1467 Incident Response Jobs - Page 39

About The Role Project Role : Security Delivery Lead Project Role Description : Leads the implementation and delivery of Security Services projects, leveraging our global delivery capability (method, tools, training, assets). Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 15 year(s) of experience is required Educational Qualification : be btech mtech Summary :As a Security Delivery Lead, you will lead the implementation and delivery of Security Services projects, leveraging our global delivery capability. You will be responsible for ensuring the successful execution of projects, utilizing our method, tools, training, and assets. Your role will involve overseeing the entire project lifecycle, from planning and design to implementation and post-implementation support. You will collaborate with cross-functional teams and stakeholders to ensure the delivery of high-quality security solutions. Roles & Responsibilities:- Expected to be a SME with deep knowledge and experience.- Should have Influencing and Advisory skills.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Expected to provide solutions to problems that apply across multiple teams.- Lead the implementation and delivery of Security Services projects.- Utilize global delivery capability, including method, tools, training, and assets.- Oversee the entire project lifecycle, from planning and design to implementation and post-implementation support.- Collaborate with cross-functional teams and stakeholders to ensure the delivery of high-quality security solutions. Professional & Technical Skills: - Must Have Skills: Proficiency in Security Information and Event Management (SIEM). Proficiency in consulting (solutioning work with presales, RFP's, estimation), client management, SOC Delivery- Strong understanding of security principles and best practices.-Deep expertise in SIEM, SOAR and Incident Response- Experience in designing and implementing security solutions.- Knowledge of security frameworks and standards (e.g., ISO 27001, NIST).- Experience in conducting security assessments and audits.- Good To Have Skills: Experience with security incident response and threat intelligence.- Familiarity with security technologies and tools (e.g., firewalls, IDS/IPS, SIEM).- Knowledge of cloud security and emerging trends in the security industry. Additional Information:- The candidate should have a minimum of 15 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A B.e B.tech M.tech is required. Qualification be btech mtech

Key Skills: AI data platforms, platform configuration, incident response, SLA management, root cause analysis, monitoring, documentation, troubleshooting, performance optimization, collaboration, reporting. Roles and Responsibilities: Administer, manage, and configure ADB's AI Data Platforms to meet defined business requirements. Collaborate with business analysis teams and business units to translate requirements into actionable platform configurations. Partner with Engineering Leads to align implementation plans and support operational needs. Maintain comprehensive documentation on platform configurations, procedures, and best practices. Work closely with Engineering Leads to manage incident response, perform troubleshooting, root cause analysis, and implement permanent fixes. Track key service metrics, generate reports, and provide insights to enhance service performance and user experience. Oversee daily operations of AI Products and AI Data Platforms to ensure high availability and optimal performance. Establish and maintain Service Level Agreements (SLAs) for platform uptime, response times, and service quality. Monitor and manage support issues, ensuring timely resolution and continuous process optimization. Monitor platform performance, reliability, and scalability, recommending improvements aligned with business goals. Identify gaps in service delivery, propose enhancements, and drive process improvements. Facilitate regular status updates and SLA reviews with internal and external stakeholders. Experience Requirement: 3-5 years of experience in data platform management, preferably with AI or machine learning platforms. Experience in incident response, troubleshooting, and root cause analysis in a data platform environment. Familiarity with establishing and maintaining SLAs for platform performance and service quality. Proficiency in monitoring and optimizing platform performance, reliability, and scalability. Experience with documentation and reporting on platform configurations and service metrics. Education: Any Graduation.

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud security challenges. Roles & Responsibilities:-Monitor, analyze security alerts from SIEM platforms and other threat detection systems to identify potential security incidents by following established processes.-Design and optimize complex search queries; create and maintain custom dashboards, alerts, and reports to improve visibility and detection capabilities.-Collaborate with IT, infrastructure, and application teams to manage and resolve security incidents effectively.-Lead and participate in security incident response activities, ensuring accurate documentation and closure of incidents.-Improve SOC operations by enhancing processes, developing playbooks, and updating standard operating procedures (SOPs).-Mentor and support junior analysts by providing guidance and resolving escalated alerts.-Conduct deep-dive investigations into advanced or persistent threats and track incidents through to resolution.-Actively participate in and lead client meetings, providing technical input and updates on ongoing incidents or improvements.-Identify and reduce false positives through alert fine-tuning and continuous rule optimization.-Apply knowledge of threat models, threat intelligence, and attacker techniques (e.g., MITRE ATT&CK) to enhance detection strategies.-Administer core SIEM components, including deployment servers and indexers, ensuring high availability and performance.-Contribute to building and enhancing detection content, such as correlation rules and threat detection logic. Professional & Technical Skills: -Experience working as SOC analyst.- Strong Understanding of tools like SIEM, CrowdStrike, MS Defender, Proofpoint, Azure, IDS/IPS.- Strong Understanding of TCP/IP, DNS, DHCP, HTTP/HTTPs, VPN- Basic understanding of Windows/Linux command line tools.- Log analysis from operating systems, firewalls, etc.- SIEM/SOC operations experience for very large enterprises.- Knowledge on MITRE/CKC framework. Additional Information:- The candidate should have minimum 3 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Managed Cloud Security Services Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a CSPM WIZ Administrator and analyst, you will be responsible for overseeing the security posture of cloud environments, ensuring compliance with industry standards, and implementing best practices to mitigate risks. Your role will involve configuring and managing CSPM tools, conducting regular assessments, and collaborating with cross-functional teams to enhance cloud security.Key Responsibilities- CSPM WIZ Tool Management:Configure, deploy, and maintain CSPM solutions to monitor and secure cloud resources.- Security Assessments:Conduct regular security posture assessments to identify vulnerabilities and misconfigurations.- Compliance Monitoring:Ensure adherence to compliance frameworks such as ISO 27001, NIST, and GDPR.- Incident Response:Collaborate with security teams to respond to and remediate security incidents.- Automation:Implement automation scripts to streamline security processes and reduce manual efforts.- Documentation:Maintain detailed records of security configurations, assessments, and incidents. Professional & Technical Skills: - Must To Have Skills: Proficiency in Managed Cloud Security Services.- Experience with cloud security frameworks such as NIST, ISO 27001, or CIS.- Strong understanding of cloud service models (IaaS, PaaS, SaaS) and their security implications.- Familiarity with security tools and technologies for cloud environments, including firewalls, intrusion detection systems, and encryption solutions. Additional Information:- The candidate should have minimum 3 years of experience in Managed Cloud Security Services.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and facilitating the transition to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud security challenges. Roles & Responsibilities:-Monitor, analyze security alerts from SIEM platforms and other threat detection systems to identify potential security incidents by following established processes.-Collaborate with IT, infrastructure, and application teams to manage and resolve security incidents effectively.-Participate in security incident response activities, ensuring accurate documentation and closure of incidents.-Improve SOC operations by enhancing processes and updating standard operating procedures (SOPs).-Actively participate in client meetings, providing technical input and updates on ongoing incidents or improvements.-Identify false positives through alert fine-tuning and continuous rule optimization.-Apply knowledge of threat intelligence, and attacker techniques (e.g., MITRE ATT&CK) to enhance detection strategies.-Contribute to enhancing detection content, such as correlation rules and threat detection logic. Professional & Technical Skills: - Experience working as SOC analyst.- Good Understanding of tools like SIEM, CrowdStrike, MS Defender, Proofpoint, Azure, IDS/IPS.- Strong Understanding of TCP/IP, DNS, DHCP, HTTP/HTTPs, VPN- Basic understanding of Windows/Linux command line tools.- Log analysis from operating systems, firewalls, etc.- SIEM/SOC operations experience for very large enterprises.- Knowledge on MITRE/CKC framework. Additional Information:- The candidate should have minimum 2 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Identity and Access Management (IAM) Operations Good to have skills : Identity Access Management (IAM)Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :Security and Controls :IAM ConsultantAs a Security Engineer, you will apply your security skills to design, build, and protect enterprise systems, applications, data, assets, and people. Your typical day will involve collaborating with various teams to implement security measures, conducting assessments to identify vulnerabilities, and ensuring compliance with security policies. You will also engage in proactive monitoring of systems to detect and respond to potential threats, while continuously improving security protocols to safeguard the organizations information and infrastructure. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in security practices.- Develop and maintain documentation related to security processes and protocols. Professional & Technical Skills: - Must To Have Skills: Proficiency in Identity and Access Management (IAM) Operations.- Good To Have Skills: Experience with Identity Access Management (IAM).- Strong understanding of security frameworks and compliance standards.- Experience with risk assessment and management methodologies.- Familiarity with security incident response and management.- Knowledge of network security principles and practices. Additional Information:- The candidate should have minimum 7.5 years of experience in Identity and Access Management (IAM) Operations.- This position is based at our Hyderabad office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As the SOC L3 Analyst you will lead the technical handling of critical security incidents. Youll be responsible for deep-dive analysis, root cause investigation, forensics, and containment using tools such as CrowdStrike, Sumo Logic SIEM, and SOAR. You will be responsible for onboarding and managing log sources, building SIEM use cases (custom + in built), and developing automation in SOAR to support incident response and threat detection workflows Roles & Responsibilities:-End-to-End Incident Response Ownership:Ability to handle incident lifecycle (detect, contain, remediate)-Subject matter expert for handling the escalated critical or actual true positive incidents.-CrowdStrike Deep Dive:Using Real Time Response (RTR), Threat Graph, custom IOA rules-Strong command over Sumo Logic SIEM content engineering:Creating detection rules, dashboards, and field extractions-Threat Hunting:Behavior-based detection using TTPs-SOAR Automation:Designing playbooks, integrations with REST APIs, ServiceNow, CrowdStrike-Threat Intel Integration:Automation of IOC lookups and enrichment flows-Forensic Skills: Live host forensics, log correlation, malware behavioral analysis-Deep experience in advanced threat detection and incident response-Scripting Proficiency:Python, PowerShell, Bash for automation or ETL-Error Handling & Debugging:Identify and resolve failures in SOAR or data pipelines-Proficiency in CrowdStrike forensic and real-time response capabilities-Experience Sumo Logic SOAR for playbook optimization-Use case development in Sumo Logic SIEM Professional & Technical Skills: -Lead high-severity incident response, coordinating with stakeholders and IT teams-Perform endpoint forensic triage using CrowdStrike Real Time Response (RTR)-Conduct detailed log analysis and anomaly detection in Sumo Logic-Customize or create new detection rules and enrichments in SIEM-Develop/Tune SOAR playbooks for advanced scenarios, branching logic, and enrichment-Perform root cause analysis and support RCA documentation-Mentor L1 and L2 analysts through case walk-throughs and knowledge sharing-Generate post-incident reports and present findings to leadership-Lead investigations and coordinate response for major incidents-Perform root cause analysis and post-incident reviews-Develop advanced detection content in Sumo Logic-Optimize SOAR playbooks for complex use cases-Onboard and maintain data sources in Sumo Logic SIEM and ensure parsing accuracy-Build custom dashboards, alerts, and queries aligned with SOC use cases-Create and maintain field extractions, log normalization schemas, and alert suppression rules-Integrate external APIs into SOAR (e.g., VirusTotal, WHOIS, CrowdStrike)-Monitor log health and alert performance metrics; troubleshoot data quality issues-Collaborate with L3 IR and Threat Intel teams to translate threat use cases into detections-Participate in continuous improvement initiatives and tech upgrades-Conduct playbook testing, version control, and change documentation-CrowdStrike:Custom detections, forensic triage, threat graphs-SIEM:Rule creation, anomaly detection, ATT&CK mapping-SOAR:Playbook customization, API integrations, dynamic playbook logic-Threat Intelligence:TTP mapping, behavioral correlation-SIEM:Parser creation, field extraction, correlation rule design-Scripting:Python, regex, shell scripting for ETL workflows-Data Handling:JSON, syslog, Windows Event Logs-Tools:Sumologic SIEM, Sumo logic SOAR & Crowdstrike EDR-Exp in in SOC/IR including 4+ in L3 role (IR + SIEM Content Engineering & SOAR) Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Encore Software Services is looking for End Point Security Admin to join our dynamic team and embark on a rewarding career journey Security Infrastructure: Design, implement, and manage security infrastructure to protect the organization's systems and networks. Utilize industry best practices and standards to enhance security posture. Identity and Access Management: Administer and monitor user access, permissions, and authentication mechanisms. Implement and manage identity and access management (IAM) solutions. Security Audits and Assessments: Conduct regular security audits and assessments to identify vulnerabilities. Develop and implement corrective actions to address security findings. Incident Response: Collaborate with the incident response team to investigate and respond to security incidents. Develop and maintain incident response plans and procedures. Security Policies and Procedures: Develop and enforce security policies and procedures. Ensure that security documentation is current and aligns with industry standards. Security Awareness: Promote a culture of security awareness among employees. Conduct training sessions on security best practices. Patch Management: Implement and manage security patching processes for systems and applications. Stay informed about security vulnerabilities and apply patches promptly. Collaboration: Collaborate with IT and other departments to integrate security measures into the overall IT infrastructure. Provide guidance and support to IT staff on security-related matters. Symantec End Point Security

Job Discription: Minimum of 8 years of experience. Strong understanding of SIEM tools. Solid knowledge of EDR solutions. Experience in managing and mentoring a SOC team. Proven experience in leading the incident response process. Strong analytical skills, with a basic understanding of forensics, networking, and Windows processes

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations, ensuring that all security measures align with organizational objectives and compliance standards. You will engage in discussions to refine security strategies and provide guidance on best practices, contributing to a secure cloud environment that supports business operations effectively. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Develop and maintain comprehensive documentation of security architecture and frameworks.- Conduct regular assessments of cloud security controls to ensure effectiveness and compliance. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Information and Event Management (SIEM).- Strong understanding of cloud security principles and best practices.- Experience with security incident response and threat management.- Familiarity with regulatory compliance standards related to cloud security.- Knowledge of security tools and technologies used in cloud environments. Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Paramatrix Technologies Pvt. Ltd is looking for SOC Analyst L3 to join our dynamic team and embark on a rewarding career journey Monitor and analyze security events and incidents, identifying and investigating potential threats Maintain the security of our network and systems by implementing security controls and best practices Work closely with the rest of the security team to ensure that our systems and networks are secure and compliant with industry standards Maintain accurate documentation and reports on security events and incidents Communicate effectively with team members and other stakeholders to ensure that security issues are addressed in a timely and effective manner Stay up to date with the latest security technologies and threats

Narnarayan Shastri Institute of Technology IFSCS is looking for Cyber Security Professional to join our dynamic team and embark on a rewarding career journey Threat Detection and Analysis: Monitor network traffic, system logs, and security alerts to detect and analyze potential security threats, such as malware, intrusions, and unauthorized access Incident Response: Develop and execute incident response plans to address and mitigate security incidents and breaches Vulnerability Assessment: Identify vulnerabilities in software, hardware, and network configurations, and recommend patches and security updates Security Monitoring: Continuously monitor and analyze security events, assess system vulnerabilities, and recommend security enhancements Security Policies and Procedures: Develop and enforce security policies, standards, and procedures to ensure a consistent and secure computing environment Access Control: Implement and manage access control systems, including user authentication, authorization, and password policies Security Tools: Utilize a range of security tools, such as intrusion detection systems (IDS), intrusion prevention systems (IPS), firewalls, antivirus software, and data encryption

Role Overview Were hiring an experienced L2 Web Application Firewall (WAF) Administrator to take ownership of WAF security across large-scale enterprise environments. Youll be responsible for configuring, maintaining, and monitoring WAF platforms (primarily F5, Citrix, or similar) to protect business-critical web applications from cyber threats. This is a hands-on operational role with a focus on real-time threat prevention, incident troubleshooting, and continuous tuning of WAF policies. Key Responsibilities Operate and manage Web Application Firewalls (WAF) in 24x7 production environments. Configure security policies, enforce rulesets, and tune signatures to defend against web-based threats (SQLi, XSS, CSRF, etc.). Respond to and troubleshoot WAF-related incidents, traffic anomalies, and false positives. Perform regular health checks, system upgrades, patching, and SSL certificate management. Monitor WAF dashboards, threat logs, and alerts to proactively mitigate application-level attacks. Coordinate with security, application, and network teams to implement protection for new or updated web apps. Maintain technical documentation, including WAF policies, traffic flows, and change logs. Ensure compliance with OWASP Top 10, PCI-DSS, and internal security standards. Required Skills & Experience Minimum 5 years of hands-on experience in Web Application Firewall administration . Expertise in F5 ASM , Citrix WAF , Imperva , or other enterprise-grade WAF platforms. Deep understanding of web protocols (HTTP/S) and Layer 7 traffic behavior . Experience with protocols and technologies such as, BDP, OSPF, MP-FBP EVPN, VXLAN, or VPC Application Centric Infrastructure (ACI) deployment and data center experience Strong knowledge of OWASP Top 10 vulnerabilities and common web attack patterns. Ability to write and tune custom WAF rules , manage exceptions, and interpret log data for root cause analysis. Familiarity with SSL offloading , certificate renewal, and encryption standards. Experience in coordinating with SOC/NOC teams and participating in incident response. Certifications (Mandatory) F5-201/Other Industry leading OEM Professional level Nice to have Experience in WAF policy automation or scripting (Python, Bash, Ansible). Exposure to multi-vendor WAF environments. Experience with design and implementing Software Defined Network (SDN) and large complex networks Basic understanding of load balancing, but primary expertise must be WAF-centric. Experience with protocols and technologies such as, BDP, OSPF, MP-FBP EVPN, VXLAN, or VPC

Role Overview We are hiring a highly experienced L3 Web Application Firewall (WAF) Specialist to lead the planning, implementation, and optimization of WAF solutions across enterprise environments. This is a technical leadership role requiring deep understanding of application-layer security, strong hands-on experience with WAF technologies (especially F5 ASM or equivalent), and the ability to handle complex security incidents independently. You will act as the subject matter expert (SME) for WAF in client-facing and internal security engagements, guiding application protection strategies, overseeing advanced threat prevention, and mentoring L1/L2 engineers. Key Responsibilities Lead WAF Design & Deployment : Architect, configure, and deploy enterprise-grade WAF solutions across multi-tenant, multi-region environments using technologies like F5 ASM, Citrix, or Imperva. Incident Management & Escalation (L3 Level) : Handle high-priority WAF incidents, perform root cause analysis (RCA), implement custom mitigations, and ensure resolution within defined SLAs. Policy Tuning & Custom Rules : Develop and optimize custom WAF rules (iRules, regex, JSON filters) based on traffic analysis, threat signatures, and business use cases to minimize false positives and ensure maximum protection. Threat Intelligence Integration : Analyze logs and correlate WAF events with threat intelligence feeds and SIEM tools to proactively detect and respond to Layer 7 attacks (e.g., SQLi, XSS, RFI, LFI, bot traffic). Pre-Production Application Review : Collaborate with DevSecOps and App teams to assess applications prior to production rollout, ensuring adequate WAF protection is in place through rigorous policy simulations and tuning. Patch & Upgrade Planning : Plan and execute firmware upgrades, policy migrations, and security patching aligned with vendor lifecycle and enterprise security policies. Compliance & Audit Support : Align WAF posture with OWASP Top 10, PCI-DSS, GDPR, and internal compliance frameworks; prepare documentation and reports for audits and security assessments. Mentoring & Process Improvement : Mentor L1/L2 WAF engineers, define SOPs, standardize response playbooks, and drive automation initiatives where possible. Required Skills & Experience Minimum 7 years of hands-on experience managing Web Application Firewalls in enterprise or service provider environments. Deep expertise in WAF platforms such as F5 BIG-IP ASM , Citrix AppFirewall , Imperva , or Fortinet WAF. Strong knowledge of Layer 7 protocols , HTTP/HTTPS traffic analysis , TLS/SSL decryption , and web server architectures . Familiarity with protocols and technologies such as BGP, OSPF, VXLAN, or MP-BGP EVPN is a plus. Advanced understanding of application-layer threats , bot mitigation , credential stuffing , zero-day exploit patterns , and custom rule writing . Proven ability to manage complex security incidents independently and interface with customers, stakeholders, and internal security teams. Experience with configuration backup/recovery , version control , and multi-tenant policy management . Excellent documentation, troubleshooting, and stakeholder communication skills. Certifications (Mandatory) F5-301/F5-303/Other Industry leading OEM Professional level Certification Nice to Have Exposure to cloud-native WAFs (e.g., AWS WAF, Azure WAF, Cloudflare). Experience in ACI (Application Centric Infrastructure) and Software Defined Networking (SDN) for securing microservices or hybrid apps. Scripting or automation knowledge (Python, Bash, Ansible) to streamline monitoring and deployment tasks.

Join Our Cyber Star Team -Deloitte India !! #CyberChamps-Are you ready to apply your knowledge & background to exciting new challenges ? From Learning to Leadership, this is your chance to take your career to next level. Time To Meet The Team @ Deloitte -Gurgaon DLF office -12th July (Saturday) Interested Applicants-Choose your Impact & Apply on the below link to Join our #Cyber Team! Link To Apply- https://lnkd.in/dCsGFkgP JobCode-85019 #Please note the below schedule/venue dates for In-Person (F2F) Round :- Save The Date :: 12th Jul'25 (10 AM - 6 PM)-Saturday Mode :: In-Person Interview - Based on Virtual Interview Scoring Test via invirtualinterview@deloitte.com Office Location :: 7th Floor, Building 10, Tower B, DLF Cyber City, DLF Phase 2, Sector 24, Gurugram, Haryana 122002. What You'll Do :: 1. SOC Ops Lead / L3SecOps | Gurgaon | Exp-6 to 12 years : >Lead 24/7 operations of the MSSP SOC, ensuring continuous monitoring, analysis, and response to security incidents across multiple client environments. >Oversee the detection, investigation, and response to security incidents within client environments. >Ensure proper escalation of incidents to client contacts based on the severity and impact of the incident. >Oversee the use and management of SOC tools such as SIEM, SOAR, EDR, threat intelligence platforms, and log management solutions. >Implement automation and orchestration (SOAR) to streamline repetitive tasks and improve response times. 2. SOC Ops L2 / SIEM, QRADAR Engineering / Incident Response | Gurgaon | Exp-4 to 8 years : >Conduct in-depth investigation of security incidents including data collection, root cause analysis, and recovery efforts, ensuring compliance with defined SLAs. >Validate and fine-tune correlation rules, use-cases, and custom detections in SIEM tools to reduce false positives and improve detection fidelity. > Propose new SIEM use cases with playbook creation based on threat intelligence, evolving TTPs, or internal security gaps. >Conduct alert quality reviews, enhancing or retiring outdated detection logic and recommending improved strategies. 3. LogRythm /Incident Response | Gurgaon & Hyderabad | Exp- 2 to 4 years : >Advanced Log Monitoring and Analysis >Incident Escalation and Resolution >LogRhythm Platform Management >Threat Intelligence Integration >Security Tool Configuration and Tuning: **Immediate/ Early Joiners are highly preferred. **Should be flexible to operate in 24*7 rotational shifts and willing to travel for clients based out of Mumbai Location. **Mandatory Virtual Screening test by the applicants to be completed before appearing for In-Person Interviews on Saturday.

About this role: Wells Fargo is seeking a Senior Information Security Engineer. In this role, you will: Lead or participate in computer security incident response activities for moderately complex events Conduct technical investigation of security related incidents and post incident digital forensics to identify causes and recommend future mitigation strategies Provide security consulting on medium projects for internal clients to ensure conformity with corporate information, security policy, and standards Design, document, test, maintain, and provide issue resolution recommendations for moderately complex security solutions related to networking, cryptography, cloud, authentication and directory services, email, internet, applications, and endpoint security Review and correlate security logs Utilize subject matter knowledge in industry leading security solutions and best practices to implement one or more components of information security such as availability, integrity, confidentiality, risk management, threat identification, modeling, monitoring, incident response, access management, and business continuity Identify security vulnerabilities and issues, perform risk assessments, and evaluate remediation alternatives Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals Required Qualifications: 4+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education Desired Qualifications: 4+ years of demonstrated information security applications and systems experience 4+ years of demonstrated experience leveraging security technologies such as SIEM for security incident analysis 2+ years of demonstrated experience with at least one scripting language (preferably JavaScript and its frameworks Python) working on automation and engineering projects Proficiency in detection engineering developing and maintaining effective detection rules and correlation logic. Correlation searches, rules, alerts. Behavioral detections (e.g., brute-force, privilege escalation). Anomaly detections (e.g., unusual logon patterns, entropy-based detections). Hands-on experience with parsing configurations (props, transforms, regex, normalization techniques). Expertise in log source onboarding , source categorization, and enrichment. Strong understanding of security event types (firewall, endpoint, identity, cloud, SaaS logs). Familiarity with common attack vectors (credential abuse, privilege escalation, lateral movement). Knowledge of threat detection frameworks like MITRE ATT&CK, NIST, CIS . Ability to work with threat intelligence feeds to build contextual detections. Experience with log analysis , anomaly detection , and statistical detection methods. Proficient in developing content for SIEMs such as Splunk, Sentinel, QRadar, ArcSight, Elastic, etc. Optimize search performance and false positive tuning of existing detection rules. Maintain deployment workflows for apps, configurations, and detection packages across the SIEM infrastructure. Work with security analytics teams to develop data models or normalized schemas (CIM or equivalent). Job Expectations: Knowledge and understanding of banking or financial services industry Should possess understanding of security and threat landscape relevant to cloud technologies Excellent verbal, written, and interpersonal communication skills Strong ability to identify anomalous behavior on endpoint devices and/or network communications Advanced problem solving skills, ability to develop effective long-term solutions to complex problems Relevant certifications such as Splunk Certified Admin, Splunk Enterprise Security Certified Admin.

About the Role We are seeking a highly skilled Security Analyst (Level 2) to join our MSSP SOC team. The ideal candidate will have expertise in SIEM (Splunk, QRadar), XDR/EDR solutions, and security analysis with hands-on experience in investigating and responding to security alerts. This role requires proficiency in reviewing and analyzing Level 1 alerts, providing detailed recommendations, and engaging with customers for incident handling. The candidate should also have basic SIEM administration knowledge and Python scripting skills for troubleshooting and playbook development. Key Responsibilities Threat Detection & Response: Analyze and investigate security alerts, events, and incidents generated by SIEM, XDR, and EDR solutions. Incident Investigation & Handling: Conduct in-depth security incident investigations, assess impact, and take appropriate actions. Incident Escalation & Communication: Escalate critical incidents to Level 3 analysts or senior security teams while maintaining detailed documentation. Content Management: Develop and fine-tune correlation rules, use cases, and alerts in SIEM/XDR platforms to improve detection accuracy. Malware Analysis: Perform basic malware analysis and forensic investigation to assess threats. Customer Request Handling: Collaborate with customers to address security concerns, provide recommendations, and respond to inquiries. SIEM Administration: Assist in the administration and maintenance of SIEM tools like Splunk or QRadar, ensuring smooth operations. Automation & Playbooks: Utilize Python scripting for automation, troubleshooting, and playbook development to enhance SOC efficiency. Reporting & Documentation: Prepare detailed reports on security incidents, trends, and mitigation strategies. Basic Qualifications B.E/B. Tech degree in computer science, Information Technology, Masters in Cybersecurity 3+ years of experience in a SOC or cybersecurity operations role. Strong knowledge of SIEM tools (Splunk, QRadar) and XDR/EDR solutions. Hands-on experience in threat detection, security monitoring, and incident response. Knowledge of network security, intrusion detection, malware analysis, and forensics. Basic experience in SIEM administration (log ingestion, rule creation, dashboard management). Proficiency in Python scripting for automation and playbook development. Good understanding of MITRE ATT&CK framework, security frameworks (NIST, ISO 27001), and threat intelligence. Strong analytical, problem-solving, and communication skills. Ability to work in a 24x7 SOC environment (if applicable) Preferred Qualifications Certified SOC Analyst (CSA) Certified Incident Handler (GCIH, ECIH) Splunk Certified Admin / QRadar Certified Analyst CompTIA Security+ / CEH / CISSP (preferred but not mandatory

Lead Security Analyst (P4) Must Have skills: SOC, End to end investigation, L4 ticket investigation, IDR ( Incident Response) , Digital Forensics, Public Cloud Experience: 10 to 14 years Shift: Rotational Job Responsibilities: As a Level 4 (L4) Lead Security and Threat Monitoring Analyst, you will be part of UKGs Global Security Operations Center (GSOC) team investigating events of interest and incidents as they are validated, prioritized, and categorized by UKGs 24x7 L1, L2 and L3 analyst teams. You will facilitate and follow UKG’s standard processes to investigate, contain, eradicate, and respond in a continued and unified effort to protect the confidentiality, integrity, and availability of UKG, our partners’ and customers’ data and services. You will be an escalation point for all incidents, either regionally or during shift assignment; analyzing, confirming, re-prioritizing if necessary and/or escalating/remediating those identified threats within the UKG computing environment. Having handson experience into Digital Forensics and Public cloud. You will work closely with UKG’s GSOC teams in the US, Europe, and India to promote an integrated, uniform, and holistic threat detection and response capability to facilitate and enable a robust and proactive security posture. You will leverage your skills, experience, and creativity to perform initial, forensically sound collection and analysis, methodologies to contain, eradicate, and recover from realized threats such as zero-day, ransomware, malware and other APT’s. Additionally, you will be responsible for participating in incident response activities as part of the Cyber Incident Response Team (CIRT) or as the Cyber Incident Response Lead (CIRL), post incident reporting and continuous improvement recommendations to enhance UKG’s security posture through process development, tool rationalization, detection technique and automation enhancement opportunities and enablement/training possibilities. Due to the nature of the work, you are required to have occasional on-call duties on weekends and/or holidays. Additional work hours may also be required during an incident investigation. Primary/Essential Duties and Key Responsibilities: • Review tickets escalated from L1 or L2 analysts to confirm the priority, category and accuracy of the details and conditions. • Pivot to additional security tools to obtain and ascertain context or information and any other pertinent information to inform on the most effective and efficient mitigation/remediation actions. • Escalate tickets as required to GSOC Director for additional scrutiny and incident declaration. • Collaborate with UKG internal and external groups to develop and execute containment, eradication, and recovery strategies for lower priority incidents. • Identify, approve, and implement blocking, listing and other mechanisms to promote a robust security posture. • Participate in the Cyber Incident Response Plan (CIRP) process as part of the Cyber Incident Response Team (CIRT) or as the Cyber Incident Response Lead (CIRL) to lead and/or support mitigating and/or remediating critical incidents. • Participate in post-incident activities including coordinating and providing input within the requisite reports and identifying areas for continuous improvements within the GSOC enablement, processes or technology. • Provide mentoring and enablement of junior analysts globally to expand and extend UKG’s GSOC capabilities and experiential capacities. Qualification (Experience, Education, Certification, License and Training): • Bachelor's degree in computer science or a related discipline • CISSP, CCSP, GIAC or other relevant cyber security certifications • Working professional with 9+ years of relevant Security/SOC experience Required Qualifications: • Knowledge of the common attack vectors on the network layer, different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks). • Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored) and cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). • Knowledge of cybersecurity, incident response methodologies, privacy principles, cyber threats, vulnerabilities, and detection methodologies and techniques for detecting intrusions. • Experience with Splunk, Google Chronicle, Elastic Search, EDR solutions, email security tools, and cloud environments (GCP, Azure). • Knowledge and experience in reverse engineering to understand how an information asset works and analyzing system components to identify potential vulnerabilities. • Knowledge and experience in developing automations using scripting languages like Python and PowerShell to automate various tasks and improve accuracy, enhance task consistency, and increase scalability. • Knowledge and experience in Security Information and Event Management (SIEM) use case and content development techniques and objectives. • Knowledge and experience in conducting and participating in security audits and assessments. • Understanding and experience in developing, and delivering relevant and value-add operational metrics to support and provide visibility into the GSOC program. • Communicate in English: write clearly and speak authoritatively to different audiences (business leaders and engineers). Preferred Qualifications: • Knowledge of new and emerging cybersecurity technologies, threats, and threat vectors. • Knowledge and experience in designing, executing, and reporting threat hunting activities. • Knowledge and experience around offensive security (ethical hacking) techniques to identify and mitigate/remediate vulnerabilities in the UKG environment. • Knowledge and experience in cyber forensic procedures and how to extract information and generate reports in support of incident response and other advanced requirements.

As a professional services firm affiliated with KPMG International Limited, KPMG in India has been a prominent presence since its establishment in August 1993. Leveraging the extensive global network of firms, our professionals possess in-depth knowledge of local laws, regulations, markets, and competition dynamics. With offices spanning across major cities in India including Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara, and Vijayawada, we are dedicated to offering a wide range of services to both national and international clients in various sectors. At KPMG in India, we are committed to delivering rapid, performance-based, industry-focused, and technology-enabled services. Our approach is rooted in a deep understanding of global and local industries, coupled with extensive experience in navigating the complex Indian business environment. We strive to ensure that our clients benefit from our shared knowledge and expertise, enabling them to thrive in a constantly evolving marketplace. As an equal opportunity employer, we value diversity and inclusion in our workforce. We believe in providing a supportive and inclusive work environment where all individuals are respected, valued, and given equal opportunities to grow and contribute to our collective success. Should you choose to be a part of KPMG in India, you will join a dynamic team of professionals who are passionate about delivering high-quality services and making a positive impact in the business landscape. Together, we aim to drive innovation, foster collaboration, and achieve excellence in everything we do.,

JOB DESCRIPTION About KPMG in India KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. i. BE/B. TECH/BCA/B.SC/M.SC/MCA/M. Tech-(Computers/Electronics/IT) ii. Minimum one certification such as CEH/OSCP and/or equivalent. iii. Having at least 5+ years of post-qualification relevant work experience including appearance before court of law while presenting the extracted cyber evidence. iv. Experience in all kinds of digital forensic work- Computer, macbook, Mobile, Cloud APIs, CCTV and AV, Database, Network etc including reporting v. Experience in analysis of malware, incident response, email and log analysis, threat modeling and assessments vi. Experience in Ethical Hacking, VAPT, OSINT etc. vii. Experience in handling cyber- crime cases, website defacement, email and VOIP analysis, image and video forensic viii. Dynamic and Static Malware analysis QUALIFICATIONS Graduation from premier institutes is preferred. Proficiency in Marathi language is must. Knowledge of IT Act, DPDP Act, CrPC, IPC, etc, laws is preferred,

The company Armada is an edge computing startup that specializes in providing computing infrastructure to remote areas with limited connectivity and cloud infrastructure. They also focus on processing data locally for real-time analytics and AI at the edge. Armada is dedicated to bridging the digital divide by deploying advanced technology infrastructure rapidly. As they continue to grow, they are seeking talented individuals to join them in achieving their mission. As a DevOps Lead at Armada, you will play a crucial role in integrating AI-driven operations into the DevOps practices of the company. Your responsibilities will include leading a DevOps team, designing scalable systems, and implementing intelligent monitoring, alerting, and self-healing infrastructure. The role requires a strategic mindset and hands-on experience with a focus on Ops AI. This position is based at the Armada office in Trivandrum, Kerala. As the DevOps Lead, you will lead the DevOps strategy with a strong emphasis on AI-enabled operational efficiency. You will architect and implement CI/CD pipelines integrated with machine learning models and analytics. Additionally, you will develop and manage infrastructure as code using tools like Terraform, Ansible, or CloudFormation. Collaboration is key in this role, as you will work closely with data scientists, developers, and operations teams to deploy and manage AI-powered applications. You will also be responsible for enhancing system observability through intelligent dashboards and real-time metrics analysis. Furthermore, you will mentor DevOps engineers and promote best practices in automation, security, and performance. To be successful in this role, you should have a Bachelor's or Master's degree in Computer Science, Engineering, or a related field. You should also have at least 7 years of DevOps experience with a minimum of 2 years in a leadership role. Proficiency in cloud infrastructure management and automation is essential, along with experience in AIOps platforms and tools. Strong scripting abilities, familiarity with CI/CD tools, and expertise in containerization and orchestration are also required. Preferred qualifications include knowledge of MLOps, experience with serverless architectures, and certification in cloud platforms. Demonstrable experience in building and integrating software and hardware for autonomous or robotic systems is a plus. Strong analytical skills, time-management abilities, and effective communication are highly valued for this role. In return, Armada offers a competitive base salary along with equity options for India-based candidates. If you are a proactive individual with a growth mindset, strong problem-solving skills, and the ability to thrive in a fast-paced environment, you may be a great fit for this position at Armada. Join the team and contribute to the success and growth of the company while working collaboratively towards achieving common goals.,

About the Opportunity Job Type: PermanentApplication Deadline: 31 August 2025 Title Cyber Security Operational Incident Manager - Technical Consultant Department Cyber Defence Operations - GCIS Location Kingswood, Surrey, Gurgaon, Bangalore Reports To Senior Manager - CDO Level 5 > About your team Technology function across FIL is responsible for all global aspects of Technology, Digital, Cybersecurity, and Innovation. Fidelity is a value-driven, customer-obsessed organization and in Technology we are fortunate to play a direct role in helping our clients with one of the most important aspects of their lives their financial well-being. Within the Technology function is our Global Cyber & Information Security (GCIS) that operates enterprise security services and controls. These are designed to mitigate Cyber and Information Security risks ensuring that Fidelity's business operates securely. The Technical Cybersecurity teams monitor both the internal and external threat environment, responding to security alerts and events in close to real time, as well as providing security assurance and access management services across the enterprise technology and business environment. Our global innovative Cyber Defence Operations team sits within GCIS and provides proactive, cutting-edge solutions to protect clients digital assets and infrastructure against evolving cyber threats. The Cyber Security Operational Incident Manager will be responding to and managing widespread security events and should have an understanding on how best to maintain CIRT teams skills and knowledge. The role will be supported by a global team of CIRT analysts who are looking at this role to provide them with direction and guidance during serious incidents. It will also be supported by a strong security leadership team and global incident management process who are keen to develop this capability. Our leadership team will be looking at this role to report on a number of key incident KPIs and provide assurance to our customers on the global operational security response process. About your role The successful candidate will be experienced in operational security incident management, including vulnerability management, understanding the value of rigorous planning, tested procedures and playbooks and quick response to critical security incidents. This is a critical role expected to develop and maintain our operational security incident management capability and help mature our global response processes. The successful candidate will be comfortable working at a technical level, proactively suggesting improvements to the incident playbooks whilst also being able to co-ordinate our front-line CIRT team during major events. The successful candidate will be able to demonstrate understanding of incident response tools and techniques, experience in responding to and managing widespread security events and an understanding on how best to maintain CIRT teams skills and knowledge. The role will be supported by a global team of CIRT analysts who are looking at this role to provide them with direction and guidance during serious incidents. It will also be supported by a strong security leadership team and global incident management process who are keen to develop this capability. Our leadership team will be looking at this role to report on a number of key incident KPIs and provide assurance to our customers on the global operational security response process. About you Key Responsibilities Own and be accountable for security incidents; taking the lead in driving global remediation activities Ensure simple, repeatable, manual tasks are automated within the Incident Response process Ensure a best-practice program is in place to manage and maintain our security response procedures Proactively develop and deliver new incident response capabilities, tooling and processes. Develop an incident management strategy, focussing on regular reviews and exercises. Create and deliver table-top and simulated exercises focussing on areas of risk identified by our Threat Intelligence team. Ensure the operational security process is consistently maintained across our global regions, taking into account different regulatory requirements and rules. Acting as the point of contact for our global business incident management team for all security related incidents. Run Post Incident Reviews and track and manage outcomes to delivery. Experience and Skills Required Experience and strong understanding of frontline security operations Experience running a vulnerability remediation programme or overseeing vulnerability teams would be advantageous Experience running complex security incidents at a global scale Experience creating or continually improving an incident management program Strong reporting ability, with an understanding on how to tailor reports to show improvements and learnings In depth understanding of modern attack techniques and flows Clear and demonstratable understanding of NIST and MITRE Att&ck Methodologies Experience in cloud environments (Ideally Azure) Strong communication skills with evidence of being in a position responsible for taking feedback from technical teams and turning this into improvements. Banking or Finance industry related experience desirable Security Incident Management Qualifications preferred Security Incident related qualifications (e.g SANS 504) At least 3 years of experience working in an Incident Response position. Experienced responding to global complex security events Experienced using NIST or MITRE frameworks to deploy defensive plans and/or actions Experience explaining the risk of security threats and creating mitigations. Experience of general IT infrastructure technologies and principles. Experience of using vulnerability management tooling e.g Nexpose, Qualys etc. Understanding of the underlying protocols including: HTTP, HTTPS, SMTP, SQL. Understanding of Networking Architecture (OSI Model). Analytical skills Challenge the current processes Passion for the cybersecurity field Time management Able to organize others Nice to Have Certifications - Security+, Network+, GCIA, GCIH, GCFA, GMON, GNFA, SSCP, OSCP For starters, well offer you a comprehensive benefits package. Well value your wellbeing and support your development. And well be as flexible as we can about where and when you work finding a balance that works for all of us. Its all part of our commitment to making you feel motivated by the work you do and happy to be part of our team.

Role & responsibilities Overview: The Team Lead - Information Security ensures the efficient execution of security operations by driving proactive incident management and strategic security initiatives. This role demands strong technical expertise and analytical thinking to enhance security posture and operational efficiency. Key Responsibilities: Lead the classification, documentation, and resolution of security incidents. Analyze, assign, and escalate high-complexity security issues as needed. Establish incident response protocols and ensure adherence to response timelines. Investigate complex security issues, determine root causes, and implement preventive measures. Collaborate with third-party vendors and escalate unresolved security incidents. Conduct vulnerability assessments and evaluate security risks. Enhance existing security controls and recommend risk mitigation strategies. Provide regular updates on security incidents, mitigation actions, and operational improvements. Develop executive-level security reports and presentations. Provide guidance on security tool optimization and integration into the organizations security framework. Lead security incident investigations and provide strategic recommendations. Cross-Functional Collaboration: Work with IT, compliance, and security teams to integrate security solutions into business operations. Lead the coordination of security initiatives with various departments. Technical Leadership and Mentorship: Provide technical guidance and mentorship to security analysts and team members. Foster a culture of continuous learning and development within the team. Stay updated on emerging cybersecurity threats, trends, and best practices. Recommend and implement security enhancements based on evolving threat landscapes. Experience Requirements: 6-8 years of experience in security operations, incident response, and risk management. Hands-on experience with SIEM tools like CrowdStrike, MS Sentinel, Splunk, QRadar, or LogRhythm. Expertise in EDR tools, Email Security tools, and forensic network analysis. Strong background in SOC operations, including triage, alert investigation, and incident qualification. In-depth knowledge of security technologies: DLP, IDS/IPS, Email Security, SWG/Proxy, CASB, CSPM, SASE, SSE, and SIEM. Experience with cloud security solutions and platforms such as AWS, Azure, or Google Cloud Platform. Proficiency in operating system security for Windows, MacOS, and Linux distributions. Strong problem-solving skills with the ability to analyze and resolve complex security issues. Strong expertise in ITIL and Change Management. Skills and Competencies: Strong technical knowledge in SIEM, EDR, Incident Response, and Email Security tools (ProofPoint, FireEye, CrowdStrike). Ability to optimize SOC operations and security workflows. Excellent communication and collaboration skills. Proficiency in MS Office for reporting and documentation. Relevant certifications such as CS, Threat Hunting, or equivalent technical certifications. Qualifications: Bachelor’s degree in computer science, Information Security, Electronics & Communication, or a related field & 8+ years of experience in managing and operating security solutions in enterprise environments. Preferred candidate profile

Overview: The Information Security Specialist ensures the seamless functioning of security operations by emphasizing proactive incident management. This role requires a mix of technical expertise, analytical thinking, and a proactive approach to improve operational efficiency. Key Responsibilities: Incident Identification and Escalation: Detect and log incidents with detailed and timely documentation. Analyze, assign, and escalate high-complexity tickets as needed. Problem Resolution: Investigate third-line support calls and determine root causes. Escalate unresolved issues to third-party vendors when necessary. Vulnerability Analysis and Risk Assessment Perform vulnerability analysis and asses the vulnerability risk by analyzing existing security controls Stakeholder Reporting: Prepare and deliver regular updates on security activities and incident reports to senior stakeholders. Collaboration: Partner with IT and security teams to create a cohesive security strategy. Ticket Queue Management: Monitor and action ticket queue, rapidly resolve technology incident issues for internal users. Security Platform Maintenance: Maintain/monitor security platforms and services, resolve issues and support SOC/IR (Incident Response) as needed. Provide analysis, review, and reporting of the operating state for security platforms, make recommendations for any environmental changes to reduce incident volumes and downtime. Maintain, test, and implement security policies and procedures to ensure compliance with company policy, industry standards, and regulatory requirements. Rapidly fulfill any SOC/IR requests in response to security incidents. Cross-Functional Collaboration: Collaborate with cross-functional teams to integrate security solutions into existing infrastructure and workflows. Mentorship: Mentor junior team members to enhance their skills. Continuous Learning: Stay up to date with the latest cybersecurity threats, trends, and technologies, and recommend appropriate security controls and countermeasures. Experience Requirements: 4-6 years of experience with SIEM tools like MS Sentinel, Splunk, QRadar, or LogRhythm. Proficiency in, EDR tools, Email Security tools. Strong background in SOC analysis, including triage, alert investigation, and incident qualification. Demonstrated expertise in incident prioritization and in-depth analysis. In-depth knowledge of most of the following security technologies: Network DLP, IDS/IPS, Email Security, SWG/Proxy, CASB, CSPM, SASE, SSE, SIEM and forensic network Understanding of operating system technology, including Microsoft Windows, MacOS and various Linux distributions. Knowledge of virtualization platforms both centrally managed as well as locally managed as well as the means to provide visibility and control to guest systems. An understanding of cloud-based endpoint security solutions and experience with public cloud platforms such as AWS, Azure, or Google Cloud Platform. Excellent analytical and problem-solving skills, with the ability to troubleshoot complex network security issues. Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams. Skills and Competencies: Proficient in SIEM tool, Email Security Tool (ProofPoint, FireEye), Incident Response, and CrowdStrike EDR Strong leadership and stakeholder management skills. Ability to analyze and optimize SOC operations effectively. Proficiency in MS Office. CEH/Security+ certification. Qualifications: Bachelors degree in computer science, Information Security, Electronics & Communication or related field. 8+years of proven experience in operating and managing security solutions in enterprise environments.

: Job Title Information Security Specialist Corporate Title Assistant Vice President LocationPune, India Role Description Everyday DB observes thousands of cyber security intrusion attempts. Deutsche Banks COO Chief Security Office (CSO) integrates both Corporate Security (CS) and Information Security (CISO) as both teams are responsible for mitigating these risks. The CSO team enables the business of Deutsche Bank by providing agile security operational capabilities. With their expertise in Threat Intelligence, Cyber Threat Analytics, Malware Response & Research, Security Monitoring, Incident Response, Forensics and Vulnerability Management, they provide global services from key locations in Frankfurt, Jacksonville and Singapore while leveraging offshore capabilities in Pune and Bucharest. Deutsche Bank AG is looking for Cyber Security professional to support the banks global security monitoring and threat detection capabilities. This role requires a heavy focus on all areas of security monitoring, risk management on privileged access management and familiarity with regulations impacting technology (e.g. MAS TRM Guidelines), requiring at least 5 to 8 years of experience. Candidate will be responsible to provide an oversight of the various security monitoring process to manage security risks and to drive the organizations compliance to regulatory and audit requirements including facilitation of audit activities, address process related queries and drive automation and audit remediation projects. The candidate will need to drive process improvements, procedure document updates, KPI monitoring and operations team management. Candidate will engage across all functional areas of business, operations, and global technologies working in a dynamic, multi-OS environment. This role will play a vital role in present organizations compliance to regulators and managing interactions with auditors. The chosen candidate will be required to provide a degree of strategic, tactical, and day-to-day operational experience to enhance the overall security monitoring, detection, and mitigation process. Candidate must also possess excellent soft skills and verbal communications dealing with senior executive management, customers, clients, auditors, and third-party vendors. What well offer you , 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Oversee the performance, efficiency, and accuracy of security monitoring operations team ensuring SLAs are met. Proactively review, propose, and implement process changes and monitoring improvements to remediate most significant risks including audit findings, self-identified issues, compliance issues, control gaps and regulatory requirements. Identify opportunities for streamlining of control processes, develop and socialize potential risk mitigation strategies particularly in privileged access management (e.g., bypass monitoring, session log review), and work with various divisions to execute. Improve the delivery of effective control process through technical review and process quality checks. Provide support in the delivery of effective governance including tracking and reporting. Ensure proper training of monitoring teams on new coverage and use cases. Offer subject-matter expertise and act as escalation point when required. Prepare and present monthly functional and operational report. Manage stakeholder queries, facilitate audit activities, and address data requests in a timely manner. Collaborate across CSO and technology teams to respond to internal and external audits, and regulatory inquiries and assessments. Drive automation projects and manage audit remediation deliverables to closure. Practice and promote good risk culture and risk management to manage the risks within banks appetite. Act as primary point-of-contact for regulatory inquiries and engagements. Collaborate with internal and external auditors and stakeholders, providing necessary evidence and artefacts, to facilitate audit processes. Your skills and experience Minimum 5 to 7 years of working Experience with security monitoring platforms and workflows. Proven Experience in area of privileged access management specifically in session log review and bypass monitoring. Proven experience and In-depth knowledge of technology regulations and understanding of regulatory risk management specially of MAS requirements and guidelines. Proven experience and strong understanding of audit process and compliance monitoring and reporting. Analytical mindset and ability to identify, assess and address compliance gaps and security risks. Strong operational background in risk analysis and risk identification. Degree from a university or major course work in computer science, networking, engineering, or other computer-related field of study. One of the following certifications will be an advantageCISSP, CISM, CISA, CRISC Expectations It is the Banks expectation that employees hired into this role will work in the office at least 2-3 days a week in accordance with the Banks hybrid working model. How well support you . . . .