1467 Incident Response Jobs - Page 42

Company: MMC Corporate Description: We are seeking a talented individual to join our GIS Team at MMC Corporate This role will be based in Gurgaon/Noida. This is a hybrid role that has a requirement of working at least three days a week in the office. Senior Manager - Cyber Security Risk Vulnerability Scoring What can you expect Work on Cybersecurity Risk Adjusted Vulnerability Scoring (RAVS) Program. This enterprise-level initiative is critical to transforming the measurement, prioritization, and response to cybersecurity vulnerabilities by leveraging integrated systems, threat intelligence, and contextual organizational data We will count on you to: Program Oversight 1. Lead the development, implementation, and ongoing management of the enterprise RAVS program.2. Integrate data form vulnerability scanners, CMDB, threat intel feeds, cybersecurity systems, and internal business systems to generate dynamic risk adjusted vulnerability scores.3. Collaborate with internal teams across cybersecurity, IT, risk, business units, data analytics to continuously refine RAVS logic and scoring models.4. Develop operational playbook and prioritization framework that aligns vulnerabilities response to true business risk. RAVS Day-to- Day Operations and Risk Management 1. Monitor, triage, and escalate enterprise vulnerabilities based on RAVS output and threat indicators. 2. Provide real-time situational awareness and technical direction during vulnerability-related incidents and assessments. 3. Ensure integration and alignment between RAVS and enterprise vulnerability management platforms, SIEM, SOAR, threat intel, and cloud security tools. 4. Track remediation efforts, metrics, SLAs & SLOs adherence, and risk decisions.5. Generate executive-level dashboards and reports to communicate vulnerability risk posture and trends. Platform Management 1. Oversee functionality and data quality for critical systems. 2. Managing the operational health and data flows between vulnerability detection system, threat intelligence sources, asset inventories, and risk engines. 3. Ensuring business context and asset criticality are mapped into RAVS platform to support accurate risk prioritization. 4. Cross coloration with detection engineering and VMED to maintain score calculation logic, rule sets, and automation flows. 5. Maintaining process documentation, operational runbooks, and continuous improvement workflows for all integrated components. What you need to have: Security Cloud ToolsAssist with the evaluation and selection of vulnerability management tools that integrate seamlessly with various cloud environments and provide fine granular access controls and CMDB attributers such as asset ownership. IntegrationIntegrate the security cloud tools with other security tools and systems, including the SIEM solutions, change ticketing systems, etc Launch awareness campaigns to promote secure practices and vulnerability management, emphasizing the unique challenges of cloud environments. CISSP, CISM, AWS Certified Security Specialist, or similar advanced cloud security certifications preferred. What you need to have: Security Cloud ToolsAssist with the evaluation and selection of vulnerability management tools that integrate seamlessly with various cloud environments and provide fine granular access controls and CMDB attributers such as asset ownership. IntegrationIntegrate the security cloud tools with other security tools and systems, including the SIEM solutions, change ticketing systems, etc Launch awareness campaigns to promote secure practices and vulnerability management, emphasizing the unique challenges of cloud environments. CISSP, CISM, AWS Certified Security Specialist, or similar advanced cloud security certifications preferred. What makes you stand out 7+ Years Experience in Vulnerability Management, incident response, cloud security, or cybersecurity related fields Why join our team: We help you be your best through professional development opportunities, interesting work and supportive leaders. We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities. Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being. Marsh McLennan(NYSEMMC) is the worlds leading professional services firm in the areas ofrisk, strategy and people. The Companys more than 85,000 colleagues advise clients in over 130 countries.With annual revenue of $23 billion, Marsh McLennan helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses.Marshprovides data-driven risk advisory services and insurance solutions to commercial and consumer clients.Guy Carpenter develops advanced risk, reinsurance and capital strategies that help clients grow profitably and pursue emerging opportunities. Mercer delivers advice and technology-driven solutions that help organizations redefine the world of work, reshape retirement and investment outcomes, and unlock health and well being for a changing workforce. Oliver Wymanserves as a critical strategic, economic and brand advisor to private sector and governmental clients. For more information, visit marshmclennan.com, or follow us onLinkedInandX. Marsh McLennan is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, caste, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law. Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one anchor day per week on which their full team will be together in person Marsh McLennan (NYSEMMC) is a global leader in risk, strategy and people, advising clients in 130 countries across four businessesMarsh, Guy Carpenter, Mercer and Oliver Wyman. With annual revenue of $24 billion and more than 90,000 colleagues, Marsh McLennan helps build the confidence to thrive through the power of perspective. For more information, visit marshmclennan.com, or follow on LinkedIn and X. Marsh McLennan is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, caste, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law. Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one anchor day per week on which their full team will be together in person.

Company: MMC Corporate Description: We are seeking a talented individual to join our GIS team at MMC Corporate This role will be based in Gurgaon. This is a hybrid role that has a requirement of working at least three days a week in the office. Global Cyber Defense Security Operations Center What can you expect We are looking for someone to join and grow in our Security Operations Center (SOC) in a technical analyst role on various daytime business hours shifts. As an Analyst, you will be responsible for analyzing security event data, assessing the potential impact of events, and creating recommendations to defend against emerging threats. You will follow security events through the triage and response lifecycle and document all processes in a centralized knowledgebase. In this role, you will participate in ongoing security incidents and continuous SOC initiatives, such as new content development and enrichment. Additionally, you will collaborate across multiple teams on various efforts to continue to strengthen the security posture of Marsh & McLennan Companies. What is in it for you Be able to work with a global team with a company with a strong brand and strong results to match. Be part of an organization with a culture of internal mobility, collaboration, valued partnership from the business and drive for innovation in data & analytics, including the latest AI technology Grow your career with direct exposure to Senior Technologists, Business Leaders, and s which provide access relevant volunteer and mentoring opportunities and interactions with counterparts in industry groups and client organizations. Competitive pay (salary and bonus potential), Full benefits package starting day one (medical, dental, vision, STD/LTD, life insurance, RSP (Retirement Savings Plan or TFSA (tax free savings account.) Entitled to vacation, floating holidays, time off to give back to your community, sick days, and national holidays. We will count on you to: Analyzing network traffic, endpoint security events, and other various log sources to identify threats, assess potential impact, and recommend mitigations Supporting other security functions and teams to ensure the holistic implementation of security controls, technologies, practices, and programs Contributing to the development and improvement of response processes, documentation, tool configurations, and detection logic Assisting in additional Security Operation Center initiatives, including playbook development and documentation, new rule creation, and tool evaluations Maintaining an operational knowledge of global threat trends, known threat actors, common tactics, techniques, and procedures (TTPs), and emerging security technologies Collaborating on Security Operation Center team training opportunities and other cross training opportunities Operating as a subject matter expert on various security topics across multiple domains Supporting 24x7 operations by assisting in ongoing incidents during non-standard hours What you need to have Undergraduate degree in Computer Science (CS), Computer Information Systems (CIS), other related degrees, or equivalent experience 2+ years of information security experience and/or 2-4 years of experience in security analysis in a non-security focused role Excellent critical thinking skills, with proven analytical expertise and the ability to learn adaptively Demonstrated effective verbal, written and interpersonal communication skills with the ability to communicate security concepts to both technical and non-technical audiences Demonstrated experience with security technologies and alerts, such as intrusion prevention and detection systems, web proxies, SIEM, SOAR, EDR, firewalls, web application scanner, vulnerability scanners, forensics tools, open-source tools, or other security technologies Knowledge in one or more of the following domainsNetwork Operations and Architecture, Operating Systems, Identity and Access Management, Programming, Cloud Computing, Databases, or Cryptography What makes you stand out Ability to operate independently in a dynamic, evolving environment with multiple inputs and tasks simultaneously Knowledge of common attacks, current threats, threat actors, and industry trends Familiarity with common security frameworks and models, such as MITRE ATT&CK, Lockheed Martin Cyber Kill Chain, The Diamond Model of Intrusion Analysis and NIST Cybersecurity Framework Professional or technical certifications, such as Security+, GIAC Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), or other related certifications Why join our team: We help you be your best through professional development opportunities, interesting work and supportive leaders. We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities. Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being. Marsh McLennan(NYSEMMC) is the worlds leading professional services firm in the areas ofrisk, strategy and people. The Companys more than 85,000 colleagues advise clients in over 130 countries.With annual revenue of $23 billion, Marsh McLennan helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses.Marshprovides data-driven risk advisory services and insurance solutions to commercial and consumer clients.Guy Carpenter develops advanced risk, reinsurance and capital strategies that help clients grow profitably and pursue emerging opportunities. Mercer delivers advice and technology-driven solutions that help organizations redefine the world of work, reshape retirement and investment outcomes, and unlock health and well being for a changing workforce. Oliver Wymanserves as a critical strategic, economic and brand advisor to private sector and governmental clients. For more information, visit marshmclennan.com, or follow us onLinkedInandX. Marsh McLennan is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, caste, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law. Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one anchor day per week on which their full team will be together in person Marsh McLennan (NYSEMMC) is a global leader in risk, strategy and people, advising clients in 130 countries across four businessesMarsh, Guy Carpenter, Mercer and Oliver Wyman. With annual revenue of $24 billion and more than 90,000 colleagues, Marsh McLennan helps build the confidence to thrive through the power of perspective. For more information, visit marshmclennan.com, or follow on LinkedIn and X. Marsh McLennan is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, caste, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law. Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one anchor day per week on which their full team will be together in person.

Opportunity Overview As a Platform Specialist Team Lead at ZeroFOX, you will join a team of highly skilled individuals working to prevent cyber attacks for enterprise-level commercial and government customers. Using our proprietary hybrid intelligence platform, this role specifically focuses on supporting existing customers by providing detailed analysis and contextualization regarding a variety of cyber risks. You will have the opportunity to research these risks, develop notification and alert packages, and present your findings to customers. Your goal: Keep our customers safe with detailed threat intelligence information, and present findings in a professional manner. Responsibilities: Analyze large volumes of data for customer-related risks. Create risk notification and alert packages for customers. Interface with customers and stakeholders to provide analysis reports and details. Support and respond to customer requests for further information and analysis. Responsible for communications with the customers including: phone, video, email, and authoring reports. Triage alerts for customers to give real time intelligence. Act as an escalation point for Tier 1 alert analysis, platform configuration, and trend analysis; Managing the team based on metric driven outcomes Serve as a resource for the Account Management team to explain the managed service. Act as a customer advocate internally, working across appropriate teams to solve customer challenges Support team productivity and outputs during assigned shifts. Identify opportunities for process improvement and efficiency. Provide coaching, training, and mentorship to team members. Act as a liaison between team members and upper management. Conduct regular performance evaluations and provide feedback to team members. Provide regular updates and reports on team progress to upper management. Requirements: Attention to detail Experience working in a team environment and responsible for certain aspects of service delivery Ability to lead a team and be a point of contact as a subject matter expert Knowledge of the cyber threat environment including how the following sources of data enable cyber operations: major social networks (knowledge of emerging networks a big plus); dark web; domain abuse; analyze security incidents, such as account breaches, unauthorized access, or malicious content etc. Superior research and analysis skills Ability to convey complex ideas, trends, and information in a simple way (a writing sample will be requested as part of the interview process) Ability to extrapolate trends from mass amounts of disparate data Solid interpersonal and social skills Experience with other SaaS, cyber security, or social media products or services is preferred Must be willing to work alternative work schedule including partial weekends Big Bonus: Basic scripting capabilities: JavaScript, Python, or similar; at minimum being able to review and edit basic code structure Comfort working with a quickly growing team Ability to quickly adapt and recommend solutions as needed A self-starting mentality, when you find a problem, you alert the team, and fix ityou dont wait for the next task. Familiarity and comfort with producing superior work while meeting aggressive deadlines Benefits Competitive compensation Community-driven culture with employee events Generous time off Best-in-class benefits Fun, modern workspace Respectful and nourishing work environment, where every opinion is heard and everyone is encouraged to be an active part of the organizational culture

2+yrs of working experience in the computer forensics, cybercrime investigations, and other related technical fields with a combination of both public and private sector experience preferred. Identify, contain, mitigate, recover, and report on cyber-security incidents affecting the enterprise and business. The ability to constantly develop new and grow existing skills relating to Digital Forensics, as well as computing and professional topics. Knowledge of computer forensic best practices and industry standard methodologies for investigating host-based and network analysis The knowledge, skills, and ability to preserve digital evidence from a variety of platforms in a forensically sound manner. Knowledge of and a proven ability to follow globally established standards in digital evidence acquisition and handling. Demonstrate an understanding of digital forensic tools and techniques used to support internal fraud and employee investigations. Serve as an initial point of escalation for suspected incidents and intrusions. Demonstrated capability with endpoint detection and live response tools. Knowledge of digital forensics on Microsoft Windows, Mac, and Linux based systems. Proficiency with DFIR related open-source tools, memory, and full disk analysis The ability to work independently or with a team during large scale forensic investigations Demonstrate an understanding of incident response forensics and root cause analysis. Experience preparing in-depth investigation reports into forensic investigations, breach reports, privacy incidents and data exposure type cases. The ability to constantly develop new and grow existing skills relating to Digital Forensics, as well as computing and professional topics. Strong attention to detail in conducting forensic analysis combined with an ability to accurately record full documentation in support of the investigation.' Education specifications Any Techniqal Degree / Any UG, PG preferred Mandatory Skills: Cyber forensics, Memory analysis, Memory Forensics, Incident response, Digital Forensics, Strong communication skill (verbal and written), Working knowledge of Forensics tools including (but not limited to) FTK, Encase, Autopsy, Magnet Axiom, volatility, wireshark, Threat intelligence feeds, Cyber threat landscape and APT groups, SIEM (any), EDR (any), MITRE framework, Cyber kill chain framework. Certifications: Desirable certifications include, (but not limited to) CHFI, CIH, CSA, CEH, GSEC, GCIH, GCIA, GCFE, GREM, GCFA.

Mandatory Skills: Cyber forensics, Memory analysis, Memory Forensics, Incident response, Digital Forensics, Strong communication skill (verbal and written), Working knowledge of Forensics tools including (but not limited to) FTK, Encase, Autopsy, Magnet Axiom, volatility, wireshark, Threat intelligence feeds, Cyber threat landscape and APT groups, SIEM (any), EDR (any), MITRE framework, Cyber kill chain framework. Qualifications: 2+yrs of working experience in the computer forensics, cybercrime investigations, and other related technical fields with a combination of both public and private sector experience preferred. Identify, contain, mitigate, recover, and report on cyber-security incidents affecting the enterprise and business. The ability to constantly develop new and grow existing skills relating to Digital Forensics, as well as computing and professional topics. Knowledge of computer forensic best practices and industry standard methodologies for investigating host-based and network analysis The knowledge, skills, and ability to preserve digital evidence from a variety of platforms in a forensically sound manner. Knowledge of and a proven ability to follow globally established standards in digital evidence acquisition and handling. Demonstrate an understanding of digital forensic tools and techniques used to support internal fraud and employee investigations. Serve as an initial point of escalation for suspected incidents and intrusions. Demonstrated capability with endpoint detection and live response tools. Knowledge of digital forensics on Microsoft Windows, Mac, and Linux based systems. Proficiency with DFIR related open-source tools, memory, and full disk analysis The ability to work independently or with a team during large scale forensic investigations Demonstrate an understanding of incident response forensics and root cause analysis. Experience preparing in-depth investigation reports into forensic investigations, breach reports, privacy incidents and data exposure type cases. The ability to constantly develop new and grow existing skills relating to Digital Forensics, as well as computing and professional topics. Strong attention to detail in conducting forensic analysis combined with an ability to accurately record full documentation in support of the investigation. Certifications: Desirable certifications include, (but not limited to) CHFI, CIH, CSA, CEH, GSEC, GCIH, GCIA, GCFE, GREM, GCFA.

Role & responsibilities Threat Hunter JD : 5 years experience in Cyber Security. Has experience in Threat Hunting Experience in managing a team and customer business meetings effectively. Ability to handle the client team Excellent written & verbal communication skill Excellent in Reporting & presentation skills Experience on different tools and language like Excel, Splunk, KQL etc. Performing Threat Hunting activity to look for potential threat in the organization. Experience in vulnerability management team to remediate existing vulnerabilities found during Assessment or scan. Practical knowledge of common threat analysis models such as the Cyber Kill Chain, and MITRE ATT&CK. Experience on Power BI to provide interactive visualizations to create reports and dashboards is a plus. Good at Event logging Experience in Response Good Knowledge of Windows Defender Through knowledge of Event logging and detections

company name=Apptad Technologies Pvt Ltd., industry=Employment Firms/Recruitment Services Firms, experience=8 to 12 , jd= This role focuses on various functions including SOC onboarding incident response vulnerability remediation and security technology enhancements You will be responsible for managing and improving our security infrastructure monitoring threat events coordinating incident response tracking vulnerability remediation efforts and ensuring that security technologies are continuously assessed improved and implemented Primary Secondary Responsibilities SOC Security Operations Center Extended Support SOC Onboarding Extended Support Support the onboarding of new systems tools and environments into the SOC to ensure they are properly monitored for security incidents and events Assist with integrating security tools and providing training for SOC analysts SOC Incident Response Extended Support Provide extended support for incident response activities including the detection investigation and mitigation of security incidents Collaborate with internal teams and external partners to resolve security issues efficiently and effectively Vulnerability Remediation Tracking and Reporting Extended Support Track and report on vulnerability remediation efforts across the organization Ensure vulnerabilities are identified assessed and remediated in a timely manner Provide regular status reports to leadership on vulnerability management and risk reduction Security Technology Enhancements Assessment and Improvements Conduct assessments of existing security technologies tools and processes Identify areas for improvement and work with teams to implement enhancements to strengthen the organizations overall security posture AI and Automation in Cybersecurity Explore and implement AI and automation solutions to improve threat detection response efficiency and security operations Drive initiatives to automate repetitive tasks improve accuracy and reduce timetoresponse for security incidents New Security Technology Implementation Assist with the evaluation testing and implementation of new security technologies to enhance the organizations security capabilities Ensure that new technologies are aligned with the organizations security goals and can be effectively integrated into the existing environment , Title=Security Analyst, ref=6566372

Qualifications • BE/ B.Tech/ M.Tech/ MCA with 60%+ throughout the academics. • Security certifications like CEH or equivalent preferred. Experience and Skillset • Minimum 2 +years hands-on experience with one or more SIEM tools (Log Logic, LogRhythm, Splunk, QRadar, ArcSight etc.). • In-depth understanding of security threats (preferably OWASP Top 10 vulnerabilities), threat attack methods and the current threat environment. • Proficient in Incident Management and Response. • Basic knowledge of Windows and Unix environments. • Knowledge of OSI Model, TCP/IP Protocols, network security. • Knowledge about other security tools like – Packet Analyzers, HIPS/NIPS, Network Monitoring tools, Cloud Security, AV, EDR, WAF etc. Responsibilities • Responsible for working in a 24x7 Security Operation center (SOC) environment. • Carry out investigation and correlation and work with the stakeholders towards mitigation and closure of security incidents. • Monitor various dash boards from different security solutions on shift basis. • Work with the engineering team for Sensor and SIEM rules fine-tuning. • Prepare various management reports from SIEM and other security solutions. • Provide analysis and trending of security log data from a large number of heterogeneous security devices. • Provide threat and vulnerability analysis as well as security advisory services. • Analyze and respond to previously undisclosed software and hardware vulnerabilities. • Investigate, document, and report on information security issues and emerging trends. • Seamlessly integrate with the team work culture, ensure proper information flow across shifts, prepare/take part in shift handovers. • Communicate effectively by contributing significantly to the development and delivery of a variety of written and visual documents for diverse audiences. Location: Guwahati If you’re interested please share below mention details for the same. Location Are you willing to relocate to Guwahati? : Current Co Experience Current CTC Expected CTC Notice Period Offer in Hand Highest Education SSC % HSC % Graduation % University Name Email ID:ashwini.chakor@ril.com Regards,

Configure, manage, and optimize SIEM tools (e.g., Splunk, IBM QRadar, Azure Sentinel, ArcSight, or LogRhythm) for log collection, parsing, and correlation. Develop and fine-tune detection rules, alerts, dashboards, and reports to identify potential security threats and anomalies. Monitor and analyze SIEM alerts to identify and respond to suspicious activities, false positives, or security incidents. Collaborate with the Security Operations Center (SOC), threat intelligence, and incident response teams to support investigations. Integrate new log sources and ensure complete, accurate, and secure logging from endpoints, servers, cloud services, and applications. Conduct root cause analysis and post-incident reviews to enhance detection capabilities. Ensure compliance with industry standards and regulatory requirements (e.g., ISO 27001, NIST, PCI-DSS). Document configurations, detection logic, and incident response processes. 3+ years of experience in cybersecurity with direct hands-on Internal SIEM experience. Proficiency in one or more SIEM platforms (e.g., Splunk, QRadar, Sentinel, Elastic Stack, etc.). Solid understanding of network protocols, system logs, attack techniques, and MITRE ATT&CK framework. Experience with scripting and automation (e.g., Python, PowerShell) is a plus. Familiarity with EDR, SOAR, IDS/IPS, firewalls, and other security tools.

Configure, manage, and optimize SIEM tools (e.g., Splunk, IBM QRadar, Azure Sentinel, ArcSight, or LogRhythm) for log collection, parsing, and correlation. Develop and fine-tune detection rules, alerts, dashboards, and reports to identify potential security threats and anomalies. Monitor and analyze SIEM alerts to identify and respond to suspicious activities, false positives, or security incidents. Collaborate with the Security Operations Center (SOC), threat intelligence, and incident response teams to support investigations. Integrate new log sources and ensure complete, accurate, and secure logging from endpoints, servers, cloud services, and applications. Conduct root cause analysis and post-incident reviews to enhance detection capabilities. Ensure compliance with industry standards and regulatory requirements (e.g., ISO 27001, NIST, PCI-DSS). Document configurations, detection logic, and incident response processes. 3+ years of experience in cybersecurity with direct hands-on SIEM experience. Proficiency in one or more SIEM platforms (e.g., Splunk, QRadar, Sentinel, Elastic Stack, etc.). Solid understanding of network protocols, system logs, attack techniques, and MITRE ATT&CK framework. Experience with scripting and automation (e.g., Python, PowerShell) is a plus. Familiarity with EDR, SOAR, IDS/IPS, firewalls, and other security tools.

Analyst Level 3 Security Operations Centre (SOC) Ways of working Full-time with rotational shifts and mandatory Work from Office Location: Embassy Tesh Village, Bangalore Year of Experience: 5+ years in a SOC or security operations environment, with at least 2 years in a senior or advanced analyst role About The Team & Role As a Level 3 Security Operations Centre (SOC) Analyst, you will be responsible for identifying, analyzing, and responding to security incidents and threats within an organization's IT infrastructure This senior role demands a high level of expertise in security operations, threat analysis, and incident response You will work closely with other teams, including Level 1 and Level 2 analysts, management, and engineering, to ensure the security of the organization's network and systems Your work will contribute to detecting and mitigating advanced cyber threats, ensuring that the organization remains protected against emerging risks What will you get to do here Incident Response & Investigation Lead investigations of complex security incidents, including intrusion detection, malware analysis, and vulnerability exploitation Perform in-depth analysis of security incidents to determine their scope, impact, and method of attack Take immediate and appropriate action to contain, mitigate, and resolve security threats Threat Hunting Proactively hunt for hidden threats and vulnerabilities within the organization's systems and networks Analyze logs and data from multiple sources (e g , firewalls, intrusion detection systems, antivirus solutions) to identify patterns indicative of malicious activity Utilize advanced threat intelligence to stay ahead of potential attackers and new attack vectors Security Monitoring & Analysis Oversee and manage security monitoring tools to detect potential security incidents and vulnerabilities Analyze alerts and reports generated by various security tools, ensuring accuracy and appropriateness Ensure the effective operation and tuning of SIEM (Security Information and Event Management) systems, IDS/IPS, and other security technologies Identify and define new use cases as well as modify existing ones Collaboration & Knowledge Sharing Mentor and provide guidance to junior analysts (Level 1 and Level 2) in incident handling, investigation, and security best practices Collaborate with IT, network, and engineering teams to resolve security issues and implement proactive security measures Document incidents and maintain accurate records for reporting and auditing purposes Reporting & Documentation Generate detailed post-incident reports that include findings, recommendations, and remediation steps Assist in the development and maintenance of SOC procedures, playbooks, and security policies Report trends and emerging threats to senior management and stakeholders Create and maintain standard operating procedures (SOPs), playbooks, and runbooks Lead root cause analysis and develop lessons learned documentation post-incident Continuous Improvement Stay up to date on the latest cybersecurity threats, trends, and technologies Contribute to the development and improvement of incident response plans and security protocols Participate in security training programs to continually enhance skills and capabilities What qualities are we looking for Education: Bachelor's degree in Computer Science, Information Security, or related field, or equivalent experience Experience: 5+ years of experience in a SOC or security operations environment, with at least 2 years in a senior or advanced analyst role Technical Skills: Strong experience with security tools and SaaS Application, including SIEM (Splunk, Sentinel One, QRadar, etc ), IDS/IPS, firewalls, Endpoint Protection, DLP, Active Directory/Azure and vulnerability scanners Expertise in incident response, digital forensics, and malware analysis Deep understanding of security frameworks, methodologies, and best practices (NIST, ISO 27001, MITRE ATT&CK, etc) Knowledge and experience of common operating systems (Windows, Mac, Linux) and networking protocols (TCP/IP, HTTP, DNS, etc) Advanced understanding of cyber threats and attack vectors, including APTs (Advanced Persistent Threats), ransomware, DDoS, and insider threats Familiarity with cloud security environments and services (AWS, Azure, GCP) Skills & Abilities: Strong written and verbal communication skills, with the ability to report findings to both technical and non-technical stakeholders Ability to work well under pressure and manage multiple tasks simultaneously Relevant certifications such as CISSP, CISM, CEH, GIAC, or similar are a plus Desired Skills: Experience with threat intelligence platforms and frameworks Proficiency in scripting or automation (Python, PowerShell, etc ) for threat detection and incident response tasks Experience with network traffic analysis tools (Wireshark, tcpdump, etc ) Knowledge of forensic tools and techniques Familiarity with security incident management platforms (ServiceNow, Remedy, Jira, Fresdesk etc) Preferred Certifications: CompTIA Security+ EC-Council Certified SOC Analyst (CSA) CompTIA Cybersecurity Analyst (CySA+) EC-Council SOC Essentials (S|CE) ISACA CCOA GIAC Security Operations Certified (GSOC): GIAC Certified Incident Handler (GCIH): GIAC Certified Intrusion Analyst (GCIA): (ISC) Systems Security Certified Practitioner (SSCP): GIAC Cyber Threat Intelligence (GCTI): GIAC Certified Forensic Analyst (GCFA) / GIAC Certified Forensic Responder (GCFR) AWS Certified Security Specialty / Certified Cloud Security Professional (CCSP)

Role & responsibilities: Accountable for driving information security across all digital initiatives of the organization, including Cloud, Automation, Hyper-automation, Analytics, and AI Lead the design and review of end-to-end technology solutions across on-premises and cloud platforms (M365, Azure, AWS), with a focus on building secure and resilient systems . Oversee the security architecture for AI platforms, including internal enterprise adoption of Generative AI and external client-facing AI applications and solutions. Provide strategic security recommendations and implementation guidance to Risk, Information Security, and Enterprise IT leadership teams Manage and maintain oversight of third-party risk management activities. Conduct comprehensive system risk assessments to identify threats and vulnerabilities that could affect IT operations Lead the conceptualization, development, and delivery of managed security service (MSS) offerings across various cybersecurity domains for existing clients. Key Accountabilities Experience: Proven expertise in designing and architecting security solutions, managing cloud security, IT security operations, server and network platforms, cloud environments (M365, Azure, AWS), endpoint security, SOC operations, incident response, cyber threat management, and securing Generative AI solutions. Demonstrated success in delivering Security-as-a-Service for enterprise clients with a strong performance track record. Deep understanding of SOC fundamentals including engineering and operations, incident response, threat intelligence, cyber crisis management, identity, and access management (IAM) lifecycle, and holistic security across cloud, endpoints, servers, and network infrastructure Preferred candidate profile Strong grasp of core IT and security technologies, including Security domains : Active Directory, Group Policy, DNS, DHCP, DLP, Zero Trust, CSPM IT platforms : Servers, Networks, Databases, VPN, Proxy Endpoint security : Desktop, Laptop, Thin Clients Cloud platforms : Microsoft 365, Azure, AWS, Defender for Cloud Relevant Security Certifications : CISSP, CISA, CISM, SANS, OSCP (or equivalent), Cloud certifications (Azure, AWS, GCP), MCSE, CCNA

LTIMindtree Hiring for Malware Analyst. Notice period-immediate to 15 days. Exp-3 to 5 yrs. Location- Hyderabad, Chennai, Pune, Bangalore if interested Share me these details along with CV-Richa.Srivastava@ltimindtree.com Total Experience- Current CTC- Expected CTC- Holding offers if any- Current Location- Preferred Location- Notice period- Skills- Date of Birth- PAN No- Passport size photo- Pan no- Availability for interview- Are you okay with Rotational shift- Job description- Static and dynamic malware analysis(aware of file structure like, PE, PDF, OLE, windows short cut files etc...) someone who has hands on writing signatures for malware samples(at-least initial vector malware). Aware of trending malware family campaign and analysis for threat write ups for that follow up family. (example malware family - Emotet/Qakbot/AgentTesla etc..) Email security and Endpoint Security (EOP) Investigating the Phishing campaign and spam emails which users have received and reported. Threat Intelligence analysis/ Threat hunting Analyzing PE files (Dynamic and static analysis) and providing detection for malicious PE files.(RE/Malware Analysis) Analyzing non-PE file s (like OLE / PDF / HTML / HTA / VBS|VBE /JS/ WSF/JAR/LNK) and providing detection for malicious files. Malware Analysis and Reversing. Reverse Engineering skills: familiar with debuggers, disassemblers, network protocols, file formats, sandboxes, hardware/firmware internals, software communication mechanisms, Classification, clustering and labelling of Malware. Knowledge of Advanced Techniques of Malware Analysis. Knowledge of Malware kill chain and MITRE ATT&CK techniques and tactics. Knowledge of AV evasion techniques and Pen testing tools like - Veil (equal rank), PowerShell Empire, Meterpreter, Unicorn, Cactus Torch, and Any other similar tools Additionally, Experience with advanced persistent threats, human adversary compromises and incident response. Excellent cross-group and interpersonal skills, with the ability to articulate business need for detection improvements. Excellent analytical skills and ability to identify patterns and trends. Strong research skills, data knowledge, and ability to analyze and present complex data in a meaningful way. Strong understanding of Cyber Security, modern security problems and threat landscape, Operating Systems (internals), computer networking concepts. Required Skills: Olly DBG, IDA PRO, Static and dynamic malware analysis, PE and non-PE file analysis

As an India lead, Cyber Response, you will lead a team of talented and passionate cyber security professionals who are responsible for defending the cyber threats. You will be part of the global Cyber Response function and you will collaborate with your peers and stakeholders across the organisation. You will have a dual role of people leader and technical leader. You will use your extensive experience and skills in cyber incident response to guide and coach your team and occasionally be hands-on with the data and tools. You will also ensure that your team has the resources, support, and direction they need to perform their core mission. You will also contribute to the continuous improvement and maturity of the Cyber Response function, by driving innovation, quality, and efficiency in the processes, methods, and capabilities. You will need to have a strong background in managing and leading global teams, leading an operational SOC/IR function, and demonstrating excellent technical and leadership skills. Your key accountabilities will include: - Managing 24/7 Cyber Response function in India, including daily operations, escalation, quality, reporting, supplier management, etc - Leading and directing Cyber Response on major incidents as part of the global team - Uplifting the Cyber Response capability, methodology and tradecraft - Managing and reporting on operational performance and meeting KPIs and stretch targets - Contributing to strategy, planning and investment activities to enhance the Cyber Response capability - Leading and supporting projects delivering new Cyber Response capability or requiring integration to Cyber Response services, including requirements, delivery and operational acceptance - Working with stakeholders to improve BAU security posture and defence against current & emerging threats - Working closely with other related teams including Cyber Threat Intelligence, Red Team, Vulnerability Management and Application Security - Performing other related activities as required by Management

Choosing Capgemini means choosing a company where you will be empowered to shape your career in the way you’d like, where you’ll be supported and inspired bya collaborative community of colleagues around the world, and where you’ll be able to reimagine what’s possible. Join us and help the world’s leading organizationsunlock the value of technology and build a more sustainable, more inclusive world. Your Role Minimum 3-8 years’ experience assessing against standards and frameworks including one or more of the followingDOE C2M2, IEC-62243/ISA-99, NIST CSF, NERC CIP, etc. Minimum 3-5 years’ experience working with ICS technologies and/or environments on one or more of the followingSCADA, DCS, EMS, DMS, ADMS, PCN, RTUs, IACS, PLCs, HMIs, etc. Minimum 3-5 years working with cybersecurity functions of one or more of the followingvulnerability assessment and management processes, identity and access management, incident response and monitoring, etc. Problem-solving ability and strong analytical skills Experience of working with diverse teams and is a team player Relevant certifications (CISSP, GICSP, GRID, GCIP, etc.). Keep abreast with the latest technology trends and predictions Ability to drive the creation of prototypes and proof of concepts Able to effectively communicate, interact and influence business and operational stakeholders and partners Ability to deliver innovative solutions and consistently demonstrate customer outcomes. Primary Skills DOE C2M2 IEC-62243/ISA-99 NIST CSF NERC CIP

R1 RCM Inc. is a leading provider of technology-enabled revenue cycle management services which transform and solve challenges across health systems, hospitals and physician practices. Headquartered in Chicago, R1 is a publicly-traded organization with employees throughout the US and international locations. Our mission is to be the one trusted partner to manage revenue, so providers and patients can focus on what matters most. Our priority is to always do what is best for our clients, patients and each other. With our proven and scalable operating model, we complement a healthcare organizations infrastructure, quickly driving sustainable improvements to net patient revenue and cash flows while reducing operating costs and enhancing the patient experience. We are looking for a self-motivated Cybersecurity Analyst to join the R1 Cybersecurity Operations Team. We have a relentless focus on driving results for our customers and enabling them to invest more in patient care; in turn, this allows us to continue to grow our company and your career. The successful candidate must be well-versed in security operations, cyber security tools, intrusion detection, and secured networks. They will serve as an expert and be responsible for providing network and security operations technical analysis, assessment, and recommendations in the areas of real-time security situational awareness, operational network system and applications systems security monitoring. Responsibilities : Monitoring various security tools (e.g., Crowdstrike, Proofpoint, MS Sentinel, Azure VM ) to identify potential incidents, network intrusions, and malware events, etc. to ensure confidentiality, integrity, and availability of R1s architecture and information systems are protected Reviewing and analyzing log files to report any unusual or suspect activities. Utilize incident response use-case workflows to follow established and repeatable processes for triaging and escalating. Generating trouble tickets and performing initial validation and triage to determine whether incidents are security events using open-source intelligence (OSINT) Following established incident response procedures to ensure proper escalation, analysis and resolution of security incidents. Analyzing and correlating incident event data to develop preliminary root cause and corresponding remediation strategy. Providing technical support for new detection capabilities, recommendations to improve upon existing tools/capabilities to protect the R1s network, and assessments for High Value Assets. In this role, the successful candidate will maintain and monitor compliance with enterprise change management policies and procedures. Develop and maintain metrics & reports on the status of the R1 cyber security operations program. Attend and participate in Cyber security projects and the change management process. This includes interacting with business units and technical teams to understand what is coming and how their projects can be more secure from the beginning. As part of the overall Cybersecurity Operations Team, work in tandem with the security operations center (SOC), incident responders (when anomalous activity and host compromise occurs), and technology infrastructure and development team members. Participate in established incident response procedures to ensure proper escalation,analysisand resolution of security events and incidents. Managing and maintaining change detection and auditing tools Researching technology and application processing environments, operation, and associated user workflow to design, build, configure, implement, and document change compliance and audit rules within designated technologies. Reconciling changes detected by the system to authorized changes documented in service desk and change management applications. Analyzing large volumes of security event data from a variety of sources to identify suspicious and malicious activity. Documenting, logging and investigating security incidents. Performing case management throughout the incident lifecycle for moderately complex security incidents Design, build, and documenting security technology standards, processes, and operational workflows Operating and maintaining physical security monitoring systems Review, investigate, track, and monitor viruses and malware propagation and eradication throughout the enterprise. Monitoring compliance with enterprise security, compliance, and change management programs, policies, and processes Researching Threat Intelligence sources on the latest malware, trends, patches in order to keep the Security Program up-to-date. Providing metrics & reports on the status of tools, environments, and assets within the organization. Database and Application security to prevent attacks via Input Validation, Cross-Site Scripting, Buffer Overflowetc Required Qualifications : A minimum of 4 years of professional experience in an IT-related field Intermediate knowledge of security, monitoring, and networking technologies, tools, protocols and standards Knowledge of security policy, programs, process, and metrics CompTIA Security+ certification or equivalent professional experience in security operations Intermediate or advanced security, networking, or audit certification Recent experience with static and/or dynamic code review process Strong drive and passion to deliver distinctive end-products, a quick learner with a strong attention to detail and quality. Excellent interpersonal and communication skills Desired Qualifications: A Bachelors degree in a technical discipline (e.g., Computer Science, Business Analyst, etc.) Certification (or ability to obtain certification) in at least one of the following areasGeneral Security (CISSP), Incident Handling (GCIH), Cloud Security (GCLD, Cloud+, CCSK), and Ethical Hacking (CEH) Experience with advanced cyber security tools, network topologies, intrusion detection, and secured networks In-depth understanding of NIST SP 800-61,SOC 2 AICPA controls and frameworks. Working in an evolving healthcare setting, we use our shared expertise to deliver innovative solutions. Our fast-growing team has opportunities to learn and grow through rewarding interactions, collaboration and the freedom to explore professional interests. Our associates are given valuable opportunities to contribute, to innovate and create meaningful work that makes an impact in the communities we serve around the world. We also offer a culture of excellence that drives customer success and improves patient care. We believe in giving back to the community and offer a competitive benefits package. To learn more, visit:R1RCM.com. R1 RCM Inc. (the Company) is committed to the principles of equal employment opportunity. The Companys practices and employment decisions, including those regarding recruitment, hiring, assignment, promotion, compensation, benefits, training, discipline, and termination shall not be based on any persons age, color, national origin, citizenship status, physical or mental disability, medical condition, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status or any other characteristic protected by federal, state or local law. Furthermore, the Company is committed to providing a workplace free from harassment based on any of the foregoing protected categories. Working in an evolving healthcare setting, we use our shared expertise to deliver innovative solutions. Our fast-growing team has opportunities to learn and grow through rewarding interactions, collaboration and the freedom to explore professional interests. Our associates are given valuable opportunities to contribute, to innovate and create meaningful work that makes an impact in the communities we serve around the world. We also offer a culture of excellence that drives customer success and improves patient care. We believe in giving back to the community and offer a competitive benefits package. To learn more, visitr1rcm.com Visit us on Facebook

Scope of Position: The Senior Analyst for Cybersecurity will perform data analysis, incident response, investigative analysis, and research on existing and emerging cyber threats, particularly those directed against the company's global networks. You will be charged with part of leading the maturation and optimization of our EDR capability through the development of custom content that focuses on threat actor TTPs and reduces false positives. You will be expected to "think like an adversary" and engage in threat hunting operations leveraging your understanding of the tactics, techniques and procedures employed by advanced threats combined with intelligence from multiple sources and provide reporting and briefings to other teams and leadership to maintain appropriate levels of situational awareness. RESPONSIBILITIES: Review and build host-based detection content in EDR solutions such as Sentinel One, Microsoft Defender and other leading vendors. Perform network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output and mentor cyber analysts. Leverage understanding of tactics, techniques and procedures associated with advanced threats to create and evolve custom detections that mitigate highly dynamic threats to the enterprise. Proactively research advanced and emerging cyber threats, and apply analytical understanding of attacker methodologies, system vulnerabilities, and key indicators of attacks and exploits in threat hunting efforts Execute as needed in each of the six phases of incident response: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned Collaborate using information and knowledge sharing networks and professional relationships. Education and Experience: Bachelor's degree and 5+ years of threat analysis and/or incident response experience - additional years of relevant experience may be considered in lieu of Bachelor's degree Relevant certifications (CISSP, SANS GIAC, CEH, etc.) REQUIREMENTS: Threat analysis and/or incident response experience Understanding of cyber threat models, including ATT&CK, Cyber Kill Chain, Racetrack, Diamond Model, etc. Experience working with EDR tools Experience with a SIEM-type platform Experience performing analysis and correlation of log data and forensic artifacts from multiple sources. Must be proficient, verbally and in writing with the English language.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a skilled Incident Response Analyst with hands-on experience in Microsoft Sentinel to detect, investigate, and respond to security incidents. The role requires strong capabilities in log analysis and deep investigations to support the SOC team in protecting client environments. Roles & Responsibilities:-Monitor and investigate security alerts using Microsoft Sentinel SIEM.-Perform detailed log analysis from network devices, endpoints, and security tools.-Conduct incident triage, root cause analysis, and escalation as needed.-Collaborate with SOC analysts and other teams to contain and remediate threats.-Apply knowledge of attack techniques to identify and respond to threats effectively.-Assist in documenting incident response actions and reporting findings. Professional & Technical Skills: -4+ years experience in incident response or SOC analyst role.-Hands-on experience with Microsoft Sentinel or similar SIEM platforms.-Strong skills in log analysis and incident investigation.-Understanding of attack frameworks like MITRE ATT&CK is a plus.-Good communication skills and ability to work in a team environment.-Relevant security certifications (e.g., GCIH, SC-200) are a bonus. Additional Information:- The candidate should have minimum 3 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations, ensuring that all security measures align with organizational objectives and compliance standards. You will engage in discussions to refine security strategies and provide guidance on best practices, contributing to a secure cloud environment that supports the organization's growth and innovation. Roles & Responsibilities:- Architect and maintain scalable Microsoft Sentinel workspaces and data ingestion pipelines (Syslog, Azure AD, MDE, custom logs).- Develop and fine-tune advanced Sentinel analytics rules and watchlists.- Write and optimize complex KQL queries for threat hunting and anomaly detection.- Build and maintain automation workflows via Sentinel Playbooks (Logic Apps).- Conduct deep forensic analysis via MDE (Advanced Hunting, Live Response.- Analyze attacker TTPs leveraging MITRE ATT&CK within Sentinel and MDE environments.- Create and manage custom threat detection and incident enrichment logic.- Build and maintain SOAR playbooks to auto-contain threats (e.g., isolate devices, revoke tokens).- Mentor and train SOC analysts and engineers in Sentinel/MDE best practices.- Collaborate with detection engineers, cloud architects, and incident responders.- Participate in red/blue team exercises to continually improve detection maturity. Professional & Technical Skills: - Exp in Security Operations, Incident Response, or Cyber Threat Detection.- Expert-level KQL (Kusto Query Language) proficiency.- Proven experience in Sentinel rule authoring, hunting queries, and data modeling.- Strong background in SOAR automation (Microsoft Logic Apps).- Deep understanding of MITRE ATT&CK and its mapping to telemetry.- Familiarity with JSON, ARM templates, Azure Monitor, and Event Hub integration.- Experience integrating third-party tools and custom connectors into Sentinel.- Proficiency in PowerShell, REST APIs, and Azure Resource Manager.- SC-200:Microsoft Security Operations Analyst- SC-100:Microsoft Cybersecurity Architect- AZ-500:Microsoft Azure Security Technologies- GCFA/GCIA (SANS) for deep forensic or network detection background- MITRE ATT&CK Defender (MAD) certificate.- CISSP, CEH, or equivalent industry certifications -Strong problem-solving and analytical thinking.- Effective communicator with ability to explain complex issues to various stakeholders.- Passion for mentoring and knowledge-sharing within the security team.- Proactive, detail-oriented, and highly autonomous.- Comfortable working under pressure in high-stakes incident response situations.- Collaboration-first mindset with cross-functional teams (SOC, IR, Cloud, IT) Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Network Security Implementation Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build, and protect enterprise systems, applications, data, assets, and people. Your typical day will involve collaborating with various teams to implement security measures, conducting assessments to identify vulnerabilities, and ensuring that all systems are fortified against potential cyber threats. You will also engage in continuous monitoring and improvement of security protocols to safeguard the organization's information and infrastructure effectively. Roles & Responsibilities:- Expected to be an SME in design and implementation of Network security using multiple products.- Develop and execute robust security protocols to prevent security breaches.- Facilitate cross-departmental collaboration to ensure cohesive security policies across the organization- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Expected to provide solutions to problems that apply across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in security practices.- Conduct regular assessments of security measures to identify areas for improvement. Professional & Technical Skills: - Must To Have Skills: Proficiency in Network Security Operations and proven experience on Palo Alto and Cisco firewalls, Palo Alto Prisma Access, Cisco ISE- Good to have Skills: Network Load balancers preferably F5-BigIP, WAF- Strong understanding of cloud security principles and frameworks.- Experience with security incident response and management.- Knowledge of compliance standards and regulations related to cloud security.- Familiarity with security tools and technologies for threat detection and prevention. Additional Information:- The candidate should have minimum 10 years of continuous experience in Network Security Operations.- This position is based at our Bengaluru office.- 15 years full time education is required.- Willing to work in US Shift timings and WFH policy adherence. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Endpoint Extended Detection and Response Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a Lead EDR Engineer with expertise in Microsoft Defender for Endpoint (MDE) to lead its implementation, administration, and incident response. As the MDE expert, you will manage enterprise-wide deployment, optimize configurations, guide incident response efforts, and drive endpoint security strategy in collaboration with cross-functional teams. You will lead EDR strategy design, mentor security teams, and drive defense against advanced threats using MITRE ATT&CK-aligned frameworks. Roles & Responsibilities:-Lead deployment and configuration of Microsoft Defender for Endpoint across all supported platforms.-Customize and manage endpoint security policies, attack surface reduction rules, and threat protection settings.-Monitor security alerts and endpoint telemetry to detect and analyze threats.-Conduct investigations using Microsoft 365 Defender and advanced hunting (KQL) capabilities.-Respond to incidents by initiating remediation actions (e.g., isolate endpoints, remove malware, collect forensic data/Artifacts).-Collaborate with the SOC to provide timely incident resolution and root cause analysis.-Tune detection rules and policies to reduce false positives and enhance protection.-Maintain up-to-date documentation, playbooks, and response procedures.-Provide recommendations to improve the organizations endpoint security posture.-Mentor junior analysts and engineers on best practices for MDE and incident response workflows.-Provide executive-level reporting on threat trends, incident metrics, and risk posture.-Perform gap analysis on endpoint security to identify and address areas of improvement.-Build and maintain SOAR playbooks to auto-contain threats (e.g., isolate devices, revoke tokens).-Stay current on emerging threats and align defense strategies with frameworks like MITRE ATT&CK. Professional & Technical Skills: -68+ years of experience in MDE/EDR implementations and security operations.-Strong background in SOAR automation (Microsoft Logic Apps).-Deep technical knowledge of endpoint protection, threat detection, and incident response workflows.-Proficiency in Microsoft security stack:M365 Defender, Intune, Azure AD, and Sentinel. -Strong command of KQL for custom detections and threat hunting.-Experience with scripting (PowerShell), automation, and EDR tooling integrations is a plus.-Experience with Halcyon and CrowdStrike EDR is a plus and considered an added advantage.- Prefered Certifications SC-200:Microsoft Security Operations Analyst,SC-100:Microsoft Cybersecurity Architect,AZ-500:Microsoft Azure Security Technologies,MITRE ATT&CK Defender (MAD) certs,CISSP, CEH, or equivalent industry certifications Additional Information:- The candidate should have minimum 5 years of experience in Endpoint Extended Detection and Response.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Splunk Security Information and Event Management (SIEM) Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your security skills to design, build, and protect enterprise systems, applications, data, assets, and people. A typical day involves collaborating with various teams to implement security measures, monitoring systems for vulnerabilities, and responding to potential threats to ensure the integrity and safety of the organization's information and infrastructure. You will engage in proactive measures to safeguard against cyber threats while continuously improving security protocols and practices. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct regular security assessments and audits to identify vulnerabilities.- Develop and implement security policies and procedures to enhance organizational security. Professional & Technical Skills: - Must To Have Skills: Proficiency in Splunk Security Information and Event Management (SIEM).- Strong understanding of security protocols and best practices.- Experience with incident response and threat analysis.- Familiarity with network security technologies and tools.- Knowledge of compliance standards and regulations related to information security. Additional Information:- The candidate should have minimum 2 years of experience in Splunk Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Data Loss Prevention (DLP) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build, and protect enterprise systems, applications, data, assets, and people. A typical day involves collaborating with various teams to implement security measures, conducting assessments to identify vulnerabilities, and ensuring that all systems are fortified against potential cyber threats. You will also engage in continuous monitoring and improvement of security protocols to safeguard sensitive information and maintain compliance with industry standards. Roles & Responsibilities:- Expected to be an SME in DLP and Data masking solution implementation and support.- Collaborate and manage the team to perform.- Demonstrates excellent problem-solving skills and the ability to collaborate effectively with diverse stakeholders- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Conduct regular security assessments and audits to identify vulnerabilities and recommend improvements.- Develop and implement security policies and procedures to ensure compliance with industry standards. Professional & Technical Skills: - Must Have Skills: Proficiency in Proofpoint and Microsoft Purview Data Loss Prevention (DLP) tools, Varonis Data Discovery and Data masking.- Creation of DLP detection and prevention policies- DLP agents compliance and incident monitoring- DLP agent upgradation- Design and implementation of Data masking solution across enterprise-wide applications- Perform Sensitive Data Discovery and analysis across enterprise data repositories- Create Technical documentation and installation/administration manuals- Strong understanding of risk management and mitigation strategies.- Experience with security frameworks and compliance standards such as ISO 27001, NIST, or GDPR, HIPAA, HiTrust- Familiarity with incident response and threat intelligence processes.- Knowledge of network security protocols and technologies. Additional Information:- The candidate should have minimum 8 years of experience in Data Loss Prevention (DLP) and Data Discovery- Good to have experience in Health care industry - Certifications on Proofpoint, Varonis is preferred.- This position is based in Coimbatore.- Willing to work in US shifts including support in late IST hours. Willing to work in office adhering to current HR policies.- A 15 years full time education is required. Qualification 15 years full time education

Expertise on Endpoint Security as in DLP, AV, EDR/EPP solutions Experience with EDR tools (e.g., SentinelOne, CrowdStrike) and anti-virus/anti-malware solutions. Proficiency in analyzing and mitigating endpoint security threats and managing endpoint protection policies. SIEM and Incident ResponseHands-on experience with SIEM platforms (e.g., Splunk, QRadar, Microsoft Sentinel). Strong skills in incident response, threat hunting, and forensic investigation. Access and Identity ManagementFamiliarity with IAM concepts and tools, including MFA and SSO solutions. Experience with configuring and troubleshooting access control for network and endpoint systems. Automation and ScriptingBasic scripting abilities (e.g., Python, PowerShell) for automating security processes. Excellent analytical and problem-solving skills. Effective communication skills for interacting with team members and stakeholders. Ability to work in a fast-paced environment and handle high-stakes incidents. Certifications (Preferred) CompTIA Security+, Cisco CCNA Security, Certified Ethical Hacker (CEH), or other relevant security certifications. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 10 years of experience in security & infrastructure administration Experience on any Products for Implementation & Operations in SIEM, Nessus, CEH, Qualys guard, Vulnerability Assessment and Penetration Testing, Network Security, Web Application Expertise of handling industry standard risk, governance and security standard methodologies and incident response processes (detection, triage, incident analysis, remediation and reporting). have shown attention to detail and interpersonal skills and expertise to oversee input and develop relevant metrics and Competence with Microsoft Office, e.g. Word, Presentation, Excel, Visio, etc Preferred technical and professional experience Ability to multitask and work independently with minimal direction and maximum accountability. One or more security certifications. (CEH, Security+, GSEC, GCIH, etc).

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Data Loss Prevention (DLP) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build, and protect enterprise systems, applications, data, assets, and people. A typical day involves collaborating with various teams to implement security measures, conducting assessments to identify vulnerabilities, and ensuring that all systems are fortified against potential cyber threats. You will also engage in continuous monitoring and improvement of security protocols to safeguard sensitive information and maintain compliance with industry standards. Roles & Responsibilities:- Expected to be an SME in DLP and Data masking solution implementation and support.- Collaborate and manage the team to perform.- Demonstrates excellent problem-solving skills and the ability to collaborate effectively with diverse stakeholders- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Conduct regular security assessments and audits to identify vulnerabilities and recommend improvements.- Develop and implement security policies and procedures to ensure compliance with industry standards. Professional & Technical Skills: - Must Have Skills: Proficiency in Proofpoint and Microsoft Purview Data Loss Prevention (DLP) tools, Varonis Data Discovery and Data masking.- Creation of DLP detection and prevention policies- DLP agents compliance and incident monitoring- DLP agent upgradation- Design and implementation of Data masking solution across enterprise-wide applications- Perform Sensitive Data Discovery and analysis across enterprise data repositories- Create Technical documentation and installation/administration manuals- Strong understanding of risk management and mitigation strategies.- Experience with security frameworks and compliance standards such as ISO 27001, NIST, or GDPR, HIPAA, HiTrust- Familiarity with incident response and threat intelligence processes.- Knowledge of network security protocols and technologies. Additional Information:- The candidate should have minimum 8 years of experience in Data Loss Prevention (DLP) and Data Discovery- Good to have experience in Health care industry - Certifications on Proofpoint, Varonis is preferred.- This position is based in Coimbatore.- Willing to work in US shifts including support in late IST hours. Willing to work in office adhering to current HR policies.- A 15 years full time education is required. Qualification 15 years full time education