275 Logrhythm Jobs - Page 11

Hyderabad, India Chennai, India Job ID: R-1076713 Apply prior to the end date: June 21st, 2025 When you join Verizon You want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. At Verizon, we power and empower how people live, work and play by connecting them to what brings them joy. We do what we love — driving innovation, creativity, and impact in the world. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together — lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the #VTeamLife. What you’ll be doing... The Threat Management Center (TMC) serves as the initial point of defense for Verizon's networks and information systems, safeguarding them against internal misconduct and cyber-attacks. The TMC Advanced Cyber Defense (TMC-ACD) team is tasked with responding to, investigating, hunting and managing all incidents. Collectively, the teams strive to protect Verizon's employees, customers, brand reputation, and revenue streams through proactive identification, response, and mitigation of potential threats that could adversely affect Verizon or its business partners. What we’re looking for... Verizon is looking for an innovative and motivated professional who will be responsible for safeguarding the Verizon enterprise. This individual will work on identified threats and will neutralize them through proactive hunting and detection, incident response and mitigation strategies, and ensure continuous operation of Verizon’s on-prem and cloud environments. The Digital Forensics & Incident Response role is an opportunity to work in a fast paced collaborative environment defending Verizon from current and future cyber threats. This position plays a critical role in Verizon’s enterprise computing defense. Executing the Incident Response Lifecycle to drive threat remediation and identify strategic countermeasures improving future defenses. Operating as a trusted advisor on threat analysis during incidents for incident management teams and other stakeholders by following cybersecurity response methodologies such as the NIST CyberSecurity Framework. Serving as a primary point of contact during assigned on-call shifts, responding promptly to incidents, escalations, and critical alerts to minimize downtime and mitigate risks to the enterprise. Deploying security tools and leveraging logs and endpoint forensic analysis in order to complete a detailed and accurate assessment of security alerts and threats affecting the Verizon enterprise and cloud infrastructure. Assisting with the development of security controls for multiple platforms via automated capabilities by using advanced analysis and forensic techniques. Driving identification, analysis, and remediation activities to ensure compliance with relevant regulatory requirements, industry standards, and best practices related to security and data privacy. Providing assistance and analytical evaluations for high-priority and significant security incidents, including composing extensive and comprehensive analysis summaries and facilitating incident-related discussions. Identifying gaps in detections and collaborating with teams across Cyber Security to mitigate threats and improve the overall security posture. Recommending ways to mature and advance the preventive and defensive capabilities of the TMC. This includes leveraging data and knowledge to clearly communicate the use case for alert creation. Collaborating with cross-functional teams to respond, identify, and analyze the root cause of a cybersecurity incident. Conducting risk assessments, in-depth analysis, and forensic investigations to determine the root cause and impact of incidents. Enhancing, and/or implementing DFIR playbooks to ensure cohesive response repeatability. Assisting with producing operational read-outs and case reviews for peers and leadership that accurately capture the effectiveness of the DFIR organization. Continuously honing to build and maintain knowledge, skills, and abilities needed to maintain proficiency in producing thorough and accurate digital forensic analysis. Enhancing techniques, workflows and processes of security controls, compliance assessments, and DFIR procedures to drive the TMC operational and strategic growth (continuous improvement). Where you'll be working In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager. You’ll need to have: Bachelor's degree or four or more years of work experience. Four or more years of relevant experience required, demonstrated through work experience and/or military experience. Experience working in Digital Forensic, Incident Response, and/or a Security Operations Center (SOC) environment(s). Even better if you have one or more of the following: Awareness of cyber based adversarial frameworks including MITRE ATT&CK and Lockheed Martin’s Cyber Kill Chain. Proficient knowledge of the cyber threat landscape including types of adversaries, campaigns, and the motivations that drive them. Experience working with analysis techniques, identifying indicators of compromise, threat hunting, and identification of intrusions and potential incidents. Programming and Scripting Experience to enhance automations, ad-hoc forensic analysis and speed-up response times. Previous experience with log aggregation platforms such as Splunk, Elastic, Snowflake, LogRhythm, etc. Proficient in understanding Operating Systems and their architectures: Windows, Unix/Linux, and MacOS Operating Systems Demonstrates leadership and mentoring skills to help advance the overall capabilities of the TMC organization. Ability to work in a highly collaborative environment needing strong communication, presentation, and leadership-like skills Exhibits initiative, follow-up and follow through with commitments Certifications like: Network+, Security+, CISSP, EnCE, CFCE, C|EH, C|HFI, GCFA, GCFE, GCIH and/or cloud-specific security certifications (e.g. AWS Certified Security - Specialty, Microsoft Certified: Azure Security Engineer Associate, Google Cloud Certified Professional Cloud Security Engineer) If Verizon and this role sound like a fit for you, we encourage you to apply even if you don’t meet every “even better” qualification listed above. #CISO Where you’ll be working In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager. Scheduled Weekly Hours 40 Equal Employment Opportunity Verizon is an equal opportunity employer. We evaluate qualified applicants without regard to race, gender, disability or any other legally protected characteristics. Apply Now Save Saved Open sharing options Share Related Jobs Analyst IV-Threat Intel Save Hyderabad, India, +1 other location Technology Analyst IV-Threat Intel Save Hyderabad, India, +1 other location Technology Digital Forensics and Incident Response Analyst Save Temple Terrace, Florida, +3 other locations Technology Shaping the future. Connect with the best and brightest to help innovate and operate some of the world’s largest platforms and networks.

Overview ormation Security Analyst: Develops and executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. Researches attempted or successful efforts to compromise systems security and designs countermeasures. Maintains hardware, software and network firewalls and encryption protocols. Administers security policies to control physical and virtual access to systems. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems. Job Code Tip: May be internal or external, client-focused, working in conjunction with Professional Services and outsourcing functions. May include company-wide, web-enabled solutions. Individuals whose primary focus is on developing, testing, debugging and deploying code or processing routines that support security protocols for an established system or systems should be matched to the appropriate Programmer or Programmer/Analyst family in the Information Technology/MIS functional area. Responsibilities Should have process knowledge and technical knowledge on any of the SIEM tools ( like Qradar, LogRhythm, AlienVault, Splunk…etc). L2/L3 level is added advantage. Should have process knowledge and technical knowledge in AV tools like Symantec, McAfee, Trend Micro…etc. L2/L3 level is added advantage. Should have knowledge in managing Vulnerability tools and various remediation efforts. Review security logs generated by applications, devices and other systems, taking action or escalating to appropriate teams as needed. Enforce incident response service level agreement. Work with the global IT Security team to analyze, test and recommend tools to strengthen the security posture of the company Create and maintain operational reports allowing IT management team to understand the current and historical landscape of the IT security risks Vulnerability management assessment and remediation Participate in daily and ad-hoc meetings related to cyber security, controls and compliance, processes and documentation related tasks Research the latest information technology (IT) security trends Help plan and carry out an organization’s way of handling security Develop security standards and best practices for the organization Recommend security enhancements to management or senior IT staff Document security breaches and assess the damage they cause. Performs other duties as assigned Qualifications B. Tech, B.E or M.C.A 2-5 years’ Experience working in a Security Operations Center 2 years minimum in the computer industry Knowledge working with complex Windows environments Knowledgeable in various security frameworks such as NIST 800-53 / NIST 800-171 / ISO27001 Knowledge in design and administration of security tools Good written and verbal communication skills Show more Show less

When you join Verizon You want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. At Verizon, we power and empower how people live, work and play by connecting them to what brings them joy. We do what we love — driving innovation, creativity, and impact in the world. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together — lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the #VTeamLife. What you’ll be doing... The Threat Management Center (TMC) serves as the initial point of defense for Verizon's networks and information systems, safeguarding them against internal misconduct and cyber-attacks. The TMC Advanced Cyber Defense (TMC-ACD) team is tasked with responding to, investigating, hunting and managing all incidents. Collectively, the teams strive to protect Verizon's employees, customers, brand reputation, and revenue streams through proactive identification, response, and mitigation of potential threats that could adversely affect Verizon or its business partners. What we’re looking for... Verizon is looking for an innovative and motivated professional who will be responsible for safeguarding the Verizon enterprise. This individual will work on identified threats and will neutralize them through proactive hunting and detection, incident response and mitigation strategies, and ensure continuous operation of Verizon’s on-prem and cloud environments. The Digital Forensics & Incident Response role is an opportunity to work in a fast paced collaborative environment defending Verizon from current and future cyber threats. This position plays a critical role in Verizon’s enterprise computing defense. Executing the Incident Response Lifecycle to drive threat remediation and identify strategic countermeasures improving future defenses. Operating as a trusted advisor on threat analysis during incidents for incident management teams and other stakeholders by following cybersecurity response methodologies such as the NIST CyberSecurity Framework. Serving as a primary point of contact during assigned on-call shifts, responding promptly to incidents, escalations, and critical alerts to minimize downtime and mitigate risks to the enterprise. Deploying security tools and leveraging logs and endpoint forensic analysis in order to complete a detailed and accurate assessment of security alerts and threats affecting the Verizon enterprise and cloud infrastructure. Assisting with the development of security controls for multiple platforms via automated capabilities by using advanced analysis and forensic techniques. Driving identification, analysis, and remediation activities to ensure compliance with relevant regulatory requirements, industry standards, and best practices related to security and data privacy. Providing assistance and analytical evaluations for high-priority and significant security incidents, including composing extensive and comprehensive analysis summaries and facilitating incident-related discussions. Identifying gaps in detections and collaborating with teams across Cyber Security to mitigate threats and improve the overall security posture. Recommending ways to mature and advance the preventive and defensive capabilities of the TMC. This includes leveraging data and knowledge to clearly communicate the use case for alert creation. Collaborating with cross-functional teams to respond, identify, and analyze the root cause of a cybersecurity incident. Conducting risk assessments, in-depth analysis, and forensic investigations to determine the root cause and impact of incidents. Enhancing, and/or implementing DFIR playbooks to ensure cohesive response repeatability. Assisting with producing operational read-outs and case reviews for peers and leadership that accurately capture the effectiveness of the DFIR organization. Continuously honing to build and maintain knowledge, skills, and abilities needed to maintain proficiency in producing thorough and accurate digital forensic analysis. Enhancing techniques, workflows and processes of security controls, compliance assessments, and DFIR procedures to drive the TMC operational and strategic growth (continuous improvement). Where you'll be working In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager. You’ll Need To Have Bachelor's degree or four or more years of work experience. Four or more years of relevant experience required, demonstrated through work experience and/or military experience. Experience working in Digital Forensic, Incident Response, and/or a Security Operations Center (SOC) environment(s). Even better if you have one or more of the following: Awareness of cyber based adversarial frameworks including MITRE ATT&CK and Lockheed Martin’s Cyber Kill Chain. Proficient knowledge of the cyber threat landscape including types of adversaries, campaigns, and the motivations that drive them. Experience working with analysis techniques, identifying indicators of compromise, threat hunting, and identification of intrusions and potential incidents. Programming and Scripting Experience to enhance automations, ad-hoc forensic analysis and speed-up response times. Previous experience with log aggregation platforms such as Splunk, Elastic, Snowflake, LogRhythm, etc. Proficient in understanding Operating Systems and their architectures: Windows, Unix/Linux, and MacOS Operating Systems Demonstrates leadership and mentoring skills to help advance the overall capabilities of the TMC organization. Ability to work in a highly collaborative environment needing strong communication, presentation, and leadership-like skills Exhibits initiative, follow-up and follow through with commitments Certifications like: Network+, Security+, CISSP, EnCE, CFCE, C|EH, C|HFI, GCFA, GCFE, GCIH and/or cloud-specific security certifications (e.g. AWS Certified Security - Specialty, Microsoft Certified: Azure Security Engineer Associate, Google Cloud Certified Professional Cloud Security Engineer) If Verizon and this role sound like a fit for you, we encourage you to apply even if you don’t meet every “even better” qualification listed above. #CISO Where you’ll be working In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager. Scheduled Weekly Hours 40 Equal Employment Opportunity Verizon is an equal opportunity employer. We evaluate qualified applicants without regard to race, gender, disability or any other legally protected characteristics. Show more Show less

When you join Verizon You want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. At Verizon, we power and empower how people live, work and play by connecting them to what brings them joy. We do what we love — driving innovation, creativity, and impact in the world. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together — lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the #VTeamLife. What you’ll be doing... The Threat Management Center (TMC) serves as the initial point of defense for Verizon's networks and information systems, safeguarding them against internal misconduct and cyber-attacks. The TMC Advanced Cyber Defense (TMC-ACD) team is tasked with responding to, investigating, hunting and managing all incidents. Collectively, the teams strive to protect Verizon's employees, customers, brand reputation, and revenue streams through proactive identification, response, and mitigation of potential threats that could adversely affect Verizon or its business partners. What we’re looking for... Verizon is looking for an innovative and motivated professional who will be responsible for safeguarding the Verizon enterprise. This individual will work on identified threats and will neutralize them through proactive hunting and detection, incident response and mitigation strategies, and ensure continuous operation of Verizon’s on-prem and cloud environments. The Digital Forensics & Incident Response role is an opportunity to work in a fast paced collaborative environment defending Verizon from current and future cyber threats. This position plays a critical role in Verizon’s enterprise computing defense. Executing the Incident Response Lifecycle to drive threat remediation and identify strategic countermeasures improving future defenses. Operating as a trusted advisor on threat analysis during incidents for incident management teams and other stakeholders by following cybersecurity response methodologies such as the NIST CyberSecurity Framework. Serving as a primary point of contact during assigned on-call shifts, responding promptly to incidents, escalations, and critical alerts to minimize downtime and mitigate risks to the enterprise. Deploying security tools and leveraging logs and endpoint forensic analysis in order to complete a detailed and accurate assessment of security alerts and threats affecting the Verizon enterprise and cloud infrastructure. Assisting with the development of security controls for multiple platforms via automated capabilities by using advanced analysis and forensic techniques. Driving identification, analysis, and remediation activities to ensure compliance with relevant regulatory requirements, industry standards, and best practices related to security and data privacy. Providing assistance and analytical evaluations for high-priority and significant security incidents, including composing extensive and comprehensive analysis summaries and facilitating incident-related discussions. Identifying gaps in detections and collaborating with teams across Cyber Security to mitigate threats and improve the overall security posture. Recommending ways to mature and advance the preventive and defensive capabilities of the TMC. This includes leveraging data and knowledge to clearly communicate the use case for alert creation. Collaborating with cross-functional teams to respond, identify, and analyze the root cause of a cybersecurity incident. Conducting risk assessments, in-depth analysis, and forensic investigations to determine the root cause and impact of incidents. Enhancing, and/or implementing DFIR playbooks to ensure cohesive response repeatability. Assisting with producing operational read-outs and case reviews for peers and leadership that accurately capture the effectiveness of the DFIR organization. Continuously honing to build and maintain knowledge, skills, and abilities needed to maintain proficiency in producing thorough and accurate digital forensic analysis. Enhancing techniques, workflows and processes of security controls, compliance assessments, and DFIR procedures to drive the TMC operational and strategic growth (continuous improvement). Where you'll be working In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager. You’ll Need To Have Bachelor's degree or four or more years of work experience. Four or more years of relevant experience required, demonstrated through work experience and/or military experience. Experience working in Digital Forensic, Incident Response, and/or a Security Operations Center (SOC) environment(s). Even better if you have one or more of the following: Awareness of cyber based adversarial frameworks including MITRE ATT&CK and Lockheed Martin’s Cyber Kill Chain. Proficient knowledge of the cyber threat landscape including types of adversaries, campaigns, and the motivations that drive them. Experience working with analysis techniques, identifying indicators of compromise, threat hunting, and identification of intrusions and potential incidents. Programming and Scripting Experience to enhance automations, ad-hoc forensic analysis and speed-up response times. Previous experience with log aggregation platforms such as Splunk, Elastic, Snowflake, LogRhythm, etc. Proficient in understanding Operating Systems and their architectures: Windows, Unix/Linux, and MacOS Operating Systems Demonstrates leadership and mentoring skills to help advance the overall capabilities of the TMC organization. Ability to work in a highly collaborative environment needing strong communication, presentation, and leadership-like skills Exhibits initiative, follow-up and follow through with commitments Certifications like: Network+, Security+, CISSP, EnCE, CFCE, C|EH, C|HFI, GCFA, GCFE, GCIH and/or cloud-specific security certifications (e.g. AWS Certified Security - Specialty, Microsoft Certified: Azure Security Engineer Associate, Google Cloud Certified Professional Cloud Security Engineer) If Verizon and this role sound like a fit for you, we encourage you to apply even if you don’t meet every “even better” qualification listed above. #CISO Where you’ll be working In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager. Scheduled Weekly Hours 40 Equal Employment Opportunity Verizon is an equal opportunity employer. We evaluate qualified applicants without regard to race, gender, disability or any other legally protected characteristics. Show more Show less

Job Statement: NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360° platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a client’s needs and budget, and external threat analysis, which provides critical intelligence, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service. We are looking for a proven, high energy, results oriented Cybersecurity Leader, where you will be a key advisor for our clients, analyzing business requirements to design and implement ideal security solutions for their needs. As an established SecOps Leader, you will span operational, tactical, and strategic levels as well as tasks that tackle difficult problems that businesses are facing when building out and improving their security posture. This is an opportunity for you to showcase your strong communication skills and experience in SOC operations, security governance & advisory, security risk management, security architecture, and cyber incident response programs. Job responsibilities: · Driving of Cybersecurity services business from a pre-sales consultancy capacity in order to support our prospects/clients from proposal to delivery · Serves as a Subject Matter Expert (SME) for SOC/SIEM/GRC/Infra-Application Security Assessment Services · Able to articulate the business benefits of Cybersecurity services to business/technical customers as appropriate, helping them to identify potential future opportunities and bringing them to the attention of people who can commit the required resources to realize those benefits. · Ability to prepare Cybersecurity documents and presentations in such a way that they are easily understood by the appropriate audience · Demonstrate personal flexibility and focused delivery to ensure the delivery of quality cybersecurity solutions and increase customer satisfaction · Shares knowledge within the ISO (SIEM/SOC) community · Documents feedback and lessons learned from customer engagements so that the colleagues can benefit from this knowledge and be alerted to potential new opportunities Job specifications: 1. Qualification: · Bachelor’s degree in Computer Science, Engineering, or related field or equivalent work experience. May hold Master's or advanced degree in related field 2. Skills: · Proven experience of a Consultative Cybersecurity Selling approach in a customer facing role · Able to conduct cybersecurity presentations, demos, POCs · 7+ years of professional experience in writing cybersecurity proposals/responding to RFPs/Presentations/SOWs on cybersecurity services · Experience in architectural design and project led implementation of Cybersecurity solutions · Demonstrate ability to coach others in the gathering of requirements, designs, plans and estimates · Expert knowledge of Splunk, IBM QRadar and LogRhythm is required (configuration, troubleshooting and design and their relative merits); comparable knowledge with products of other leading SIEM vendors helpful · Contemporary base operating systems and major database platforms architectural knowledge for enterprise environments · Demonstrates broad knowledge in other technical areas to properly manage complex integration efforts · Appreciation of the business drivers demanding Cybersecurity Services · Understanding of legislative demands and compliance requirements mitigated through Cybersecurity services · Understanding of the additional enabling features achieved from an effective Cybersecurity service/solution · Experience of the supporting policy, procedures and practices required to deliver and maintain an effective operational Cybersecurity solution - at the customer or through a service · Ability to adapt a consulting style appropriate to the situation and can identify up-sell opportunities · Ability to demonstrate a broad understanding of market dynamics, an industry area, commercial issues, and technical concerns whilst maintaining depth in Cybersecurity services focus area Show more Show less

Strong expertise with SIEM platforms (e.g., QRadar, Sentinel, LogRhythm , Splunk,). Proficient in EDR and XDR tools (e.g., CrowdStrike, SentinelOne, Carbon Black). Hands-on knowledge of packet capture analysis tools (e.g., Wireshark, tcpdump), forensic tools, and malware analysis tools. Familiarity with scripting or automation languages such as Python, PowerShell, or Bash. Deep understanding of networking protocols, OS internals (Windows/Linux), and security best practices. Familiar with frameworks such as MITRE ATT&CK, NIST, and the Cyber Kill Chain. Minimum of nine (9) years technical experience 7+ years of experience in SOC, security operations, cyber technical analysis, threat hunting, and threat attribution assessment with increasing responsibilities. 3+ years of rule development and tuning experience 2+ years of Incident response Experience supporting 24x7x365 SOC operations and willing to operate in Shifts including but not limited to Alert and notification activities- analysis/triage/response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported alerts and Incidents. Manage multiple tickets/alerts in parallel, including end-user coordination. Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response. Solid understanding and experience analyzing security events generated from security tools and devices not limited to QRadar, MS Sentinel, FireEye, Elastic, SourceFire, Malware Bytes, CarbonBlack/Bit9, Splunk, Prisma Cloud/Compute, Cisco IronPort, BlueCoat Experience and solid understanding of Malware analysis Demonstrated proficiencies with one or more toolsets such as QRadar, MS Sentinel, Bit9/CarbonBlack, Endgame, FireEye HX / CM / ETP, Elastic Kibana Experience and ability to use, contribute, develop and follow Standard Operating Procedures (SOPs) In-depth experience with processing and triage of Security Alerts from multiple sources but not limited to: Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources Experience with scripting languages applied to SOC operations; for example, automating investigations with tools, automating IOC reviews, support SOAR development. Experience with bash, python, and Windows PowerShell scripting Demonstrated experience with triage and resolution of SOC tasks, including but not limited to vulnerability announcements, phishing email review, Tier 1 IR support, SIEM/Security Tools - alert analysis. Demonstrated experience and understanding of event timeline analysis and correlation of events between logs sources. Demonstrated experience with the underlying logs generated by operating systems (Linux/Windows), Network Security Devices, and other enterprise tools. Demonstrated proficiencies with an enterprise SIEM or security analytics solution, including the Elastic Stack or Splunk. Solid understanding and experience analyzing security events generated from security tools and devices not limited to: QRadar, MS Sentinel, Carbon Black, FireEye, Palo Alto, Cylance, and OSSEC Expert in security incident response processes

Hiring for SOC Analyst in one of our Top Banking company @ Chennai & Hyderabad location Job Title: SOC Analyst Experience : 6 - 9 Years Department: Cybersecurity / Information Security Location: Chennai & Hyderabad Employment Type: Hybrid Mode - 3 days WFO and 2 days WFH . Job Summary: We are seeking a skilled and detail-oriented Security Operations Center (SOC) Analyst to join our cybersecurity team. The SOC Analyst will be responsible for monitoring, detecting, analyzing, and responding to cybersecurity incidents using a variety of tools and techniques. This role is critical to maintaining and improving our organization's security posture by ensuring real-time threat detection and incident response. Key Responsibilities: Monitor security alerts and events from SIEM tools (e.g., Splunk, QRadar, Microsoft Sentinel). Analyze and triage events to determine impact and severity. Investigate security incidents and provide incident reports with detailed analysis. Escalate validated threats and vulnerabilities to the appropriate teams and assist in mitigation efforts. Coordinate with IT teams to ensure containment, eradication, and recovery actions are taken for confirmed incidents. Perform threat intelligence analysis to support proactive detection and defense. Document incident handling procedures and maintain an incident knowledge base. Participate in continuous improvement of SOC operations, including playbooks and automation. Stay current on the latest cybersecurity trends, threats, and tools. Required Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field; or equivalent work experience. 13 years of experience in a SOC or information security role. Experience with SIEM platforms, IDS/IPS, firewalls, and endpoint protection tools. Understanding of TCP/IP, DNS, HTTP, VPN, and network protocols. Knowledge of common threat vectors, MITRE ATT&CK framework, and kill chain. Strong analytical and problem-solving skills. Excellent communication skills and ability to work under pressure. Preferred Qualifications: Certifications such as CompTIA Security+, CEH, GCIA, GCIH, or Splunk Certified Analyst. Experience with scripting (e.g., Python, PowerShell) for automation. Familiarity with cloud security monitoring (e.g., AWS GuardDuty, Azure Defender). Exposure to incident response frameworks and forensic tools. Work Schedule: [24x7 shift-based / Regular business hours / On-call rotation as applicable]

JOB DESCRIPTION About KPMG in India KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. QUALIFICATIONS Strong hands-on experience with one or more EDR platforms (e.g., CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint, Sophos Intercept X, Trend Micro Apex One). Knowledge of MITRE ATT&CK framework and threat detection techniques. Familiarity with malware analysis, endpoint forensics, and log analysis. Experience with SIEM platforms (e.g., Splunk, QRadar, LogRhythm) for correlation and alerting. Scripting knowledge (PowerShell, Python, Bash) for automation and custom detection. Understanding of endpoint operating systems (Windows, macOS, Linux) and their security internals. Familiarity with enterprise IT infrastructure, Active Directory, and networking basics. Experience with ticketing and incident management tools (e.g., ServiceNow, JIRA). Understanding of compliance standards Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.

Skills: SIEM Tools, Intrusion Detection Systems, Incident Response, Threat Intelligence Platforms, Endpoint Detection and Response, Network Traffic Analysis, Log Analysis, Vulnerability Assessment Tools, Qualifications BE/ B.Tech/ M.Tech/ MCA with 60%+ throughout the academics. Security certifications like CEH or equivalent preferred. Experience And Skillset Minimum 2 +years hands-on experience with one or more SIEM tools (Log Logic, LogRhythm, Splunk, QRadar, ArcSight etc.). In-depth understanding of security threats (preferably OWASP Top 10 vulnerabilities), threat attack methods and the current threat environment. Proficient in Incident Management and Response. Basic knowledge of Windows and Unix environments. Knowledge of OSI Model, TCP/IP Protocols, network security. Knowledge about other security tools like Packet Analyzers, HIPS/NIPS, Network Monitoring tools, Cloud Security, AV, EDR, WAF etc. Responsibilities Responsible for working in a 24x7 Security Operation center (SOC) environment. Carry out investigation and correlation and work with the stakeholders towards mitigation and closure of security incidents. Monitor various dash boards from different security solutions on shift basis. Work with the engineering team for Sensor and SIEM rules fine-tuning. Prepare various management reports from SIEM and other security solutions. Provide analysis and trending of security log data from a large number of heterogeneous security devices. Provide threat and vulnerability analysis as well as security advisory services. Analyze and respond to previously undisclosed software and hardware vulnerabilities. Investigate, document, and report on information security issues and emerging trends. Seamlessly integrate with the team work culture, ensure proper information flow across shifts, prepare/take part in shift handovers. Communicate effectively by contributing significantly to the development and delivery of a variety of written and visual documents for diverse audiences. Location Navi Mumbai (On-Site) Show more Show less

Skills: SIEM Tools, Intrusion Detection Systems, Incident Response, Threat Intelligence Platforms, Endpoint Detection and Response, Network Traffic Analysis, Log Analysis, Vulnerability Assessment Tools, Qualifications BE/ B.Tech/ M.Tech/ MCA with 60%+ throughout the academics. Security certifications like CEH or equivalent preferred. Experience And Skillset Minimum 2 +years hands-on experience with one or more SIEM tools (Log Logic, LogRhythm, Splunk, QRadar, ArcSight etc.). In-depth understanding of security threats (preferably OWASP Top 10 vulnerabilities), threat attack methods and the current threat environment. Proficient in Incident Management and Response. Basic knowledge of Windows and Unix environments. Knowledge of OSI Model, TCP/IP Protocols, network security. Knowledge about other security tools like Packet Analyzers, HIPS/NIPS, Network Monitoring tools, Cloud Security, AV, EDR, WAF etc. Responsibilities Responsible for working in a 24x7 Security Operation center (SOC) environment. Carry out investigation and correlation and work with the stakeholders towards mitigation and closure of security incidents. Monitor various dash boards from different security solutions on shift basis. Work with the engineering team for Sensor and SIEM rules fine-tuning. Prepare various management reports from SIEM and other security solutions. Provide analysis and trending of security log data from a large number of heterogeneous security devices. Provide threat and vulnerability analysis as well as security advisory services. Analyze and respond to previously undisclosed software and hardware vulnerabilities. Investigate, document, and report on information security issues and emerging trends. Seamlessly integrate with the team work culture, ensure proper information flow across shifts, prepare/take part in shift handovers. Communicate effectively by contributing significantly to the development and delivery of a variety of written and visual documents for diverse audiences. Location Navi Mumbai (On-Site) Show more Show less

Opening from Default - All locations The Company Serving the People Who Serve the People Granicus is driven by the excitement of building, implementing, and maintaining technology that is transforming the Govtech industry by bringing governments and their constituents together. We are on a mission to support our customers by meeting the needs of their communities and implementing our technology in ways that are equitable and inclusive. Granicus has consistently appeared on the GovTech 100 list over the past 5 years and has been recognized as the best companies to work on BuiltIn. Over the last 25 years, we have served 5,500 federal, state, and local government agencies and more than 300 million citizen subscribers powering an unmatched Subscriber Network that uses our digital solutions to make the world a better place. With comprehensive cloud-based solutions for communications, government website design, meeting and agenda management software, records management, and digital services, Granicus empowers stronger relationships between government and residents across the U.S., U.K., Australia, New Zealand, and Canada. By simplifying interactions with residents, while disseminating critical information, Granicus brings governments closer to the people they serve—driving meaningful change for communities around the globe. Want to know more? See more of what we do here. What You'll Do: Follow infrastructure team processes and actively seek to improve them, especially as it relates to implementing automation of repeatable tasks Identify and fix problem areas in Windows servers that run Granicus products Execute quality changes and perform code and change request reviews As part of an on-call team, triage and troubleshoot efficiently and effectively during production incidents Ensure system resources and assets are logged and monitored along with appropriate actions for events Analyze log files and other infrastructure data using available tools Develop documentation to empower other team members and accurately represent projects and procedures Plan for and install new software/firmware releases and hardware/software upgrades to meet security and supportability requirements Who You Are: You have 3+ years of experience supporting Windows servers in a data center or cloud environment You have experience with MS Active Directory configuration and management You have specific technical experience with: regular patching of infrastructure hardware and software systems certificates and certificate management Scripting / automation (e.g., Bash, Python, Ansible, Terraform, Git, PowerShell) Linux or any other Patching experience is a huge plus You have an understanding of security frameworks such as ISO 27001, NIST 800-53 and/or FedRAMP You have worked in a large enterprise environment, providing Windows support You are passionate about technology and keep abreast of technical developments in your field You have the ability to adapt to a changing environment Specific System|Network Experience: The ideal candidate has some level of experience with the following infrastructure|network technologies (bonus if your experience matches the specific products at Granicus in parenthesis): Windows Server OS Windows Active Directory System monitoring tools (LogicMonitor, LogRhythm, Elastic) DNS and IP Management (Infoblox) Cloud computing (AWS, Azure) Security and Privacy Requirements Responsible for Granicus information security by appropriately preserving the Confidentiality, Integrity, and Availability (CIA) of Granicus information assets in accordance with the company's information security program. Responsible for ensuring the data privacy of our employees and customers, their data, as well as taking all required privacy training in a timely manner, in accordance with company policies. Closing from Default - All locations Don’t have all the skills/experience mentioned above? At Granicus, we are trying to build diverse, inclusive teams. We do not have degree requirements for most of our roles. If you don’t meet every requirement above but are excited to learn more, we encourage you to apply. We might just be able to find another role that could be a perfect fit! Security and Privacy Requirements - Responsible for Granicus information security by appropriately preserving the Confidentiality, Integrity, and Availability (CIA) of Granicus information assets in accordance with the company's information security program. - Responsible for ensuring the data privacy of our employees and customers, their data, as well as taking all required privacy training in a timely manner, in accordance with company policies. The Team - We are a remote-first company with a globally distributed workforce across the United States, Canada, United Kingdom, India, Armenia, Australia, and New Zealand. The Culture - At Granicus, we are building a transparent, inclusive, and safe space for everyone who wants to be a part of our journey. - A few culture highlights include – Employee Resource Groups to encourage diverse voices - Coffee with Mark sessions – Our employees get to interact with our CEO on very important and sometimes difficult issues ranging from mental health to work-life balance and current affairs. - Microsoft Teams communities focused on wellness, art, furbabies, family, parenting, and more.-=- - We bring in special guests from time to time to discuss issues that impact our employee population The Impact - We are proud to serve dynamic organizations around the globe that use our digital solutions to make the world a better place — quite literally. We have so many powerful success stories that illustrate how our solutions are impacting the world. See more of our impact here. Granicus is committed to providing equal employment opportunities. All qualified applicants and employees will be considered for employment and advancement without regard to race, color, religion, creed, national origin, ancestry, sex, gender, gender identity, gender expression, physical or mental disability, age, genetic information, sexual or affectional orientation, marital status, status regarding public assistance, familial status, military or veteran status or any other status protected by applicable law. Show more Show less

A career in our Advisory Acceleration Centre is the natural extension of PwC’s leading class global delivery capabilities. We provide premium, cost effective, high quality services that support process quality and delivery capability in support for client engagements. To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future. Responsibilities As a Senior Associate, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to: Use feedback and reflection to develop self awareness, personal strengths and address development areas. Delegate to others to provide stretch opportunities, coaching them to deliver results. Demonstrate critical thinking and the ability to bring order to unstructured problems. Use a broad range of tools and techniques to extract insights from current industry or sector trends. Review your work and that of others for quality, accuracy and relevance. Know how and when to use tools available for a given situation and can explain the reasons for this choice. Seek and embrace opportunities which give exposure to different situations, environments and perspectives. Use straightforward communication, in a structured way, when influencing and connecting with others. Able to read situations and modify behavior to build quality relationships. Uphold the firm's code of ethics and business conduct. ,Quality Assurance SOC Analyst - CaaS As a Quality Assurance SOC Analyst (Senior Associate) within the Cyber as a Service (CaaS) practice, you’ll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. You will play a pivotal role in ensuring the quality and effectiveness of our SOC operations. You will be responsible for reviewing and enhancing our security incident response processes and procedures, evaluating the performance of SOC analysts, and implementing best practices to maintain the highest standards of security. This role is critical in maintaining the integrity of our clients' systems and Required Qualifications data. Responsibilities include but are not limited to: 3+ years of experience in a technical role in the areas of Security Operations, Quality Assurance in a SOC setting, Threat Intelligence, Incident Response, or Penetration Testing/Red Team. At a minimum, a Bachelor's Degree in a relevant area of study with a preference for Computer Science, Computer Engineering, Cybersecurity, or Information Security. Knowledge and experience working with various SIEM, EDR, NDR and Ticketing tools. Knowledge of Security Operations Centre (SOC) processes and procedures. Effective communication skills, both written and verbal. Strong attention to detail and commitment to quality. Advanced knowledge and experience analyzing attacker techniques at all stages of a breach. Knowledge of MITRE ATT&CK and Cyber Kill-Chain is a must Be available to work on a 24/7 basis (Mon-Sun) on a shift based schedule to continuously assure quality within SOC. Roles & Responsibilities Conduct regular quality assessments of security incident handling processes within the SOC for both L1 and L2 functions. Review and evaluate the effectiveness of SOC analyst activities, including incident detection, analysis, investigation and response. Identify areas for improvement and provide recommendations to enhance SOC operations and incident response capabilities. Collaborate with SOC management and leads to develop and implement quality assurance strategies and initiatives. Create and maintain comprehensive quality assurance documentation, reports, and metrics. Mentor and provide guidance to junior SOC analysts to improve their performance and investigation skills. Stay up-to-date with the latest threat landscape, attack vectors, and cybersecurity technologies through ongoing research and professional development. Assist in incident response activities as needed, including during high-priority security incidents. Participate in the development and delivery of training programs for SOC staff. Collaborate with the L2 analyst team to develop robust quality assurance practices, documentation, reports and metrics. Collaborate with L1 and L2 SOC analysts to provide training and knowledge sharing on quality assurance best practices. Communicate findings and recommendations effectively to technical and non-technical stakeholders internally and externally. Maintain detailed records of quality assurance activity, including findings, actions taken, and outcomes. Participate in knowledge-sharing initiatives with the L1 and L2 team to enhance collective expertise and investigation skills. Ensure adherence to established quality assurance processes and procedures. Identify opportunities for process improvement and contribute to the enhancement of quality assurance methodologies. Maintain composure and efficiency in high-pressure situations. Willing to work in US day shift (9AM EST - 5PM EST) / India night Shift (7 PM IST to 3 AM IST) and weekend support / on call support Experience & Skills 3+ years of experience in a technical role in the areas of Security Operations, Quality Assurance in a SOC setting, Threat Intelligence, Cyber Incident Response, or Penetration Testing/Red Team. Experience in SOC L1, SOC L2 is a must. Experience in SOC Quality Assurance is a must Experience in SIEM technologies such as Azure Sentinel, Splunk, ArcSight, QRadar, Exabeam, LogRhythm Experience and knowledge of EDR and NDR technologies such as Cortex XDR, CrowdStrike, Carbon Black, Cylance, Defender, DarkTrace Experience with ticketing system such as ServiceNow, JIRA is considered a strong asset Experience and Knowledge working with Cyber Kill-Chain model and MITRE ATT&CK framework Ability to use data to 'tell a story'; ability to communicate findings and recommendations effectively to technical and non-technical stakeholders. Proficient in preparation of reports, dashboards and documentation Excellent communication and leadership skills Ability to handle high pressure situations with key stakeholders Good Analytical skills, Problem solving and Interpersonal skills A demonstrated commitment to valuing differences and working alongside diverse people and perspectives Show more Show less

Location : BangaloreGrade : A1-A2Salary: Up to INR 9,00,000 Description:oAcknowledge, analyse, and validate incidents triggered from correlated events through SIEM solutionoAcknowledge, analyse, and validate incidents received through other reporting mechanisms such as email, phone calls, management directions, etc.oCollection of necessary logs that could help in the incident containment and security investigationoEscalate validated and confirmed incidents to SOC LeadoUndertake first stages of false positive and false negative analysisoUnderstand the structure and the meaning of logs from different log sources such as FW, IDS, Windows DC, Cisco appliances, AV and antimalware software, email security etc.oOpen incidents in ITSM Platform to report the alarms triggered or threats detected. Analyst should properly include for each incident on SIEM all details related to the logs, alarms and other indicators identified in accordance with the intervention protocol and the SLA.oTrack and update incidents and requests based on client’s updates and analysis resultsoReport infrastructure issues to the IT support team.oOther duties related to the position Essential SkillsoKnowledge and hands-on experience in the management of McAfee EDR, CrowdStrike, ENS, DLP, CASB and other security productsoExperience in Security Information Event Management (SIEM) tools like LogRhythm and McAfee, creation of basic co-relation rules, and administration of SIEMoShould have expertise on TCP/IP network traffic and event log analysisoKnowledge of ITIL disciplines such as Incident, Problem and Change Management Expectations:oExp 0 - 4 years SOC Engineer will be responsible for monitoring, reporting, and escalating events to our SOC Manager.oThe primary function of this position is to monitor the analytics tools, perform alert management, and initial incident qualification.oThis role reports to the SOC Manager.oBachelor’s degree with CEH certificationoJoining time / Notice Period: Immediate joiningoShift Timings: Rotational Shifts (100% working from Bangalore office)3 must havesSOC 4/5SIEM 3/5ITIL 3/5 Show more Show less

Description About Exabeam: Exabeam is a leader in intelligence and automation that powers security operations for the world’s smartest companies. As a global cybersecurity innovator, Exabeam provides industry-proven, security-focused, and flexible solutions for faster, more accurate threat detection, investigation, and response (TDIR). Learn more at www.exabeam.com. Exabeam is looking for a Regional Sales Manager to grow and expand our market presence in India. This person will be responsible for driving sales efforts and working with ecosystem channel partners to maximize market adoption and domination. You will serve as the face and voice of Exabeam and effectively build out your respective region/territory, secure key wins and capture business. Responsibilities Lead account strategy to generate new business growth and add to our portfolio of clients Build and maintain strong and positive relationships within enterprise clients Identify customer requirements, influence strategic direction and buying decisions Drive business development and effectively manage all buying cycles and pipeline Work as a cohesive team with Sale Engineers and cross functional team members Work collaboratively with channel/reseller community Forecast accurately and achieve revenue targets Requirements Solid client facing / interpersonal skills; ability to build influential relationships Track record of success in Cybersecurity and quota achievement Ability to effectively operate in fast paced, evolving environment Intimacy/knowledge of the specific territory; must live in territory Industry domain / security software sales experience Excellent written and spoken communication skills Strategic and analytical thinking skills, able to plan, pitch and execute Experience using CRM/Salesforce University degree or equivalent experience Must live in the geography and have knowledge of the territory Exabeam Total Rewards Offers You (Subject to applicate eligibility requirements) Medical Insurance starts on Day 1 100k Maternity Coverage Generous PTO and Monthly Thank You Days Hybrid Friendly Environments Culture Building Initiatives Bring your Whole Self to Work! Diversity, equity, and inclusion are at the core of who we are. At Exabeam, we know that diverse perspectives spark innovation, improve creativity, and position our team for success. Creating a culture where all are welcomed, valued, and empowered to achieve their full potential is important to who we are today and in the future. We hire the best of the best and do not discriminate based on race, gender, age, religion, sexual orientation, identity, or other personal factors. Exabeam and LogRhythm have merged. You can learn more about our cybersecurity powerhouse here. Show more Show less

About Us Zelis is modernizing the healthcare financial experience in the United States (U.S.) by providing a connected platform that bridges the gaps and aligns interests across payers, providers, and healthcare consumers. This platform serves more than 750 payers, including the top 5 health plans, BCBS insurers, regional health plans, TPAs and self-insured employers, and millions of healthcare providers and consumers in the U.S. Zelis sees across the system to identify, optimize, and solve problems holistically with technology built by healthcare experts—driving real, measurable results for clients. Why We Do What We Do In the U.S., consumers, payers, and providers face significant challenges throughout the healthcare financial journey. Zelis helps streamline the process by offering solutions that improve transparency, efficiency, and communication among all parties involved. By addressing the obstacles that patients face in accessing care, navigating the intricacies of insurance claims, and the logistical challenges healthcare providers encounter with processing payments, Zelis aims to create a more seamless and effective healthcare financial system. Zelis India plays a crucial role in this mission by supporting various initiatives that enhance the healthcare financial experience. The local team contributes to the development and implementation of innovative solutions, ensuring that technology and processes are optimized for efficiency and effectiveness. Beyond operational expertise, Zelis India cultivates a collaborative work culture, leadership development, and global exposure, creating a dynamic environment for professional growth. With hybrid work flexibility, comprehensive healthcare benefits, financial wellness programs, and cultural celebrations, we foster a holistic workplace experience. Additionally, the team plays a vital role in maintaining high standards of service delivery and contributes to Zelis’ award-winning culture. Position Overview As a SOC Analyst at Zelis, you will play a critical role in maintaining the security of our clients' systems and data. You will be responsible for monitoring, analyzing, and responding to security alerts and incidents, ensuring that potential threats are identified and escalated for mitigation in a timely manner Primary Responsibilities Threat Detection: Continuously monitor security alerts and events to identify potential threats and vulnerabilities in Zelis environments. Incident Response: Investigate security incidents, including unauthorized access, malware infections, and data breaches, and take appropriate action to coordinate with NOC and SOC leads to initiate the Major Incident Management process. Key Tools M365 Defender Abnormal Email Security LogRhythm SIEM Sentinel One EDR ExtraHop Reveal NDR Experience And Qualifications To be successful in this role, you should possess the following qualifications and skills: Proven experience in a SOC Analyst role or similar cybersecurity position, with a minimum of 5 years of experience. Proficiency in using LogRhythm SIEM to monitor and analyze security events. Strong understanding of email security solutions and the ability to identify and respond to email-based threats. Experience with reviewing and analyzing network traffic i.e., through Network Detection and Response platforms, such as ExtraHop Reveal. Experience with Endpoint Detection and Response i.e., Sentinel One. Ability to read and analyze network packet captures. Excellent understanding of threat detection and incident response procedures. Strong analytical and problem-solving skills, with the ability to investigate and characterize security events effectively. Understanding of vulnerability assessment and penetration testing tools and methodologies. Strong communication and teamwork skills to collaborate with other IT and security professionals. Knowledge of security best practices, industry standards, and compliance. Ability to maintain detailed incident reports, security procedures, and documentation for compliance and future reference. Stay up to date with the latest security threats, technologies, and industry best practices to improve SOC effectiveness. Work in shifts as part of a 24/7 SOC team to ensure round-the-clock security monitoring and escalation Show more Show less

Delhi , India Designation: Partner Position: SIEM Instructor Mentor (Part-Time) Job Type: Consultant Benefits: Revenue distribution or a fixed hourly rate, with potential for performance-based bonuses tied to training outcomes. Reports to: Founder/CEO Job Overview The SIEM Mentor will provide expert training and mentorship to Eduroids' students on a part-time basis, focusing on equipping them with skills in Security Information and Event Management (SIEM). This role involves delivering practical training sessions, developing industry-relevant course materials, and guiding students through real-world security monitoring and incident response scenarios to prepare them for cybersecurity roles. Key Responsibilities Training Delivery: Conduct weekend training sessions focused on SIEM tools, processes, and best practices in security operations. Curriculum Development: Create and maintain up-to-date course content aligned with the latest trends in SIEM and cybersecurity. Hands-On Learning: Facilitate practical exercises, simulations, and case studies on threat detection, log analysis, and incident response using popular SIEM platforms. Mentorship: Offer personalized guidance to participants, addressing their questions and helping them grasp complex security concepts. Industry Alignment: Ensure training material reflects current cybersecurity challenges and industry standards in SIEM. Assessment and Feedback: Evaluate student progress through assessments, providing constructive feedback to foster their improvement. Knowledge Transfer: Share insights and experiences from real-world cybersecurity scenarios to bridge theory and practical application. Key Measures Student Progress: Track participant performance in mastering SIEM concepts, tools, and workflows. Industry Relevance: Maintain curriculum alignment with evolving cybersecurity threats, compliance standards, and technologies. Feedback Scores: Achieve high participant satisfaction ratings for training quality and mentorship. Project Completion: Ensure students complete SIEM-related projects, including log analysis, threat hunting, and creating custom alerts. Qualifications Education: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or a related field. Experience: Minimum of 10 years of professional experience in cybersecurity, with a focus on SIEM tools and security operations. Experience working with Fortune 500 companies or high-security environments preferred. Demonstrated expertise in implementing and managing SIEM platforms in enterprise environments. Technical Skills: Proficiency with SIEM platforms such as Splunk , IBM QRadar , ArcSight , or LogRhythm . Knowledge of threat intelligence, log management, and compliance requirements like GDPR, PCI DSS, and HIPAA. Familiarity with scripting languages like Python or PowerShell for automation in SIEM tools. Strong understanding of cybersecurity frameworks like MITRE ATT&CK , NIST , or CIS Controls . Soft Skills: Excellent communication and presentation abilities. Ability to translate complex cybersecurity concepts into actionable knowledge for learners. Passion for teaching and mentoring aspiring cybersecurity professionals. Personal Attributes Dedicated to fostering the next generation of cybersecurity experts. Resilient and adaptable, with a focus on continuous improvement. Collaborative mentor who creates an engaging and supportive learning environment. Benefits Competitive compensation based on hourly or project-based engagement. Flexible remote working options. Opportunity to shape the future of cybersecurity professionals and contribute to their career success. Engaging and forward-thinking work culture.

Job Title: Security Operations Center (SOC) Analyst (Positios-02) Experience: 5 to 8 Years Location: Hyderabad Department: Cybersecurity / Security Operations Industry: IT Services / MSSP / Software / FinTech / Healthcare IT Job Summary: We are seeking an experienced and detail-oriented SOC Analyst (58 years) to join our cybersecurity team. The ideal candidate will be responsible for monitoring, detecting, investigating, and responding to cyber threats across the organization. The SOC Analyst will play a critical role in defending systems, applications, and data from security breaches and supporting incident response efforts, threat hunting, and continuous improvement of SOC processes. Key Responsibilities: Security Monitoring & Incident Response: Continuously monitor SIEM dashboards, threat intelligence feeds, and security alerts. Investigate and respond to security incidents, phishing attacks, malware infections, and anomalous activities. Triage alerts based on severity, business impact, and threat intelligence context. Perform root cause analysis and prepare incident reports with actionable recommendations. Escalate critical incidents to Tier 3/IR teams and collaborate during major security events. Threat Detection & Hunting: Conduct proactive threat hunting based on IOCs, TTPs, and threat intelligence reports. Analyse logs from endpoints, firewalls, IDS/IPS, cloud workloads, and third-party security solutions. Develop and fine-tune detection rules and correlation logic in SIEM (e.g., Splunk, Sumo Logic, Sentinel). Tool & Infrastructure Management: Work with EDR, NDR, DLP, SIEM, SOAR, and vulnerability management platforms. Support integration of new log sources and ensure completeness of logging for critical systems. Maintain threat detection playbooks and contribute to process automation via SOAR tools. Compliance & Reporting: Ensure security operations align with frameworks like NIST, ISO 27001, SOC 2, or HIPAA. Support security audit requirements by providing incident logs and response documentation. Generate periodic reports on incident trends, SOC performance, and threat landscape. Required Skills & Experience: 5–8 years of experience in a SOC environment or cybersecurity operations role. Strong knowledge of attack vectors, MITRE ATT&CK framework, and incident response lifecycle. Hands-on experience with SIEM (e.g., Splunk, Microsoft Sentinel, QRadar, LogRhythm). Familiarity with endpoint protection (CrowdStrike, SentinelOne, Defender ATP, etc.). Knowledge of Windows/Linux log analysis, firewall rules, and cloud security controls (Azure/AWS). Strong analytical thinking, attention to detail, and ability to work under pressure. Preferred Qualifications: Bachelor’s degree in Cybersecurity, Computer Science, or related field. Certifications such as CEH, GCIA, GCIH, CySA+, AZ-500, or Security+ are highly desirable. Experience working in a 24x7 SOC or with MSSP environments is a plus. Exposure to compliance-driven industries (finance, healthcare, SaaS) preferred. Soft Skills: Strong communication and documentation skills. Ability to collaborate across IT, DevOps, and security teams. Risk-aware mindset with a proactive approach to security operations. Work Mode: On-site / Hybrid / 24x7 Rotational Shifts if applicable Reporting To: SOC Manager / Head of Security Operations

ECI is the leading global provider of managed services, cybersecurity, and business transformation for mid-market financial services organizations across the globe. From its unmatched range of services, ECI provides stability, security and improved business performance, freeing clients from technology concerns and enabling them to focus on running their businesses. More than 1,000 customers worldwide with over $3 trillion of assets under management put their trust in ECI. At ECI, we believe success is driven by passion and purpose. Our passion for technology is only surpassed by our commitment to empowering our employees around the world . The Opportunity: ECI is looking for a Network Compliance Engineer to join our Network Engineering Department within a dynamic (MSP) environment. This role is critical in ensuring that both internal and client network infrastructures adhere to industry regulations, security policies, and best practices. You will collaborate with network engineers, security teams, and clients to implement and maintain network compliance frameworks, ensuring secure, reliable, and scalable network environments. As a Network Compliance Engineer, you will be responsible for performing assessments, audits, and remediation efforts, ensuring networks are compliant with relevant regulatory standards such as SOC 2, PCI-DSS, HIPAA, NIST , and other industry-specific requirements. This is an onsite role. What you will do: Ensure Compliance: Conduct regular compliance assessments for internal and client network infrastructure, ensuring they meet industry standards (SOC 2, HIPAA, PCI-DSS, NIST, ISO 27001) and internal security policies. Documentation & Reporting: Develop and maintain network compliance documentation, including risk assessments, configuration baselines, security policy compliance, and audit evidence for clients. Audits & Reviews: Perform network audits to verify compliance with established network security policies, best practices, and relevant industry regulations. Collaboration: Work closely with network engineers and security teams to design, implement, and maintain compliant network solutions for client environments. Remediation & Gap Analysis: Identify and track compliance gaps or vulnerabilities within client networks, and work to remediate those issues with network engineering teams. Compliance Monitoring: Use network monitoring tools (e.g., SolarWinds, PRTG) to continuously assess network configurations and activities for compliance and security risks. Client Interaction: Serve as a compliance advisor for clients, guiding them on how to align their network infrastructures with regulatory and security requirements. Incident Response: Support the incident response process when network-related compliance breaches or security incidents are detected, ensuring corrective actions are implemented. Training & Awareness: Educate and train internal teams and clients on compliance best practices, network security policies, and regulatory requirements. Continuous Improvement: Stay up to date with industry trends, evolving regulations, and emerging threats, integrating those insights into compliance strategies. Who you are: Bachelor’s degree in Information Technology, Network Engineering, Cybersecurity, or a related field (or equivalent work experience). 3+ years of experience in network engineering or network compliance, preferably in an MSP environment. Solid understanding of network protocols, including TCP/IP, VLANs, VPNs, firewalls, NAT, and routing (OSPF, BGP). Hands-on experience with firewall technologies (e.g., Fortinet, Cisco ASA, Palo Alto) and network monitoring tools (e.g., SolarWinds, PRTG, Auvik). Familiarity with industry standards and regulations like SOC 2, HIPAA, PCI-DSS, NIST, and ISO 27001. Strong analytical skills with the ability to assess and resolve network compliance issues. Excellent written and verbal communication skills, particularly for documentation and client-facing interactions. Bonus points if you have: Certifications such as CompTIA Security+, CCNA Security, CISSP, CISA, PCNSE, or Fortinet NSE. Experience with cloud networking, including AWS or Azure compliance standards. Exposure to SIEM tools (e.g., Splunk, LogRhythm) and vulnerability management tools (e.g., Nessus, Qualys). Familiarity with MSP platforms like ConnectWise, Datto, N-Able, or Autotask. Ability to work with cross-functional teams (e.g., security, DevOps, IT) to enforce security policies. ECI’s culture is all about connection – connection with our clients, our technology and most importantly with each other. In addition to working with an amazing team around the world, ECI also offers a competitive compensation package and so much more! If you believe you would be a great fit and are ready for your best job ever, we would like to hear from you! Love Your Job, Share Your Technology Passion, Create Your Future Here! Show more Show less

About Gruve Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks. About the Role We are seeking a skilled SIEM Administrator to manage and optimize different SIEM solutions. The ideal candidate will be responsible for system administration, log integration, troubleshooting, Deployment, Implementation and maintaining security posture for the organization. Key Responsibilities SIEM Administration: Install, configure, maintain, and upgrade SIEM components. (IBM Qradar SIEM, DNIF, Splunk & Securonix). Log Management: Onboard, parse, and normalize logs from various data sources (firewalls, servers, databases, applications, etc.) Custom log source integration and parser development. System Monitoring & Troubleshooting: Ensure SIEM tools are functioning optimally. Monitor & regular health check perform for SIEM tools. troubleshoot system errors and resolve performance issues. Conduct regular performance tuning and capacity planning Perform root cause analysis for system failures & performance issues. Optimize system performance and storage management for SIEM Integration & Automation : Integrate third-party security tools (firewalls, EDR, threat intelligence feeds) with SIEM. Compliance & Audits: Ensure log retention policies comply with regulatory standards. Develop & enforce SIEM access controls & user roles/permissions. Documentation & Training: Document system configurations, SOP s & troubleshooting documents. Prepare monthly/ weekly reports and PPT, onboarding documentation as per business/ client requirement. Dashboard & Report Development: Create & maintain custom dashboards & reports Optimize searches & reports for performance and efficiency. Other Knowledge Base: Hands on experience with Linux OS & Windows OS Basic to mediator level knowledge in networking skills Should be familiar with Azure, AWS or GCP products Required Skills & Qualifications: B.E/B.Tech degree in computer science, Cybersecurity, or related field (preferred). 1-3 years experience as Soc Admin Strong knowledge of SIEM architecture, log sources, and event correlation. Proficiency in log management, regular expressions, and network security concepts. Experience integrating SIEM with various security tools (firewalls, IDS/IPS, antivirus, etc.). Scripting knowledge (Python, Bash, or PowerShell) is a plus. Training or Certificate on Splunk or IBM Qradar Preferred. Soft Skills: Strong analytical and problem-solving skills. Excellent communication and documentation abilities. Ability to work independently and in a team. Must Have Skills: Hands-on experience with SIEM tools like IBM QRadar, Splunk, Securonix, LogRhythm, Microsoft Sentinel, DNIF etc. Proficiency in IBM Qradar & Splunk administration Configuring, maintaining, and troubleshooting SIEM solutions. Log source integration, parsing, and normalization. Strong knowledge of TCP/IP, DNS, HTTP, SMTP, FTP, VPNs, proxies, and firewall rules. Familiarity with Linux and Windows system administration. Why Gruve At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you re passionate about technology and eager to make an impact, we d love to hear from you. Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.

Job Summary: The SOC Monitoring and Incident Response Specialist is responsible for monitoring security events, identifying potential threats, investigating incidents, and initiating incident response actions. This role requires extensive experience in cybersecurity, threat intelligence, and incident response processes to support our security operations and safeguard our organization's IT environment. Key Responsibilities: Security Monitoring & Analysis · - Monitor and analyze security alerts from various sources (SIEM, IDS/IPS, firewalls, endpoint protection, etc.). · - Identify suspicious activity and investigate to understand the threat level and scope. · - Perform triage of alerts to assess whether they represent legitimate threats or false positives. · Act as the first responder to security incidents, containing and mitigating threats. · - Document and track incidents, performing root-cause analysis to prevent recurrence. · - Coordinate incident response efforts, collaborating with internal teams and external partners if needed. · - Utilize threat intelligence to stay updated on emerging threats and attack vectors. · - Correlate threat intelligence data with real-time monitoring to detect indicators of compromise (IOCs). · - Proactively hunt for threats and vulnerabilities within the organization’s network. · - Conduct forensic investigations of compromised endpoints, servers, and networks to determine the nature and extent of attacks. · - Collect, preserve, and analyze evidence for potential use in legal or disciplinary actions. · - Provide detailed reports on findings and recommendations for improvements in security posture. Process Improvement & Documentation · - Contribute to the development and improvement of SOC processes, playbooks, and runbooks. · - Document security incidents and response activities in detail, ensuring accurate record-keeping. · - Provide post-incident reports, insights, and recommendations to improve defenses and incident handling procedures. · - Work with IT and cybersecurity teams to improve overall network and endpoint security. · - Communicate with stakeholders, translating technical findings into business impacts. · - Participate in cross-functional meetings and contribute to the overall risk management strategy. · - Mentor junior SOC analysts and assist in their professional development. · - Conduct training sessions and awareness programs to improve cybersecurity knowledge within the organization. Requirements: Education: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent experience). Experience: 6-8 years of experience in a SOC, incident response, or similar cybersecurity role. Certifications: Preferred certifications include CISSP, CISM, GIAC (GCIA, GCIH), or CEH. Technical Skills: · - Proficiency with SIEM tools (e.g., Splunk, QRadar, ArcSight, Logrhythm), IDS/IPS systems, firewalls, and EDR and WAF solutions. · - Familiarity with common operating systems (Windows, Linux) and networking protocols (TCP/IP, DNS, HTTP, etc.). · - Strong understanding of cyber threats, vulnerabilities, malware, and attack methods. · - Experience with scripting languages (Python, PowerShell) is an asset. · - Knowledge of forensic tools and processes for data recovery and analysis. Soft Skills: · - Strong analytical and problem-solving abilities. · - Ability to work effectively under pressure and manage multiple tasks. · - Excellent communication and interpersonal skills, with the ability to explain technical issues to non-technical audiences. · - Team-oriented with a proactive and collaborative attitude. Show more Show less

The Sr. QA Analyst will provide deep level analysis for client investigations utilizing customer provided data sources, audit, and monitoring tools at both the government and enterprise level. The Sr. Threat Analyst will work closely with our Technology Engineers, Architects, and Threat Analysts to service customers. How You’ll Make An Impact High level professional writing experience regarding documenting and reporting on potential security incidents identified in customer environments to include timeline of events. Work with partners to maintain an understanding of security threats, vulnerabilities, and exploits that could impact systems, networks, and assets. Provide analysis on various security enforcement technologies including, but not limited to SIEM, anti-virus, content filtering/reporting, malware prevention, firewalls, intrusion detection systems, web application firewalls, messaging security platforms, vulnerability scanners etc. Perform knowledge transfers, document, and train clients regarding mitigation of identified threats. Provide ongoing recommendations to peers and customers on tuning and best practices. Actively research current threats and attack vectors being exploited in the wild Actively work with analysts and perform investigations on escalations. Ability to discuss security posture with multiple clients and make recommendations to better their holistic security approach. Provide gap analysis for clients to better their security posture. Maintain and develop SOPs for threat analyst team. Develop and maintain Playbooks and runbooks. Work with internal teams to increase efficiency and effectiveness of security analysis provided by the threat analysis team. Training of new analysts on security and tools Create and maintain Content Catalog based on security essentials and the evolving threat landscape. Provide quality assurance (QA) review of security alerts handled by Team members. Conduct regular security audits to ensure compliance with industry standards and regulations. Evaluate security controls, policies, and procedures. Identify vulnerabilities and enhance remediation actions. What We’re Looking For Five years of full-time professional experience in the Information Security field Experience working in a Security Operations Center (SOC), Managed Security Service (MSS), or enterprise network environment as a point of escalation. Excellent time management, reporting, and communication skills including customer interactions and executive presentations. Data analysis using SIEM, Database tools, and Excel. Experience troubleshooting security devices and SIEM. Ability to create and maintain content within SIEM environments and make recommendations to clients to better their visibility. IDS monitoring/analysis with tools such as Sourcefire and Snort Experience with SIEM platforms preferred (QRadar, LogRhythm, McAfee/Nitro, ArcSight, Splunk) a plus. Experience with audit tools, MS office, Power BI Knowledge of security information and event management (SIEM) systems. Understanding of cloud security and virtualization. Direct (E.g., SQL Injection) versus indirect (E.g., cross-site scripting) attacks Experience with the following attacks: Web Based Attacks and the OWASP Top 10, Network Based DoS, Brute force, HTTP Based DoS, Denial of Service, Network Based / System Based Attacks. Familiarity with SANS top 20 critical security controls Understand the foundations of enterprise Windows security including Active Directory, Windows security architecture and terminology, Privilege escalation techniques, Common mitigation controls and system hardening. Anti-Virus (AV) and Host Based Intrusion Prevention (HIPS) Experience in monitoring at least one commercial AV solution such as (but not limited to) McAfee/Intel, Symantec, Sophos, or Trend Micro Ability to identify common false positives and make suggestions on tuning. Understanding of root causes of malware and proactive mitigation Propagation of malware in enterprise environments Familiarity with web-based exploit kits and the methods employed by web-based exploit kits. Familiarity with concepts associated with Advanced Persistent Threats and “targeted malware.” Experience and understanding of malware protection tools (FireEye) and controls in an enterprise environment. Covert channels, egress, and data exfiltration techniques Familiarity with vulnerability scoring systems such as CVSS. Basic understanding of vulnerability assessment tools such as vulnerability scanners and exploitation frameworks This team provides 24/7 support. This role requires shift flexibility, including the ability to rotate between days, mids, and nights. What You Can Expect From Optiv A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups. Work/life balance Professional training resources Creative problem-solving and the ability to tackle unique, complex projects Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities. The ability and technology necessary to productively work remotely/from home (where applicable) EEO Statement Optiv is an equal opportunity employer (EEO). All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, status as an individual with a disability, veteran status, or any other basis protected by federal, state, or local law. Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time. Show more Show less

Company Description ProTechmanize is a CERT-IN empanelled and ISO 27001 certified organization. Established by professionals with over 200 years of cumulative experience in Information Technology and Cyber Security, ProTechmanize Solutions offers a wide range of IT products and services. The team focuses on providing customized solutions and services tailored to meet the specific needs of their customers. Role Description This is a full-time on-site role for a SOC Admin - Logrhythm. The SOC Admin will be responsible for monitoring and managing security operations, analyzing security incidents, and ensuring the smooth functioning of the Logrhythm system. Additional responsibilities include providing administrative assistance, handling customer service queries, and supporting the finance team. Qualifications Strong Analytical Skills and ability to analyze security incidents Administrative Assistance experience Experience in using Logrhythm Bachelor's degree in Information Technology, Cyber Security, or a related field Experience - 2+ years Location - Mumbai Show more Show less

Role & responsibil Key Responsibilities: SIEM Administration: Install, configure, maintain, and upgrade SIEM components. (IBM Qradar SIEM, DNIF, Splunk & Securonix) Log Management: Onboard, parse, and normalize logs from various data sources (firewalls, servers, databases, applications, etc.) Custom log source integration and parser development. System Monitoring & Troubleshooting: Ensure SIEM tools are functioning optimally. Monitor & regular health check perform for SIEM tools. troubleshoot system errors and resolve performance issues. Conduct regular performance tuning and capacity planning Perform root cause analysis for system failures & performance issues. Optimize system performance and storage management for SIEM Integration & Automation : Integrate third-party security tools (firewalls, EDR, threat intelligence feeds) with SIEM. Compliance & Audits: Ensure log retention policies comply with regulatory standards. Develop & enforce SIEM access controls & user roles/permissions. Documentation & Training: Document system configurations, SOPs & troubleshooting documents. Prepare monthly/ weekly reports and PPT, onboarding documentation as per business/ client requirement. Dashboard & Report Development: Create & maintain custom dashboards & reports Optimize searches & reports for performance and efficiency. Other Knowledge Base: Hands on experience with Linux OS & Windows OS Basic to mediator level knowledge in networking skills Should be familiar with Azure, AWS or GCP products Required Skills & Qualifications: Bachelors degree in computer science, Cybersecurity, or related field (preferred). Strong knowledge of SIEM architecture, log sources, and event correlation. Proficiency in log management, regular expressions, and network security concepts. Experience integrating SIEM with various security tools (firewalls, IDS/IPS, antivirus, etc.). Scripting knowledge (Python, Bash, or PowerShell) is a plus. Training or Certificate on Splunk or IBM Qradar Preferred. Soft Skills: Strong analytical and problem-solving skills. Excellent communication and documentation abilities. Ability to work independently and in a team. Must Have Skills: Hands-on experience with SIEM tools like IBM QRadar, Splunk, Securonix, LogRhythm, Microsoft Sentinel, DNIF etc. Proficiency in IBM Qradar & Splunk administration Configuring, maintaining, and troubleshooting SIEM solutions. Log source integration, parsing, and normalization. Strong knowledge of TCP/IP, DNS, HTTP, SMTP, FTP, VPNs, proxies, and firewall rules. Familiarity with Linux and Windows system administration.

Project Role : Security Delivery Practitioner Project Role Description : Assist in defining requirements, designing and building security components, and testing efforts. Must have skills : Splunk Good to have skills : Risk Management Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Delivery Practitioner, you will assist in defining requirements, designing and building security components, and testing efforts. Your day will involve collaborating with teams, contributing to key decisions, and providing solutions to problems across multiple teams. Main Skill1. Splunk or Microsoft Sentinel or Google Chronicle Use Case Management2. Risk Based Alerts and Risk Incidents3. Asset and Identities4. Security Incident Response, Standard Operations Procedure Knowledge Must have Skills: 1. Development, Testing and Fine Tuning of Splunk content like Use Cases, Dashboards, Reports, Lookups, Macros, etc.2. Risk Based Alerts and Risk Incidents3. Asset and Identities Framework in Splunk4. Incident Response, Standard Operations Procedure Knowledge5. MITRE Attack Framework Good to Have Skills: 1. Splunk Architecture Cloud, Microsoft Sentinel, Google Chronicle2. Source Integrations various sources3. Event Parsing, Event Type definition, Data Model, Regex 4. Custom integrations for enrichment, Threat Intelligence Feeds, SOAR5. Azure DevOps Roles & Responsibilities1. Architecture and strategy:Candidate must have ability to understand and implement use cases on security tools (Splunk, Phantom) to improve Accenture's overall security posture by identifying gaps in use cases or processes that can be actioned by our engineers. It also includes the ability to develop and communicate a security strategy that addresses the unique risks and challenges of Accentures Security environments.2. Leadership:Candidate must have ability to lead and influence cross-functional teams. It includes the ability to communicate effectively with stakeholders, build consensus, and manage conflict. 3. Technical:The candidate should be able to understand existing security use cases and develop new ones in tools requiring technical development, scripting, or complex rule creations, managing, and implementing broad security concepts.4. Operational:Candidate must have ability to develop and implement security controls, as well as the ability to monitor and analyze security events and incidents. Technical Experience1. Splunk Enterprise Security, Microsoft Sentinel, Google Chronicle2. Azure DevOps3. Custom Tools Development4. Security Incident ManagementProfessional Experience1. At least 5-7 years of experience on IT Security / SOC / Cyber Defense2. Graduation – BE3. Proficient use of English, advanced communication skills.4. Security Certifications are a plus - CCSK, GPEN, GCCC, GMOB, GSEC, ESCA, Security +, CEHRole Description: Support SIEM detection content creation for notables with a focus on Risk Based Alerting. Create and maintain documentation on new or existing detections, integrations, and dependencies. Interface with our SOC to pilot new content, process feedback, update incident response guidelines. Engage in fine-tuning of existing detections to increase signal/noise ratio and reduce false positives. Additional Information: The candidate should have a minimum of 5 years of experience in Splunk This position is based at our Bengaluru office A 15 years full time education is required Qualification 15 years full time education

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Senior (Endpoint Detection and Response) KEY Capabilities: Excellent teamwork skills, passion and drive to succeed and combat Cyber threats Work collaboratively with other team members to find creative and practical solutions to customers’ challenges and needs.Expertise in design, implementation and operation of EDR solution such as Carbon Black, Tanium, Crowdstrike , Cortes XDR , Microsoft Defender ATP , MacAfee, Symantec and similar technologies,(including migration)Provide consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment.Perform remote and on-site gap assessment, customization, installation, and integration of the EDR solution.Knowledge of cyber threat intelligenceExperience in several of the following areas cybersecurity operations, network security monitoring, host security monitoring, malware analysis, adversary hunting, modern adversary methodologies, all source intelligence analysis, analytical methodologies, confidence-based assessments, and writing analytical reports.Working knowledge of Cuckoo, CAPE, or any other sandbox platformsExperience with security orchestration automation and response tools (Phantom, Resilient, XSOAR) and incident response platforms/DFIR toolsetsExperience with threat hunting using cyber threat intelligence by analyzing large and unstructured data sets to identify trends and anomalies indicative of malicious cyber activities.Expertise in EDR use case development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systemsWilling to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers.Experience in responding to the RFPs and preparation of Project Plan Expertise in integrating EDR devices including unsupported (in-house built) by creating custom parsersGood knowledge in threat modelling. Experience in creating use cases under Cyber kill chain and MITRE attack frameworkKnowledge in Network monitoring technology platforms such as Fidelis XPS or others.Ability to lead a team / project on various phases.Deep understanding on Market trends and ability to adapt based on that.Below mentioned experiences/expertise will be added advantageDeep understanding in various SIEM solutions like Splunk, Qradar, LogRhythm, Securonix, Elastic.Knowledge in scripting using PythonExperiencing advising on Cloud Security capabilities across various platform mainly AzureConfigure data digestion types and connectorsAnalytic design and configuration of the events and logs being digestedDevelop, automate, and orchestrate tasks(playbooks) with logic apps based on certain events Qualification & experience: Minimum of 6 to 12 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments. Strong oral, written and listening skills are an essential component to effective consulting.Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary.Must have knowledge of Vulnerability Management, basic Windows setup, Windows Domains, trusts, GPOs, server roles, Windows security policies, basic Linux setup, user administration, Linux security and troubleshooting.Good to have experience in handling big data integration via Splunk or other SIEMDeep understanding in Malware Analysis and Incident ResponseGood knowledge in programming or Scripting languages such as Python, JavaScript, Bash, PowerShell, Bash, Ruby, Perl, etcMust have honours degree in a technical field such as computer science, mathematics, engineering or similar fieldMinimum 4 years of working in a security operations center Certification in any one of the EDR or SIEM Solution is a must Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.