1461 Incident Response Jobs - Page 31

ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it, our most valuable asset is our people. Here you'll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning; bold ideas; courage and passion to drive life-changing impact to ZS. Our most valuable asset is our people. At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systemsthe ones that comprise us as individuals, shape who we are and make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about. Senior Security Operations Analyst We are seeking an experienced professional to join our Pune, India office as a Senior Security Operations Analyst with a strong background in Security Information and Event Management (SIEM) platforms, specifically in Microsoft Sentinel and Wiz. The ideal candidate will be responsible for leading advanced threat detection, response, and monitoring activities. This role will be critical in enhancing our cybersecurity posture and ensuring the ZS environment remains secure against emerging threats. What you'll do: - Manage the day-to-day operations of Microsoft Sentinel, including rule creation, log ingestion, data analytics, and alert triaging - Develop and tune detection rules, use cases, and analytics within Sentinel to improve threat visibility and detection capabilities - Leverage Wiz Defend to detect and respond to runtime threats across cloud workloads and Kubernetes environments in real-time - Continuously monitor and investigate alerts generated by Wiz Defend to enhance threat detection, triage, and incident response capabilities - Perform proactive threat hunting to identify and mitigate advanced threats - Conduct in-depth incident investigations and coordinate response efforts to ensure swift remediation - Collaborate with internal stakeholders and the Threat Intelligence team to identify and mitigate potential security threats - Generate reports and dashboards to communicate SOC performance metrics and security posture to leadership - Continuously improve SOC processes and playbooks to streamline operations and response efforts - Mentor junior SOC analysts and provide guidance on security best practices - This role requires participation in a rotational shift - Flexibility and availability to respond to urgent incidents outside of assigned shifts, as needed What you'll bring: - Strong analytical and problem-solving abilities - Excellent communication and interpersonal skills to effectively collaborate with cross-functional teams - Proven ability to remain calm and efficient under a high-pressure environment - Proficient in using SIEM tools, such as Microsoft Sentinel - Experience with data migration strategies across SIEM platforms - Experience on Cloud Security Operations and Incident Response platforms such as Wiz - In-depth understanding of cyber threats, vulnerabilities, and attack vectors - Proficient in creating KQL queries and custom alerts within Microsoft Sentinel - Expertise in developing SIEM use cases and detection rules - Skilled in incident response and management procedures - Experienced in conducting deep-dive investigations and root cause analysis for incidents - Adept at collaborating with stakeholders to resolve complex cybersecurity challenges - Ability to automate routine SOC processes to enhance operational efficiency - Experienced in mentoring and guiding junior analysts in security operations - Knowledge of major cloud platforms (AWS, Azure, GCP), including their security models, IAM roles, virtual private cloud (VPC) configurations, and cloud-native security tools Good to have skills and abilities: - Excellent interpersonal (self-motivational, organizational, personal project management) skills - Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System - Ability to analyze cyber threats to develop actionable intelligence - Skill in using data visualization tools to convey complex security information Academic Qualifications: - Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience) - 4+ years of experience in a Security Operations Center (SOC) environment, with a focus on SIEM management - Strong hands-on experience with Microsoft Sentinel, including data connectors, KQL queries, analytics rules, and workbooks - Experience with SIEM migration - Expertise in incident response, threat detection, and security monitoring - Solid understanding of Windows, Linux, and cloud security concepts - Relevant certifications (e.g., CompTIA Security+, Microsoft Certified: Security Operations Analyst, GCIA, GCIH, OSDA, GCFA) are preferred - Preferred Security Cloud Certifications: AWS Security Specialty Perks & Benefits: ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member. We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections. Travel: Travel is a requirement at ZS for client facing ZSers; business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures. Considering applying At ZS, we're building a diverse and inclusive company where people bring their passions to inspire life-changing impact and deliver better outcomes for all. We are most interested in finding the best candidate for the job and recognize the value that candidates with all backgrounds, including non-traditional ones, bring. If you are interested in joining us, we encourage you to apply even if you don't meet 100% of the requirements listed above. ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law. To Complete Your Application: Candidates must possess or be able to obtain work authorization for their intended country of employment. An online application, including a full set of transcripts (official or unofficial), is required to be considered. NO AGENCY CALLS, PLEASE. Find Out More At: www.zs.com,

Role & responsibilities : Level 2 SOC Analyst Role Overview: A Level 2 SOC Analyst is responsible for more advanced threat detection and incident response. They handle escalated incidents from Level 1 analysts and perform in-depth analysis to mitigate security threats. Key Responsibilities: Monitor security alerts and notifications generated by security tools and escalated by L1 team Conduct in-depth analysis of security events and incidents to determine their impact and severity, and escalate as necessary according to established procedures Investigate and triage security incidents, including analyzing log data, network traffic, and other relevant information to identify indicators of compromise (IOCs) and determine the root cause Develop and maintain incident response playbooks, procedures, and documentation to ensure consistency and efficiency in incident handling processes Collaborate with threat intelligence analysts to stay informed about emerging threats, vulnerabilities, and attack techniques, and incorporate this knowledge into security monitoring and response activities Configure and manage security tools and technologies to enhance threat detection and response capabilities. Skills and Qualifications: Education: Bachelors degree in Cybersecurity, Information Technology, Computer Science, or a related field. Experience: 2-4 years of experience in SOC operations and incident response. Experience in CrowdStrike SIEM and EDR preferred. Google SecOps , Crowdstrike NGSIEM Analytical Skills: Strong ability to analyze complex security data and identify patterns or anomalies. Documentation: Maintain detailed records of incidents, including analysis, response actions, and lessons learned. Develop SOC Runbooks. Communication Skills: Excellent verbal and written communication skills for documenting incidents and collaborating with team members. Problem-Solving: Ability to think critically and solve complex security issues. Certifications (Preferred): Certifications such as CompTIA Security or Certified Ethical Hacker (CEH) or similar. Work Environment: Typically works in a security operations center. May require shift work to provide 24/7 monitoring.

Key Responsibilities : Threat Detection & Response Security Monitoring Incident Response Threat Intelligence: Vulnerability Management Security Automation Compliance & Risk Management Security Assessments Collaboration:

Key Responsibilities: Incident Detection & Response: Monitor security alerts and events through SIEM tools to identify potential threats. Investigate security incidents and respond in a timely and effective manner. Leverage EDR (Endpoint Detection and Response) solutions for threat detection and incident analysis. Threat Analysis & Mitigation: Conduct thorough threat and malware analysis to identify and mitigate risks. Work closely with internal teams to investigate malware, viruses, and ransomware threats. Use CrowdStrike , Defender , and other endpoint security tools to prevent attacks. Email Security Management: Monitor and manage email security systems to prevent phishing, spam, and other malicious email threats. Respond to suspicious email alerts and work with other teams to resolve them. Continuous Monitoring & Alerting: Actively monitor systems, networks, and applications for any signs of suspicious activities. Utilize Endpoint Security solutions to continuously track and protect endpoints across the network. Collaboration & Reporting: Work closely with the IT and security teams to assess, analyze, and resolve security incidents. Maintain detailed documentation of incidents, findings, and responses for future reference. Regularly report on the status of ongoing security incidents and trends to senior management. Research & Knowledge Enhancement: Stay updated with the latest security threats, vulnerabilities, and trends. Participate in security training and development to improve skills in SIEM , EDR , and other security tools. Required Skills and Qualifications: Bachelors degree in Cybersecurity, Information Security, Computer Science, or a related field, or equivalent work experience. Strong experience with SIEM (e.g., Splunk, QRadar, ArcSight). Proficient in EDR and Endpoint Security tools (e.g., CrowdStrike, Microsoft Defender). Hands-on experience in threat and malware analysis . Familiarity with email security systems (e.g., Proofpoint, Mimecast). Strong understanding of network protocols, firewalls, and intrusion detection/prevention systems. Knowledge of security frameworks and industry standards (e.g., MITRE ATT&CK, NIST). Excellent analytical and problem-solving skills. Preferred Qualifications: Security certifications like CompTIA Security+ , CISSP , CEH , or GIAC are a plus. Experience with incident response and forensic investigation. Familiarity with cloud security in AWS, Azure, or Google Cloud.

Project Role : Security Advisor Project Role Description : Provide enterprise-level advice to make organizations cyber resilient. Assist in navigating the complex landscape of cyber threats, ensuring robust digital asset protection while maintaining trust with stakeholders. Must have skills : Managed Cloud Security Services Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary We are seeking a highly experienced and technically proficient Cloud Security Specialist to lead and advise on the implementation, optimization, and governance of cloud security solutions across Microsoft CASB and CSPM platforms. The ideal candidate will bring deep expertise in cloud security architecture, policy management, and incident response across AWS, Azure, and GCP environments. This role is critical in ensuring the organizations cloud infrastructure remains secure, compliant, and resilient.Roles and ResponsibilitiesCloud Access Security Broker Microsoft CASB:Provide subject matter expertise in the deployment and optimization of Microsoft CASB.Lead continuous and real-time monitoring to detect and mitigate malicious activity across cloud services.Oversee the development and refinement of built-in policies and templates.Manage configuration and policy lifecycle:additions, updates, and deletions.Support and guide security incident investigations using CASB insights and telemetry.Cloud Security Posture Management (CSPM):Continuously assess and monitor cloud assets in AWS, Azure, and GCP for misconfigurations and non-standard deployments using Divy Cloud.Define and enforce mandatory security policies for newly released cloud services.Maintain and evolve cloud compliance policies in alignment with enterprise security requirements.Analyze and prioritize alerts and incidents related to cloud workloads; guide resolution strategies.Manage the full lifecycle of cloud security incidents, including escalation and root cause analysis.Generate and present executive-level and technical reports on vulnerabilities and compliance posture.Govern RBAC policies and oversee cloud role entitlements across platforms.Maintain cloud network security policies and ensure alignment with architectural standards.Provide expert remediation guidance to DevOps and development teams, promoting secure-by-design practices.Deliver regular reporting and insights on cloud security posture and trends.Primary SkillCloud Security Architecture and Operations CASBExperience8+ years of experience in cybersecurity, including substantial hands-on expertise in cloud security as a Specialist or in an advisory capacity.Demonstrated ability to lead cross-functional initiatives and influence cloud security posture across large-scale environments.Strong analytical and communication skills with the ability to translate technical risks into business impact. Educational QualificationBachelors degree in computer science, Information Security, or related field (masters preferred).Industry certifications are strongly preferred:CCSP / CISM or other relevant cloud and security certifications.Security certifications such as AWS/Azure Security Specialty or Microsoft Defender for Cloud Apps. Professional & Technical SkillsCASB (Cloud Access Security Broker):Real-time threat monitoring, policy lifecycle management, incident triage and investigation using Microsoft CASB.Cloud Security Posture Management (CSPM):Continuous assessment of multi-cloud environments (Azure, AWS, Ali Cloud) for misconfigurations and compliance gaps using DivvyCloud; enforcement of cloud security policies and RBAC governance.Cloud Security Operations:Alert triage, incident lifecycle management, and remediation support for DevOps teams; generation of executive-level vulnerability and compliance reports.Cloud Network & Identity Security:Role-based access control (RBAC) policy management, cloud network segmentation, and enforcement of security baselines across cloud platforms.Tools & Platforms:Microsoft CASB, Divy Cloud, Tripwire, Azure, AWS, Ali Cloud.Must-Have Skills: Real-time monitoring of user activity in CASB and data movement in cloud apps.Policy enforcement for data loss prevention (DLP), access control, and threat protection.Integration with Microsoft Defender and other security tools for incident response.Continuous assessment of cloud resources for misconfigurations using Divvy Cloud.Automated remediation workflows and policy enforcement.Role-based access control (RBAC) and cloud network security management.Generating compliance and vulnerability reports for audits and executive review.Networking, encryption, and logging best practices.Good-to-Have Skills: Experience with containers and Kubernetes securityFamiliarity with Infrastructure as Code (IaC) securityCloud-native security tools (e.g., AWS Config, Azure Policy, GCP Security Command Center). Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Competitor Analysis Good to have skills : Security Architecture DesignMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :To drive competitive intelligence initiatives focused exclusively on cybersecurity services. This role supports strategic stakeholders by delivering deep-dive insights on peer organizations in the cybersecurity services space. The analyst will research, track, and interpret competitor strategies, offerings, market moves, and client positioning to inform go-to-market actions and service differentiation. Roles & Responsibilities:Conduct in-depth competitive research on global and regional cybersecurity service providers, including consulting-led firms, MSSPs, and niche players.Develop and maintain competitor profiles that include service offerings (e.g., MxDR, Identity & Access Management, Cloud Security, OT Security), delivery models, alliances, certifications, and client segments.Monitor market movements such as deal wins/losses, acquisitions, leadership changes, analyst rankings, investments, and capability launches.Support the creation of battle cards, SWOT analyses, benchmarking reports, and win-loss summaries tailored to specific cybersecurity service lines.Track and interpret positioning of competitors across analyst reports (e.g., Gartner, IDC, Forrester, ISG, HFS, Everest Group) and translate these insights for sales, marketing, and delivery teams.Collaborate with internal stakeholders (e.g., Client account teams, Cyber industry leads, MU leads) to refine competitive narratives and validate field intel.Contribute to periodic competitive landscape reports and newsletters focused on trends in the cybersecurity services market.Maintain an internal repository of intelligence assets, including slides, transcripts, and data extracts for easy consumption and reuse. Professional & Technical Skills: -Basic understanding of cybersecurity domains such as threat detection, managed services, incident response, IAM, and zero trust.Proficiency in secondary research techniques and comfort with navigating open-source and premium databases (e.g., Gartner, IDC, LinkedIn, company filings).Strong analytical mindset with the ability to structure insights from fragmented data points.Excellent PowerPoint and business writing skills able to write succinct, executive-ready outputs.Comfort working in a fast-paced environment, balancing ad hoc requests with structured deliverables.A collaborative mindset with a willingness to learn from technical and business stakeholders. Additional Information:- The candidate should have minimum 3 years of experience in Competitor Analysis.- This position is based at our Bengaluru office.- A 15 years full time education is required.Exposure to market intelligence or strategy support functions within a services organization is a plus.Understanding of cybersecurity services value chain:advisory, implementation, and managed services.Familiarity with analyst frameworks like Gartner Magic Quadrants, Forrester Waves, and ISG Provider Lens in cybersecurity. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Competitor Analysis Good to have skills : Security Architecture Design, Jenkins, BambooMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :To drive competitive intelligence initiatives focused exclusively on cybersecurity services. This role supports strategic stakeholders by delivering deep-dive insights on peer organizations in the cybersecurity services space. The analyst will research, track, and interpret competitor strategies, offerings, market moves, and client positioning to inform go-to-market actions and service differentiation. Roles & Responsibilities:Conduct in-depth competitive research on global and regional cybersecurity service providers, including consulting-led firms, MSSPs, and niche players.Develop and maintain competitor profiles that include service offerings (e.g., MxDR, Identity & Access Management, Cloud Security, OT Security), delivery models, alliances, certifications, and client segments.Monitor market movements such as deal wins/losses, acquisitions, leadership changes, analyst rankings, investments, and capability launches.Support the creation of battle cards, SWOT analyses, benchmarking reports, and win-loss summaries tailored to specific cybersecurity service lines.Track and interpret positioning of competitors across analyst reports (e.g., Gartner, IDC, Forrester, ISG, HFS, Everest Group) and translate these insights for sales, marketing, and delivery teams.Collaborate with internal stakeholders (e.g., Client account teams, Cyber industry leads, MU leads) to refine competitive narratives and validate field intel.Contribute to periodic competitive landscape reports and newsletters focused on trends in the cybersecurity services market.Maintain an internal repository of intelligence assets, including slides, transcripts, and data extracts for easy consumption and reuse. Professional & Technical Skills: -Basic understanding of cybersecurity domains such as threat detection, managed services, incident response, IAM, and zero trust.Proficiency in secondary research techniques and comfort with navigating open-source and premium databases (e.g., Gartner, IDC, LinkedIn, company filings).Strong analytical mindset with the ability to structure insights from fragmented data points.Excellent PowerPoint and business writing skills able to write succinct, executive-ready outputs.Comfort working in a fast-paced environment, balancing ad hoc requests with structured deliverables.A collaborative mindset with a willingness to learn from technical and business stakeholders. Additional Information:- The candidate should have minimum 3 years of experience in Competitor Analysis.- This position is based at our Bengaluru office.- A 15 years full time education is required.Exposure to market intelligence or strategy support functions within a services organization is a plus.Understanding of cybersecurity services value chain:advisory, implementation, and managed services.Familiarity with analyst frameworks like Gartner Magic Quadrants, Forrester Waves, and ISG Provider Lens in cybersecurity. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Omada Identity Cloud Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations. You will engage in discussions to align security strategies with organizational objectives, ensuring that all security measures are effectively integrated into the cloud environment. Your role will also require you to stay updated on the latest security trends and technologies to enhance the overall security posture of the organization. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in cloud security.- Develop and maintain comprehensive documentation of security policies and procedures. Professional & Technical Skills: - Must To Have Skills: Proficiency in Omada Identity Cloud.- Good To Have Skills: Experience with cloud security frameworks and compliance standards.- Strong understanding of identity and access management principles.- Experience with security incident response and risk management.- Familiarity with cloud service providers and their security offerings. Additional Information:- The candidate should have minimum 7.5 years of experience in Omada Identity Cloud.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Information and Event Management (SIEM), Splunk Security Information and Event Management (SIEM) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are looking for a proactive and detail-oriented SOC Analyst (Incident Response) to join our Security Operations Center (SOC) team. In this role, you will be responsible for detecting, analyzing, and responding to cybersecurity incidents using a combination of technology solutions and processes. Roles & Responsibilities:- Monitor security alerts and events from various sources (SIEM, EDR, firewall logs, IDS/IPS, etc.) to detect potential security incidents.- Triage, investigate, and respond to incidents following standard operating procedures (SOPs) and incident response playbooks.- Perform in-depth analysis of security incidents to identify root causes, scope, and impact.- Escalate complex incidents to appropriate stakeholders and support containment, eradication, and recovery efforts.- Work with internal teams and external partners to contain and remediate threats.- Contribute to continuous improvement of detection capabilities and IR processes.- Maintain incident documentation and provide detailed reports post-incident.- Stay current with emerging threats, vulnerabilities, and incident response best practices. Professional & Technical Skills: - 25 years of experience in a Security Operations Center (SOC) or similar cybersecurity role.- Strong understandin of security technologies such as SIEM, EDR, IDS/IPS, firewalls, and antivirus.- Experience with incident detection, triage, analysis, and response.- Familiarity with MITRE ATT&CK framework and other threat models.- Knowledge of operating systems (Windows/Linux), networking protocols, and cloud environments.- Strong analytical and problem-solving skills.- Excellent verbal and written communication skills.- Industry certifications such as CEH, GCIH, GCIA, or CompTIA Security+ are a plus. Additional Information:- The candidate should have minimum 3 years of experience in Splunk, QRadar or any SIEM tool.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Description: SRE Role Requirements: Years of experience: 2 to 4 years We are seeking an SRE Engineer to help providing strategic direction, technical expertise to ensure the ongoing success and reliability of the platform and products Job Responsibilities: Support and provide guidance in designing, building, and maintaining highly available, scalable, and reliable SaaS infrastructure. Support resilient systems and solutions that meet stringent SLAs Lead efforts to ensure the reliability and uptime of our product, driving proactive monitoring, alerting, and incident response practices. Develop and implement strategies for fault tolerance, disaster recovery, and capacity planning. Conduct thorough post-incident reviews and root cause analyses to identify areas for improvement and prevent recurrence. Drive automation initiatives to streamline operational workflows, reduce manual effort, and improve efficiency. Champion DevOps best practices, promoting infrastructure as code, CI/CD pipelines,and other automation tools and methodologies. Support and partner with other teams on improving our observability systems to monitor site stability and performance Continuously learn and explore new tools, techniques, and methodologies to drive innovation and enhance the DevOps platform. Work closely with development teams to optimize application performance and efficiency. Implement tools and techniques to measure and improve service latency, throughput, and resource utilization. Identify and implement cost-saving measures to ensure cloud infrastructure spending is optimized. Proactively identify and address security vulnerabilities in the cloud environment Collaborate closely with engineering, product management, CISO and other teams to align on reliability goals, prioritize projects, and drive cross functional initiatives. Communicate effectively with stakeholders to provide visibility into reliability initiatives, progress, and challenges Maintain documentation of processes, configurations, and technical guidelines. What We Offer: Exciting Projects: We focus on industries like High-Tech, communication, media, healthcare, retail and telecom. Our customer list is full of fantastic global brands and leaders who love what we build for them. Collaborative Environment: You Can expand your skills by collaborating with a diverse team of highly talented people in an open, laidback environment — or even abroad in one of our global centers or client facilities! Work-Life Balance: GlobalLogic prioritizes work-life balance, which is why we offer flexible work schedules, opportunities to work from home, and paid time off and holidays. Professional Development: Our dedicated Learning & Development team regularly organizes Communication skills training(GL Vantage, Toast Master),Stress Management program, professional certifications, and technical and soft skill trainings. Excellent Benefits: We provide our employees with competitive salaries, family medical insurance, Group Term Life Insurance, Group Personal Accident Insurance , NPS(National Pension Scheme ), Periodic health awareness program, extended maternity leave, annual performance bonuses, and referral bonuses. Fun Perks: We want you to love where you work, which is why we host sports events, cultural activities, offer food on subsidies rates, Corporate parties. Our vibrant offices also include dedicated GL Zones, rooftop decks and GL Club where you can drink coffee or tea with your colleagues over a game of table and offer discounts for popular stores and restaurants!

The Manager will lead and manage 24x7 cybersecurity and SOC operations, ensuring round-the-clock protection of the organization's critical infrastructure. This role demands deep expertise in network security, threat detection, and incident response , while also managing a team working in rotational shifts. Shift: 24x7 Rotational Previous exp in Team management important Requirements: 8+ years in cybersecurity, with 3+ years in a leadership role. Experience running or managing a 24x7 SOC . Strong expertise in SIEM tools , threat detection, and mitigation strategies. Relevant certifications: CISSP, CISM, CEH , or equivalent. Excellent leadership and communication skills.

Exp. in a SOC, incident detection and response,SIEM platform and EDR. understanding of networking principles, TCP/IP, WANs, LANs, and Internet protocols (SMTP, HTTP, FTP, POP, LDAP). cloud security concepts & platforms (e.g., AWS, Azure, GCP).

Job Description for (DLP Admin) DLP Admin which configuration & implementation. DLP policies, CASB, DLP Alerts & Incident response, DLP data security. Experience range - 5 to 8 years Budget - 24 LPA. Hiring Location - Hyderabad Notice Period - Immediate to 30 days. Data Security Strong experience with DLP (Data Loss Prevention) solutions, DLP policy creation, Data Security and Incident Response Experience in DLP policy design and analysis Strong experience in data security tools & techniques including DLP, Cloud Access Security Broker (CASB) Technical Skills & Responsibilities Proficient in DLP false-positive event detection and optimizing the process Experience in DLP, ITIL Foundation, Data Security, Incident Management Strong experience in monitoring, analyzing, and daily operations on DLP process Experience in security process and incident management tools Hands-on experience in security incident response lifecycle Soft Skill & Stakeholder Management Proven coordination skills with multiple business units during the response to DLP events & incidents Accountability in handling internal, restricted, and highly restricted data Effective communication skills to collaborate with different teams Able to build excellent team collaboration with both internal and external teams Education and Experience Formal education or equivalent experience in Information Security, Cybersecurity, Computer Science or related field 58 years of relevant experience in data security and incident response Candidate's Availability Candidate is available to join within 1530 days Good to Have Knowledge on General Data Protection Regulation (GDPR) requirements and regulations Knowledge on common operating systems and platforms Exposure with enterprise-scale organizations including data center environments in finance or similar sectors Risk Management & Internal Audits Exposure with quantification of cyber risk and control actions to mitigate Understanding of global and regional data security audits Skills DLP, CASB, Incident Response, Cyber Security

Overview: We are looking for a skilled SIEM Administrator to manage and maintain Security Information and Event Management (SIEM) solutions such as Innspark , LogRhythm , or similar tools. This role is critical to ensuring effective security monitoring, log management, and event analysis across our systems. Key Responsibilities: Design, deploy, and manage SIEM tools (e.g., Innspark, LogRhythm, Splunk). Develop and maintain correlation rules, s, dashboards, and reports. Integrate logs from servers, network devices, cloud services, and applications. Troubleshoot log collection, parsing, normalization, and event correlation issues. Work with security teams to improve detection and response capabilities. Ensure SIEM configurations align with compliance and audit requirements. Perform routine SIEM maintenance (e.g., patching, upgrades, health checks). Create and maintain documentation for implementation, architecture, and operations. Participate in evaluating and testing new SIEM tools and features. Support incident response by providing relevant event data and insights. Required Qualifications: Bachelor's degree in Computer Science, Information Security, or related field. 3+ years of hands-on experience with SIEM tools. Experience with Innspark, LogRhythm, or other SIEM platforms (e.g., Splunk, QRadar, ArcSight). Strong knowledge of log management and event normalization. Good understanding of cybersecurity concepts and incident response. Familiarity with Windows/Linux OS and network protocols. Scripting knowledge (e.g., Python, PowerShell) is a plus. Strong troubleshooting, analytical, and communication skills. Industry certifications (CEH, Security+, SSCP, or vendor-specific) are a plus. Key Skills: SIEM Tools (Innspark, LogRhythm, Splunk) Troubleshooting Log Management & Analysis Scripting (optional) Security Monitoring Skills Siem,Splunk,Troubleshooting Required Skills Siem,Splunk,Troubleshooting

Overview: We are looking for a skilled SIEM Administrator to manage and maintain Security Information and Event Management (SIEM) solutions such as Innspark , LogRhythm , or similar tools. This role is critical to ensuring effective security monitoring, log management, and event analysis across our systems. Key Responsibilities: Design, deploy, and manage SIEM tools (e.g., Innspark, LogRhythm, Splunk). Develop and maintain correlation rules, s, dashboards, and reports. Integrate logs from servers, network devices, cloud services, and applications. Troubleshoot log collection, parsing, normalization, and event correlation issues. Work with security teams to improve detection and response capabilities. Ensure SIEM configurations align with compliance and audit requirements. Perform routine SIEM maintenance (e.g., patching, upgrades, health checks). Create and maintain documentation for implementation, architecture, and operations. Participate in evaluating and testing new SIEM tools and features. Support incident response by providing relevant event data and insights. Required Qualifications: Bachelor's degree in Computer Science, Information Security, or related field. 3+ years of hands-on experience with SIEM tools. Experience with Innspark, LogRhythm, or other SIEM platforms (e.g., Splunk, QRadar, ArcSight). Strong knowledge of log management and event normalization. Good understanding of cybersecurity concepts and incident response. Familiarity with Windows/Linux OS and network protocols. Scripting knowledge (e.g., Python, PowerShell) is a plus. Strong troubleshooting, analytical, and communication skills. Industry certifications (CEH, Security+, SSCP, or vendor-specific) are a plus. Key Skills: SIEM Tools (Innspark, LogRhythm, Splunk) Troubleshooting Log Management & Analysis Scripting (optional) Security Monitoring Skills Siem,Splunk,Troubleshooting Required Skills Siem,Splunk,Troubleshooting

Location: Remote (India-based preferred),Delhi NCR,Bengaluru,Chennai,Pune,Kolkata, Ahmedabad, Mumbai, Hyderabad Client: Confidential Experience Required: 7-10 Years Employment Type: Contract JobDescription We are seeking an experienced Security Consultant with 710 years of deep technical expertise across AWS security practices, posture assessment, incident response, and automation in security environments. The ideal candidate will play a key role in advising on cloud security design, conducting risk assessments, and strengthening compliance and data protection mechanisms in cloud-native environments. KeyResponsibilities Lead cloud security strategy and implementation for AWS-based applications Conduct Security Posture Assessments, identify gaps, and define risk prioritization plans Implement and manage AWS security controls: IAM (Identity & Access Management) Network Security & Logging Data Encryption & Secrets Management Ensure adherence to compliance frameworks (ISO 27001, NIST, CIS, etc.) Implement Data Loss Prevention (DLP), Data Masking/Obfuscation solutions Drive SIEM/SOAR integration for intelligent threat detection and response Develop and maintain Incident Response plans and coordinate response activities Conduct automated security scanning and integrate into DevSecOps pipelines Provide consultation and innovation around Agentic AI applications in security Qualifications 7+ years of hands-on experience in cloud security, with a focus on AWS Deep knowledge of IAM, encryption, secrets management, and compliance frameworks Experience with SIEM/SOAR platforms, automated scanning tools, and AI-driven security solutions Strong documentation, communication, and stakeholder collaboration skills Ability to work independently in a remote team structure ShareYourProfile Kindly share your updated resume with the following details: Current CTC: Expected CTC: Notice Period: Current Location: Submit To: navaneetha@suzva.com

Evaluate alerts, evidence, and indicators from all relevant source (network, endpoint, SIEM, local logs, etc. ) to successfully triage, scope, and evaluate threats. • Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and implement rapid containment controls. • Collects and preserves digital evidence in an appropriate manner for the threat (up to and including a forensically sound manner according to best practices) • Evaluates artifacts (processes, services, drivers, libraries, binaries, scripts, memory, network traffic, file, email, and other objects) for malicious activity, exploitation, and/or unauthorized access • Identifies attack vectors, exploit methods, malicious code, C2 activity, and persistence mechanism • Performs analysis to determine full scope, risk, and impact of breach or exposure • Performs root cause analysis and recommend mitigation strategies • Properly and thoroughly document incident findings, evidence, analysis steps, and create status updates, findings reports, and recommendations • Focus on preserving uptime and minimize the impact on business and medical services • Collaborate with other teams to perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks. • Employ approved defence-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness). • Collect and analyze intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. • Coordinate with intelligence analysts to correlate threat assessment data. • Write, publish, and socialize after action reports and presentations. • Determine the extent of threats and recommend mitigation and/or remediation courses of action or countermeasures to manage risks.

As a Security Triage Analyst at Snowflake, you will be part of a global team and have the opportunity to learn from the industry's best-in-class experts. You will serve as the front-line of the Incident Response Team, where your responsibilities include determining the scope and impact of security alerts without breaching SLAs. This involves monitoring multiple alerting systems for both corporate IT and production environments. You will triage security alerts, take remediation actions, or escalate validated threats as necessary. By being part of this role, you will have the chance to hone your technical and analytical skills while gaining invaluable experience. Additionally, you will follow and contribute to incident response playbooks and runbooks. Our ideal Security Triage Analyst will possess a Bachelor's or Master's degree in Information Security or an equivalent discipline. They should have at least 2 years of experience on a Global SOC, Incident Response Team, or in a similar role. The candidate should be able to work from 5:00 AM to 2:00 PM IST, five days a week, on one of two shifts: Shift A (Sunday through Thursday) or Shift B (Tuesday through Saturday). Experience in analyzing emails for phishing, email header analysis, URL analysis, basic dynamic and static file analysis, and basic knowledge of SQL are required. The candidate should also have a fundamental understanding of cloud computing and infrastructure, including knowledge of virtual machines, web servers, load balancers, reverse proxies, firewalls, etc. Strong knowledge of networking basics such as TCP/IP, HTTP, DNS, subnetting, VLAN, NAT, and basic network and system forensic principles is essential. Experience with the Linux Command Line Interface, ability to analyze logs, and identify abnormal patterns is required. Basic understanding of containerization, object-oriented programming, and excellent communication skills are also necessary. Bonus points will be given for candidates with prior experience using Snowflake, Python programming, regular expressions, knowledge of APIs, experience working with low-code/no-code automation or SOAR platforms, and exposure to security assessment/design review and threat modeling. Certification in cloud platforms, familiarity with JIRA, ServiceNow, or other case management tools, and the ability to communicate investigative findings to technical staff are advantageous. Snowflake is experiencing rapid growth, and the team is expanding to support and accelerate this growth. We are looking for individuals who share our values, challenge conventional thinking, drive innovation, and contribute to building a future for themselves and Snowflake. For more details regarding the job location, salary, and benefits information for positions in the United States, please visit the Snowflake Careers Site at careers.snowflake.com.,

As a Cinema Security Officer at our Amritsar location, your main responsibility will be to ensure the safety and security of patrons, staff, and property within the cinema premises. Your role is crucial in maintaining a secure and enjoyable environment for all visitors by enforcing cinema policies, monitoring surveillance systems, responding to incidents, and collaborating with other team members to uphold a high standard of security. You will be expected to conduct routine patrols in cinema halls, lobbies, and public areas, assist patrons with security concerns, and provide a visible presence to deter potential threats. In the event of security incidents or emergencies, you must respond promptly, take appropriate action to control situations, and maintain accurate records of all security-related activities. Monitoring access points, checking bags, and belongings, operating surveillance cameras, and reporting any suspicious activities are also key aspects of your role. Collaboration with other security personnel, cinema staff, and effective communication with management and law enforcement are essential for the smooth functioning of the security team. Participating in regular drills and training exercises to ensure emergency preparedness, providing excellent customer service, preparing detailed incident reports, and possessing qualifications such as graduation or a three years Diploma with additional security-related training are necessary for this role. Proven experience as a security officer, strong observational and analytical skills, excellent communication, and interpersonal abilities, along with the ability to handle stressful situations calmly and professionally, are also required. In this full-time position, you will have the opportunity to engage in an interview process that includes HR Interview, a Second Round with the Cinema Manager, and a Last And Final Round with the RGM. Additionally, you will be entitled to benefits such as commuter assistance, health insurance, leave encashment, life insurance, and provident fund. The expected start date for this role is 22/07/2025, and the work location is in person.,

As an Academic Advisor for Cybersecurity Training & Certification at Technovalley Software India Pvt. Ltd., located in Kochi, India, you will play a crucial role in guiding aspiring students, IT professionals, and corporate partners towards achieving internationally recognized certifications and unlocking global career opportunities. Your main responsibilities will include providing professional career guidance and counselling to individuals interested in pursuing Cybersecurity career paths such as Ethical Hacking, Cybersecurity Analyst, Computer Hacking Forensic Investigator, Offensive Security Certified Cybersecurity, Penetration Testing, SOC Analyst, Threat Intelligence, and Incident Response. You will be tasked with understanding the career aspirations and goals of each individual and recommending appropriate certification and training programs to align with their career trajectory. Additionally, you will educate prospective learners on global certification standards from renowned organizations like EC-Council, OffSec, CompTIA, PECB, and Microsoft. You will also offer insights into industry demand for Cybersecurity professionals, expected salary growth, and career scope in various Cybersecurity fields. Your role will involve coordinating the admission process, following up with leads, ensuring high admission conversion rates, and promoting scholarship opportunities for eligible candidates. Furthermore, you will be responsible for building relationships with students, acting as a student success partner, and collaborating with the placement cell to ensure certified students receive career assistance and placement opportunities. The desired qualifications for this role include a Bachelor's degree in Computer Science, Cybersecurity, IT, or related fields, along with a minimum of 2-3 years of experience in academic counselling, career guidance, or technical training consultation, preferably in Cybersecurity, IT Training, or EdTech industries. To excel in this role, you should possess a strong understanding of Cybersecurity certifications, excellent communication and negotiation skills, and the ability to work towards achieving aggressive targets. Your passion for helping individuals build careers in Cybersecurity, along with your familiarity with global job markets and career trends in Cybersecurity and IT Security domains, will be key assets in this position. Joining Technovalley will offer you the opportunity to work with India's leading Cybersecurity Training Company, engage with global professionals and industry leaders, and contribute to shaping the next generation of Cybersecurity professionals in India and beyond. This role also comes with a competitive salary, performance-based incentives, and the chance to drive career transformation in the cybersecurity space.,

The role of a Splunk Security Solution Architect is to serve as a subject matter expert for Splunk Security products and provide expertise on the broader security landscape. Your primary responsibility will be to support Splunk account teams, including sales and pre-sales resources, in developing tailored security solutions for customers. As the "eyes and ears" for the field, you will offer expert guidance and recommendations to help customers enhance the security and resiliency of their organizations. Your key responsibilities will include establishing and maintaining strong relationships with clients and partners, collaborating closely with account teams to align with sales strategies, and conducting demonstrations of Splunk's security products and services to customers. Additionally, you will be required to respond to functional and technical aspects of RFIs/RFPs, provide hands-on leadership in resolving technical issues, and demonstrate a strong ability to collaborate effectively. To excel in this role, you should possess a Splunk Certified Administrator certification or have sufficient knowledge to administer Splunk Enterprise and solutions. You must have at least 5 years of experience as a successful pre-sales engineer, systems integrator, or similar role within the cybersecurity domain. Familiarity with cyber threats, incident response practices, SIEM, automation tools, endpoint technology, threat intelligence, and enterprise hardware and software technologies is essential. Experience with operating systems, networking technology, enterprise software, cloud platforms, scripting languages, and industry certifications such as SANS GIAC, CISSP, CISM, etc., will be advantageous. Furthermore, you should demonstrate strong interpersonal skills, effective communication abilities across different audience types, and a self-motivated attitude with an insatiable curiosity for technological possibilities. A positive and fun-loving demeanor, along with a desire to work with a dynamic team, is key for success in this role. Please note that we are committed to providing guidance on technology, supporting your soft skills development, and educating you on processes. Your passion for technology, motivation, and enthusiasm for working in a collaborative team environment will be highly valued in this position.,

You have the opportunity to join as a Splunk Enterprise Security specialist with 5-8 years of experience in Hyderabad. You will be responsible for integrating Splunk with various security tools and technologies across different domains such as Process Control Domain/OT and Operations Domain/IT. Your role involves administering and managing the Splunk deployment to ensure optimal performance, implementing Role-Based Access Control (RBAC), and developing custom Splunk add-ons for log management. Collaboration with the SOC team is crucial as you will work together to understand security requirements and objectives, and implement Splunk solutions to enhance threat detection and incident response capabilities. Your tasks will include integrating different security controls and devices like firewalls, EDR systems, Proxy, Active Directory, and threat intelligence platforms. You will be responsible for developing custom correlation searches, dashboards, and reports to identify security incidents, investigate alerts, and provide actionable insights to SOC analysts. Additionally, creating efficient custom dashboards for various teams to support security risk investigations and conducting threat hunting exercises using Splunk will be part of your role. Furthermore, you will contribute to the development and refinement of SOC processes and procedures by leveraging Splunk to streamline workflows and enhance operational efficiency. Implementing Splunk for automations of SOC SOP workflows will also be within your responsibilities. To excel in this role, you should have experience in designing and implementing Splunk Enterprise Security architecture, integrating with security tools and technologies, security monitoring, incident response, security analytics, and reporting. Collaboration, communication, and the ability to manage Splunk Enterprise Security effectively are essential requirements. You will also be involved in migrating/scaling the Splunk Environment from Windows to Linux to improve performance, reliability, and availability. Moreover, you will implement and integrate the SOAR platform (Splunk Phantom) and User Behavior Analytics (Splunk UBA/UEBA) with the existing Splunk Infrastructure to enhance operations with automations.,

As an L3 SOC Analyst at CyberProof, a UST Company, you will be a key member of our Security Operations Group, dedicated to helping enterprises react faster and smarter to security threats. With 5 to 7 years of experience under your belt, you will play a crucial role in maintaining secure digital ecosystems through automation, threat detection, and rapid incident response. Your must-have skills include expertise with SIEM vendors such as QRadar, Sentinel, and Splunk, incident response capabilities, and a strong understanding of attack patterns, Tools, Techniques, and Procedures (TTPs). You are experienced in writing procedures, runbooks, and playbooks, possess strong analytical and problem-solving skills, and have hands-on experience with system logs, network traffic analysis, and security tools. Proficiency in identifying Indicators of Compromise (IOCs) and Advanced Persistent Threats (APTs) is essential for this role. Additionally, good-to-have skills involve experience in setting up SIEM solutions, troubleshooting connectivity issues, familiarity with security frameworks and best practices, and the ability to collaborate effectively with IT and security teams. Your responsibilities will include acting as an escalation point for high and critical severity security incidents, conducting in-depth investigations to assess impact and understand the extent of compromise, analyzing attack patterns, and providing recommendations for security improvements. You will be responsible for proactive threat hunting, log analysis, providing guidance on risk mitigation, improving security hygiene, identifying gaps in security processes, and suggesting enhancements. Ensuring end-to-end management of security incidents, documenting incident response processes, defining future outcomes, participating in discussions, meetings, and briefings, as well as training team members on security tools and incident resolution procedures are also part of your role.,

As a Lead SOC Analyst at Snowflake, you will play a crucial role in shaping the future of the AI Data Cloud. Your responsibilities will include being the service owner of security triage in India, where you will lead a team of Triage Analysts by hiring, coaching, training, and supervising them. You will also be responsible for performing quality assurance checks on their alerts and maturing the security triage process. Collaborating with other security teams to handle more triage tasks will be a key aspect of your role. Being part of a global team, you will have the opportunity to learn from industry experts and serve as the front-line of the Incident Response Team. Your day-to-day tasks will involve triaging security alerts, taking remediation or escalation actions, developing and maintaining response playbooks and work instructions, as well as leading automation initiatives to enhance efficiency. This role will allow you to hone your technical and analytical skills while gaining valuable experience in the field. The ideal Lead SOC Analyst for Snowflake will possess a Bachelor's or Master's degree in Information Security or a related discipline, along with at least 5 years of experience in a Global SOC, Incident Response Team, or similar role. You should have demonstrated expertise in mentoring and teaching junior security analysts and be able to work collaboratively with other teams across regions. Strong communication skills, a track record of delivering results, and familiarity with industry-standard security frameworks and processes are essential for this role. Experience with investigative tools such as EDR, DLP, SIEM, and querying large datasets, along with knowledge of cloud computing, infrastructure, and networking protocols, will be advantageous. Additionally, familiarity with low-code/no-code automation or SOAR platforms, cloud providers like AWS, Azure, GCP, and operating systems like Windows, Linux, Mac will be beneficial for this position. Bonus points will be awarded for candidates with prior experience using Snowflake, knowledge of SQL, programming languages like Python and Go, expertise in regular expressions, Infrastructure as Code, CICD processes, and relevant cloud and security certifications. Snowflake is a rapidly growing company, and we are looking for individuals who align with our values, challenge conventional thinking, and contribute to the pace of innovation. If you are passionate about making an impact and shaping the future of technology, we invite you to consider joining our team at Snowflake. For additional details on salary and benefits information, please refer to the job posting on the Snowflake Careers Site.,

As a Security Incident Response Analyst at our organization, you will be responsible for incident assessment and response to security alerts and incidents. Your role will involve analyzing these incidents to ensure efficient containment, eradication, and recovery. It will be essential for you to document and report your findings to improve the overall security posture of the organization. In this position, effective communication and coordination are key aspects of your responsibilities. You will act as the primary contact during security incidents, providing clear communication to stakeholders and preparing incident reports. Additionally, you will be required to coordinate with SOC analysts, IT teams, and third-party vendors. Participating in post-incident reviews, developing detections, playbooks, and SOPs will be a part of your continuous improvement efforts. You will also need to identify security control gaps and recommend improvements, as well as conduct training sessions for SOC team members and stakeholders. Monitoring threat intelligence feeds to identify emerging threats and vulnerabilities will be part of your daily tasks. Proactively hunting for indicators of compromise (IOCs) will also be essential to enhance the organization's security posture. To qualify for this role, you should have a Bachelor's degree in Computer Science, Information Security, or a related field. A minimum of 1 year of experience in cybersecurity and threat intelligence is required. You must have proven experience in a security operations role with strong incident response and threat intelligence skills. Excellent communication and coordination skills are essential, along with the ability to work effectively under pressure and manage multiple incidents simultaneously. Please note that the benefits and perks associated with this position may vary depending on the nature of your employment with our organization and the country where you work.,