56 Logrhythm Jobs - Page 3

Dear Candidate, We are looking for a skilled SOC Analyst to monitor and analyze security alerts in a Security Operations Center (SOC). You will be responsible for detecting, investigating, and responding to cyber threats. Key Responsibilities: Monitor security alerts, logs, and network traffic for signs of suspicious activity. Investigate security incidents and escalate critical threats. Work with SIEM tools to analyze security events and generate threat reports. Conduct log correlation and threat hunting activities. Respond to malware infections, phishing attacks, and unauthorized access incidents. Assist in developing SOC playbooks and incident response procedures. Conduct regular security drills and tabletop exercises for incident preparedness. Required Skills & Qualifications: Hands-on experience with SIEM platforms (Splunk, QRadar, ArcSight, ELK Stack). Strong understanding of intrusion detection and security event monitoring. Familiarity with cyber kill chain, MITRE ATT&CK, and threat hunting methodologies. Ability to analyze network packets, logs, and forensic data for threat identification. Security certifications such as CEH, GCIH, or CompTIA Security+ are preferred. Soft Skills: Strong problem-solving and analytical skills. Excellent communication skills to work with cross-functional teams. Ability to work independently and as part of a team. Detail-oriented with a focus on delivering high-quality solutions. Note: If you are interested, please share your updated resume and suggest the best number & time to connect with you. If your resume is shortlisted, one of the HR from my team will contact you as soon as possible. Srinivasa Reddy Kandi Delivery Manager Integra Technologies

Key Responsibilities: - Advanced Log Monitoring and Analysis: - Conduct deeper analysis of security events and alerts generated by LogRhythm, correlating data across various sources to identify potential security threats. - Perform advanced triage, classification, and root cause analysis of escalated security incidents. - Utilize the LogRhythm SIEM platform to investigate complex security events, identifying patterns and relationships in logs to identify potential malicious activities. - Incident Escalation and Resolution: - Take ownership of high-priority and complex security incidents, working closely with the Level 1 team to provide expertise and guidance. - Engage with incident response teams to perform deeper forensic analysis and assist with the containment, mitigation, and recovery phases of security incidents. - Document and communicate incident findings, ensuring a clear and concise record of the investigation and resolution process. - LogRhythm Platform Management: - Manage and optimize the LogRhythm SIEM platform to ensure data collection, parsing, and normalization are functioning effectively. - Develop and fine-tune correlation rules, detection use cases, and custom reports to improve detection capabilities and reduce false positives. - Provide recommendations for system enhancements and adjustments based on findings from incidents or emerging threats. - Threat Intelligence Integration: - Integrate and manage threat intelligence feeds within LogRhythm to enhance detection capabilities. - Analyze and correlate threat intelligence data with internal security logs to identify external and internal threats in real-time. - Security Tool Configuration and Tuning: - Configure and tune security tools (firewalls, endpoint detection and response (EDR), intrusion detection/prevention systems (IDS/IPS)) to optimize integration with the LogRhythm platform. - Work with the team to enhance detection rules and improve threat coverage based on new attack techniques and tactics (e.g., MITRE ATT&CK framework). - Collaboration and Knowledge Sharing: - Collaborate with the L1 team, senior engineers, and other stakeholders in the security operations lifecycle to ensure smooth and effective incident handling. - Provide mentoring and training to junior engineers and analysts in best practices for incident response and SIEM platform usage. - Participate in security operations meetings, helping to continuously refine and improve processes. - Reporting and Compliance: - Assist in generating reports for security incident analysis, compliance audits, and management reviews. - Support internal and external audits, providing data, logs, and documentation as needed. - Help track security metrics and performance indicators to support security operations reporting. - Continuous Improvement and Research: - Stay updated on the latest trends in cybersecurity threats, vulnerabilities, and defense mechanisms to enhance the teams capabilities. - Suggest improvements to the security monitoring processes and help implement new detection technologies and methodologies. Skills & Qualifications: - Technical Skills: - Advanced proficiency with LogRhythm SIEM platform (experience with other SIEM platforms like Splunk, QRadar, or ArcSight is a plus). - In-depth understanding of network protocols (TCP/IP, DNS, HTTP, etc.), security devices (firewalls, IDS/IPS, etc.), and endpoint security technologies (EDR, antivirus, etc.). - Hands-on experience with log analysis, data correlation, and incident investigation. - Familiarity with threat intelligence tools, data sources, and feeds. - Strong understanding of security frameworks, including MITRE ATT&CK, NIST, and OWASP. - Experience: - Minimum of 4–6 years of experience in cybersecurity, IT security operations, or incident response. - Prior experience in a Security Operations Center (SOC) or handling security incidents in an enterprise environment. - Experience with security monitoring, SIEM platform tuning, and threat detection engineering. - Soft Skills: - Strong analytical, problem-solving, and troubleshooting skills. - Excellent communication skills, with the ability to clearly explain complex technical concepts to both technical and non-technical stakeholders. - Ability to work well under pressure and in a fast-paced environment, managing multiple tasks effectively. - Certifications (Preferred but not required): - CompTIA Security+, CEH or similar certifications. - LogRhythm Certified Security Engineer or other relevant certifications. Education: - Bachelor’s of Technology in Computer Science, Information Security, or related field, or equivalent work experience.

Responsible for SIEM and SOAR platform (On-prem/SaaS) in terms of administration and management ( should be currently performing this role). Ensuring SOC platform and service uptime. Efficient management of the SOC platform to ensure proper performance. Log Source Integration to include development of custom parsers for non-supported log sources. Integration with other platforms like Threat Intelligence. Configuration of SOAR plugins, SOAR integration and SOAR Playbooks. Troubleshooting of the SIEM and SOAR platform. Coordinating with OEM TAC for Open issues for Platform and timely getting it resolved. Configuration of rules reports and dashboards based on inputs from monitoring team. Documentation of RCAs for major incidents Other skills required Ability to interact and manage customer stakeholders in the context of platform management. Good team working skills and communication. Technology and skills: SIEM: IBM QRadar OR LogRhythm OR Microsoft Sentinel OR Splunk OR other industry leading SIEM platforms SOAR: Paloalto Cortex XSOAR is preferred or any other industry leading product. Threat Intelligence and Brand Monitoring (Cyble, MISP, etc.) ISTM tools - Freshservice is preferred or any other industry leading product. Scripting: Regex is mandatory, Python (intermediate). OS: Windows and Linux (intermediate skills) Basic working knowledge of industry leading cloud service providers like Microsoft Azure, AWS, GCP, etc. Good knowledge of security domain is mandatory.

Dear Applicants, Deloitte India is hiring for LogRhythm-Equity for Gurgaon & Hyderabad location Our potential, unleashed India's impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Job Description: Advanced Log Monitoring and Analysis: Conduct deeper analysis of security events and alerts generated by LogRhythm, correlating data across various sources to identify potential security threats. Perform advanced triage, classification, and root cause analysis of escalated security incidents. Utilize the LogRhythm SIEM platform to investigate complex security events, identifying patterns and relationships in logs to identify potential malicious activities. Incident Escalation and Resolution: Take ownership of high-priority and complex security incidents, working closely with the Level 1 team to provide expertise and guidance. Engage with incident response teams to perform deeper forensic analysis and assist with the containment, mitigation, and recovery phases of security incidents. Document and communicate incident findings, ensuring a clear and concise record of the investigation and resolution process. LogRhythm Platform Management: Manage and optimize the LogRhythm SIEM platform to ensure data collection, parsing, and normalization are functioning effectively. Develop and fine-tune correlation rules, detection use cases, and custom reports to improve detection capabilities and reduce false positives. Provide recommendations for system enhancements and adjustments based on findings from incidents or emerging threats. Threat Intelligence Integration: Integrate and manage threat intelligence feeds within LogRhythm to enhance detection capabilities. Analyze and correlate threat intelligence data with internal security logs to identify external and internal threats in real-time. Security Tool Configuration and Tuning: Configure and tune security tools (firewalls, endpoint detection and response (EDR), intrusion detection/prevention systems (IDS/IPS)) to optimize integration with the LogRhythm platform. Work with the team to enhance detection rules and improve threat coverage based on new attack techniques and tactics (e.g., MITRE ATT&CK framework). Collaboration and Knowledge Sharing: Collaborate with the L1 team, senior engineers, and other stakeholders in the security operations lifecycle to ensure smooth and effective incident handling. Provide mentoring and training to junior engineers and analysts in best practices for incident response and SIEM platform usage. Participate in security operations meetings, helping to continuously refine and improve processes. Reporting and Compliance: Assist in generating reports for security incident analysis, compliance audits, and management reviews. Support internal and external audits, providing data, logs, and documentation as needed. Help track security metrics and performance indicators to support security operations reporting. Continuous Improvement and Research: Stay updated on the latest trends in cybersecurity threats, vulnerabilities, and defense mechanisms to enhance the teams capabilities. Suggest improvements to the security monitoring processes and help implement new detection technologies and methodologies. Desired qualifications. Technical Skills: Advanced proficiency with LogRhythm SIEM platform (experience with other SIEM platforms like Splunk, QRadar, or ArcSight is a plus). In-depth understanding of network protocols (TCP/IP, DNS, HTTP, etc.), security devices (firewalls, IDS/IPS, etc.), and endpoint security technologies (EDR, antivirus, etc.). Hands-on experience with log analysis, data correlation, and incident investigation. Familiarity with threat intelligence tools, data sources, and feeds. Strong understanding of security frameworks, including MITRE ATT&CK, NIST, and OWASP. Experience: Minimum of 4-6 years of experience in cybersecurity, IT security operations, or incident response. Prior experience in a Security Operations Center (SOC) or handling security incidents in an enterprise environment. Experience with security monitoring, SIEM platform tuning, and threat detection engineering. Soft Skills: Strong analytical, problem-solving, and troubleshooting skills. Excellent communication skills, with the ability to clearly explain complex technical concepts to both technical and non-technical stakeholders. Ability to work well under pressure and in a fast-paced environment, managing multiple tasks effectively. How youll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the worlds most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterized by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognize there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyones welcome entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organization and the business area you’re applying to. Check out recruiting tips from Deloitte professionals.

Requirement Splunk L3 / SME (B3) Expertise Splunk Enterprise / Cloud (Deployment, Administration & Development) Key responsibilities Deployment and configuration of Splunk platform (Enterprise) / Splunk Cloud Demonstrate Splunk Core capabilities to the prospective clients Optimizes Splunk platform architecture for large-scale and distributed deployments Adopt best practices and development standards, and deployment of the same Develops and customizes Splunk apps and dashboards and Builds advanced visualizations Key Skills Administering Production Systems, where Splunk platform is with multiple data sources as Metrics, Windows sources, HEC, ,etc. Migration / upgrade execution for Splunk platform Should perform in-depth diagnostic of incidents on any specific application and identify the root cause of problems Should document resolved issues in an effective manner for knowledge management, cross-train peers with tool usage and assist in creation of best-practices, work independently on multiple assignments, proactively prioritizing focus and effort Should have good hands on knowledge of Deployment , Administration and Development of the Splunk Enterprise platform Implements and maintains Splunk platform infrastructure and configuration Undertakes day-to-day operational and user support & Executes new projects as well as data and user onboarding Experience in integrating other tools like JIRA, ServiceNow, Jenkins, AWS etc. with Splunk using 3rd party app Proficient in writing SPL queries and experience in advanced level dashboarding, scheduled jobs, Data models, Lookups and other knowledge objects Experience in performance optimization of existing dashboards, reports and alerts Experience in MLTK, DB Connect Apps and experience in any one of the scripting tools (Python / Shell) Experience in at least one Premium App like ITSI, ES, Phantom, UBA, Splunk Observability Good to have Skills Experience in scripting, Ansible / Puppet for Run book Automation Fair understanding of AWS cloud and cloud services Splunk certified Professional

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information SOAR Developer JD- Client looking for a strong playbook developer resource for XSOAR/Splunk Phantom/Splunk SOAR who has SOC/CSIRT practical experience along with technical skills for developing playbooks. The resource would be helping to develop playbooks for our existing requirements and also work more directly with our analysts to leveraging their SOC/CSIRT experience to help come up with the best solution to solve the business need. This may require influencing process change on the SOC side to provide the best solution to meet their needs. Looking for well experienced (5+ yrs) XSOAR developer who understand SOC use cases and develop new playbook automations and work on enhancement requests. Palo XSOAR playbook development, Security Incident Response, SOC operations 2. Operation Manger- splunk JD- We are seeking an experienced Operations Manager to oversee and optimize our daily operations. The Operations Manager will be responsible for ensuring that our business processes run smoothly and efficiently, coordinating between various departments, managing resources, and driving continuous improvement initiatives. The ideal candidate will have strong leadership skills, a deep understanding of operational processes, and the ability to implement strategies that enhance productivity and profitability. Key Responsibilities: - Operations Management: - Oversee the day-to-day operations of the organization, ensuring that all processes are running efficiently and effectively. - Monitor key performance indicators (KPIs) to identify areas for improvement and implement strategies to enhance productivity. - Coordinate between departments (e.g., production, logistics, customer service) to ensure seamless operations and the timely delivery of products or services. - Resource Management: - Manage and allocate resources (e.g., personnel, equipment, budget) to optimize operational efficiency and meet organizational goals. - Develop and implement resource management plans to address current and future operational needs. 3. Splunk Content Developer L3 JD- C ontent Development: - Design and develop custom dashboards, reports, and alerts within Splunk to meet the needs of various business units, including IT operations, security, and business intelligence. - Create and optimize complex SPL queries to extract meaningful data and insights. - Develop and maintain data models, saved searches, and macros to streamline content creation and improve performance. - Requirement Gathering: - Work closely with stakeholders to understand their needs and translate business and technical requirements into effective Splunk content. - Collaborate with cross-functional teams to ensure the content aligns with organizational goals and objectives. 4. Splunk Analyst JD The Splunk Analyst will be responsible for the design, implementation, and maintenance of Splunk solutions. This role involves working with large datasets, creating dashboards, alerts, and reports to provide actionable insights, and supporting the organizations IT security, compliance, and operational monitoring needs. Key Responsibilities: - Data Onboarding & Management: - Collect, monitor, and analyze data from various sources by configuring and deploying Splunk forwarders and ingesting data into the Splunk platform. - Optimize Splunk data models and indexes for performance. - Ensure data integrity, proper parsing, and normalization of data. - Dashboard & Report Development: - Design, develop, and maintain Splunk dashboards, alerts, and reports to provide insights into system performance, security events, and operational metrics. - Collaborate with stakeholders to gather requirements and tailor reports/dashboards to meet business needs. - Monitoring & Alerting: - Implement and fine-tune Splunk alerts to proactively monitor for security incidents, performance issues, and anomalies. - Conduct regular system health checks to ensure the stability and performance of the Splunk environment. - Troubleshooting & Support: - Investigate and resolve issues with Splunk performance, data ingestion, and search/query errors. - Provide support to end-users, helping them to use Splunk effectively