114 Malware Analysis Jobs - Page 2

Your day at NTT DATA The Security Managed Services Engineer (L2) is a developing engineering role, responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational. Through the proactive monitoring, identifying, investigating, and resolving of technical incidents and problems, this role is able to restore service to clients. The primary objective of this role is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA) and focuses on second-line support for incidents and requests with a medium level of complexity. The Security Managed Services Engineer (L2) may also contribute to support on project work as and when required. What you'll be doing Key Responsibilities: Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD, PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities. Identify log sources and examine system logs to reconstruct event histories using forensic techniques. Align SIEM rules and alerts with the LICs security policies and compliance requirements. Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans. Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively. Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits. Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive. Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). CEH certification is Must. Workplace type : On-site Working

Your day at NTT DATA The Security Managed Services Engineer (L2) is a developing engineering role, responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational. Through the proactive monitoring, identifying, investigating, and resolving of technical incidents and problems, this role is able to restore service to clients. The primary objective of this role is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA) and focuses on second-line support for incidents and requests with a medium level of complexity. The Security Managed Services Engineer (L2) may also contribute to support on project work as and when required. What you'll be doing Key Responsibilities: Min 5 Years exp Collaborate with Company to address challenging issues in cyber, analytics, machine learning, optimization, and computer networking to research solutions. Propose new research projects to tackle complex cyber, analytics, machine learning, optimization, and networking problems. Possess expertise in comprehending advanced persistent threats, emerging threats, and malware within a corporate environment. Understand attacks, attack vectors, and kill chain methodology. Demonstrate proficiency in working with big data and executing complex queries across multiple platforms. Exhibit a strong grasp of malware analysis, threat taxonomy, and threat indicators. Competently engage with various security technologies. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). CTIA/CEH/CSA certification in must. Workplace type : On-site Working

Your day at NTT DATA The Security Managed Services Engineer (L2) is a developing engineering role, responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational. Through the proactive monitoring, identifying, investigating, and resolving of technical incidents and problems, this role is able to restore service to clients. The primary objective of this role is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA) and focuses on second-line support for incidents and requests with a medium level of complexity. The Security Managed Services Engineer (L2) may also contribute to support on project work as and when required. What you'll be doing Key Responsibilities: Min 4+ Years exp in Soc along with SIEM (Splunk). Min 2 years Hands on exp in Splunk. Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD, PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities. Identify log sources and examine system logs to reconstruct event histories using forensic techniques. Align SIEM rules and alerts with the LICs security policies and compliance requirements. Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans. Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively. Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits. Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive. Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Knowledge and Attributes: Ability to communicate and work across different cultures and social groups. Ability to plan activities and projects well in advance, and takes into account possible changing circumstances. Ability to maintain a positive outlook at work. Ability to work well in a pressurized environment. Ability to work hard and put in longer hours when it is necessary. Ability to apply active listening techniques such as paraphrasing the message to confirm understanding, probing for further relevant information, and refraining from interrupting. Ability to adapt to changing circumstances. Ability to place clients at the forefront of all interactions, understanding their requirements, and creating a positive client experience throughout the total client journey. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). Active CEH certification is Must. Required Experience: Moderate level of relevant managed services experience handling Security Infrastructure. Moderate level of knowledge in ticketing tools preferably Service Now. Moderate level of working knowledge of ITIL processes. Moderate level of experience working with vendors and/or 3rd parties. Workplace type : On-site Working

Your day at NTT DATA The Security Managed Services Engineer (L1) is an entry level engineering role, responsible for providing a managed service to clients to ensure that their Firewall infrastructure remain operational through proactively identifying, investigating, and routing the incidents to correct resolver group. The primary objective of this role is to ensure zero missed service level agreement (SLA) conditions and focuses on first-line support for standard and low complexity incidents and service requests. The Security Managed Services Engineer (L1) may also contribute to support on project work as and when required. What you'll be doing Key Responsibilities: Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD,PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities.Identify log sources and examine system logs to reconstruct event histories using forensic techniques.Align SIEM rules and alerts with the LICs security policies and compliance requirements.Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets.Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness.Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans.Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively.Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits.Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive.Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Workplace type : On-site Working

Your day at NTT DATA The Associate Security Platform Engineer is an entry level subject matter expert, responsible for learning how to facilitate problem resolution and mentoring for the overall team. This role performs operational security tasks such as performance and availability monitoring, log monitoring, security incident detection and response, security event reporting, and content maintenance (tuning). The Associate Security Platform Engineer is responsible for detecting and monitoring escalated threats and suspicious activity affecting the organization's technology domain (servers, networks, appliances and all infrastructure supporting production applications for the enterprise, as well as development environments). What you'll be doing Key Responsibilities: Works as part of a 24/7 team working on rotational shifts. Works as part of Platform and Content Engineering handling tunings, stake holder requests, escalations, reporting, trainings. Administers the organization's security tools to gather security logs from environment. Lifecycle management of the supported security tools/technologies, Break-fix, Patching, Live update. Adheres to SOPs and notify stake holders on log flow/log format issues. Documents best practices. Identifies opportunities to make automations which will help the incident response team. Performs security incident handling and response from several vectors including End Point Protection and Enterprise Detection and response tools, attack analysis, malware analysis, network forensics, computer forensics, and a broad range of skills in LAN technologies, Windows and Linux O/Ss, and general security infrastructure. Knowledge and Attributes: Entry level knowledge on implementation and monitoring of any SIEM or security tools/technologies. Entry level knowledge on security architecture, worked across different security technologies. Customer service orientated and pro-active thinking. Ability to problem solve and is highly driven and self-organized. Great attention to detail. Good analytical and logical thinking. Excellent spoken and written communication skills. Team player with the ability to work well with others and in group with colleagues and stakeholders. Academic Qualifications and Certifications: Bachelor's degree or equivalent in Information Technology or related field. Relevant level of Networking certifications such as CCNA, JNCIA, ACCA, PCNSA, CCSA etc. preferred. Relevant level of Security certifications such as AZ-500, SC-200, Security+, CEH etc. will be added advantage. Required Experience: Entry level experience in Security technologies like (Firewall, IPS, IDS, Proxy etc.). Entry level experience in technical support to clients. Entry level experience in diagnosis and troubleshooting. Entry level experience providing remote support in Security Technologies. Entry level experience in SOC/CSIRT Operations. Entry level experience in handling security incidents end to end. Entry level experience in Security engineering.

Knowledge and application: Seasoned, experienced professional; has complete knowledge and understanding of area of specialization. Uses evaluation, judgment, and interpretation to select right course of action. Problem solving: Works on problems of diverse scope where analysis of information requires evaluation of identifiable factors. Resolves and assesses a wide range of issues in creative ways and suggests variations in approach. Interaction: Enhances relationships and networks with senior internal/external partners who are not familiar with the subject matter often requiring persuasion. Works with others outside of own area of expertise, with the ability to adapt style to differing audiences and often advises others on difficult matters. Impact: Impacts short to medium term goals through personal effort or influence over team members. Accountability: Accountable for own targets with work reviewed at critical points. Work is done independently and is reviewed at critical points. Workplace type : Hybrid Working

? Identify gaps and weaknesses on current alerting platforms and recommend improvements to ensure evolving capabilities. Identify gaps and weaknesses on Data Loss Prevention platforms. Continually review existing risk scoring models and adjust accordingly to ensure proper focus on significant security events and business needs. Administrate of DLP solution and liaising with GRC & CISO function to configure policies and work on reporting, monitor and respond to different alerts generated from the DLP solution. Demonstrate a good understanding of incident response process and event escalations, repone to DLPs escalations reported by incident response team. Share recommendations to further identify sensitive data and strengthen security controls. Collaborate & partner with legal, compliance team to support customer privacy initiative and continue compliance with different regulations, to mature company data life cycle management with focus on data security. Ability to independently research and solve technical issues and Demonstrated integrity in a professional environment.

About Us At SentinelOne, were redefining cybersecurity by pushing the limits of whats possible?leveraging AI-powered, data-driven innovation to stay ahead of tomorrows threats From building industry-leading products to cultivating an exceptional company culture, our core values guide everything we do Were looking for passionate individuals who thrive in collaborative environments and are eager to drive impact If youre excited about solving complex challenges in bold, innovative ways, wed love to connect with you What are we looking for Join our Vigilance organization, an elite force of cyber security experts providing a Managed Detection and Response (MDR) service to our largest customers Help drive a world-class threat monitoring, hunting, and response service Be an integral part of a 24x7 follow-the-sun global SOC, and work with key POCs, and customers, to provide an additional level of security and confidence, by leveraging intelligence feeds, threat logs, and IOCs Collaborate with our world-class threat team and researchers, and various RnD teams as you help shape our product, help customers be more secure, and introduce yourself to the cyber tech ecosystem What will you do Proactively monitor and review threats and suspicious events from customers participating in the service Investigate alerts, triage, deep dive, and come up with proper action items and remediation plans Use multiple sources of data from the customer, our intelligence cloud, external threat feeds, etc- Perform proactive hunting for threat data, leveraging our deep visibility abilities and proprietary research cloud Work with the customer to follow up on items that require additional investigation Provide Incident follow-up & support Maintain excellent customer satisfaction through professional, proactive, and personal service Work closely with our research and development team Contribute to our knowledge base by creating malware analysis cookbooks and best practices What experience or knowledge should you bring 3-7 years of experience with Technical Support, SOC, IR, Malware Analysis, or IT Security is a must Strong network and security knowledge is desired Experience with SQL, bash, python, and powershell Professional and articulate with excellent written and verbal communication skills Ability to multitask and prioritize Multi-OS support experience: Windows, Mac & Linux (mobile platforms an advantage) Experience with incident response, computer forensic investigations, or threat hunting is a plus Experience with host base (endpoint agent), or sandbox (network-based) security solutions is an advantage Be able to work a fluid and dynamic schedule to cover hours and days outside of the normal work week Why us You will be joining a cutting-edge company, where you will tackle extraordinary challenges and work with the very best in the industry Industry-leading gender-neutral parental leave Paid Company Holidays Paid Sick Time Employee stock purchase program Disability and life insurance Employee assistance program Gym membership reimbursement Cell phone reimbursement Numerous company-sponsored events, including regular happy hours and team-building events SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics SentinelOne participates in the E-Verify Program for all U S based roles Show more Show less

About Us At SentinelOne, were redefining cybersecurity by pushing the limits of whats possible?leveraging AI-powered, data-driven innovation to stay ahead of tomorrows threats From building industry-leading products to cultivating an exceptional company culture, our core values guide everything we do Were looking for passionate individuals who thrive in collaborative environments and are eager to drive impact If youre excited about solving complex challenges in bold, innovative ways, wed love to connect with you What are we looking for We are seeking highly motivated individuals to join our Windows Behavioral Rules Team The ideal candidates will have a strong background in cybersecurity, with a focus on Windows-based rule development for SIEM, EDR, XDR, or similar platforms We are looking for team players, adept at crafting precise and effective detection rules, and committed to staying at the forefront of cybersecurity advancements If you are passionate about contributing to innovative cybersecurity solutions, come join us and be part of our dynamic team at SentinelOne What will you do As a Windows Detection Engineer, you will play a key role in crafting, owning, and packaging default rules for our Windows agent Your responsibilities will include creating rules that correlate different behavioral events collected from the OS, performing false positive analysis, and actively contributing to the ongoing enhancement of our detection capabilities You will be responsible for the following: Develop precise and effective detection rules and deliver default rules for the WIN agent Rigorously analyze and assess false positives associated with the rules you create Contribute to the optimization of rules to minimize false positives and enhance detection accuracy Collaborate with the team to optimize existing default rules for superior detection capabilities Stay informed about emerging threats, industry trends, and new technologies to continuously improve rule efficacy Follow good detection engineering practices and the default rules you develop, including logic, descriptions, and other metadata, tests, and more What experience or knowledge should you bring 2+ years of experience in Detection Engineering / Red Teaming / Offensive Research Experience writing behavioral detection rules for EDR, XDR, SIEM or other similar platforms Experience writing YARA or other types of static detections is nice to have Deep understanding of modern Windows attack TTPs (how malware operates, evasion, and exploitation techniques) Understanding of Windows internals Hands-on experience with coding in Python and C/C++ Familiarity with Detection Engineering processes including prioritizing a backlog for research and development, writing unit and integration tests, and with CI/CD technologies such as Jenkins Strong analytical and problem-solving skills, with an understanding of false-positive analysis Excellent communication and collaboration skills within a team-oriented environment Advantage Experience in malware analysis (statically and dynamically) and reverse engineering (x86/x64) Understanding of existing EDR internals Why us You will be joining a cutting-edge company, where you will tackle extraordinary challenges and work with the very best in the industry along with competitive compensation Flexible working hours and hybrid/remote work model Flexible Time Off Flexible Paid Sick Days Global gender-neutral Parental Leave (16 weeks, beyond the leave provided by the local laws) Generous employee stock plan in the form of RSUs (restricted stock units) On top of RSUs, you can benefit from our attractive ESPP (employee stock purchase plan) Gym membership/sports gears by Cultfit Wellness Coach app, with 3,000+ on-demand sessions, daily interactive classes, audiobooks, and unlimited private coaching Private medical insurance plan for you and your family Life Insurance covered by S1 (for employees) Telemedical app consultation (Practo) Global Employee Assistance Program (confidential counseling related to both personal and work life matters) High-end MacBook or Windows laptop Home-office-setup allowances (one time) and maintenance allowance Internet allowances Provident Fund and Gratuity (as per govt clause) NPS contribution (Employee contribution) Half yearly bonus program depending on the individual and company performance Above standard referral bonus as per policy Udemy Business platform for Hard/Soft skills Training & Support for your further educational activities/trainings Sodexo food coupons SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics SentinelOne participates in the E-Verify Program for all U S based roles Show more Show less

About Us At SentinelOne, were redefining cybersecurity by pushing the limits of whats possible?leveraging AI-powered, data-driven innovation to stay ahead of tomorrows threats From building industry-leading products to cultivating an exceptional company culture, our core values guide everything we do Were looking for passionate individuals who thrive in collaborative environments and are eager to drive impact If youre excited about solving complex challenges in bold, innovative ways, wed love to connect with you What are we looking for We are looking for talented Windows, Linux, and macOS researchers; people who are always looking to analyze and break things while looking for a complete understanding of how they work; people who live to beat the system and challenge it, and people who are in pursuit of outsmarting malware and overcoming it to protect our customers What will you do Youll be part of an exceptional malware detection team that will ensure we provide the best detection, protection, and visibility capabilities to our customers at any given time The team does it by performing in-depth analysis and research of threats and vulnerabilities while also being responsible for closing the detection gap through the development and deployment of signatures to millions of endpoints across the globe Youll be working closely with other detection teams to ensure our customers get the best security products they can Your time will be mostly focused on research and development Research Youll perform cutting edge research and analyze (through reverse engineering and other methods) files, TTPs, exploits, and malwares to understand how they operate and behave The research will mostly be based on binaries and sample files but may also be based on other types of data sources like events and behaviors Youll get the opportunity to work on the latest threats and malware samples to tackle sophisticated challenges of cyber security Your research findings will be used for delivering new signatures and/or shared with other detection teams to improve our productsdetection capabilities As a malware research expert, youll collaborate with many internal/external teams to form a consensus group of experts who will enhance the detection using their expertise and knowledge Development Youll be responsible for developing the signatures for all of our engines that will improve our detection, protection, and visibility, reaching all of our millions of endpoints across the globe Youll be responsible for the quality and accuracy (FP/FNs) of the deliverables and be accountable for them Youll create, maintain, and improve existing infrastructure and tools that are being used by the team You will also be encouraged to write white papers, blogs, and articles (only if you wish to) What experience or knowledge should you bring A dedication to continuous learning and skill development to meet evolving job demands Minimum 3 years of experience in both static and dynamic malware analysis and reverse engineering Proficiency with reverse engineering and analysis tools, such as disassemblers, compilers, and debuggers like IDA, Ghidra, Hopper, LLDB, GDB Strong background in malware analysis and understanding its behavior consisting of advanced malware techniques, including anti -tampering, defense evasion, lateral movement, persistence and ransomware activities Good understanding of MITRE attack TTPs A strong inclination towards automating routine tasks and increasing efficiency Excellent and deep understanding of Linux (both UM and KM) Excellent understanding how core system components (Process and Threads, IPC, tracing, Security, Virtual Memory, eBPF) work behind the scenes Understanding of Containers and K8s Understanding of ARM/ M1 architecture Understanding of sandbox internals/escapes, Transparency, Consent and Control (TCC) internals/escapes Understanding of security mechanisms File Quarantine, XProtect , Gatekeeper Why us You will be joining a cutting-edge company, where you will tackle extraordinary challenges and work with the very best in the industry along with competitive compensation Flexible working hours and hybrid/remote work model Flexible Time Off Flexible Paid Sick Days Global gender-neutral Parental Leave (16 weeks, beyond the leave provided by the local laws) Generous employee stock plan in the form of RSUs (restricted stock units) On top of RSUs, you can benefit from our attractive ESPP (employee stock purchase plan) Gym membership/sports gears Wellness Coach app, with 3,000+ on-demand sessions, daily interactive classes, audiobooks, and unlimited private coaching Private medical insurance plan for you and your family Life Insurance covered by S1 (for employees) Telemedical app consultation (zyla) Global Employee Assistance Program (confidential counseling related to both personal and work life matters) High-end MacBook or Windows laptop Home-office-setup allowances (one time) and maintenance allowance Internet allowances Provident Fund and Gratuity (as per govt clause) NPS contribution (Employee contribution) Half yearly bonus program depending on the individual and company performance Above standard referral bonus as per policy LinkedIn learning Business platform for Hard/Soft skills Training & Support for your further educational activities/trainings Sodexo food coupons SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics SentinelOne participates in the E-Verify Program for all U S based roles Show more Show less

About Us At SentinelOne, were redefining cybersecurity by pushing the limits of whats possible?leveraging AI-powered, data-driven innovation to stay ahead of tomorrows threats From building industry-leading products to cultivating an exceptional company culture, our core values guide everything we do Were looking for passionate individuals who thrive in collaborative environments and are eager to drive impact If youre excited about solving complex challenges in bold, innovative ways, wed love to connect with you What are we looking for We are looking for talented detection engineers, people who look at the world differently, who explore, "hunt", live to beat the system and challenge it People who can address tough security problems and deliver it fastly What will you do You will be responsible for detecting the newest identity threats The role includes an end to end responsibility for behaviour based detection capabilities, starting from researching attack techniques, designing new methods to detect or prevent those, and implementing it in the product in the end You will be developing and using internal research tools, PoCs and discovering new ways to detect/prevent identity-based attacks (Pass the Hash, Silver ticket, MFA bypass and more)t At the end of the day, your deliveries will enhance the security of dozens of millions of Windows endpoints which are protected by our platform What skills and knowledge should you bring 3+ years of experience in malware analysis (statically and dynamically) 3+ years of experience with C++ Excellent understanding of the Windows Internals understanding how core system components (Process and Threads, Virtual Memory and more) work behind the scenes Experienced with Identity-based attacks (Pass the Hash, Silver ticket, MFA bypass and more) Experienced with analysis tools, such as: IDA, WinDBG, SysInternals etc- Kernel development experience advantage Advanced C++ advantage Understanding of existing AVs internals advantage Why Us You will be joining a cutting-edge company, where you will tackle extraordinary challenges and work with the very best in the industry Flexible working hours and hybrid/remote work model Flexible Time Off Flexible Paid Sick Days Global gender-neutral Parental Leave (16 weeks, beyond the leave provided by the local laws) Generous employee stock plan in the form of RSUs (restricted stock units) On top of RSUs, you can benefit from our attractive ESPP (employee stock purchase plan) Gym membership/sports gears by Cultfit Wellness Coach app, with 3,000+ on-demand sessions, daily interactive classes, audiobooks, and unlimited private coaching Private medical insurance plan for you and your family Life Insurance covered by S1 (for employees) Telemedical app consultation (Practo) Global Employee Assistance Program (confidential counseling related to both personal and work life matters) High-end MacBook or Windows laptop Home-office-setup allowances (one time) and maintenance allowance Internet allowances Provident Fund and Gratuity (as per govt clause) NPS contribution (Employee contribution) Half yearly bonus program depending on the individual and company performance Above standard referral bonus as per policy Udemy Business platform for Hard/Soft skills Training & Support for your further educational activities/trainings Sodexo food coupons SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics SentinelOne participates in the E-Verify Program for all U S based roles Show more Show less

Not Applicable Specialism Risk Management Level Senior Associate & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In threat intelligence and vulnerability management at PwC, you will focus on identifying and analysing potential threats to an organisations security, as well as managing vulnerabilities to prevent cyber attacks. You will play a crucial role in safeguarding sensitive information and enabling the resilience of digital infrastructure. At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purposeled and valuesdriven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations & Summary A career within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats Responsibilities Minimum 35 years of experience Strong communication and presentation skills Basic knowledge on Cybersecurity and Network concepts. Good understanding and working exposure towards endpoint security, data security, network security and cloud security. Previous or current experience in managing a highlevel corporate breach. Understanding of Mitre Framework and Cyber kill chain techniques and how to implement it in the client infrastructure to detect and mitigate threats, Exposure towards technologies such as SIEM, EDR, Email Security, DLP, Vulnerability Management and Network Monitoring technologies (CrowdStrike, Palo Alto, Digital Guardian, Proofpoint) Good to have knowledge and experience on malware analysis, reverse engineering and performing deep dive forensic investigations. Willing to learn and put in the thought process to solve complex problems within the Security domain. Willing to work in 24/7 rotational shift. Good to have certifications such as CEH, GCIH, Network & Security Fundamentals. Mandatory Skill Sets SIEM , EDR , Crowdstike , Mitre , DLP , Proofpoint Preferred Skill Sets SIEM , EDR , Crowdstike , Mitre , DLP , Proofpoint Years of Experience 3+ Years Educational Qualification BE, B.Tech, M.Tech, MCA, MBA graduates. Education Degrees/Field of Study required Bachelor of Technology, Bachelor of Engineering, Master of Business Administration Degrees/Field of Study preferred Required Skills SoCs Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Cloud Security, Communication, Conducting Research, Creativity, Cyber Defense, Cyber Threat Intelligence, Embracing Change, Emotional Regulation, Empathy, Encryption, Inclusion, Information Security, Intellectual Curiosity, Intelligence Analysis, Intelligence Report, Intrusion Detection, Intrusion Detection System (IDS), IT Operations, Learning Agility, Malware Analysis, Malware Detection Tools {+ 16 more} No

The primary responsibility of this role is to provide advanced incident analysis and management within our SOC environment, while also leading the development and training of the L1 SOC team in incident analysis, parsers creation, rule views, and report management. The ideal candidate will have a strong background in cybersecurity, incident response, and leadership skills. Responsibilities: Advanced Incident Analysis: Utilize advanced tools and techniques to analyze and investigate security incidents detected within the organization's networks and systems. Incident Response: Lead incident response efforts, coordinating with internal and external stakeholders to mitigate and remediate security incidents promptly. Team Leadership: Provide mentorship and guidance to the L1 SOC team, assisting in the development of their skills in incident analysis, parser creation, rule views, and report management. Parser Creation: Develop and maintain parsers to enhance the capability of the SOC's security information and event management (SIEM) system in detecting and correlating security events. Rule View Management: Manage and optimize rule views within the SIEM platform to ensure accurate and timely detection of security threats. Report Management: Oversee the generation and distribution of security reports, including incident reports, trend analysis, and recommendations for improvement. Collaboration: Work closely with other teams within the organization, including IT operations, network engineering, and application development, to improve overall security posture and incident response capabilities. Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field. Equivalent work experience may be considered. Minimum of 3 years of experience in a SOC environment, with a focus on incident analysis and response. Strong understanding of cybersecurity principles, including threat detection, malware analysis, and vulnerability management. Experience with SIEM platforms (e.g., Securonix, QRadar) and familiarity with creating and managing parsers and rule views. Leadership experience, with the ability to mentor and motivate team members effectively. Excellent communication skills, both written and verbal, with the ability to convey complex technical concepts to non-technical stakeholders.

Advanced Incident Analysis: Utilize advanced tools and techniques to analyze and investigate security incidents detected within the organization's networks and systems. Incident Response: Lead incident response efforts, coordinating with internal and external stakeholders to mitigate and remediate security incidents promptly. Team Leadership: Provide mentorship and guidance to the L1 SOC team, assisting in the development of their skills in incident analysis, parser creation, rule views, and report management. Parser Creation: Develop and maintain parsers to enhance the capability of the SOC's security information and event management (SIEM) system in detecting and correlating security events. Rule View Management: Manage and optimize rule views within the SIEM platform to ensure accurate and timely detection of security threats. Report Management: Oversee the generation and distribution of security reports, including incident reports, trend analysis, and recommendations for improvement. Collaboration: Work closely with other teams within the organization, including IT operations, network engineering, and application development, to improve overall security posture and incident response capabilities.

2 years of experience in endpoint security implementation and management. Hands-on experience with CrowdStrike Falcon, Trend Micro Apex One/Deep Security, and EDR solutions. Strong knowledge of endpoint security, malware analysis, and threat detection methodologies. Experience in PowerShell, Python, or Bash scripting for automation and security tasks. Familiarity with Windows, macOS, and Linux endpoint security best practices. Understanding of network security, firewalls, and SIEM platforms (Splunk, Sentinel, etc.). Security certifications such as CrowdStrike CCFA/CCFR, Trend Micro Certified Professional, CEH, or CISSP (preferred).

Assist in defining security Policies Standards and reference Architecture for Network design and deployment related to above technologies. Proactive analysis of Network for secure deployments, secure configurations against Global Security Best Practices. Assisting network design team with security inputs while designing an architecture for new offices/ branches/ data centres etc. for Security by Design. Developing network security standards and guiding network design to meet corporate requirements. Strategize and formulate high and low-level monitoring mechanism for security posture of network deployments and advise measures to improve them. Possess and maintain technical knowledge of aspects of DDoS mitigation, NAC, Internet Proxy, DNS etc. Conducting analysis of network security and Strategize and formulate high and low-level monitoring mechanism for DDoS mitigation, NAC, Internet Proxy, DNS. Taking proactive measures for enhancing the security posture of the Bank's network by studying the vulnerabilities issued/ published by various OEMs, internal and external agencies such as CERTetc. Working with internal and external business stakeholders on ensuring that IT infrastructure meet global network security standards. Produce and track metrics for the effectiveness and maturity of Secure network deployments.

Implementation and Deployment: - Design and deploy IDS (ARMIS)solutions tailored to OT environments. - Develop comprehensive deploymentarchitectures, ensuring seamless integration with existing systems. - Configure and optimize network andfirewall settings to support IDS deployments. Data Network Security - IDS, Cybersecurity.

Senior Cybersecurity Analyst with a minimum of 6+ years of experience in thefield of Operation technology, particularly focusing on Endpoint Detection andResponse (EDR) and Intrusion Detection System #40;IDS#41; monitoringtools. The ideal candidate will have demonstrated expertise in Carbon Black AppControl. Carbon Black, MS Defender for Endpoints (EDR/ATP),Data Network Security - IDS, Unix Administration, Windows, Carbon Black, MS Defender for Endpoints (EDR/ATP), Data Network Security - IDS, Unix Administration, Windows. Senior Cybersecurity Analyst with a minimum of 6+ years of experience in the field of Operation technology, particularly focusing on Endpoint Detection and Response (EDR) and Intrusion Detection System (IDS) monitoring tools. The ideal candidate will have demonstrated expertise in Carbon Black App Control.

Job Description: At least 10 years of experience in Information Security operations & management with hand on experience in large security operations center using IBM QRadar/Splunk/ArcSight or similar SIEM tool. Manage network, endpoints and forensics initiatives, malware triage and cyber security incident response Managing Cyber Security Services engagements and engagement teams Recognizing common attacker tools, tactics, and procedures Providing oversight for on-site examinations and collections and technology advisory services to enhance forensic client engagements Researching and developing new digital forensics scripts, tools, and methodologies Assessing and troubleshooting a variety of technical issues and support a cyber response lab on our clients SIEM tool and UEBA platform Assist in conducting peer reviews and providing quality assurance reviews for junior personnel and will support the mentoring of junior incident managers and provide guidance to others on incident management prioritization, triage and report writing in support of onsite engagements. Guiding the team to Monitor, identify and investigate the security alerts and perform incident response activities related to cybersecurity incidents Creates new trouble tickets for alerts that signal an incident and require Tier 2 / Incident Response review Respond to cybersecurity incidents, conduct threat analysis as directed and address detected incidents for resolution Should be able do multitasking to coordinate incident with Sr analyst and escalation manager Recommend enhancements to SOC security process, Operations efficiencies. Create Incident response (IR) plan, IR play books, manage all incidents and crisis situations. Log Analysis, handle, resolve security incidents. Collaborate with respective tracks/technical team for remediation of the incident. Periodical review of incident response plan and procedures. Recommend and document specific countermeasures and mitigating controls Develop comprehensive and accurate reports and presentations for both technical and executive audiences Preferred Skills: Strong knowledge of cyber-attacks and techniques, Cyber Kill chain, incident management best practices. A high-level understanding of multi-tiered applications and various network and security devices/protocols Knowledge of various operating system flavour including but not limited to Windows, Linux, Unix Proficient in preparation of reports and documentation. Knowledge of Cyber-criminal techniques, Compliance, and regulatory standards. Excellent verbal and written communication skills.

Job Description: Conduct email analysis and reverse engineer to identify and mitigate threats. Perform static and dynamic analysis Analyze network traffic and develop heuristic signatures to detect malicious activities. Investigate security incidents, including data breaches, system intrusions, and policy violations. Collaborate with cross-functional teams to improve detection capabilities and response. Develop and implement incident response plans and coordinate incident investigations. Classify, Maintain and update real-time block lists and URL block lists. Write and review regular expressions for phish, spam and fraud detection. Perform URL and email grading to assess and categorize potential threats. Engage in security response activities to address and resolve security incidents. Conduct threat hunting to proactively identify and address potential detection gaps.

About Target As a Fortune 50 company with more than 400,000 team members worldwide, Target is an iconic brand and one of America's leading retailers. At Target, we have a timeless purpose and a proven strategy and that hasn t happened by accident. Some of the best minds from diverse backgrounds come together at Target to redefine retail in an inclusive learning environment that values people and delivers world-class outcomes. That winning formula is especially apparent in Bengaluru, where Target in India operates as a fully integrated part of Target s global team and has more than 4,000 team members supporting the company s global strategy and operations. Joining Target means promoting a culture of mutual care and respect and striving to make the most meaningful and positive impact. Becoming a Target team member means joining a community that values diverse backgrounds. We believe your unique perspective is important, and you'll build relationships by being authentic and respectful. At Target, inclusion is part of the core value. We aim to create equitable experiences for all, regardless of their dimensions of difference. As an equal opportunity employer, Target provides diverse opportunities for everyone to grow and win. About Target Tech Every time a guest enters a Target store or browses Target.com, they experience the impact of Target s investments in technology and innovation. We re the technologists behind one of the most loved retail brands, delivering joy to millions of our guests, team members, and communities. The Sr. Engineering Manager (SEM) is responsible for a managing a team of engineers. This role is accountable for leading a team, developing code, deploying and managing in production. You will be called upon to be the technical representative for your team during cross-team collaborative efforts and planning. Success in this role will require strong and innovative approaches to problem solving, great technical leadership, excellent communication (written and verbal, formal and informal), flexibility, accountability and a self-motivated working style with attention to detail. About Team Our mission is two-foldwe protect the hundreds of thousands of Target endpoints (such as user laptops, in store devices, distribution center technology, servers and containers) from cyber threats while balancing the stability and functionality needs of Target s technology environment. To do this, we use a combination of vendor tools, in-house developed utilities and strong organizational partnerships to achieve shared goals. Use your skills, experience and talents to be a part of groundbreaking thinking and visionary goals. As a Sr. Engineering Manager, you ll take the lead as you Optimize a suite of products to secure Target endpoints. Use innovation and critical thinking to solve complex security and technology problems. Test the efficacy of tools by leveraging adversary emulation tools. Establish good stakeholder relationships and work closely with Tech teams, influence the product roadmap and help drive requirements while being a strong advocate of agile and DevOps practices across the team. Execution of the team-developed strategy, solving enterprise-wide problems and addressing key security concerns. Provide career development and performance management to a team of engineers. Industry endpoint security domain expert, benchmarking with other retailers and companies, staying on top of new trends and technology in a quickly-moving space. About you 4 year degree in Computer Science or equivalent experience 9+ years of engineering experience 1-3 years of managing teams with a strong track record of delivery for cross-functional products Strong written and verbal communication skills with the ability to present complex technical information in a clear and concise manner to variety of audiences Team-orientated, passionate about developing others skills and capabilities Successful track record of working in large enterprise technology ecosystems leading complex technology teams Deep understanding of agile development processes and methodology including continuous integration and delivery, with a mindset of building incrementally and delivering business value quickly Strong collaboration skills, effective management of complex cross-team initiatives and leads with the desire to enable our engineering teams.

Lead the fine-tuning and domain adaptation of open-source LLMs (eg, LLaMA 3) using frameworks like vLLM, HuggingFace, DeepSpeed, and PEFT techniques. Develop data pipelines to ingest, clean, and structure cybersecurity data, including threat intelligence reports, CVEs, exploits, malware analysis, and configuration files. Collaborate with cybersecurity analysts to build taxonomy and structured knowledge representations to embed into LLMs. Drive the design and execution of evaluation frameworks specific to cybersecurity tasks (eg, classification, summarization, anomaly detection). Own the lifecycle of model development including training, inference optimization, testing, and deployment. Provide technical leadership and mentorship to a team of ML engineers and researchers. Stay current with advances in LLM architectures, cybersecurity datasets, and AI-based threat detection. Advocate for ethical AI use and model robustness, especially given the sensitive nature of cybersecurity data Required Skills: 5+ years of experience in machine learning , with at least 2 years focused on LLM training or fine-tuning . Strong experience with vLLM , HuggingFace Transformers, LoRA / QLoRA , and distributed training techniques . Proven experience working with cybersecurity data \u2014ideally including MITRE ATT&CK, CVE/NVD databases, YARA rules, Snort/Suricata rules, STIX/TAXII, or malware datasets . Proficiency in Python , ML libraries ( PyTorch , Transformers), and MLOps practices. Familiarity with prompt engineering, RAG (Retrieval-Augmented Generation), and vector stores like FAISS or Weaviate . Demonstrated ability to lead projects and collaborate across interdisciplinary teams. Excellent problem-solving skills and strong written & verbal communication. Nice to Have Experience deploying models via vLLM in production environments with FastAPI or similar APIs. Knowledge of cloud-based ML training (AWS/GCP/Azure) and GPU infrastructure. Background in reverse engineering, malware analysis, red teaming, or threat hunting. Publications, open-source contributions, or technical blogs in the intersection of AI and cybersecurity.

Incident handling, forensic analysis, and VAPT SIEM tools cybersecurity frameworks Log analysis, monitoring, detecting and investigating security incidents and breaches. CEH,CSA,CompTIA Security+,GCIH,security incidents

Lennox (NYSE: LII) Driven by 130 years of legacy, HVAC and refrigeration success, Lennox provides our residential and commercial customers with industry-leading climate-control solutions. At Lennox, we win as a team, aiming for excellence and delivering innovative, sustainable products and services. Our culture guides us and creates a workplace where all employees feel heard and welcomed. Lennox is a global community that values each team member s contributions and offers a supportive environment for career development. Come, stay, and grow with us. Job Description Monitor all the endpoint , Network , Cloud and application security incidents. As SOC team member , perform the basic investigation and all the security incidents and document the evidence. Performing Security controls health & Compliance check. Adhere to shift timings and provide uninterrupted 24/7 monitoring . Properly share shift handovers, updating the next shift on ongoing incidents and activities. Respond to all security incidents within a SLA period Resolve incidents assigned to the shift promptly and escalate to the Senior team when necessary. Work across all categories of incidents without limiting to specific types. Follow the incident handling as per the docum ented SOP . Complete and close all assigned task requests within SLA timelines. Attend weekly and monthly team meetings as mandatory. Qualifications OSINT : knowledge about open-source platforms for analyzing URL, IP Addresses , suspicious files. Email Analysis : Operating Systems: Basics of Linux and Windows, kernel concepts, and system differences. Networking: OSI model, TCP/IP, firewalls, VPNs, proxies, IP addressing, and subnetting. SIEM Tools: Basics of SIEM operations, alerts, and dashboards (e.g., Splunk). Authentication & Access Control: MFA, SSO, and password management best practices. Malware Protection: Antivirus strategies, malware analysis, phishing email analysis, and IOC gathering. Trending Cyber Attacks : update knowledge about the trending cyber-attacks & its attack patterns .

Job Functions/Responsibilities: Minimum 5+ years as a SOC analyst with exposure to Digital Forensics, Threat Hunting and Incident Response Management. Experience in Linux Operating Security and Active Directory Security Able to do Research and analysis on any Security incidents. 24/7 support. Should be able to work on Saturday and Sunday To prevent, detect, assess, and respond to cybersecurity threats and incidents To assist the Compliance Team in digital forensics and information gathering To monitor different tools for intrusions, malicious traffic, threats etc Malware analysis Network Security Threat Intel and Threat Hunting Vulnerability Assessments Log Analysis Endpoint Security Physical Access Control Systems Digital Forensics Windows and Linux Good knowledge on Mitre Att&ck framework Experienced with Sysmon logs and investigation is a must To investigate the attack techniques using Sysmon logs and hunt for the IOCs collected. Preferred candidate profile Experienced in Incident Response Management (L1 & L2) and should be familiar with Incident Response Lifecycle Firewall knowledge IDS/IPS experience Log Management/SIEM tool experience Network Analysis tool System Analysis Malware Analysis Endpoint Security DLP Familiar with Cyber Kill Chain or Mitre Att&ck Operating Systems (Linux and Windows) Vulnerability assessment tool experience RSS Feeds/Updates familiarity Malware signatures and latest vulnerabilities updates familiarity Must be excellent in Verbal and Written Communication Digital Forensics Experience/Education Requirements Any Graduate 5+ Years of experience as SOC Analyst and in Incident Response Management, Digital Forensics (Windows and Linux) and Threat Hunting Certified in Ethical Hacker, Certified Incident Handler, Comptia Security+, CHFI preferred