures - Work in a 24/7 environment, including night shifts, based on business requirements - Maintain a high level of confidentiality and integrity **Qualifications Required:** - BS in Computer Science, Information Security, or equivalent professional experience - 2+ years of cyber security experience in incident response - Technical depth in specialties like Malware analysis, Host analysis, and Digital forensics - Strong understanding of Security Operations and Incident Response process and practices - Experience with security monitoring, response capabilities, log analysis, and forensic tools - Familiarity with operating systems including Windows, Linux, and OSX - Experience with SIEM, SOAR, EDR, Network, AWS, and Azure security tools - Excellent critical thinking, analytical, organizational, verbal, and written communication skills - Ability to design playbooks for responding to security incidents - Willingness to support off-hours, weekends, and holidays as needed for incident response At Autodesk, we are committed to creating a culture of belonging where everyone can thrive. If you are passionate about security, growth, and making a difference in the world, join us in shaping the future with meaningful work. (Note: The job description does not contain any additional details about the company.),

As a Network Infra and Security Head, your role will involve defining the organization's network and security roadmap in alignment with business goals. You will collaborate with IT and business leaders to support digital transformation initiatives. Your responsibilities will include: - Timely remediation of systems and ensuring hardware configuration and software versions are ready for production scale 24*7. - Establishing governance models for network and security operations. - Ensuring adherence to industry regulations and security policies. - Managing vendors and ensuring vendor governance is carried out periodically. - Ensuring teams are adequately trained and up-to-date on concepts, functional and technical domains, implementation of solutions, info sec & remediation aspects. - Managing the technology function for clients across corporate, institutional, and commercial banking segment from Network Infra and Security perspective. - Designing, implementing, and overseeing the organization's network infrastructure, including LAN, WAN, SD-WAN, VPNs, and wireless networks. - Managing network monitoring, troubleshooting, and incident response processes. - Evaluating and implementing new network technologies to enhance performance and efficiency. - Driving Projects / programs and large transformation initiatives resulting in timely, high quality deliverables within cost budgets. - Developing and enforcing cybersecurity policies, standards, and best practices. - Implementing security frameworks to protect IT assets and conducting regular security risk assessments, penetration testing, and vulnerability management. - Managing firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint security solutions. - Ensuring compliance with regulatory and industry security standards. This role requires experience and expertise in Technology Risk Management. It expects you to be accountable for the governance and risk posture of the Corporate Tech unit overall and the deliveries to counterparts in business, operations, and customers. Additionally, you will be responsible for reviewing Network architecture diagrams to ensure high availability, scalability, and performance of network systems.,

Job Description:- We are seeking a highly skilled and experienced SOC Manager (L3) to lead our Security Operations Center (SOC). The ideal candidate will have a strong background in cybersecurity, with extensive experience in managing SOC operations, incident response, and threat intelligence. Role & responsibilities Lead and manage the SOC team, ensuring effective monitoring, detection, and response to security incidents. Develop and implement SOC processes, procedures, and best practices. Oversee the deployment, configuration, and management of SIEM (Security Information and Event Management) tools, particularly Qradar. Coordinate with other IT and security teams to ensure comprehensive security coverage. Conduct regular security assessments and audits to identify vulnerabilities and improve security posture. Provide leadership and guidance during security incidents, ensuring timely and effective resolution. Stay updated with the latest cybersecurity trends, threats, and technologies. Prepare and present regular reports on SOC activities, incidents, and overall security posture to senior management. Qualifications: 7 to 10 years of experience in cybersecurity, with at least 3 years in a SOC management role. Strong knowledge of SOC operations, incident response, and threat intelligence. Proficiency in using SIEM tools, particularly Qradar. In-depth understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001). Excellent leadership, communication, and interpersonal skills. Ability to work under pressure and manage multiple priorities effectively. Preferable Certifications: CISA (Certified Information Systems Auditor) CISSP (Certified Information Systems Security Professional) CEH (Certified Ethical Hacker) SSCP (Systems Security Certified Practitioner) SIEM Qradar OEM certifications relevant to SOC management

KEY RESPONSIBILITIES Data and System Security Monitor and protect company data stored on computing systems (CPUs) from unauthorized access and cyber threats. Implement and manage firewalls, antivirus solutions, and intrusion detection/prevention systems. Identify, assess, and patch vulnerabilities in hardware, software, and network infrastructure. Develop and enforce data access control policies to minimize internal risks. Conduct regular security audits and assessments Surveillance and Display Systems Management Manage and maintain all CCTV infrastructure to ensure round-the-clock surveillance coverage. Ensure all TVs and display systems used for operations or security are functioning properly. Secure surveillance systems against tampering or unauthorized access. Coordinate with external vendors for system upgrades or maintenance. Employee Systems Support Provide technical support and maintenance for employee desktops, laptops, and related peripherals. Troubleshoot hardware and software issues to ensure minimal downtime. Install and configure new workstations and required software. Maintain asset inventory and ensure system compliance with IT policies. Incident Response & Risk Management Monitor system logs and alerts to detect suspicious activities. Respond promptly to security breaches or system failures. Perform root cause analysis for incidents and implement preventative measures. Maintain documentation for incidents and resolutions. DESIRED SKILLS AND QUALIFICATIONS Minimum 3 years of experience in IT security, systems administration, or related roles. Strong understanding of cybersecurity practices, networking, and system architecture. Familiarity with CCTV and display system management. Excellent troubleshooting and communication skills. Security certifications (e.g., CompTIA Security+, CEH, CISSP) are a plus.

Key Responsibilities: Design and enforce security architecture across all environments (Dev, Stage, Prod, DR). Conduct regular VAPT (Vulnerability Assessment and Penetration Testing) and threat modeling. Define and monitor policies for encryption, identity access management (IAM), and secure coding. Implement real-time alerting and SIEM tools for system and app security. Work with developers to review code and dependencies for CVEs and OWASP vulnerabilities. Ensure tokenization, masking, and key management policies are in place. Assist in audits (internal, PCI-DSS, RBI, ISO) and maintain compliance documentation. Develop incident response plans and lead red/blue team exercises. Required Skills: 5+ years in application or infrastructure security roles. Deep understanding of PCI-DSS, ISO 27001, RBI cybersecurity norms. Experience with SIEM (e.g., Splunk, Wazuh), WAFs, firewalls, and intrusion detection tools. Familiarity with TLS certs, HSMs, secrets management, and secure APIs. Strong scripting skills (Python, Bash) for automating security checks. Previous experience in securing financial systems or payment gateways is a must.