5 Logrhythm Siem Jobs

Experience in SIEM Tool like ArcSight, LogRhythm SIEM, Threat Intelligence, Malware Analysis, Incident Response Responsible for the technical Administration or troubleshooting in SIEM ensuring the efficient functionality of the solution Responsible for Incident Validation, Incident Analysis, Solution Recommendation, Good knowledge on implementation, installation, integration troubleshooting and overall functionalities of Arcsight ArcSight rule base fine tuning, Ongoing log source modifications, Configuration/policy changes, General SIEM Administration, SIEM Content Development Troubleshooting of an incident within IT Security incident response teams of SOC. Apply investigation techniques to document root cause and impact of detected computer security incidents Maintains awareness of new and emerging cyber-attack threats with potential to harm company systems and networks. Devises and implements countermeasures to mitigate potential security threats. Assists with the development and maintenance of IT security measurement and reporting systems to aid in monitoring effectiveness of IT Security programs. Assists with the development, revision, and maintenance of Standard Operating Procedures and Working Instructions related to IT Security. Good Coordination skills with various other teams for faster resolution/completion. Good to have threat hunting knowledge. Education/Skills: BE/B.Tech or equivalent with minimum 5-8 years of experience Work experience of minimum 3 years in SOC Incident Handling, Incident Response Trend Analysis, administration/monitroing of SIEM Tool like ArcSight, LogRhythm SIEM, Threat Intelligence, Malware Analysis, Ability to adapt and follow the processes and guidelines Possess an impeccable work ethic and a high degree of integrity Good Analytical & Problem Solving skills Able to communicate with technical staff/management Flexible to work in 24/7 environments Highly motivated & customer centric

Job Description Responsible for end-to-end implementation and configuration of SIEM(LogRhythm) and SOAR(Cortex) solutions across customer environments Onboard diverse log sources (cloud, on-prem, endpoint, network) into the LogRhythm SIEM platform and normalize data(Including Supported and Non Supported Devices) Design and implement Standard and Custom detection rules, dashboards, and Reports. Including UEBA, NBA, MITRE, Logsource based and Cross Correlation Usecases Collaborate with SOC, threat intel, TPM and Internal teams to enhance security posture and streamline incident response. Troubleshoot log ingestion and parsing errors. Implement threat intelligence integration to enrich alerts and improve contextual awareness. Ensure compliance with security best practices, frameworks (e.g., MITRE ATT&CK, NIST) Provide documentation, runbooks, LLDs to Operations team as part of Handover Stay current with emerging threats, tools, and technologies in the SIEM/SOAR ecosystem. Collaborate with Assurance team to ensure Smooth handover of projects, follow and adhere to defined Responsibilities Design, implement, and maintain LogRhythm SIEM, Cortex SOAR, and LogRhtyhm UEBA solutions across cloud and on-premise environments. Collaborate with stakeholders to gather and analyze security monitoring and automation requirements. Onboard, parse, and normalize data from diverse log sources including cloud (AWS, GCP, Azure), EDRs, firewalls, proxies, and identity systems. Develop and fine-tune correlation rules, detection use cases, and alerting logic based on attacker TTPs (aligned to MITRE ATT&CK). Configure and customize UEBA models to detect abnormal user and entity behavior (e.g., data exfiltration, lateral movement). Integrate third-party threat intelligence feeds for enrichment and contextual detection. Conduct testing, tuning, and validation of detection and response logic to reduce false positives and improve fidelity. Provide Level 2 support for SIEM/SOAR/UEBA issues during project delivery lifecycle and work closely with SOC, TPM and Customer teams Prepare technical documentation, runbooks and LLDs Continuously monitor industry trends, product updates, and threat intelligence to improve detection coverage. Desired Skill sets Hands-on experience with SIEM platforms Experience with SOAR platforms Proficiency with UEBA solutions Strong understanding of log parsing, normalization, and data onboarding using Syslog, APIs, agents, or collectors. Expertise in developing correlation rules, detection logic, and custom parsers. Experience building and maintaining OOTB SOAR playbooks for automated incident response. Familiarity with behavioral analytics, anomaly detection, and machine learning models in UEBA systems. Knowledge of network protocols, Network logging, OS Logging,endpoint telemetry, and cloud security logging (e.g. VPC flow logs, CloudTrail, Azure Activity Logs). OEM Certifications CEH, Comptia Security+ or similar CSP Security Certifications(Ex. AZ-500)

Job Description Remaining Positions: 1 Details: Job Title: SOC Analyst L2 Experience Level: 2-5 Years Key Responsibilities: Monitor, investigate, and respond to security alerts generated by LogRhythm SIEM. Perform initial and intermediate triage of security incidents. Escalate complex threats or policy violations to L3 Analysts with proper documentation and evidence. Conduct in-depth log analysis and support root cause analysis (RCA) under L3 guidance. Assist with managing and maintaining endpoint security tools such as CrowdStrike and Carbon Black. Support and enforce multi-factor authentication (MFA) using Cisco Duo. Help administer CyberArk EPM & PAS for privileged access control. Investigate email threats using Proofpoint TAP and TRAP dashboards. Monitor digital certificate validity and assist with certificate management processes (PKI/MS ADCS/DigiCert). Document incidents thoroughly in ServiceNow and maintain up-to-date case notes. Participate in shift handovers and provide regular updates to stakeholders. Contribute to runbooks, playbooks, and SOC knowledge base for continuous improvement. #LI-MS2 Job Requirements Details: Required Skills: 2-5 years of hands-on experience in a Security Operations Centre (SOC) environment. Familiarity with SIEM platforms (LogRhythm preferred) and understanding of correlation rules. Practical experience with at least one EDR tool (CrowdStrike or Carbon Black). Working knowledge of CyberArk, Cisco Duo, and email security tools (Proofpoint). Understanding of SOC workflows, incident lifecycle, and alert prioritisation. Exposure to PKI certificate lifecycle management. Basic understanding of ITSM tools (e.g., ServiceNow). Ability to perform clear and concise technical documentation. Strong analytical thinking, problem-solving skills, and willingness to learn from L3 peers. Good written and verbal communication skills. Preferred Skills: Knowledge of MITRE ATT&CK framework. Experience working in a 24/7 SOC environment. #LI-MS2 Pay Range: Based on Experience

As an L2 SOC Analyst specializing in LogRhythm SIEM, your role will involve strengthening the Security Operations Center in Mumbai. With 2 to 5 years of hands-on experience in security monitoring and incident analysis, particularly focusing on LogRhythm SIEM, you will play a crucial part in the in-depth analysis, incident investigation, escalation, and coordination with response teams. Your key responsibilities will include monitoring, analyzing, and triaging security alerts from LogRhythm SIEM and other security platforms. You will be responsible for investigating and validating security incidents with detailed analysis and impact assessment, conducting threat hunting, and advanced log correlation as per SOC playbooks. Additionally, you will respond to incidents following defined escalation matrices, perform root cause analysis, recommend containment and mitigation actions, and provide guidance and mentorship to L1 SOC Analysts for escalated incidents. Moreover, you will prepare incident reports, analysis summaries, and dashboards for management, monitor and report SIEM health, log source integration issues, and tuning requirements. Your role will also involve participating in the continuous improvement of detection rules and SOC processes. Being ready to work in 24x7 rotational shifts with a constant readiness for critical incident handling is essential for this position. To excel in this role, you should possess 2 to 5 years of SOC operations experience, with a specific focus on SIEM monitoring and incident handling. Strong hands-on experience with LogRhythm SIEM is mandatory, in addition to a good understanding of security threats, attack vectors, malware behavior, and common vulnerabilities. Practical experience in analyzing logs from firewalls, IDS/IPS, endpoint security, and cloud platforms is required, along with familiarity with the MITRE ATT&CK framework and the usage of threat intelligence. Furthermore, you should exhibit strong analytical thinking, incident response capabilities, and problem-solving skills. Effective communication skills for incident reporting and escalation are essential for this role. Preferred certifications include LogRhythm Certified Deployment Engineer (LCDE) or LogRhythm Certified SOC Analyst (LCSA), while certifications such as CompTIA Security+, CEH, CySA+, or equivalent security certifications are optional. Any threat hunting or incident response certification would be considered a plus. This is a full-time role based at the Mumbai SOC facility, requiring you to work in 24x7 rotational shifts, including nights and weekends.,

Dear Professional, We are excited to present a unique opportunity at Cognizant, a leading IT firm renowned for fostering growth and innovation. We are seeking talented professionals with 5 to 10 years of experience in Splunk Administration,Splunk Development,Splunk Enterprise Security,Splunk Dashboard Creation,AlertLogic SIEM ,Threat Detection,Incident Response,Log Management,Security Analytics,Compliance Reporting,Real-time Monitoring,Alert Logic MDR,LogRhythm SIEM,LogRhythm Administration,LogRhythm Threat Detection, LogRhythm Incident Response to join our dynamic team. Your expertise in these areas is highly sought after, and we believe your contributions will be instrumental in driving our projects to new heights. We offer a collaborative environment where your skills will be valued and nurtured. To proceed to the next step of the recruitment process, please provide us with the following details with Updated resume to sathish.kumarmr@cognizant.com Please share below details (Mandatory) : Full Name(As per Pan card): Contact number:Email Current Location: Interested Locations: Total Years of experience: Relevant years of experience: Current company: Notice period: NP negotiable: if yes how many days they can negotiate? : If you are Serving any Notice period Means please mention Last date of Working: Current CTC- Expected CTC- Availability for interview on Weekdays ? Highest Qualification? Additionally, we would like to schedule a virtual interview with you on 2nd August 2024. Kindly confirm your availability for the same. We look forward to the possibility of you bringing your valuable experience to Cognizant. Please respond at your earliest convenience. Thanks & Regards, Sathish Kumar M R HR-Cognizant Sathish.KumarMR@cognizant.com