324 Logrhythm Jobs

Position Description: Provides overall engineering support for the Splunk platform. Team is responsible for ingesting all required logs (on-prem and multi-cloud) to be used by the Security Operations Team for investigations and monitoring. Guide and mentor team members. Serves as a level 2 escalation point for the L1 team. Position Summary: Work with IT Teams to remediate server vulnerabilities related to SIEM tool. Ingest required security logs per Voya policy. Develop and maintain weekly and monthly metrics reporting around security tooling coverage. Create and maintain cloud tenant and subscription logging alerts to proactively identify log outages and/or missing logs. Level 2 triage and troubleshooting of incident tickets related to ingestion outages Perform weekend validations and change work during established maintenance windows. Maintain currency by planning and organizing upgrades to maintain N-1 version. Create and maintain Runbooks for related processes. Participate in DR exercises. Gather and submit evidence for audit requests. Good knowledge on CRIBL. Knowledge & Experience: 4+ years experience in related IT Security field, 2+ years Splunk experience Change management experience Strong analytical and problem-solving skills Experience deploying and supporting tools in a large environment (on-prem and multi-cloud). Strong written, verbal communication skills and interpersonal skills across with the ability to communicate with non-technical end users as well as technical IT teams. Technical Expertise: Linux experience Python experience Powershell experience Splunk certifications CRIBL certification

About The Company Tata Communications Redefines Connectivity with Innovation and IntelligenceDriving the next level of intelligence powered by Cloud, Mobility, Internet of Things, Collaboration, Security, Media services and Network services, we at Tata Communications are envisaging a New World of Communications Experience in SIEM Tool like ArcSight, LogRhythm SIEM, Threat Intelligence, Malware Analysis, Incident Response Responsible for the technical Administration or troubleshooting in SIEM ensuring the efficient functionality of the solution Responsible for Incident Validation, Incident Analysis, Solution Recommendation, Good knowledge on implementation, installation, integration troubleshooting and overall functionalities of Arcsight ArcSight rule base fine tuning, Ongoing log source modifications, Configuration/policy changes, General SIEM Administration, SIEM Content Development Troubleshooting of an incident within IT Security incident response teams of SOC. Apply investigation techniques to document root cause and impact of detected computer security incidents Maintains awareness of new and emerging cyber-attack threats with potential to harm company systems and networks. Devises and implements countermeasures to mitigate potential security threats. Assists with the development and maintenance of IT security measurement and reporting systems to aid in monitoring effectiveness of IT Security programs. Assists with the development, revision, and maintenance of Standard Operating Procedures and Working Instructions related to IT Security. Good Coordination skills with various other teams for faster resolution/completion. Good to have threat hunting knowledge. Education/Skills BE/B.Tech or equivalent with minimum 5-8 years of experience Work experience of minimum 3 years in SOC Incident Handling, Incident Response Trend Analysis, administration/monitroing of SIEM Tool like ArcSight, LogRhythm SIEM, Threat Intelligence, Malware Analysis, Ability to adapt and follow the processes and guidelines Possess an impeccable work ethic and a high degree of integrity Good Analytical & Problem Solving skills Able to communicate with technical staff/management Flexible to work in 24/7 environments Highly motivated & customer centric

About The Company Tata Communications Redefines Connectivity with Innovation and IntelligenceDriving the next level of intelligence powered by Cloud, Mobility, Internet of Things, Collaboration, Security, Media services and Network services, we at Tata Communications are envisaging a New World of Communications Experience in SIEM Tool like ArcSight, LogRhythm SIEM, Threat Intelligence, Malware Analysis, Incident Response Responsible for the technical Administration or troubleshooting in SIEM ensuring the efficient functionality of the solution Responsible for Incident Validation, Incident Analysis, Solution Recommendation, Good knowledge on implementation, installation, integration troubleshooting and overall functionalities of Arcsight ArcSight rule base fine tuning, Ongoing log source modifications, Configuration/policy changes, General SIEM Administration, SIEM Content Development Troubleshooting of an incident within IT Security incident response teams of SOC. Apply investigation techniques to document root cause and impact of detected computer security incidents Maintains awareness of new and emerging cyber-attack threats with potential to harm company systems and networks. Devises and implements countermeasures to mitigate potential security threats. Assists with the development and maintenance of IT security measurement and reporting systems to aid in monitoring effectiveness of IT Security programs. Assists with the development, revision, and maintenance of Standard Operating Procedures and Working Instructions related to IT Security. Good Coordination skills with various other teams for faster resolution/completion. Good to have threat hunting knowledge. Education/Skills BE/B.Tech or equivalent with minimum 5-8 years of experience Work experience of minimum 3 years in SOC Incident Handling, Incident Response Trend Analysis, administration/monitroing of SIEM Tool like ArcSight, LogRhythm SIEM, Threat Intelligence, Malware Analysis, Ability to adapt and follow the processes and guidelines Possess an impeccable work ethic and a high degree of integrity Good Analytical & Problem Solving skills Able to communicate with technical staff/management Flexible to work in 24/7 environments Highly motivated & customer centric

Cybersecurity at Providence is responsible for appropriately protecting all information relating to its caregivers and affiliates, as well as protecting its confidential business information (including information relating to its caregivers, affiliates, and patients) What will you be responsible for? Lead the design and implementation of data ingestion from diverse sources, various mechanisms for integration and normalization of logs. Extension of pre-built UDMs in and creation of custom parsers where required for log sources. Integration of SIEM with other security capabilities and tools such as SOAR, EDR, threat intelligence platform, and ticketing systems. Write custom actions, scripts and/or integrations to extend SIEM platform functionality. Monitor performance and perform timely actions to scale SIEM deployment, especially in a very high-volume security environment. Testing and deployment of newly created and migrated assets such as rules, playbooks, alerts, dashboards etc. Lead and oversee deployment, operation, and maintenance of the global EDR platform. What would your work week look like? Design and implement solutions to handle alert fatigue encountered in SIEM correlation. Guide on building or maturing cloud security programs and the implementation of tools and approaches used for improving cloud security. Debug and solve issues in ingestion, parsing, normalization of data etc. Develop custom queries, detection rules, workbooks, and automation playbooks to improve threat detection and response efficiency. Collaborate with threat analysts and incident response teams to triage, investigate, and respond to security alerts and incidents. Provide technical guidance in security best practices, incident response procedures, and threat hunting using security tools. Coordinate with service delivery managers, management, engineering, maintenance, and operational support teams to ensure timely delivery. Create and maintain documentation for SIEM & EDR configurations, procedures, and playbooks. Provide support response to other security teams in respect to the EDR platform. Who are we looking for? Bachelor s degree in related filed, to include computer science, or equivalent combination of education and experience. 8+ years’ experience in leading projects and delivering technical solutions related to security. Experience architecting, developing, or maintaining SIEM and SOAR platforms & secure Cloud solutions. Strong understanding of SIEM & EDR solutions such as Splunk, Crowdstrike, LogRhythm and Sentinel. Good understanding of log collection methodologies and aggregation techniques such as Syslog-NG, syslog, Nxlog, Windows Event Forwarding. Good understanding of MITRE ATT&CK framework, kill chains and other attack models. Proficiency in scripting languages (e.g., Python, PowerShell) for automation purposes. Strong verbal and written communication skills and the ability to develop high-quality. Relevant certifications (e.g., CISSP, CCNP Security) are a plus.

Cybersecurity at Providence is responsible for appropriately protecting all information relating to its caregivers and affiliates, as well as protecting its confidential business information (including information relating to its caregivers, affiliates, and patients) What will you be responsible for? Lead the design and implementation of data ingestion from diverse sources, various mechanisms for integration and normalization of logs. Extension of pre-built UDMs in and creation of custom parsers where required for log sources. Integration of SIEM with other security capabilities and tools such as SOAR, EDR, threat intelligence platform, and ticketing systems. Write custom actions, scripts and/or integrations to extend SIEM platform functionality. Monitor performance and perform timely actions to scale SIEM deployment, especially in a very high-volume security environment. Testing and deployment of newly created and migrated assets such as rules, playbooks, alerts, dashboards etc. Lead and oversee deployment, operation, and maintenance of the global EDR platform. What would your work week look like? Design and implement solutions to handle alert fatigue encountered in SIEM correlation. Guide on building or maturing cloud security programs and the implementation of tools and approaches used for improving cloud security. Debug and solve issues in ingestion, parsing, normalization of data etc. Develop custom queries, detection rules, workbooks, and automation playbooks to improve threat detection and response efficiency. Collaborate with threat analysts and incident response teams to triage, investigate, and respond to security alerts and incidents. Provide technical guidance in security best practices, incident response procedures, and threat hunting using security tools. Coordinate with service delivery managers, management, engineering, maintenance, and operational support teams to ensure timely delivery. Create and maintain documentation for SIEM & EDR configurations, procedures, and playbooks. Provide support response to other security teams in respect to the EDR platform. Who are we looking for? Bachelor s degree in related filed, to include computer science, or equivalent combination of education and experience. 8+ years’ experience in leading projects and delivering technical solutions related to security. Experience architecting, developing, or maintaining SIEM and SOAR platforms & secure Cloud solutions. Strong understanding of SIEM & EDR solutions such as Splunk, Crowdstrike, LogRhythm and Sentinel. Good understanding of log collection methodologies and aggregation techniques such as Syslog-NG, syslog, Nxlog, Windows Event Forwarding. Good understanding of MITRE ATT&CK framework, kill chains and other attack models. Proficiency in scripting languages (e.g., Python, PowerShell) for automation purposes. Strong verbal and written communication skills and the ability to develop high-quality. Relevant certifications (e.g., CISSP, CCNP Security) are a plus.

Level - L4 Reports to: SOC Head Position Summary: The SOC Lead will lead the operations of the Security Operations Centre (SOC). The candidate should have deep expertise in security monitoring, incident response, threat intelligence and security technologies. This role is critical in safeguarding digital assets and ensuring rapid detection, response and mitigation of security incidents. Key Responsibilities: Lead and manage the day-to-day operations of the Security Operations Centre (SOC) team. Oversee monitoring, detection, analysis, and response to security incidents using SIEM tools and other security technologies. Oversee tuning and optimization of SIEM platforms (e.g. Azure sentinel, LogRhythm, Splunk, QRadar, Wazuh etc.) Develop, implement, and maintain SOC processes, procedures, and playbooks to ensure effective incident response. Perform threat hunting and proactive analysis to identify emerging threats. Manage and mentor SOC analysts, providing training and professional development. Conduct root cause analysis and prepare detailed incident reports and recommendations. Drive continuous improvement in SOC capabilities through adoption of new tools and technologies. Participate in security audits, assessments, and vulnerability management initiatives. Stay up-to-date with the latest threat trends, vulnerabilities and regulatory requirements. Required Qualifications: Minimum 12 years of professional experience in cybersecurity, with at least 8 years in a SOC environment. Deep understanding of networking, system administration, cloud environments (AWS/Azure/GCP) and security architecture. Experience with EDR, SIEM, SOAR, IDS/IPS, firewalls and forensic tools. Strong knowledge of malware analysis, log correlation, threat hunting and vulnerability management. Strong analytical and problem-solving skills with an investigative mindset. Excellent communication skills for technical and executive-level reporting. Preferred Certifications: CISSP, GCIA, GCIH, CEH, OSCP, Security+, CySA+ or similar. SIEM-specific certifications (e.g. Azure Sentinel, LogRhythm, Splunk etc). Education: BE CSE/IT or a related field, MCA with 60%+ throughout the academics.

About Providence At Providence, we are grounded in our goal to serve all as we engineer the future of healthcare Providence Global Innovation Center, launched in Feb 2020, is the first development and innovation center of Providence outside the United States Providence is a $26B non-profit organization and is one of the largest health systems in the United States To read more, click here Why Us Best In-class Benefits Inclusive Leadership Challenging Work Competitive Pay Employee Friendly Policies Location: Hyderabad How is this team contributing to the vision of Providence We, at Enterprise Services, the healthcare consulting and services arm of Providence India, help build technology solutions that modernize and simplify each step of the healthcare delivery process And we do that by putting the patient and the provider at the center of everything we do Using the most promising and practical ideas, combined with the experience and expertise from people from the healthcare industry, we are creating experiences that work for care facilities, their patients and move us ahead on our mission of ?Health for a better world ?, What will you be responsible for Participate and advance the Security Monitoring and Incident Response capability operating out of India, Be part of Global Security Operations Center (SOC) Ensure seamless delivery of monitoring service & timely response on the incidents, Conduct Cyber Incident Response Team (CIRT) activities, including forensic analysis, Develop and implement operational processes and standards for security incident response and operational security tasks, Collaborate with the other security teams to identify, investigate, and respond to major incidents, Ensure that the incident response processes are kept up-to date and well-rehearsed during any real cyber-attacks or cyber drill, Support Engineering efforts such as platform management upgrades and changes and tool integration, Support other security operations functions as directed including development and testing of automation, Report and optimize key Security Operations metrics, Oversee emerging cyber threats, proactive modelling, threat validation, What would your day look like Create and maintain SOC Playbooks, SOPs, and Training materials, manage shifts, onboarding, and training for SOC Engineers, Perform all tasks required per shift including reporting, monitoring, and turnover logs, Perform security log analysis during Information Security related events, identifying and reporting possible security breaches, incidents, and violations of security policies, Process alerts, identify, investigate, and respond to security incidents adhering to Service Level Agreement (SLA) Utilize ticketing system and standard operating procedures effectively, Escalate critical incidents that require management attention in a timely manner and provide timely updates, Participate and create detailed incident reports Contribute to lessons learned in collaboration with the appropriate team, Who are we looking for 4-year University (Bachelors) degree in Computer Science, Information Technology, or STEM fields, or equivalent experience, 4+ years of relevant post-qualification experience, with at least three (3) years in Security Operations Center (SOC) environment Hands on experience and knowledge to monitoring tools like LogRhythm, DataDog, Sentinel, Splunk, ArcSight, QRadar etc Preferred experience in SOAR (Security Orchestration Automation Response) platform, Experience with Scripting or programming (Shell scripting, Power Shell, Python, KQL etc ) Working experience or knowledge of security monitoring in Cloud environment (Azure, Google Cloud, etc ), Knowledge of threat centric frameworks Cyber Kill Chain, MITRE ATT&CKand NIST Cyber Security Framework, Experience with writing/creation of formal documentation such as reports, slide decks, and architecture diagrams Preferred SSCP, EC-Council CSA, CompTIA CYSA+, SANS GCIH / GSOC certification, Technical skills in security operations, monitoring and event analysis, incident response and reporting Show more Show less

Job Description About KPMG in India KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. Responsibilities Actively monitoring, analysing & escalating SIEM alerts based on correlation rules, Email protection alerts & malware analysis using Azure Sentinel, Defender for end point, Defender for Identity , Provide inputs for proactive content fine tuning & use case enablement, Active threat hunting on network flow, user behaviour & threat intelligence, Phishing email analysis for MFs, Raising incidents in Pastebin inte Should be familiar with Domain Knowledge (Cyber Security), Threat Hunting, SIEM- Azure Sentinel, SIEM - (RSA / Splunk / LogRhythm), Python Scripting, Windows Active Directory, Operating systems and servers. Ability to Triage and assignment Incident Handling. Ability to Follow Playbooks instructions- Incident Response Playbooks Ability to Comprehend Logs (HTTP, SMTP, Network) (Under guidance) Understand and imbibe current SOC process Perform quality assessment on SOC operations being performed as per existing process Record and deviations identified into tracking tool(s)/spreadsheets Perform follow-ups with respective error owners to mitigate process deviations Identify process deviations, Summarize and generate trends, patterns into process deviations / errors observed. Perform RCA into observed errors / trends and generate recommendations for process improvement Generate personnel specific recommendations for performance enhancement Qualifications BE/B.Tech/Post-Grad/ Graduate or Postgraduate in any other discipline 2-4 years of relevant experience. Candidates should be okay to work in rotational shifts. Good to have - Certifications - CSA (Certified SoC Analyst), CISM and CCSP, Certifications from Microsoft Azure Suite Candidates having SOC experience would be preferred Well versed in Microsoft productivity tools such as Word, PowerPoint and Excel An understanding of concepts of analytics and should be able to generate trends, drill downs, and various graphical representations Windows / Azure / AWS infrastructure knowledge will have added advantage Experience in Windows security tools like Defender for office, Defender for identity, Sentinel and other Microsoft security tools will have added advantage Excellent written and oral communication skills

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Operational Technology (OT) Security Good to have skills : Security Information and Event Management (SIEM) Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a experienced Level 3 SOC Analyst, will lead advanced security incident investigations, develop detection use cases, improve security monitoring, and provide deep technical support to L1 and L2 SOC analysts, act as a technical escalation point for critical incidents, threat hunting, and cyber threat intelligence integration. Roles & Responsibilities:-Lead in-depth investigation of security incidents (e.g., malware outbreaks, phishing, data exfiltration, insider threats).-Perform root cause analysis and attack vector tracing for complex security incidents which involve OT system and IT systems.-Monitor OT network and security logs via SIEM and other monitoring tools to identify potential threats and anomalies. Also Design and tune detection rules and correlation logic in SIEM platforms. -Proactively hunt for threats using IOC, behavioral analytics, and threat intelligence feeds.-Correlate internal security data with threat intel to identify attacker TTPs using frameworks like MITRE ATT&CK.-Serve as Tier 3 escalation for complex security alerts and incidents. Also mentor and guide L1 and L2 analysts on investigation techniques, triage steps, and reporting standards.-Technical Expertise in SIEM, EDR, Threat Intel, Forensics Tools.-Strong knowledge of MITRE ATT&CK, Cyber Kill Chain, and TTP-based detectionProfessional & Technical Skills: -experience in SOC operations, cybersecurity analysis, or incident response.- experience in OT/ICS environments or critical infrastructure cybersecurity will be added advantage.-Proficient in SIEM platforms (e.g., Splunk, QRadar, LogRhythm, Securonix) and security monitoring tools.- Act as SME for security tools including SIEM, EDR, SOAR, IDS/IPS, threat intel platforms, and sandbox environment Additional Information:- The candidate should have a minimum of 5 years of experience in Operational Technology (OT) Security.- This position is based at our Bengaluru office.- A 15 years full-time education is required. Qualification 15 years full time education

Calling all innovators – find your future at Fiserv. We’re Fiserv, a global leader in Fintech and payments, and we move money and information in a way that moves the world. We connect financial institutions, corporations, merchants, and consumers to one another millions of times a day – quickly, reliably, and securely. Any time you swipe your credit card, pay through a mobile app, or withdraw money from the bank, we’re involved. If you want to make an impact on a global scale, come make a difference at Fiserv. Job Title Professional, Cyber Security What does a great Incident Handler do? Great incident handler is a senior-level professional with extensive experience and expertise in handling complex and critical security incidents. They serve as a part of an incident response team and are responsible for more challenging and escalated incidents that could have significant impacts on an organization's security. What You will do: Incident Analysis: Conducting in-depth analysis of complex security incidents to understand the scope, impact, and root cause of the incident. Incident Response: Leading and coordinating the response efforts to contain and remediate the incident effectively. Forensics: Conducting digital forensics and detailed investigations to collect evidence and identify the source and extent of the breach. Malware Analysis: Analyzing sophisticated malware and understanding its behavior and capabilities to develop appropriate countermeasures. Vulnerability Research: Staying updated with the latest security vulnerabilities and emerging threats to improve the organization's defenses proactively. Threat Intelligence: Utilizing threat intelligence to identify and counter potential threats targeting the organization. Incident Documentation: Ensuring comprehensive and accurate documentation of incident response activities, findings, and lessons learned for future reference. Collaboration: Working closely with other teams, such as Tier 1 and Tier 2 incident handlers, IT teams, legal, and management, to address incidents effectively. Security Improvement: Proposing and implementing measures to enhance the organization's security posture based on incident findings and lessons learned. Continuous Learning: Keeping up with the latest trends, tools, and best practices in incident handling and cybersecurity to stay effective in the role. What You Will Need to Have: 5 to 8 years of professional Cybersecurity incident handling experience in a Security Monitoring Center or a Security Operating Center environment. Experience with Security Information Event Management (SIEM) tools, creating advanced co-relation rules, administration of SIEM, system hardening, and Vulnerability Assessments. Detailed understanding of network architectures and services (routing, switching, web, DNS, email). Perl, Python and REST API scripting experience for automation of manual security event data review and analysis. Should have expertise on TCP/IP network traffic and event log analysis. Knowledge and hands-on experience with LogRhythm, QRadar, Arcsight, Mcafee epo, NetIQ Sentinel or any SIEM tool. Knowledge of ITIL disciplines such as Incident, Problem and Change Management Education: Bachelor or Masters of Science in Information Security, Computer Science, Risk Management, Information Technology, Engineering, Mathematics. Will consider equivalent relevant experience. What Would Be Great to Have: Threat Hunting skills Reverse Malware analysis Harvesting Cyber Threat Intelligence Thank you for considering employment with Fiserv. Please: Apply using your legal name Complete the step-by-step profile and attach your resume (either is acceptable, both are preferable). Our commitment to Diversity and Inclusion: Fiserv is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, gender, gender identity, sexual orientation, age, disability, protected veteran status, or any other category protected by law. Note to agencies: Fiserv does not accept resume submissions from agencies outside of existing agreements. Please do not send resumes to Fiserv associates. Fiserv is not responsible for any fees associated with unsolicited resume submissions. Warning about fake job posts: Please be aware of fraudulent job postings that are not affiliated with Fiserv. Fraudulent job postings may be used by cyber criminals to target your personally identifiable information and/or to steal money or financial information. Any communications from a Fiserv representative will come from a legitimate Fiserv email address.

Calling all innovators – find your future at Fiserv. We’re Fiserv, a global leader in Fintech and payments, and we move money and information in a way that moves the world. We connect financial institutions, corporations, merchants, and consumers to one another millions of times a day – quickly, reliably, and securely. Any time you swipe your credit card, pay through a mobile app, or withdraw money from the bank, we’re involved. If you want to make an impact on a global scale, come make a difference at Fiserv. Job Title Professional, Cyber Security What does a great Incident Handler do? Great incident handler is a senior-level professional with extensive experience and expertise in handling complex and critical security incidents. They serve as a part of an incident response team and are responsible for more challenging and escalated incidents that could have significant impacts on an organization's security. What You Will Do Incident Analysis: Conducting in-depth analysis of complex security incidents to understand the scope, impact, and root cause of the incident. Incident Response: Leading and coordinating the response efforts to contain and remediate the incident effectively. Forensics: Conducting digital forensics and detailed investigations to collect evidence and identify the source and extent of the breach. Malware Analysis: Analyzing sophisticated malware and understanding its behavior and capabilities to develop appropriate countermeasures. Vulnerability Research: Staying updated with the latest security vulnerabilities and emerging threats to improve the organization's defenses proactively. Threat Intelligence: Utilizing threat intelligence to identify and counter potential threats targeting the organization. Incident Documentation: Ensuring comprehensive and accurate documentation of incident response activities, findings, and lessons learned for future reference. Collaboration: Working closely with other teams, such as Tier 1 and Tier 2 incident handlers, IT teams, legal, and management, to address incidents effectively. Security Improvement: Proposing and implementing measures to enhance the organization's security posture based on incident findings and lessons learned. Continuous Learning: Keeping up with the latest trends, tools, and best practices in incident handling and cybersecurity to stay effective in the role. What You Will Need To Have 5 to 8 years of professional Cybersecurity incident handling experience in a Security Monitoring Center or a Security Operating Center environment. Experience with Security Information Event Management (SIEM) tools, creating advanced co-relation rules, administration of SIEM, system hardening, and Vulnerability Assessments. Detailed understanding of network architectures and services (routing, switching, web, DNS, email). Perl, Python and REST API scripting experience for automation of manual security event data review and analysis. Should have expertise on TCP/IP network traffic and event log analysis. Knowledge and hands-on experience with LogRhythm, QRadar, Arcsight, Mcafee epo, NetIQ Sentinel or any SIEM tool. Knowledge of ITIL disciplines such as Incident, Problem and Change Management Education Bachelor or Masters of Science in Information Security, Computer Science, Risk Management, Information Technology, Engineering, Mathematics. Will consider equivalent relevant experience. What Would Be Great To Have Threat Hunting skills Reverse Malware analysis Harvesting Cyber Threat Intelligence Thank You For Considering Employment With Fiserv. Please Apply using your legal name Complete the step-by-step profile and attach your resume (either is acceptable, both are preferable). Our Commitment To Diversity And Inclusion Fiserv is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, gender, gender identity, sexual orientation, age, disability, protected veteran status, or any other category protected by law. Note To Agencies Fiserv does not accept resume submissions from agencies outside of existing agreements. Please do not send resumes to Fiserv associates. Fiserv is not responsible for any fees associated with unsolicited resume submissions. Warning About Fake Job Posts Please be aware of fraudulent job postings that are not affiliated with Fiserv. Fraudulent job postings may be used by cyber criminals to target your personally identifiable information and/or to steal money or financial information. Any communications from a Fiserv representative will come from a legitimate Fiserv email address.

About The Company Tata Communications Redefines Connectivity with Innovation and IntelligenceDriving the next level of intelligence powered by Cloud, Mobility, Internet of Things, Collaboration, Security, Media services and Network services, we at Tata Communications are envisaging a New World of Communications Job Description Responsible for end-to-end implementation and configuration of SIEM(LogRhythm) and SOAR(Cortex) solutions across customer environments Onboard diverse log sources (cloud, on-prem, endpoint, network) into the LogRhythm SIEM platform and normalize data(Including Supported and Non Supported Devices) Design and implement Standard and Custom detection rules, dashboards, and Reports. Including UEBA, NBA, MITRE, Logsource based and Cross Correlation Usecases Collaborate with SOC, threat intel, TPM and Internal teams to enhance security posture and streamline incident response. Troubleshoot log ingestion and parsing errors. Implement threat intelligence integration to enrich alerts and improve contextual awareness. Ensure compliance with security best practices, frameworks (e.g., MITRE ATT&CK, NIST) Provide documentation, runbooks, LLDs to Operations team as part of Handover Stay current with emerging threats, tools, and technologies in the SIEM/SOAR ecosystem. Collaborate with Assurance team to ensure Smooth handover of projects, follow and adhere to defined Responsibilities Design, implement, and maintain LogRhythm SIEM, Cortex SOAR, and LogRhtyhm UEBA solutions across cloud and on-premise environments. Collaborate with stakeholders to gather and analyze security monitoring and automation requirements. Onboard, parse, and normalize data from diverse log sources including cloud (AWS, GCP, Azure), EDRs, firewalls, proxies, and identity systems. Develop and fine-tune correlation rules, detection use cases, and alerting logic based on attacker TTPs (aligned to MITRE ATT&CK). Configure and customize UEBA models to detect abnormal user and entity behavior (e.g., data exfiltration, lateral movement). Integrate third-party threat intelligence feeds for enrichment and contextual detection. Conduct testing, tuning, and validation of detection and response logic to reduce false positives and improve fidelity. Provide Level 2 support for SIEM/SOAR/UEBA issues during project delivery lifecycle and work closely with SOC, TPM and Customer teams Prepare technical documentation, runbooks and LLDs Continuously monitor industry trends, product updates, and threat intelligence to improve detection coverage. Desired Skill sets Hands-on experience with SIEM platforms Experience with SOAR platforms Proficiency with UEBA solutions Strong understanding of log parsing, normalization, and data onboarding using Syslog, APIs, agents, or collectors. Expertise in developing correlation rules, detection logic, and custom parsers. Experience building and maintaining OOTB SOAR playbooks for automated incident response. Familiarity with behavioral analytics, anomaly detection, and machine learning models in UEBA systems. Knowledge of network protocols, Network logging, OS Logging,endpoint telemetry, and cloud security logging (e.g. VPC flow logs, CloudTrail, Azure Activity Logs). OEM Certifications CEH, Comptia Security+ or similar CSP Security Certifications(Ex. AZ-500)

About The Company Tata Communications Redefines Connectivity with Innovation and IntelligenceDriving the next level of intelligence powered by Cloud, Mobility, Internet of Things, Collaboration, Security, Media services and Network services, we at Tata Communications are envisaging a New World of Communications Experience in SIEM Tool like ArcSight, LogRhythm SIEM, Threat Intelligence, Malware Analysis, Incident Response Responsible for the technical Administration or troubleshooting in SIEM ensuring the efficient functionality of the solution Responsible for Incident Validation, Incident Analysis, Solution Recommendation, Good knowledge on implementation, installation, integration troubleshooting and overall functionalities of Arcsight ArcSight rule base fine tuning, Ongoing log source modifications, Configuration/policy changes, General SIEM Administration, SIEM Content Development Troubleshooting of an incident within IT Security incident response teams of SOC. Apply investigation techniques to document root cause and impact of detected computer security incidents Maintains awareness of new and emerging cyber-attack threats with potential to harm company systems and networks. Devises and implements countermeasures to mitigate potential security threats. Assists with the development and maintenance of IT security measurement and reporting systems to aid in monitoring effectiveness of IT Security programs. Assists with the development, revision, and maintenance of Standard Operating Procedures and Working Instructions related to IT Security. Good Coordination skills with various other teams for faster resolution/completion. Good to have threat hunting knowledge. Education/Skills BE/B.Tech or equivalent with minimum 5-8 years of experience Work experience of minimum 3 years in SOC Incident Handling, Incident Response Trend Analysis, administration/monitroing of SIEM Tool like ArcSight, LogRhythm SIEM, Threat Intelligence, Malware Analysis, Ability to adapt and follow the processes and guidelines Possess an impeccable work ethic and a high degree of integrity Good Analytical & Problem Solving skills Able to communicate with technical staff/management Flexible to work in 24/7 environments Highly motivated & customer centric

Job Title: SOC Analyst - Security Operations Location: Bangalore Experience: 36 Years Designation: SOC Analyst – Security Operations Job Brief We are looking for a dedicated and detail-oriented SOC Analyst – Security Operations to join our cybersecurity team. You will be responsible for monitoring, detecting, and responding to security incidents, performing threat analysis, and contributing to strengthening the organization’s security posture. This role involves collaborating with cross-functional teams, conducting investigations, and ensuring compliance with security policies and regulations. Key Responsibilities Perform daily SOC monitoring, detection, and incident response activities. Monitor security alerts from SIEM, SOAR, and other security platforms. Investigate and analyse security events to determine severity and impact. Create and update incident tickets, ensuring accurate documentation. Conduct internal and external security audits and assessments. Investigate security breaches, determine root causes, and recommend corrective actions. Support the improvement of incident response, forensic, and disaster recovery processes. Research emerging threats and update detection and mitigation strategies. Enforce security best practices and compliance policies. Assist in external compliance and regulatory audits. Prepare and submit daily, weekly, and monthly SOC operational reports. Coordinate with IT teams and vendors during incident resolution. Participate in 24x7 shift operations, including weekend/holiday rotations. Required Skills & Experience Bachelor’s degree in Computer Science, Information Technology, or equivalent. 3–6 years of hands-on experience in cybersecurity/SOC operations. Strong understanding of: Network protocols, OS & database security. Cloud environments (Windows, Unix, Linux, MS Azure, Android, iOS). Malware analysis, compromise investigation, and forensics. SIEM/SOAR tools (rule tuning, correlation, incident handling). Vulnerability & penetration testing (web, OS, network, MDM, cloud). Hands-on experience with tools such as LogRhythm, LogRhythm NetMon, FortiAnalyzer, SolarWinds, Nessus, Acunetix, IBM AppScan, Qualys. Strong scripting skills (Python preferred). Knowledge of IDS, WAF, IP reputation systems, code review, and social engineering assessments. Familiarity with ISO 27001, PCI-DSS, GDPR, HIPAA, NIST, SOX, OWASP, OSSTMM, COSO frameworks. Soft Skills Strong analytical and problem-solving skills. Excellent communication and collaboration skills. Ability to manage multiple priorities in a fast-paced environment. Willingness to work in rotating shifts for 24x7 SOC operations. Certifications (At least one mandatory) CEH – Certified Ethical Hacker CompTIA Security+ EC-Council Certified Incident Handler (ECIH) EC-Council Certified SOC Analyst (CSA)

Job Title: Network Security Engineer Location: Hyderabad-IN Job Type: Full-Time No.of Positions : 2 Exp: 2-3yrs Key Responsibilities: Design, implement, and manage secure network architecture (firewalls, VPNs, IDS/IPS, NAC) Monitor networks for security breaches and investigate incidents Configure and manage firewalls, security appliances, and intrusion detection/prevention systems Conduct vulnerability assessments and penetration testing; remediate findings Develop and enforce security policies, standards, and procedures Manage secure access controls (e.g., AAA, RBAC, 802.1x) Analyze security alerts and provide appropriate responses and escalations Maintain and update security infrastructure (patches, firmware, rule sets) Perform risk analysis and provide recommendations for improvements Support compliance efforts (ISO 27001, NIST, GDPR, SOC 2, etc.) Collaborate with IT teams on secure deployment of new infrastructure or services Document all configurations, incidents, and procedures for auditing and knowledge sharing Required Skills & Qualifications: Bachelor’s degree in Computer Science, Infra Security, or related field 3+ years of experience in network and/or security engineering roles Strong understanding of network protocols and security technologies (TCP/IP, SSL, IPSec, DNS, etc.) Experience with firewalls and security platforms (e.g., Palo Alto, Fortinet, Cisco ASA, Check Point) Proficiency in intrusion detection/prevention systems, VPNs, and endpoint security Familiarity with SIEM tools (Splunk, QRadar, LogRhythm, etc.) Knowledge of authentication mechanisms (LDAP, RADIUS, SAML, MFA) Security certifications such as CEH, CCNP Security, Palo Alto PCNSA/PCNSE , or CompTIA Security+ Preferred Qualifications: Experience in cloud security (AWS, Azure, GCP) Scripting skills (Python, PowerShell, Bash) for automation Exposure to Zero Trust Network Architecture (ZTNA) and SASE frameworks Understanding of threat modeling and advanced persistent threats (APT) Familiarity with regulatory standards (HIPAA, PCI-DSS, etc.) Job Type: Full-time Pay: ₹1,200,000.00 - ₹1,800,000.00 per year Ability to commute/relocate: HITEC City, Hyderabad, Telangana: Reliably commute or planning to relocate before starting work (Preferred) Application Question(s): What is your total years of experience? Work Location: In person

Job Title: Network Security Engineer Location: Hyderabad-IN Job Type: Full-Time No.of Positions : 2 Exp: 2-3yrs Key Responsibilities: Design, implement, and manage secure network architecture (firewalls, VPNs, IDS/IPS, NAC) Monitor networks for security breaches and investigate incidents Configure and manage firewalls, security appliances, and intrusion detection/prevention systems Conduct vulnerability assessments and penetration testing; remediate findings Develop and enforce security policies, standards, and procedures Manage secure access controls (e.g., AAA, RBAC, 802.1x) Analyze security alerts and provide appropriate responses and escalations Maintain and update security infrastructure (patches, firmware, rule sets) Perform risk analysis and provide recommendations for improvements Support compliance efforts (ISO 27001, NIST, GDPR, SOC 2, etc.) Collaborate with IT teams on secure deployment of new infrastructure or services Document all configurations, incidents, and procedures for auditing and knowledge sharing Required Skills & Qualifications: Bachelor’s degree in Computer Science, Infra Security, or related field 3+ years of experience in network and/or security engineering roles Strong understanding of network protocols and security technologies (TCP/IP, SSL, IPSec, DNS, etc.) Experience with firewalls and security platforms (e.g., Palo Alto, Fortinet, Cisco ASA, Check Point) Proficiency in intrusion detection/prevention systems, VPNs, and endpoint security Familiarity with SIEM tools (Splunk, QRadar, LogRhythm, etc.) Knowledge of authentication mechanisms (LDAP, RADIUS, SAML, MFA) Security certifications such as CEH, CCNP Security, Palo Alto PCNSA/PCNSE , or CompTIA Security+ Preferred Qualifications: Experience in cloud security (AWS, Azure, GCP) Scripting skills (Python, PowerShell, Bash) for automation Exposure to Zero Trust Network Architecture (ZTNA) and SASE frameworks Understanding of threat modeling and advanced persistent threats (APT) Familiarity with regulatory standards (HIPAA, PCI-DSS, etc.) Job Type: Full-time Pay: ₹1,200,000.00 - ₹1,800,000.00 per year Ability to commute/relocate: HITEC City, Hyderabad, Telangana: Reliably commute or planning to relocate before starting work (Preferred) Application Question(s): What is your total years of experience? Work Location: In person

Details: Job Description Job Title: SOC Analyst L2 Experience Level: 2-5 Years Key Responsibilities: Monitor, investigate, and respond to security alerts generated by LogRhythm SIEM. Perform initial and intermediate triage of security incidents. Escalate complex threats or policy violations to L3 Analysts with proper documentation and evidence. Conduct in-depth log analysis and support root cause analysis (RCA) under L3 guidance. Assist with managing and maintaining endpoint security tools such as CrowdStrike and Carbon Black. Support and enforce multi-factor authentication (MFA) using Cisco Duo. Help administer CyberArk EPM & PAS for privileged access control. Investigate email threats using Proofpoint TAP and TRAP dashboards. Monitor digital certificate validity and assist with certificate management processes (PKI/MS ADCS/DigiCert). Document incidents thoroughly in ServiceNow and maintain up-to-date case notes. Participate in shift handovers and provide regular updates to stakeholders. Contribute to runbooks, playbooks, and SOC knowledge base for continuous improvement. Job Requirements Details: Required Skills: 2-5 years of hands-on experience in a Security Operations Centre (SOC) environment. Familiarity with SIEM platforms (LogRhythm preferred) and understanding of correlation rules. Practical experience with at least one EDR tool (CrowdStrike or Carbon Black). Working knowledge of CyberArk, Cisco Duo, and email security tools (Proofpoint). Understanding of SOC workflows, incident lifecycle, and alert prioritisation. Exposure to PKI certificate lifecycle management. Basic understanding of ITSM tools (e.g., ServiceNow). Ability to perform clear and concise technical documentation. Strong analytical thinking, problem-solving skills, and willingness to learn from L3 peers. Good written and verbal communication skills. Preferred Skills: Knowledge of MITRE ATT&CK framework. Experience working in a 24/7 SOC environment.

The L2 analyst will be responsible for advanced monitoring, analysis, and incident response activities, acting as an escalation point for L1 analysts. The role requires strong technical expertise, problem-solving skills, and the ability to handle complex security incidents while ensuring timely containment and remediation. Experience required: Candidate must have 4-5 years of total experience with 2-3 years in a SOC or Cybersecurity Operations role. Knowledge: Incident detection, triage, containment, eradication and recovery processes. Writing incident reports with root cause analysis and recommendations. knowledge of Security Incident investigative techniques Knowledge of SOAR platorms for workflow automation Skills required: Hands-on experience with SIEM tools (e.g., Splunk, LogRhythm, QRadar, ArcSight). Strong knowledge of Windows, Linux, and network security logs. Experience in malware analysis, phishing investigation, and threat hunting. Understanding of MITRE ATT&CK framework, intrusion detection systems (IDS/IPS), and firewalls. Familiarity with EDR/XDR solutions (CrowdStrike, SentinelOne, Carbon Black, etc.). Shift: Rotational 24x7 SOC environment Roles and Responsibilities 1. Act as an escalation point for SOC L1 analysts by validating, triaging, and investigating security alerts. 2. Ensure Security Incident are handled as per SLA. 3. Perform deep-dive analysis on security events to identify malicious activity, potential threats, and false positives. 4. Investigate incidents involving malware, phishing, account compromise, lateral movement, and insider threats. 5. Respond to and manage security incidents in accordance with the Incident Response playbooks. 6. Perform root cause analysis and provide actionable recommendations to mitigate risks. 7. Collaborate with threat intelligence teams to enrich alerts and improve detection rules/use cases. 8. Assist in developing, tuning, and maintaining SIEM rules, dashboards, and correlation logic. 9. Document incidents, findings, and remediation steps in detailed incident reports. 10. Mentor and guide L1 analysts, providing knowledge transfer and training. 11. Work with IT and business stakeholders during incident containment, eradication, and recovery phases. 12. Ensure log sources are integrated. 13. Update IoC/IOA in the NGSOC solution which are manually received from threat feeds / external advisory / partner. 14. Access Management – User Creation, Deletion, Modification, and Assigning the privilege level. 15. Work with SOC Team, Threat Hunter, and IFTAS’ teams to lead the In-depth analysis of Critical / High Security Incidents. 16. Investigate and work on endpoints alerts reported by EDR and AV team. 17 .Create the SOP documents for SOC Operation. 18. Review the SOC Operation report which are shared by SOC team. 19. Review the play books created by SOC team. 20 .Creating and Publishing Weekly & Bi-weekly reports.

About Providence Providence, one of the US’s largest not-for-profit healthcare systems, is committed to high quality, compassionate healthcare for all. Driven by the belief that health is a human right and the vision, ‘Health for a better world’, Providence and its 121,000 caregivers strive to provide everyone access to affordable quality care and services. Providence has a network of 51 hospitals, 1,000+ care clinics, senior services, supportive housing, and other health and educational services in the US. Providence India is bringing to fruition the transformational shift of the healthcare ecosystem to Health 2.0. The India center will have focused efforts around healthcare technology and innovation, and play a vital role in driving digital transformation of health systems for improved patient outcomes and experiences, caregiver efficiency, and running the business of Providence at scale. Why Us? Best In-class Benefits Inclusive Leadership Reimagining Healthcare Competitive Pay Supportive Reporting Relation About Providence At Providence, we are grounded in our goal to serve all as we engineer the future of healthcare . Providence Global Innovation Center, launched in Feb 2020, is the first development and innovation center of Providence outside the United States. Providence is a $26B non-profit organization and is one of the largest health systems in the United States. To read more, click here Why Us? Best In-class Benefits Inclusive Leadership Challenging Work Competitive Pay Employee Friendly Policies Location: Hyderabad How is this team contributing to the vision of Providence? We, at Enterprise Services, the healthcare consulting and services arm of Providence India, help build technology solutions that modernize and simplify each step of the healthcare delivery process. And we do that by putting the patient and the provider at the center of everything we do. Using the most promising and practical ideas, combined with the experience and expertise from people from the healthcare industry, we are creating experiences that work for care facilities, their patients and move us ahead on our mission of “Health for a better world “. What will you be responsible for? Participate and advance the Security Monitoring and Incident Response capability operating out of India. Be part of Global Security Operations Center (SOC). Ensure seamless delivery of monitoring service & timely response on the incidents. Conduct Cyber Incident Response Team (CIRT) activities, including forensic analysis. Develop and implement operational processes and standards for security incident response and operational security tasks. Collaborate with the other security teams to identify, investigate, and respond to major incidents. Ensure that the incident response processes are kept up-to date and well-rehearsed during any real cyber-attacks or cyber drill. Support Engineering efforts such as platform management upgrades and changes and tool integration. Support other security operations functions as directed including development and testing of automation. Report and optimize key Security Operations metrics. Oversee emerging cyber threats, proactive modelling, threat validation. What would your day look like? Create and maintain SOC Playbooks, SOPs, and Training materials, manage shifts, onboarding, and training for SOC Engineers. Perform all tasks required per shift including reporting, monitoring, and turnover logs. Perform security log analysis during Information Security related events, identifying and reporting possible security breaches, incidents, and violations of security policies. Process alerts, identify, investigate, and respond to security incidents adhering to Service Level Agreement (SLA). Utilize ticketing system and standard operating procedures effectively. Escalate critical incidents that require management attention in a timely manner and provide timely updates. Participate and create detailed incident reports. Contribute to lessons learned in collaboration with the appropriate team. Who are we looking for? 4-year University (Bachelor’s) degree in Computer Science, Information Technology, or STEM fields, or equivalent experience. 4+ years of relevant post-qualification experience, with at least three (3) years in Security Operations Center (SOC) environment Hands on experience and knowledge to monitoring tools like – LogRhythm, DataDog, Sentinel, Splunk, ArcSight, QRadar etc. Preferred experience in SOAR (Security Orchestration Automation Response) platform. Experience with Scripting or programming (Shell scripting, Power Shell, Python, KQL etc.) Working experience or knowledge of security monitoring in Cloud environment (Azure, Google Cloud, etc.). Knowledge of threat centric frameworks - Cyber Kill Chain, MITRE ATT&CK® and NIST Cyber Security Framework. Experience with writing/creation of formal documentation such as reports, slide decks, and architecture diagrams Preferred SSCP, EC-Council CSA, CompTIA CYSA+, SANS GCIH / GSOC certification. Technical skills in security operations, monitoring and event analysis, incident response and reporting Providence’s vision to create ‘Health for a Better World’ aids us to provide a fair and equitable workplace for all in our employment, whether temporary, part-time or full time, and to promote individuality and diversity of thought and background, and acknowledge its role in the organization’s success. This makes us committed towards equal employment opportunities, regardless of race, religion or belief, color, ancestry, disability, marital status, gender, sexual orientation, age, nationality, ethnic origin, pregnancy, or related needs, mental or sensory disability, HIV Status, or any other category protected by applicable law. In furtherance to our mission in building a more inclusive and equitable environment, we shall, from time to time, undertake programs to assist, uplift and empower underrepresented groups including but not limited to Women, PWD (Persons with Disabilities), LGTBQ+ (Lesbian, Gay, Transgender, Bisexual or Queer), Veterans and others. We strive to address all forms of discrimination or harassment and provide a safe and confidential process to report any misconduct. Contact our Integrity hotline also, read our Code of Conduct.

What were looking for To support our continued success and deliver a Fanatical Experience to our customers, Rackspace Cyber Defence is looking for an Indian based Security Engineer, with a specialism in Endpoint Security to support Rackspaces strategic customers. This role is particularly well-suited to a self-starting, experienced and motivated Sr. Security Engineer, who has a proven record of accomplishment in the design, delivery, management, operation and continuous improvement of enterprise-level Endpoint Security platforms or delivering Managed Endpoint Detection & Response (EDR) services to customers. The primary focus will be on the design, implementation, management, operation and continuous improvement of cloud-native Endpoint Detection & Response (EDR) platforms such as Crowdstrike Falcon or Microsoft Defender for Endpoint; used by the Rackspace Cyber Defence Center to deliver managed security services to our customers. You will also be required to liaise closely with the customers key stakeholders, which may include incident response and disaster recovery teams as well as information security. Skills & Experience Should have 8+ years experience in Security Engineering. Experience working in either large, enterprise environments or managed security services environments with a focus on Endpoint Detection & Response. Experience of working with cloud native Endpoint Security and Endpoint Detection & Response (EDR) tools such as Crowdstrike, Microsoft Defender for Endpoint and/or Microsoft Defender for Cloud. Experience of working in two (or more) of the following additional security domains: SIEM platforms such as Microsoft Sentinel (preferred), Google Chronicle, Splunk, QRadar, LogRhythm, Securonix etc. AWS (Amazon Web Services) Security Hub including AWS Guard Duty, AWS Macie, AWS Config and AWS CloudTrail . Experience of analysing malware and email headers, and has skills in network security, intrusion detection and prevention systems; operating systems; risk identification and analysis; threat identification and analysis and log analysis. Experience of security controls, such as network access controls; identity, authentication, and access management controls (IAAM); and intrusion detection and prevention controls. Knowledge of security standards (good practice) such as NIST, ISO27001, CIS (Center for Internet Security), OWASP and Cloud Controls Matrix (CCM) etc. Knowledge of scripting and coding with languages such as Terraform, python, javascript, golang, bash and/or powershell. Knowledge of Malware reverse engineering, threat detection and threat hunting. Computer science, engineering, or information technology related degree (although not a strict requirement) Holds one, or more, of the following certificates (or equivalent): - Microsoft Certified: Azure Security Engineer Associate (AZ500) Microsoft Certified: Security Operations Analyst Associate (SC-200) Systems Security Certified Practitioner (SSCP) Certified Cloud Security Professional (CCSP) GIAC Certified Incident Handler (GCIH) GIAC Security Operations Certified (GSOC) CrowdStrike admin Certified A highly self-motivated and proactive individual who wants to learn and grow and has an attention to detail. A great analyser, trouble-shooter and problem solver who understands security operations, programming languages and security architecture. Highly organised and detail oriented. Ability to prioritise, multitask and work under pressure. An individual who shows a willingness to go above and beyond in delighting the customer. A good communicator who can explain security concepts to both technical and non-technical audiences. Key Accountabilities Ensure the Customers operational and production environment remains healthy and secure at all the times. Assist with customer onboarding -customer/device onboarding, policy configuration, platform configuration and service transition to security operations team(s). Advance platform administration. Critical platform incident handling & closure. As an SME, act as an L3 escalation and point of contact for SecOps Analysts during an incident response process As an SME, act as a champion and centre of enablement by delivering training, coaching and thought leadership across Endpoint Security and Endpoint Detection & Response. Develop and document runbooks, playbooks and knowledgebase articles that drive best practice across teams. Drive continuous improvement of Rackspace Managed EDR services through custom development, automation and integration; in collaboration with SecOps Engineering and other Security Engineering team(s) Maintain close working relationships with relevant teams and individual key stakeholders, such as incident response and disaster recovery teams as well as information security etc. Co-ordinate with vendor for issue resolution. Required to work flexible timings.

We are seeking a Technical Support Engineer with deep knowledge in SIEM technologies and cybersecurity practices to join our world-class support team. In this role, you will work closely with customers to troubleshoot complex issues involving security analytics, threat detection, log management, and compliance using the Sumo Logic platform. You will become a trusted advisor to our customers, helping them leverage the full power of Sumo Logic’s security suite. The ideal candidate will bring strong technical expertise, a problem-solving mindset, and a passion for improving security outcomes for customers. Key Responsibilities Act as a primary technical contact for customer support cases related to SIEM, security analytics, log ingestion, and threat detection. Diagnose and resolve product issues, particularly those involving security data sources (e.g., firewall logs, endpoint logs, threat intel feeds) and Sumo Logic’s Cloud SIEM capabilities. Guide customers in parsing, normalizing, and analyzing security data using Sumo Logic's tools and query languages (e.g., Search Processing Language). Collaborate with engineering and product teams to reproduce and escalate product defects, offering insights based on customer environments and use cases. Contribute to and improve internal and external knowledge base articles, especially on security best practices, data onboarding, and use-case implementation. Provide after-hours support (on a rotating basis) to ensure 24/7 availability for priority incidents. Required Qualifications 3–5 years of experience in technical support, SOC operations, or a related role with a focus on SIEM or security analytics. Hands-on experience with Sumo Logic or other SIEM platforms (e.g., Splunk, QRadar, LogRhythm, Sentinel). Strong understanding of cybersecurity principles, threat detection methodologies, and compliance standards (e.g., NIST, MITRE ATT&CK, PCI DSS). Experience with log collection and analysis from sources such as firewalls, IDS/IPS, antivirus, and cloud platforms (AWS, Azure, GCP). Proficiency with search/query languages, scripting (Python, Bash), and regular expressions. Excellent troubleshooting skills and customer service orientation. Strong written and verbal communication skills. Preferred Qualifications Security certifications such as Security+, SSCP, GSEC, CEH, or Splunk/Sumo Logic certifications. Experience in cloud-native security architectures. Familiarity with JSON, REST APIs, and log forwarding mechanisms (e.g., Syslog, Fluentd). Background in DevSecOps or experience integrating SIEM tools into CI/CD pipelines is a plus. Join us at Sumo Logic and contribute to our mission of revolutionizing technical support in the digital business world, with a particular focus on logging, SIEM, and cloud technologies. Work with cutting-edge cloud-native technology used by security professionals globally. Join a high-performing team of technical experts and security enthusiasts. Competitive compensation and benefits. Opportunities for professional growth and certification. About Us Sumo Logic, Inc. empowers the people who power modern, digital business. Sumo Logic enables customers to deliver reliable and secure cloud-native applications through its Sumo Logic SaaS Analytics Log Platform, which helps practitioners and developers ensure application reliability, secure and protect against modern security threats, and gain insights into their cloud infrastructures. Customers worldwide rely on Sumo Logic to get powerful real-time analytics and insights across observability and security solutions for their cloud-native applications. For more information, visit www.sumologic.com. Sumo Logic Privacy Policy. Employees will be responsible for complying with applicable federal privacy laws and regulations, as well as organizational policies related to data protection.

Description What We Do Managing cyber risk, together – Today the modern enterprise is an Enterprise of Things. We are on a mission to secure the Enterprise of Things with active defense by identifying, segmenting, and enforcing compliance of every connected thing in a real-time and at scale. Our unified security platform enables enterprises and government agencies to focus on Zero Trust segmentation, IT/OT convergence, and OT/ICS innovation, all supporting our mission and vision. Join us as we secure the world with our products. We are looking for resourceful individuals to collaborate as one team while ensuring a world-class customer experience. We are cyber-obsessed about addressing the world’s most challenging security problems. Innovation starts here, everyone’s ideas are valued, visionaries welcomed! What You Will Do Detection, monitoring, analysis, resolution of security incidents; participate in providing containment and recommendations. Coordinate escalations to external client support teams to ensure timely delivery of incident resolutions. Perform network/system/application/log intrusion detection analysis and trending. Contribute in tuning of the SIEM filters and correlation rules to continuously improve detection Participate in the security incident handling efforts in response to a detected incident, and coordinate with other stakeholders and clients. Ensure that Service Level Agreements are met. Maintain standard operating procedures, processes and guidelines. Contribute to automate analysis and investigative functions / tasks , administration and remediation procedures, workflows and other operational tasks. Maintain awareness of trends in security regulatory, technology, and operational requirements Shift rotation will be required for this role. The Security Analyst is responsible for the security analysis, incident classification, investigation and incident response actions including notification and alerting. Through the correlation rules and use-cases in the monitoring platform, you will Monitor customer environments for possible security incidents, using knowledge of attack types and standard protocol behaviour to classify incidents, comment, and provide advice on mitigation or remedial actions. Identification of incidents and subsequent analysis and investigation to determine their severity and the response required. Ensure that incidents are correctly reported and documented. Be prepared to provide a Technical Escalation Point during security incidents, establishing the extent of an attack, the business impacts, and advising on how best to contain the incident along with advice on systems hardening and mitigation measures to prevent a reoccurrence. Maintain a keen understanding of evolving threats and vulnerabilities to ensure the security of the client network. As required update Protective Monitoring/SOC documentation, processes and procedures. Support, troubleshoot, configure, manage, and upgrade FW, NIDPS, UTM, VPN, WAF and a wide variety of other security products What You Will Bring To Forescout Graduate with a degree from a recognized university with specialization in Computer Sciences or any other discipline, combined with 2-8 years of directly related practical experience and demonstrated ability to carry out the functions of the job. Strong experience of any SIEM platform (ELK, Splunk, QRadar, ArcSight, LogRhythm, RSA, etc.) Thirst for knowledge, inquisitive nature, keen interest in actively participating in SOC expansion. Experience working in an IT Security Operations Center, using SANS methodology. Experience and extensive knowledge of Security Information Event Management. Strong network security knowledge including firewalls, IPS/IDS, WAF, NAC platforms from different vendors. Working knowledge or hands-on experience in endpoint security detection & response technologies and platforms (AV, EDR, MDR, XDR, families). Experience in Intrusion Detection or Prevention Systems. Strong Knowledge of: TCP/IP, computer networking, routing and switching. Experience in Linux and Windows based devices at the System Administrator level. System log forensics (Syslog, Event Viewer). EC Council: C|HFI, ECAS or SANS: GIAC, GCFA, GCIH, GREM or other certifications are preferred. Strong troubleshooting, reasoning and problem solving skills. Ability and experience in writing clear and concise technical documentation. Knowledge of: Strong Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web. Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention. (DLP), Identity and Access Management (IAM) solutions. Knowledge of Forescout suite of security tools. Experience with Linux, Windows and Network Operating Systems required. Strong working knowledge of Routing and Access Control Devices required. What Forescout Offers You Our visionary leadership team fosters an environment that encourages professional growth and development. We champion a diverse and inclusive culture that cultivates collaboration and innovation, where our team can make a global impact on security while working with industry-leading technology. We take pride in offering a competitive total compensation package. If you have a strong work ethic, are visible and lean in, you will be recognised. We are in growth mode and there is a ton of opportunity at Forescout. Apply now to find out more! More About Forescout The Forescout 4D Platform™ provides complete asset intelligence and control across IT, OT, IoT, and IoMT environments. For more than 20 years, Fortune 100 organizations, government agencies, and large enterprises have trusted Forescout as their foundation to manage cyber risk, ensure compliance, and mitigate threats. With seamless context sharing and workflow orchestration across more than 100 full-featured security and IT product integrations, Forescout makes every cybersecurity investment more effective. Learn more at www.Forescout.com . Our Mission To continuously identify, protect, and ensure the compliance of all cyber assets across the modern organisation. Our Vision A world where every cyber asset is seen, secure and compliant. Our Cultural Values Cyber Obsessed – We are curious about technology, and we are innovative and passionate about solving big programs. Customer Driven – We listen, we learn, and we make it right. Collaborative, without Ego – No one succeeds alone. We strive to be the humble person that people want to work with. Relentless – We're smart, determined, and find a way. We figure stuff out. One Team – We all work together, and we all win together. Our DEI Statement At Forescout, we are committed to fostering a diverse, equitable, and inclusive workplace. We believe that diversity of background, experiences, and perspectives leads to innovation, creativity, and better decision making. We strive to create an environment where all team members feel valued, respected, and empowered. We actively promote equal opportunities and fair treatment for all individuals, regardless of their race, religion, colour, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, disability, status as a protected veteran, or any other characteristic protected by law. By embracing Diversity, Equity and Inclusion, we aspire to build a successful culture where we work together and win together as One Team. Thank you for taking the time to learn more about us. If this opportunity intrigues you, we would love for you to apply! NOTE TO EMPLOYMENT AGENCIES: We value the partnerships we have built with our preferred vendors. Forescout does not accept unsolicited resumes from employment agencies. All resumes submitted by employment agencies directly to any Forescout employee or hiring manager in any form without a signed Employment Placement Agreement on file and search engagement for that position will be deemed unsolicited in nature. No fee will be paid in the event the candidate is subsequently hired as a result of the referral or through other means. Forescout Technologies is proud to be an Equal Employment Opportunity Employer. We value and embrace diversity, equality, inclusion, and collaboration at the core of our “One Team” philosophy. We do not discriminate based on race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. CMS-TDR Senior As part of our EY-cyber security team, who shall work as SME for Microsoft Sentinel solutions in TDR team The opportunity We’re looking for Senior Consultant with expertise in Cloud Security solutions. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Architecting and implementation of cloud security monitoring platforms MS Sentinel Provide consulting to customers during the testing, evaluation, pilot, production, and training phases to ensure a successful deployment. Perform as the subject matter expert on Cloud Security solutions for the customer, use the capabilities of the solution in the daily operational work for the end customer. Securing overall cloud environments by applying cybersecurity tools and best practices Advise customers on best practices and use cases on how to use this solution to achieve customer end state requirements. Content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Skills And Attributes For Success Customer Service oriented - Meets commitments to customers; Seeks feedback from customers to identify improvement opportunities. Expertise in content management in MS Sentinel Good knowledge in threat modelling. Experience in creating use cases under Cyber kill chain and Mitre attack framework Expertise in integrating critical devices/applications including unsupported (in-house built) by creating custom parsers Below mentioned experiences/expertise on Sentinel Develop a migration plan from Splunk/QRadar/LogRhythm to MS Sentinel Deep understanding of how to implement best practices for designing and securing Azure platform Experiencing advising on Microsoft Cloud Security capabilities across Azure platform Configure data digestion types and connectors Analytic design and configuration of the events and logs being digested Develop, automate, and orchestrate tasks(playbooks) with logic apps based on certain events Configure Sentinel Incidents, Workbooks, Hunt queries, Notebooks Experience in other cloud native security platforms like AWS and GCP is a plus Scripting knowledge (Python, Bash, PowerShell) Extensive knowledge of different security threats Good knowledge and experience in Security Monitoring Good knowledge and experience in Cyber Incident Response To qualify for the role, you must have B. Tech./ B.E. with sound technical skills Strong command on verbal and written English language. Demonstrate both technical acumen and critical thinking abilities. Strong interpersonal and presentation skills. Certification in Azure (any other cloud vendor certification is a plus) Ideally, you’ll also have People/Project management skills. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Design, implement, and manage enterprise perimeter security solutions including firewalls, proxies, and load balancers. Configure, deploy, and troubleshoot next-generation firewalls (NGFWs) from Palo Alto Networks, Cisco ASA/FTD, and Fortinet (FortiGate). Design secure network architectures involving layer 4-7 load balancers (e.g., F5, Citrix ADC). Manage and optimize proxy servers and secure web gateways (e.g., Blue Coat, Zscaler, or equivalent). Perform packet capture and deep packet inspection (DPI) using tools such as Wireshark, tcpdump, or TShark for incident investigation and traffic analysis. Integrate firewall logs and alerts into SIEM platforms (e.g., Splunk, QRadar, LogRhythm) to support real-time monitoring, correlation, and incident response. Implement and maintain SASE solutions, integrating cloud-delivered security with network connectivity. Document configurations, playbooks, and operational procedures; contribute to security architecture standards. Participate in firewall rule audits, risk assessments, and vulnerability mitigation activities. Stay updated on the latest threats, vulnerabilities, and compliance requirements (PCI-DSS, HIPAA, NIST, etc.). , 10+ years of hands-on experience in perimeter/network security engineering or a similar role. Strong experience with at least two of the following firewall platforms: Palo Alto Networks (PanOS) Cisco ASA / Firepower Threat Defense (FTD) Fortinet FortiGate Proficiency in proxy technologies (e.g., Zscaler, Blue Coat, Squid). Working knowledge of load balancing technologies (e.g., F5 BIG-IP, Citrix ADC). Expertise in network protocols (TCP/IP, BGP, DNS, SSL/TLS) and packet capture analysis. Experience integrating security events into SIEM systems (Splunk, QRadar, etc.). Familiarity with cloud-based security and SASE frameworks (e.g., Zscaler, Netskope, Prisma Access). Solid understanding of firewall rulebase optimization, NAT, VPNs, and threat prevention mechanisms.

Job Title: Security Operations Center (SOC) Analyst Experience: 8+ Years Location: Hyderabad (Hybrid Mode of work) Department: Cybersecurity / Security Operations Job Summary: We are seeking an experienced and detail-oriented SOC Analyst (5 - 8 years) to join our cybersecurity team. The ideal candidate will be responsible for monitoring, detecting, investigating, and responding to cyber threats across the organization. The SOC Analyst will play a critical role in defending systems, applications, and data from security breaches and supporting incident response efforts, threat hunting, and continuous improvement of SOC processes. Key Responsibilities: Security Monitoring & Incident Response: Continuously monitor SIEM dashboards, threat intelligence feeds, and security alerts. Investigate and respond to security incidents, phishing attacks, malware infections, and anomalous activities. Triage alerts based on severity, business impact, and threat intelligence context. Perform root cause analysis and prepare incident reports with actionable recommendations. Escalate critical incidents to Tier 3/IR teams and collaborate during major security events. Threat Detection & Hunting: Conduct proactive threat hunting based on IOCs, TTPs, and threat intelligence reports. Analyse logs from endpoints, firewalls, IDS/IPS, cloud workloads, and third-party security solutions. Develop and fine-tune detection rules and correlation logic in SIEM (e.g., Splunk, Sumo Logic, Sentinel). Tool & Infrastructure Management: Work with EDR, NDR, DLP, SIEM, SOAR, and vulnerability management platforms. Support integration of new log sources and ensure completeness of logging for critical systems. Maintain threat detection playbooks and contribute to process automation via SOAR tools. Compliance & Reporting: Ensure security operations align with frameworks like NIST, ISO 27001, SOC 2, or HIPAA. Support security audit requirements by providing incident logs and response documentation. Generate periodic reports on incident trends, SOC performance, and threat landscape. Required Skills & Experience: 58 years of experience in a SOC environment or cybersecurity operations role. Strong knowledge of attack vectors, MITRE ATT&CK framework, and incident response lifecycle. Hands-on experience with SIEM (e.g., Splunk, Microsoft Sentinel, QRadar, LogRhythm). Familiarity with endpoint protection (CrowdStrike, SentinelOne, Defender ATP, etc.). Knowledge of Windows/Linux log analysis, firewall rules, and cloud security controls (Azure/AWS). Strong analytical thinking, attention to detail, and ability to work under pressure. Preferred Qualifications: Bachelors degree in Cybersecurity, Computer Science, or related field. Certifications such as CEH, GCIA, GCIH, CySA+, AZ-500, or Security+ are highly desirable. Experience working in a 24x7 SOC or with MSSP environments is a plus. Exposure to compliance-driven industries (finance, healthcare, SaaS) preferred. Soft Skills: Strong communication and documentation skills. Ability to collaborate across IT, DevOps, and security teams. Risk-aware mindset with a proactive approach to security operations. Work Mode: Hybrid / 24x7 Rotational Shifts if applicable Reporting To: SOC Manager / Head of Security Operations