307 Incident Response Jobs - Page 2

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Palo Alto Networks Prisma Access Secure Access Service Edge (SASE) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and overseeing the transition to cloud security-managed operations. You will engage in strategic discussions to align security measures with organizational objectives, ensuring a robust and secure cloud environment that supports business operations effectively. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in cloud security.- Monitor and evaluate the effectiveness of implemented security measures, making adjustments as necessary. Professional & Technical Skills: - Must To Have Skills: Proficiency in Palo Alto Networks Prisma Access Secure Access Service Edge (SASE).- Strong understanding of cloud security principles and best practices.- Experience with security frameworks and compliance standards.- Ability to analyze and mitigate security risks in cloud environments.- Familiarity with incident response and disaster recovery planning. Additional Information:- The candidate should have minimum 5 years of experience in Palo Alto Networks Prisma Access Secure Access Service Edge (SASE).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

We are looking for a skilled professional with 6-9 years of experience to join our team as an SIEM specialist. The ideal candidate will have a strong background in security information and event management. Roles and Responsibility Design, implement, and manage SIEM systems to ensure the security and integrity of our organization's data. Develop and maintain dashboards and reports to provide insights into security threats and trends. Collaborate with cross-functional teams to identify and mitigate potential security risks. Conduct regular vulnerability assessments and penetration testing to identify weaknesses. Analyze log files and system logs to detect anomalies and suspicious activity. Develop and enforce security policies and procedures to ensure compliance with industry standards. Job Requirements Strong understanding of security principles and technologies such as firewalls, intrusion detection systems, and encryption. Experience with SIEM tools such as Splunk, LogRhythm, or QRadar. Excellent analytical and problem-solving skills with attention to detail. Ability to work effectively in a fast-paced environment and meet deadlines. Strong communication and collaboration skills to work with technical and non-technical stakeholders. Familiarity with industry standards and regulations related to security such as HIPAA, PCI-DSS, or NIST.

Immediate Job Openings on Security Analyst _ Gurgaon_ Contract Experience 4+ Years Skills Security Analyst Location Gurgaon Notice Period Immediate . Employment Type Contract Work Mode WFO 1. 4 to 8 years of exp in Security Analyst. 2. 2 to 3 Years of exp in Fine-tune SIEM rules to reduce false positive and remove false negatives. 3. Good exp in SOC (Security Operation Center)

Greetings from IDESLABS PVT LTD !!! Working Mode Hybrid Payroll: IDESLABS Location Pan India PF Detection is mandatory : Primary Skills Expertise in conducting and managing Security baseline scans, including familiarity with tools like Rapid7Nessus/Qualys etc. Strong knowledge of SBC processes and standards such as CIS benchmarks. Experience in reviewing and interpreting SBC results and providing actionable recommendations for Windows or Unix/Linux environments. In-depth knowledge of security configurations, hardening techniques for Windows or Unix/Linux environments. Ability to understand and assess group policies, permissions, patches, and security settings for windows or Unix/Linux platforms. Proficiency in performing risk assessments and understanding the criticality of identified vulnerabilities. Ability to work and collaborate with technical teams to prioritize remediation based on business risk, asset criticality, and exposure to ensure vulnerabilities/SBC controls are remediated promptly and in line with organizational security policies. Strong ability to present scan findings and SBC review results clearly to technical and non-technical stakeholders.Secondary Skills Familiarity with key industry compliance frameworks (e.g., ISO 27001, PCI DSS, HIPAA) and how security baselines relate to compliance requirements. Experience in reviewing and coordinating patch management processes, ensuring that patches are applied in a timely manner while minimizing business disruption. Understanding of the relationship between vulnerabilities and potential incidents, with knowledge of how to collaborate with incident response teams to mitigate threats. Familiarity with network security concepts (e.g., firewalls, IDS/IPS, network segmentation) and how these relate to system vulnerabilities. Understanding of cloud and hybrid environments, and how baseline compliance scans are performed in cloud infrastructures like AWS, Azure etc. Familiarity with ticketing systems (e.g., Jira, ServiceNow) to streamline remediation workflows. Kindly Acknowledge back to this mail with updated Resume.

Role Overview: Position: L3 SOC Analyst Location: Mumbai, India Experience: 5-8 years in SOC roles, with a strong focus on Incident Response and Threat Hunting. Key Responsibilities: Incident Response: Deep expertise in handling end-to-end incident response detection, investigation, containment, eradication, and recovery. Attack Vectors: Solid understanding of phishing, malware, ransomware , and how to respond effectively to these threats. Cyber Kill Chain: Strong knowledge of the cyber kill chain framework, including how adversaries progress through the stages of an attack. Adversary Tactics: Familiarity with adversary techniques and tactics, particularly using frameworks such as MITRE ATT&CK to mitigate threats. SIEM & EDR Tools: Extensive experience with SIEM tools like Splunk and ArcSight , and EDR solutions like CrowdStrike or Microsoft Defender . Scenario Handling: Capable of tackling complex, scenario-based challenges with a strategic mindset. Preferred Qualifications: 3-7 years of experience working in a SOC or handling Incident Response . Expertise in detecting and analyzing indicators of compromise (IOCs). Strong L2 or L3 analyst experience is a must A candidate who has worked on critical incidents and has an in-depth knowledge about the same

Responsible for monitoring and responding to security incidents within the SOC. Duties include analyzing security events, identifying vulnerabilities, and managing incidents using SIEM tools. The analyst must be adept at threat detection, incident response, and ensuring network security by implementing proactive measures to prevent data breaches.

Oversees IT incident response processes, ensuring timely resolution of critical system issues and minimizing downtime.

Manage Microsoft Sentinel SIEM platform to detect, investigate, and respond to security incidents. Configure alerts, monitor security events, and ensure compliance with security policies and best practices.

Implement and manage cybersecurity measures to protect enterprise systems from external and internal threats. You will monitor, identify, and respond to security incidents. Expertise in network security, threat detection, and incident response is required.

Provide Level 2 support in Security Operations Centers (SOC), focusing on SIEM tools and threat detection. You will investigate and resolve security incidents, escalate critical issues, and ensure system integrity. Expertise in SIEM, threat detection, and incident response is essential.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Operations Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : Bachelor or college degree in related field or equivalent work experience" Summary :As a Security Architect, you will be responsible for defining the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve documenting the implementation of the cloud security controls and transitioning to cloud security-managed operations. Roles & Responsibilities:Customize SIEM rules and correlation policies to meet the organization's specific security requirementsMonitoring and Analysis:Monitor security alerts and events generated by the SIEM systemConduct in-depth analysis of security incidents, identifying and mitigating potential threatsIncident Response:Respond promptly to security incidents, providing coordination and support for incident resolutionDocument and report incidents, including the root cause analysis and remediation stepsThreat Intelligence Integration:Integrate threat intelligence feeds into the SIEM for proactive identification of emerging threatsStay abreast of the latest cyber threats, vulnerabilities, and industry best practicesSecurity Compliance:Ensure SIEM configurations and processes align with relevant security standards and compliance requirementsParticipate in audits and assessments to demonstrate compliance with security policiesCollaboration:Work closely with other security professionals, IT teams, and stakeholders to enhance overall security postureProvide support and guidance to incident response teams during security incidents Professional & Technical Skills: - Must To Have Skills: Experience in Security Information and Event Management (SIEM) Operations.- Good To Have Skills: Experience in cloud security technologies such as AWS, Azure, or Google Cloud Platform.- Strong understanding of security architecture principles and best practices.- Experience in developing and maintaining security policies, standards, and procedures.- Experience in managing security incidents and providing technical guidance and support.- Excellent communication and collaboration skills. Additional Information:- The candidate should have a minimum of 3 years of experience in Security Information and Event Management (SIEM) Operations.- The ideal candidate will possess a strong educational background in computer science, information technology, or a related field, along with a proven track record of delivering impactful security solutions.- This position is based at our Bengaluru office. " Qualification Bachelor or college degree in related field or equivalent work experience

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Splunk Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build, and protect enterprise systems, applications, data, assets, and people. You will provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Your day will involve ensuring the security of critical assets and systems. Roles & Responsibilities:- Expected to be an SME, collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Implement security measures to protect systems and data.- Conduct security assessments and audits.- Develop security policies and procedures.- Stay updated on the latest security trends and technologies. Professional & Technical Skills: - Must To Have Skills: Proficiency in Splunk.- Strong understanding of network security principles.- Experience with security tools such as SIEM, IDS/IPS.- Knowledge of incident response and vulnerability management.- Good To Have Skills: Experience with cloud security solutions. Additional Information:- The candidate should have a minimum of 5 years of experience in Splunk.- This position is based at our Bengaluru office.- A 15 years full-time education is required. Qualification 15 years full time education

Were Hiring: Information Security Risk Specialist | 79 Years Experience | Bengaluru Location: Bengaluru Experience Required: 7 to 9 years Employment Type: Full-Time We’re looking for a seasoned Information Security Risk Specialist to lead and strengthen our enterprise-wide risk management framework. If you’re passionate about cybersecurity, thrive on identifying and mitigating risks, and have hands-on experience with global standards like ISO 27001 and NIST. Key Responsibilities: Design and implement enterprise-wide InfoSec risk management programs. Conduct risk assessments, vulnerability analyses, and compliance evaluations. Collaborate across IT, engineering, legal, and external partners to drive mitigation strategies. Lead security awareness initiatives and incident response planning. Track and report KPIs and security metrics to senior stakeholders. What We’re Looking For: 5+ years in cybersecurity, risk, or compliance roles. In-depth knowledge of ISO 27001, NIST, COBIT, COSO frameworks. Strong analytical, communication, and stakeholder management skills. Preferred certifications: CISSP, CRISC, CISM, CEH. Why Join Us? Be a key player in building secure systems powering global transport solutions. Work with cutting-edge technologies and global teams. Drive meaningful change in a high-impact, high-autonomy role.

We are seeking a highly experienced Cybersecurity Solutions Specialist to drive technical engagements and solution design for enterprise clients. This role combines strategic presales leadership with hands-on cybersecurity expertise, including L3 support, SOC operations, and threat intelligence. You will act as a trusted advisor to clients, guiding them through complex security challenges and aligning solutions with business needs. Lead technical discovery sessions and design tailored cybersecurity solutions. Deliver product presentations, demos, and Proof of Concepts (PoCs). Respond to RFPs/RFIs and develop comprehensive technical proposals. Evaluate new technologies, tools, and processes for inclusion in solution offerings. Manage and operate security tools including SIEM, IDS/IPS, EDR, DLP, and firewalls. Implement and maintain SOC and ISMS frameworks aligned with ISO 27001. Conduct threat intelligence analysis and stay updated on emerging threats. Perform vulnerability assessments, penetration testing, and system hardening. Analyze and respond to software/hardware vulnerabilities and security log data. Conduct security audits and document incident response procedures. Hands-on experience with EDR, Anti-Virus, Vulnerability Management, Forensics, and Encryption. Experience in cybersecurity presales, solution architecture, or consulting. Strong knowledge of security domains including: Network Security (Firewalls, IPS/IDS) Endpoint Security (EPP, EDR, XDR) Cloud Security (Azure, AWS, GCP) Identity & Access Management (IAM, PAM) Data Protection (DLP, encryption) Security Operations (SIEM, SOAR) Strong scripting skills (Python, PowerShell, Bash) for automation and analysis. Familiarity with MITRE ATT&CK framework and threat intelligence platforms. Experience in cybersecurity, including L3 support and presales roles. Advanced certifications preferred: CISSP, CISM, CEH, OSCP, GCIA, GCIH, CASP, CompTIA Security+ or vendor-specific certifications (e.g., Palo Alto, Fortinet, Microsoft Security). Strong understanding of cyber-attacks, threat vectors, risk management, and incident response. Flexible to work in 24x7 operations and rotational shifts.

About us As a Fortune 50 company with more than 400,000 team members worldwide, Target is one of the worlds most recognized brands and one of Americas leading retailers. Target as a tech companyAbsolutely. We are the behind-the-scenes powerhouse that fuels Targets passion and commitment to cutting-edge innovation. We anchor every facet of one of the worlds best-loved retailers with a strong technology framework that relies on the latest tools and technologiesand the brightest peopleto deliver incredible value to guests online and in stores. Behind the brand our guests love, is a culture of continual innovation and right now, we are up to big things. The Cyber Fusion Centre is the heart of Targets security team and a place where innovation happens daily. Interested in a culture that combines invention and creative freedom, ongoing learning, engineering excellence, and stellar outcomesWe are, too thats why we work here. Join our team to take new enterprise security solutions from concept to release, collaborating with both software & security engineers to innovate on helping defend Targets network using cutting-edge technologies.We are seeking a Senior Threat Detection Engineer to join our world class cybersecurity-cyber defence team. The ideal candidate will be responsible for designing, implementing, and optimizing threat detection mechanisms to protect the organization from advanced cyber threats.About The Role/Key Responsibilities: Threat Detection Development : Design and implement detection rules, signatures, and analytics to identify malicious activities in real-time. Develop use cases and correlation rules in SIEM and other detection platforms. Create automated processes to improve detection efficiency and reduce response times. Security Monitoring & Optimization : Continuously monitor and tune rules to reduce false positives by improving rule fidelity and ensuring actionable alerts. Stay updated with emerging threat landscapes to enhance detection capabilities. Incident Support : Collaborate with Incident Response (IR) and Threat Hunting teams to provide context and insights during investigations. Participate in post-incident reviews to refine detection strategies based on lessons learned. Collaboration & Reporting : Work with Cyber Threat Intelligence (CTI) teams to integrate threat intelligence into detection mechanisms. Document and present detection engineering activities, findings, and recommendations to stakeholders. About You/Qualifications: Bachelors degree in Cybersecurity, Computer Science, or related field (or equivalent experience). 4+ years of experience in threat detection, incident response or related roles. Demonstrates a deep subject matter expertise with threat detection, response, and mitigation Capable of identifying detection opportunities sourced from threat data Exhibits an understanding of concepts such as Pyramid of Pain, MITRE ATT&CK, and other organizing frameworks Hands-on experience with security tools such as SIEM (Splunk, ElasticSearch, Zeek, SIGMA, Suricata and YARA technologies) Host based detection experience leveraging Sysmon, CrowdStrike Falcon, etc. Cloud based detection within GCP and AWS Proficiency in scripting and automation (Python, PowerShell, etc.) Deep knowledge of network protocols, operating systems, and attack techniques. Excellent problem-solving and communication skills. Stays current with new technologies via formal training and self-directed education Why Join Us Be part of a forward-thinking world class cybersecurity team. Opportunities for professional growth and continuous learning. Useful Links- Life at Target- https://india.target.com/ Benefits- https://india.target.com/life-at-target/workplace/benefits Culture- https://india.target.com/life-at-target/diversity-and-inclusion

Role & responsibilities Incident Management: Lead the end-to-end incident response lifecycle, including detection, analysis, containment, eradication, and recovery. Threat Investigation: Analyze and investigate a variety of attack vectors, such as: Identity attacks include credential abuse, privilege escalation, and MFA bypass. Web Attacks: SQL injection, cross-site scripting (XSS), remote code execution. Network Attacks: DDoS, lateral movement, traffic manipulation. Cloud Threats: IAM misconfigurations, exposed services, container security vulnerabilities. Collaboration & Coordination: Work closely with SOC analysts, threat intelligence teams, forensics, and engineering groups during and after security incidents. Root Cause Analysis: Conduct comprehensive investigations to determine the root cause of incidents and provide actionable remediation recommendations. Process Improvement & Documentation: Document all incident response procedures and lessons learned. Contribute to the continuous improvement of our detection and response capabilities. Proactive Security Measures: Participate in threat hunting and purple team exercises to enhance overall security preparedness. Preferred candidate profile A minimum of 5 years of hands-on experience in cybersecurity incident response or security operations. Proven expertise in investigating and mitigating incidents across one or more areas: identity, web, network, or cloud. Proficiency with SIEM, EDR, and SOAR tools (e.g., Splunk, Sentinel, CrowdStrike). Experience in hybrid or cloud-first environments (AWS, Azure, or GCP). Strong understanding of frameworks and methodologies such as MITRE ATT&CK, the cyber kill chain, and threat modeling. Excellent written and verbal communication skills, with the ability to document and convey technical details clearly to both technical and non-technical stakeholders.

Immediate Openings on SIEM Engineer _Contract_Pan India Notice Period :Immediate. Type : Contract Key Accountabilities Building, maintaining, and operating Splunk Enterprise and Splunk Enterprise Security SaaS Solution Building Co-relation searches for Cyber Operation requirements Evaluating and analysing business requirements and designing suitable solutions, challenging requirements where necessary Managing, co-ordinating and implementing technical project activities and enhancements to services Conducting Incident/ Problem/ Recovery activities Supporting the Joint Operations Centre and incident response teams for detected security events. Creating and maintaining accurate and high-quality documentation Supporting Operational effectiveness audit Structure phased deliverables to link long term vision with time-boxed activities. Support the project delivery phase including testing and training, to ensure the agreed business solutions are delivered successfully. Work closely with developers and testers, to ensure delivery of the functionality on time and with quality. Stakeholder Management and Leadership Negotiate and solicit engagement and support at all levels of the organisation, particularly where support is low or challenging. Communicate clearly and regularly. Typically faces off to AVP VP level stakeholders. Considers the impact of their actions and decisions on key stakeholders, seeking to deliver a positive outcome for those involved. Decision-making and Problem Solving Apply evaluative judgement and analytical skills to operate effectively within a complex and changing environment. Understand the requirements and perspectives of stakeholders and integrate into their understanding of complex situations. Demonstrates a broad understanding of how the bank operates and the metrics used to measure performance Analyses problems and evaluates options in a logical and systematic way. Seeks the advice of stakeholders to better create clarity in complex situations, understand problems, evaluate options and make decisions What were looking for: Knowledge of Splunk Enterprise architecture, distributed components (indexer clusters, forwarders, search head clusters, deployment servers) , knowledge of Splunk Cloud Knowledge of Splunk Enterprise Security at administration and use case level Knowledge on on-boarding new data into Splunk, Splunk Forwarders - data ingestion, extraction. Knowledge of the Common Information Model, data models, enrichment, and automation Good experience on Splunk add-Ons installation configuration to bring security logs into Splunk. Good understanding of the Security Domain. Documentation skills in order to provide high quality documentation for internal customers and technical teams.

B2 Role L1/ L2 Support resource ( 2 years experience in DLP) Daily Summary Report with list of activities to be shared on daily. Configure Client tasks Purge events on frequent basis Help Desk Support Support in Troubleshooting during Agent installation Providing VPN evidences Support user in installation or uninstallation of Agents Support in resolving Agent Communication issues Support in Agent Upgrade Generate and share MIS reports with end user Troubleshooting Policy related issues Whitelisting of IPs, PF IDs Sharing of granular details of Infringements. Provide Root cause analysis documents

To be part of a global security operations center and be responsible for - proactively identify threats and vulnerabilities; implement industry best practices; participate in the review and resolution of opportunities from both internal and external IT security audits; provide recommendations to the overall IT security posture of the organization; and participate in the creation of IT security awareness communications to the organization that adhere to corporate safety and security regulations Responsibilities: Investigate and provide proper incident response to security alerts. Identify new security use cases and create required detection rules in the system. Work with the customer to gather requirements, propose use cases and build them in Splunk. Perform administration activities in Splunk including integration of log sources, creation of queries for security use cases, dashboards, troubleshoot issues. Assist and train team members on how to investigate and respond to various security threats. Manage and support wide range of security technologies including SIEM, EDR, Vulnerability Scanners, Identity and Access Management, Data Loss Prevention, and Cloud Security. Participate in security solution design and security consultation. Work with the customer point of contacts for any escalated incidents, security remediation. Create required dashboards and provide reports. Actively participate in customer meetings and give presentations. Job Bachelor's degree in Computer Science, Information Security, or an equivalent degree. 4+ years of working experience in Information Security. Vast experience in Splunk Enterprise and Enterprise Security. Have experience in integration of log sources, defining use cases, creation of new correlation rules, creation of dashboards, implementing best practices in Splunk environment. Good understanding of security threats and mitigation strategies. Have in-depth knowledge on how to investigate and respond to various security alerts, and can able to create incident response procedures for same. Certification in any of the following is a plusSplunk Certified Admin/Architect, CEH. Demonstrated excellent response to critical incidents and security threats in the past. Excellent analytical, presentation, customer service and facilitation skills. Ready to work in 24x7 Security operations.

Senior Site Reliability Engineer Site Reliability Engineers at UKG are critical team members that have a breadth of knowledge encompassing all aspects of service delivery. They develop software solutions to enhance, harden and support our service delivery processes. This can include building and managing CI/CD deployment pipelines, automated testing, capacity planning, performance analysis, monitoring, alerting, chaos engineering and auto remediation. Site Reliability Engineers must be passionate about learning and evolving with current technology trends. They strive to innovate and are relentless in pursuing a flawless customer experience. They have an "automate everything" mindset, helping us bring value to our customers by deploying services with incredible speed, consistency, and availability. Job Responsibilities Engage in and improve the lifecycle of services from conception to EOL, including system designconsulting, and capacity planning Define and implement standards and best practices related toSystem Architecture, Service delivery, metrics and the automation of operational tasks Support services, product & engineering teams by providing common tooling and frameworks to deliver increased availability and improved incident response Improve system performance, application delivery and efficiency through automation, process refinement, postmortem reviews, and in-depth configuration analysis Collaborate closely with engineering professionals within the organization to deliver reliable services Increase operational efficiency, effectiveness, and quality of services by treating operational challenges as a software engineering problem (reduce toil) Guide junior team members and serve as a champion for Site Reliability Engineering Actively participate in incident response, including on-call responsibilities Required Qualifications Engineering degree, or a related technical discipline, or equivalent work experience Experience coding in higher-level languages (e.g., Python, JavaScript, C++, or Java) Knowledge of Cloud based applications & Containerization Technologies Demonstrated understanding of best practices in metric generation and collection, log aggregation pipelines, time-series databases, and distributed tracing Demonstrable fundamentals in 2 of the followingComputer Science, Cloud architecture, Security, or Network Design fundamentals Demonstrable fundamentals in 2 of the followingComputer Science, Cloud architecture, Security, or Network Design fundamentals (Experience, Education, Certification, License and Training) Must have at least 3 years of hands-on experience working in Engineering or Cloud Minimum 2 years' experience with public cloud platforms (e.g. GCP, AWS, Azure) Minimum 2 years' Experience in configuration and maintenance of applications and/or systems infrastructure for large scale customer facing company Who We Are Here at UKG, Our Purpose Is People. UKG combines the strength and innovation of Ultimate Software and Kronos, uniting two award-winning, employee-centered cultures. Our U Krewers are an extraordinary group of talented, innovative, and collaborative individuals who care about more than just work. We strive to create a culture of belonging and an employee experience filled with meaningful recognition and best-in-class rewards and benefits. UKG has 14,000 employees around the globe and is known for its inclusive and supportive workplace culture. Ready to join the U Krewukg.com/careers

Say hello to possibilities. Its not everyday that you consider starting a new career. We’re RingCentral, and we’re happy that someone as talented as you is considering this role. First, a little about us, we’re the global leader in cloud-based communications and collaboration software. We are fundamentally changing the nature of human interaction—giving people the freedom to connect powerfully and personally from anywhere, at any time, on any device. We’re a $2 billion company that’s growing at 30+% annually. Job Type: Full-Time Department: Security This is a great opportunity to work at a rapidly growing, market leading Unified Communications as-a-service company. RingCentral provides Voice-over-IP (VoIP), hosted PBX, voicemail, SMS, e-fax, and HD video meeting solutions for business. About this role: As a SOC Analyst at RingCentral, your primary responsibilities are to implement a comprehensive security monitoring, incident response and threat intelligence program for RingCentral’s global cloud service, corporate and development environments. You will also be collaboratively providing feedback to improve security operations processes, generating actionable analysis and threat intelligence from tools, logs, and other data sources, ensuring strong documentation is in place to support ongoing SOC activities, and reporting your observations to other Security, Operations and IT personnel. Successful Candidates will: Have proven skills in application security, security monitoring, incident response and intrusion analysis Have strong knowledge of the diverse methods and technologies used to attack web/mobile/desktop applications, SaaS infrastructure, and data Think critically, work well under pressure, and possess strong analytical, written, verbal, and interpersonal skills Demonstrated track record of quality processes in candidate’s work history Be strongly self-motivated with an aptitude for both individual and team-oriented work Have experience following and refining standard operating procedures and playbooks Responsibilities: Monitor security events, analyze and investigate alarms, and maintain day-to-day operational activities of a secure cloud environment Engage teams within and outside of RingCentral to mitigate and resolve cases Maintain relevant documentation and audit artifacts Identify and track suspicious system activity Identify trends and patterns, and present them to Security Engineers to enhance our processes and systems This role participates in on-call rotations Qualifications / Requirements: 3+ years in a security engineering, SRE, or SOC roles in a cloud services environment Experience with SIEM Experience investigating security incidents Basic knowledge AWS or GCP Experience with IDS, case management, and related tools and practices Experience with Linux, RedHat preferred Basic knowledge of broad security topics such as encryption, application security, malware, ransomware, etc. Knowledge of network, VoIP and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, SIP, RTP) Preferred Skills/Experience: Any combination of the following certifications: GCIA (GIAC Certified Intrusion Analyst) GCIH (GIAC Certified Incident Handler) GCFA (GIAC Certified Forensic Analyst) GNFA (GIAC Certified Network Forensic Analyst) GCFE (GIAC Forensic Examiner) GASF (GIAC Advanced Smartphone Forensics) GICA GCTI (GIAC Certified Cyber Threat Intelligence) GPEN (GIAC Certified Pentester) GWAPT (GIAC Certified Web Application Pentester) GPYC (GIAC Certified Python Coder) OSCP (Offensive Security Certified Pentester) Experience using Crowdstrike, Cloudflare, FirePower, Splunk, ELK, Imperva, Syslog, packet capture, and Windows Event Log tools and similar tools Knowledge of current hacking techniques, malicious code trends, botnets, exploits, malware, DDoS, and data breach events Strong knowledge of Microsoft Windows Experience automating security tasks, including scripting, programming and/or SecDevOps Experience working with global teams

Roles and Responsibilities : Monitor and analyze security event logs from SIEM tools to identify potential threats and incidents. Develop and maintain incident response plans, procedures, and playbooks to respond to security breaches. Collaborate with cross-functional teams to investigate and resolve security incidents in a timely manner. Conduct regular audits of SIEM systems to ensure compliance with regulatory requirements. Job Requirements : 7-10 years of experience in IT services & consulting industry. Strong understanding of SOC (Security Operations Center) operations and processes. Proficiency in managing SIEM tools such as [insert specific tool names]. Experience with incident response planning, management, and execution.

: Job TitleThreat Intelligence Analyst Corporate TitleAVP LocationPune, India Role Description As a Threat Intelligence A VP in the Threat Intelligence and Assessment function, you will play a critical role in safeguarding the organization from cyber threats. In this role, you will be responsible for identifying, assessing, and mitigating threats, you will provide mitigation recommendations in response to evolving threats. You will be required to analyse complex technical issues and develop bank specific solutions while collaborating with diverse teams and stakeholders. This role will also consist of delivering against projects and strategic initiatives to continuously enhance the banks capabilities in responding to threats. What well offer you , 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Pro-actively identify threats and track threat actors, TTPs, and ongoing campaigns to produce timely actionable intelligence. Produce threat assessments to support threat mitigation activities. Analyse multiple data/intelligence sources and sets to identify patterns of activity that could be attributed to threats and develop informed recommendations. Conduct analysis on files/binaries, packet captures, and supporting materials to extract relevant artifacts, observables, and IOCs. Proactively drive improvements of internal processes, procedures, and workflows. Participate in the testing and integration of new security monitoring tools. Meet strict deadlines to deliver high quality reports on threats, findings, and broader technical analysis. Take ownership for personal career development and management, seeking opportunities to develop personal capability and improve performance contribution. Develop and maintain relationships with internal stakeholders, external intelligence sharing communities. Your skills and experience 5+ years of experience in cybersecurity, with a focus on threat intelligence, analysis, and mitigation Strong operational background in intelligence related operations with experience in Open-Source Intelligence (OSINT) techniques Operational understanding of computing/networking (OSI Model or TCP/IP). Knowledge on the functions of security technologies such as IPS/IDS, Firewalls, EDR, etc A good or developing understanding of virtual environments and cloud (e.g., VSphere, Hypervisor, AWS, Azure, GCP) Demonstrated knowledge and keen interest in tracking prominent cyber threat actor groups, campaigns and TTPs in line with industry standards Knowledge of or demonstratable experience in working with intelligence lifecycle, intelligence requirements and Mitre ATT&CK Framework Non-Technical Experience Investigative and analytical problem solving skills Excellent verbal and written communication; to both technical and non-technical audiences. Self-motivated with ability to work with minimal supervision. Education and Certifications Preferred - Degree in computer science, networking, engineering, or other field associated with cyber, intelligence or analysis. Desired Experience or Certifications CISSP, CISM, GIAC, GCTI, GCIH, GCFE, GCFA, GREM, GNFA, Security+, CEH How well support you . . . . About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

Essential knowledge• Have over 10+ years of rich experience in information security domain and at least 6-8 years of dedicated experience in Security Incident Response.• Hands on experience in implementing and operationalizing SIEM/SOAR tools such as Sentinel, ArcSight etc.• Experience in defining and reporting KPIs for Security Incident response.• Familiarity with advanced SOC monitoring technologies, risk, threat and security measures.• Knowledge across the SOC domains including governance, control frameworks, policies, compliance management, risk management and incident response etc.• Comprehensive knowledge of regulatory and compliance requirements and how they influence the bank's Information Security strategy.• Preferably worked in BFSI domain with proven experience in SOC function.• Strong understanding of key security standards and regulations such as NIST 800-61, CERT/CC, PCI, ISO 27035 etc.Skills and Application• Leads the development and implementation of comprehensive Security Governance strategies that address identified risks and compliance requirements, incorporating advanced technologies and methodologies to enhance security posture.• Deep understanding of Security Incident response frameworks and their application in creating robust policies.• Automate potential resilient security processes to ensure continuous compliance with security best practices.• Maintaining up-to-date knowledge of security trends, threats, and countermeasures• Assess and design security posture determination processes, tools and methodologies• Reviewing and approving use cases/playbooks for SIEM/SOAR tools• Continuously monitor security hygiene and performance using tools and processes• Collaborate with other IS teams, Ops and tech teams on enhancing security incident response resilienceOther• Knowledge of evolving advanced tech stacks and related control and risk universe from a SOC perspective.• Knowledge and expertise in conducting risk assessment and management.• The ideal candidate will have a technical or computer science degree.Professional certifications: GCIH, CISSP, CEH, FOR608, CISM etc.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: Security Incident Response. Experience5-8 Years.