228 Malware Analysis Jobs - Page 6

Role & responsibilities Primary Skill: Threat Intelligence, Threat Hunting, Threat Detection Engineers with experience in writing SPL (Splunk Processing Language), Mitre Framework. Secondary Skill: DataBricks, MDE Threat Intelligence, Threat Hunting, Splunk Enterprise Security, Cyber Security SME, Splunk Power User, Mitre Framework JD: • In-depth knowledge of external attacks and detection techniques to be able to run analysis of the requirements provided by threat intelligence / SOC teams, generate list of rules that could be implemented (based on self analysis of a threat and avaiable log sources), work with SOC team to operationalize and Purple Team to test.. • Familiarity with MITRE ATT&CK framework and Tactics, Techniques, and Procedures (TTPs). • Experience with security tools such as Splunk, MDE , Databricks to be able to write custom detections to detect various threats (preferably MDE) So to give you better picture, I will give some examples. Person needs to be able to navigate through Mitre framework to be able to assign correct technique to the rule that is worked on. Must be able to tell what Beaconing does or CnC channel means, methods to detect, logs to use (ofc not limited to, in general must know common attach techniques and how to detect them - external threat attacks on prem / cloud). Must be familiar with Cobalt Strike meaning (generic knowledge what it does, not how to use it). Manually write SPL / KQL / SQL rules in one of our tools, generated alerts and get them validated by asking Purple team to run a simulation. Talk to CDC on operationalizing the rule

Lead & focus: Demonstrate clear & calm leadership, setting the tone for each response Command and coordinate a response to security incidents, relevant threats, and high profile security events Scope a response to the next best actions Ensure response is sustainable for all resources involved Support beyond normal shift hours in an emergency or during times of staff shortage Coordinate & communicate: Delegate tasks in a timely manner and manage them to closure Facilitate incident / threat resolution through prompt communication across multiple teams Document status and regularly communicate updates to stakeholders and senior management Develop and track key metrics and reporting related to incident management Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Incident Response, Soc Management Preferred technical and professional experience Threat Hunting

Objective: Serve as L1/L2/L3 level core security domains. Lead architecture reviews, complex troubleshooting, performance tuning, threat modeling, and support design/implementation changes. Technologies Supported Domain Platform DDoS Protection Radware DefensePro / Cloud DDoS NGFW Palo Alto (Panorama, Cortex XSOAR) SIEM & IDAM OpenText ArcSight / CyberRes WAF & LB Radware AppWall / Alteon VX Endpoint Security Trend Micro Apex One / Vision One VAPT Tenable.io / SecurityCenter HSM Thales Luna / payShield APM & Logging Elastic Stack (ELK + Observability) Advanced Skill Set Expert in one or more: DDoS, NGFW, SIEM, WAF, VAPT Protocol-level packet analysis Threat intelligence and hunting workflows SIEM correlation strategy and content development Complex API integrations and automation scripting (Python/Shell) Familiarity with Zero Trust, MITRE ATT&CK, SOAR

Person should be responsible for administration & management of three or more technologies listed Firewall, F5 WAF, F5 SSLO, Ant-DDoS, Packet Broker, Anti-Apt, IPS, etc. Managing complete administration including but not limited of creation, modification of rules and configuration, system upgrades. Handling escalated calls and providing SME support on above technologies. On-boarding of new applications in F5 SSLO, F5 WAF, Packet Broker and handle critical issues for the same. Single point of contact for above mentioned technologies. Incident management & timely escalation of incident. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Overall 4+ years of experience in the field of network security Person should be able to manage the team. Person should have good understanding on SIEM IR & should be able to guide the team. Require advance level of network security devices troubleshooting knowledge, tcpdump, log analysis etc. B. E. / B.Tech in Computer Science or Electronics & Telecommunications Preferred technical and professional experience Person should have good understanding on SIEM IR & should be able to guide the team. Require advance level of network security devices troubleshooting knowledge, tcpdump, log analysis etc.

Dear Candidate, We are seeking a Security Operations Engineer to monitor, detect, investigate, and respond to security incidents and threats across systems and networks. Key Responsibilities: Monitor alerts and logs using SIEM tools (Splunk, QRadar, Sentinel). Analyze security incidents, conduct root cause analysis, and coordinate response. Support threat hunting and vulnerability assessments. Maintain and tune security tools (IDS/IPS, endpoint protection, firewalls). Document incident reports and provide remediation recommendations. Required Skills & Qualifications: Experience in a Security Operations Center (SOC) or similar role. Strong knowledge of cybersecurity concepts and incident response. Familiarity with EDR tools (CrowdStrike, Carbon Black) and log analysis. Scripting and automation skills for detection and response tasks. Security certifications such as CEH, CompTIA Security+, or GCIA are beneficial. Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Srinivasa Reddy Kandi Delivery Manager Integra Technologies

Plan, implement, configure, and migrate market-leading cyber security solutions (Qradar, Sentinel, Defender etc) Creation and implementation of new SIEM use cases (correlation rules), fine tuning, Defender policies etc Configuration, onboarding, and parsing of new log sources in SIEM solution, working on malware analysis, mail analysis, Threat intelligence/hunting etc Assessment of the effects of an attack, taking initial measures and making concrete recommendations for action, Improvement of response plans and incident playbooks Classification and investigation of alarms from different threat detection platforms and provision of the processed results to our customers Anomaly and attack pattern detection at all stages of the cyber killchain Tool-based and manual threat hunting to detect attacks after zero-day exploits or vulnerabilities with a potentially severe impact on customer environments become known Creation of security reports based on the security incidents within the reporting period Creation of reports and dashboards Ensure adherence to and implementation of best incident response procedures as well as internal and industry standards Participation in on-call duty to ensure incident response even outside of business hours 24*7 onsite cybersoc support to customer including weekends public holidays Skill Set Required: Mandatory skill set Good hands-on experience on SIEM tools like Qradar, MS Sentinel Knowledge on Microsoft Defender Good experience on Incident handling response Certification in IBM Qradar SOC Analyst/Administrator, SC-200 Secondary skill set Knowledge on Python, any scripting language Malware investigation and reporting Forensic investigation of SPAM / Phising email incidents Knowledge on threat intelligence threat hunting Experience: 4+ years related work experience in customer facing organizations within cybersoc services Degree / Diploma Holders with Cybersecurity knowledge Excellent verbal written communication skills in English language Global Delivery Operations

Roles and Responsibilities Conduct threat hunting activities to identify potential security threats and vulnerabilities. Analyze malware samples using various tools such as QRadar, Splunk, and ArcSight. Perform incident response duties including handling incidents, conducting root cause analysis, and implementing remediation measures. Monitor security event logs from multiple sources to detect anomalies and potential security breaches. Collaborate with other teams to develop threat intelligence reports and improve overall security posture. Desired Candidate Profile 7-12 years of experience in Security Operations Center (SOC) or related field. Strong understanding of incident response, threat analysis, threat intelligence gathering, log analysis, and security monitoring concepts. Proficiency in tools like QRadar, Splunk, ArcSight for malware analysis and incident response tasks.

Job Description: 5+ years of experience in Security Operations Center and Threat Hunting. Develop and refine threat hunting techniques and tools. Experience in monitoring and alert handling in QRadar SIEM. In-depth knowledge of advanced persistent threats (APTs) and attack vectors. Collaborate with threat intelligence teams to integrate new threat data into hunting processes. Security incident handling and reporting. Experienced in EDR alert analysis, preferably Sentinel One. Preferred candidate profile Bachelor's degree in computer science, Information Security, or related field. Should be flexible to work in 24/7 rotational shifts. Should possess good communication skills.

Qualification Bachelors degree in Cybersecurity, Information Security, Computer Science, or a related field, or equivalent work experience. Strong experience with SIEM (e.g., Splunk, QRadar, ArcSight). Proficient in EDR and Endpoint Security tools (e.g., CrowdStrike, Microsoft Defender). Hands-on experience in threat and malware analysis . Familiarity with email security systems (e.g., Proofpoint, Mimecast). Strong understanding of network protocols, firewalls, and intrusion detection/prevention systems. Knowledge of security frameworks and industry standards (e.g., MITRE ATT&CK, NIST). Excellent analytical and problem-solving skills.

Dear Candidate, We are seeking a Cybersecurity Analyst to detect, investigate, and prevent security threats across digital assets and systems. Key Responsibilities: Monitor and analyze security alerts, logs, and events. Perform threat intelligence, malware analysis, and incident response. Conduct vulnerability assessments and patch management. Support compliance and audit activities (ISO, NIST, GDPR). Educate staff on cybersecurity best practices and awareness. Required Skills & Qualifications: Experience with SIEM tools (Splunk, AlienVault, QRadar). Knowledge of firewalls, IDS/IPS, endpoint protection, and antivirus. Familiarity with scripting for automation and reporting. Strong analytical, investigative, and communication skills. Security certifications preferred (e.g., CompTIA Security+, SOC Analyst, CISSP). Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Srinivasa Reddy Kandi Delivery Manager Integra Technologies

Job Summary: We are seeking an experienced Cyber Security Trainer to join our team. The ideal candidate will have a solid background in cybersecurity principles and practices, combined with a passion for teaching and helping students understand complex cybersecurity concepts. You will be responsible for delivering high-quality training sessions and supporting students as they develop skills essential to succeed in the cybersecurity field. Key Responsibilities: Deliver engaging and interactive training sessions on cybersecurity topics, including but not limited to network security, threat analysis, malware protection, digital forensic, and ethical hacking. Develop and update course materials, including presentations, handouts, and online resources, to reflect the latest cybersecurity trends and practices. Conduct hands-on labs and exercises to help students gain practical experience with cybersecurity tools and techniques. Assess students' understanding and progress through evaluations, assignments, and feedback sessions. Stay updated with the latest cybersecurity developments and incorporate new knowledge into training programs. Support and mentor students as they navigate their learning journey, answering questions, and providing guidance on cybersecurity career paths. Qualifications: Bachelors degree in Technology (BTech) or a Master’s in Computer Applications (MCA), or a Master's degree in Technology (MTech) 2-3 years of experience in cybersecurity or a related field, with proven knowledge of current cybersecurity threats, tools, and practices. Previous experience in teaching, training, or mentoring is highly desirable. Excellent communication skills, with the ability to simplify complex topics and engage a diverse audience. Strong knowledge of cybersecurity tools and technologies, such as firewalls, intrusion detection systems, SIEM, and vulnerability assessment tools. Preferred Skills: Relevant certifications in cybersecurity, such as CompTIA Security+, CISSP, CEH, or similar. Familiarity with e-learning platforms and digital training tools. Strong problem-solving skills and adaptability to different learning styles. Why Join Us: Opportunity to make a meaningful impact on the next generation of cybersecurity professionals. Collaborative and supportive work environment. Access to continuous learning and professional development opportunities.

Your day at NTT DATA The Security Managed Services Engineer (L1) is an entry level engineering role, responsible for providing a managed service to clients to ensure that their Firewall infrastructure remain operational through proactively identifying, investigating, and routing the incidents to correct resolver group. The primary objective of this role is to ensure zero missed service level agreement (SLA) conditions and focuses on first-line support for standard and low complexity incidents and service requests. The Security Managed Services Engineer (L1) may also contribute to support on project work as and when required. What you'll be doing Responsibilities: Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD, PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities. Identify log sources and examine system logs to reconstruct event histories using forensic techniques. Align SIEM rules and alerts with the LICs security policies and compliance requirements. Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans. Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively. Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits. Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive. Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Workplace type : On-site Working

Your day at NTT DATA The Security Managed Services Engineer (L1) is an entry level engineering role, responsible for providing a managed service to clients to ensure that their Firewall infrastructure remain operational through proactively identifying, investigating, and routing the incidents to correct resolver group. The primary objective of this role is to ensure zero missed service level agreement (SLA) conditions and focuses on first-line support for standard and low complexity incidents and service requests. The Security Managed Services Engineer (L1) may also contribute to support on project work as and when required. What you'll be doing Key Responsibilities: Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources.Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD,PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis.Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities.Identify log sources and examine system logs to reconstruct event histories using forensic techniques.Align SIEM rules and alerts with the LICs security policies and compliance requirements. Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging.Maintain and support the operational integrity of SOC toolsets.Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans.Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively.Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits. Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive.Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Workplace type : On-site Working

Your day at NTT DATA The Security Managed Services Engineer (L2) is a developing engineering role, responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational. Through the proactive monitoring, identifying, investigating, and resolving of technical incidents and problems, this role is able to restore service to clients. The primary objective of this role is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA) and focuses on second-line support for incidents and requests with a medium level of complexity. The Security Managed Services Engineer (L2) may also contribute to support on project work as and when required. What you'll be doing Key Responsibilities: Min 4+ Years exp in Soc along with SIEM (Splunk). Min 2 years Hands on exp in Splunk. Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD, PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities. Identify log sources and examine system logs to reconstruct event histories using forensic techniques. Align SIEM rules and alerts with the LICs security policies and compliance requirements. Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans. Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively. Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits. Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive. Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Knowledge and Attributes: Ability to communicate and work across different cultures and social groups. Ability to plan activities and projects well in advance, and takes into account possible changing circumstances. Ability to maintain a positive outlook at work. Ability to work well in a pressurized environment. Ability to work hard and put in longer hours when it is necessary. Ability to apply active listening techniques such as paraphrasing the message to confirm understanding, probing for further relevant information, and refraining from interrupting. Ability to adapt to changing circumstances. Ability to place clients at the forefront of all interactions, understanding their requirements, and creating a positive client experience throughout the total client journey. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). Active CEH certification is Must. Required Experience: Moderate level of relevant managed services experience handling Security Infrastructure. Moderate level of knowledge in ticketing tools preferably Service Now. Moderate level of working knowledge of ITIL processes. Moderate level of experience working with vendors and/or 3rd parties. Workplace type : On-site Working

Your day at NTT DATA The Security Managed Services Engineer (L2) is a developing engineering role, responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational. Through the proactive monitoring, identifying, investigating, and resolving of technical incidents and problems, this role is able to restore service to clients. The primary objective of this role is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA) and focuses on second-line support for incidents and requests with a medium level of complexity. The Security Managed Services Engineer (L2) may also contribute to support on project work as and when required. What you'll be doing Key Responsibilities: Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD, PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities. Identify log sources and examine system logs to reconstruct event histories using forensic techniques. Align SIEM rules and alerts with the LICs security policies and compliance requirements. Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans. Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively. Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits. Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive. Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). CEH certification is Must. Workplace type : On-site Working

Your day at NTT DATA The Security Managed Services Engineer (L2) is a developing engineering role, responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational. Through the proactive monitoring, identifying, investigating, and resolving of technical incidents and problems, this role is able to restore service to clients. The primary objective of this role is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA) and focuses on second-line support for incidents and requests with a medium level of complexity. The Security Managed Services Engineer (L2) may also contribute to support on project work as and when required. What you'll be doing Key Responsibilities: Min 5 Years exp Collaborate with Company to address challenging issues in cyber, analytics, machine learning, optimization, and computer networking to research solutions. Propose new research projects to tackle complex cyber, analytics, machine learning, optimization, and networking problems. Possess expertise in comprehending advanced persistent threats, emerging threats, and malware within a corporate environment. Understand attacks, attack vectors, and kill chain methodology. Demonstrate proficiency in working with big data and executing complex queries across multiple platforms. Exhibit a strong grasp of malware analysis, threat taxonomy, and threat indicators. Competently engage with various security technologies. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). CTIA/CEH/CSA certification in must. Workplace type : On-site Working

Your day at NTT DATA The Security Managed Services Engineer (L2) is a developing engineering role, responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational. Through the proactive monitoring, identifying, investigating, and resolving of technical incidents and problems, this role is able to restore service to clients. The primary objective of this role is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA) and focuses on second-line support for incidents and requests with a medium level of complexity. The Security Managed Services Engineer (L2) may also contribute to support on project work as and when required. What you'll be doing Key Responsibilities: Min 4+ Years exp in Soc along with SIEM (Splunk). Min 2 years Hands on exp in Splunk. Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD, PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities. Identify log sources and examine system logs to reconstruct event histories using forensic techniques. Align SIEM rules and alerts with the LICs security policies and compliance requirements. Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans. Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively. Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits. Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive. Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Knowledge and Attributes: Ability to communicate and work across different cultures and social groups. Ability to plan activities and projects well in advance, and takes into account possible changing circumstances. Ability to maintain a positive outlook at work. Ability to work well in a pressurized environment. Ability to work hard and put in longer hours when it is necessary. Ability to apply active listening techniques such as paraphrasing the message to confirm understanding, probing for further relevant information, and refraining from interrupting. Ability to adapt to changing circumstances. Ability to place clients at the forefront of all interactions, understanding their requirements, and creating a positive client experience throughout the total client journey. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). Active CEH certification is Must. Required Experience: Moderate level of relevant managed services experience handling Security Infrastructure. Moderate level of knowledge in ticketing tools preferably Service Now. Moderate level of working knowledge of ITIL processes. Moderate level of experience working with vendors and/or 3rd parties. Workplace type : On-site Working

Your day at NTT DATA The Security Managed Services Engineer (L1) is an entry level engineering role, responsible for providing a managed service to clients to ensure that their Firewall infrastructure remain operational through proactively identifying, investigating, and routing the incidents to correct resolver group. The primary objective of this role is to ensure zero missed service level agreement (SLA) conditions and focuses on first-line support for standard and low complexity incidents and service requests. The Security Managed Services Engineer (L1) may also contribute to support on project work as and when required. What you'll be doing Key Responsibilities: Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD,PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities.Identify log sources and examine system logs to reconstruct event histories using forensic techniques.Align SIEM rules and alerts with the LICs security policies and compliance requirements.Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets.Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness.Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans.Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively.Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits.Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive.Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Workplace type : On-site Working

Your day at NTT DATA The Associate Security Platform Engineer is an entry level subject matter expert, responsible for learning how to facilitate problem resolution and mentoring for the overall team. This role performs operational security tasks such as performance and availability monitoring, log monitoring, security incident detection and response, security event reporting, and content maintenance (tuning). The Associate Security Platform Engineer is responsible for detecting and monitoring escalated threats and suspicious activity affecting the organization's technology domain (servers, networks, appliances and all infrastructure supporting production applications for the enterprise, as well as development environments). What you'll be doing Key Responsibilities: Works as part of a 24/7 team working on rotational shifts. Works as part of Platform and Content Engineering handling tunings, stake holder requests, escalations, reporting, trainings. Administers the organization's security tools to gather security logs from environment. Lifecycle management of the supported security tools/technologies, Break-fix, Patching, Live update. Adheres to SOPs and notify stake holders on log flow/log format issues. Documents best practices. Identifies opportunities to make automations which will help the incident response team. Performs security incident handling and response from several vectors including End Point Protection and Enterprise Detection and response tools, attack analysis, malware analysis, network forensics, computer forensics, and a broad range of skills in LAN technologies, Windows and Linux O/Ss, and general security infrastructure. Knowledge and Attributes: Entry level knowledge on implementation and monitoring of any SIEM or security tools/technologies. Entry level knowledge on security architecture, worked across different security technologies. Customer service orientated and pro-active thinking. Ability to problem solve and is highly driven and self-organized. Great attention to detail. Good analytical and logical thinking. Excellent spoken and written communication skills. Team player with the ability to work well with others and in group with colleagues and stakeholders. Academic Qualifications and Certifications: Bachelor's degree or equivalent in Information Technology or related field. Relevant level of Networking certifications such as CCNA, JNCIA, ACCA, PCNSA, CCSA etc. preferred. Relevant level of Security certifications such as AZ-500, SC-200, Security+, CEH etc. will be added advantage. Required Experience: Entry level experience in Security technologies like (Firewall, IPS, IDS, Proxy etc.). Entry level experience in technical support to clients. Entry level experience in diagnosis and troubleshooting. Entry level experience providing remote support in Security Technologies. Entry level experience in SOC/CSIRT Operations. Entry level experience in handling security incidents end to end. Entry level experience in Security engineering.

Knowledge and application: Seasoned, experienced professional; has complete knowledge and understanding of area of specialization. Uses evaluation, judgment, and interpretation to select right course of action. Problem solving: Works on problems of diverse scope where analysis of information requires evaluation of identifiable factors. Resolves and assesses a wide range of issues in creative ways and suggests variations in approach. Interaction: Enhances relationships and networks with senior internal/external partners who are not familiar with the subject matter often requiring persuasion. Works with others outside of own area of expertise, with the ability to adapt style to differing audiences and often advises others on difficult matters. Impact: Impacts short to medium term goals through personal effort or influence over team members. Accountability: Accountable for own targets with work reviewed at critical points. Work is done independently and is reviewed at critical points. Workplace type : Hybrid Working

? Identify gaps and weaknesses on current alerting platforms and recommend improvements to ensure evolving capabilities. Identify gaps and weaknesses on Data Loss Prevention platforms. Continually review existing risk scoring models and adjust accordingly to ensure proper focus on significant security events and business needs. Administrate of DLP solution and liaising with GRC & CISO function to configure policies and work on reporting, monitor and respond to different alerts generated from the DLP solution. Demonstrate a good understanding of incident response process and event escalations, repone to DLPs escalations reported by incident response team. Share recommendations to further identify sensitive data and strengthen security controls. Collaborate & partner with legal, compliance team to support customer privacy initiative and continue compliance with different regulations, to mature company data life cycle management with focus on data security. Ability to independently research and solve technical issues and Demonstrated integrity in a professional environment.

About Us At SentinelOne, were redefining cybersecurity by pushing the limits of whats possible?leveraging AI-powered, data-driven innovation to stay ahead of tomorrows threats From building industry-leading products to cultivating an exceptional company culture, our core values guide everything we do Were looking for passionate individuals who thrive in collaborative environments and are eager to drive impact If youre excited about solving complex challenges in bold, innovative ways, wed love to connect with you What are we looking for Join our Vigilance organization, an elite force of cyber security experts providing a Managed Detection and Response (MDR) service to our largest customers Help drive a world-class threat monitoring, hunting, and response service Be an integral part of a 24x7 follow-the-sun global SOC, and work with key POCs, and customers, to provide an additional level of security and confidence, by leveraging intelligence feeds, threat logs, and IOCs Collaborate with our world-class threat team and researchers, and various RnD teams as you help shape our product, help customers be more secure, and introduce yourself to the cyber tech ecosystem What will you do Proactively monitor and review threats and suspicious events from customers participating in the service Investigate alerts, triage, deep dive, and come up with proper action items and remediation plans Use multiple sources of data from the customer, our intelligence cloud, external threat feeds, etc- Perform proactive hunting for threat data, leveraging our deep visibility abilities and proprietary research cloud Work with the customer to follow up on items that require additional investigation Provide Incident follow-up & support Maintain excellent customer satisfaction through professional, proactive, and personal service Work closely with our research and development team Contribute to our knowledge base by creating malware analysis cookbooks and best practices What experience or knowledge should you bring 3-7 years of experience with Technical Support, SOC, IR, Malware Analysis, or IT Security is a must Strong network and security knowledge is desired Experience with SQL, bash, python, and powershell Professional and articulate with excellent written and verbal communication skills Ability to multitask and prioritize Multi-OS support experience: Windows, Mac & Linux (mobile platforms an advantage) Experience with incident response, computer forensic investigations, or threat hunting is a plus Experience with host base (endpoint agent), or sandbox (network-based) security solutions is an advantage Be able to work a fluid and dynamic schedule to cover hours and days outside of the normal work week Why us You will be joining a cutting-edge company, where you will tackle extraordinary challenges and work with the very best in the industry Industry-leading gender-neutral parental leave Paid Company Holidays Paid Sick Time Employee stock purchase program Disability and life insurance Employee assistance program Gym membership reimbursement Cell phone reimbursement Numerous company-sponsored events, including regular happy hours and team-building events SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics SentinelOne participates in the E-Verify Program for all U S based roles Show more Show less

About Us At SentinelOne, were redefining cybersecurity by pushing the limits of whats possible?leveraging AI-powered, data-driven innovation to stay ahead of tomorrows threats From building industry-leading products to cultivating an exceptional company culture, our core values guide everything we do Were looking for passionate individuals who thrive in collaborative environments and are eager to drive impact If youre excited about solving complex challenges in bold, innovative ways, wed love to connect with you What are we looking for We are seeking highly motivated individuals to join our Windows Behavioral Rules Team The ideal candidates will have a strong background in cybersecurity, with a focus on Windows-based rule development for SIEM, EDR, XDR, or similar platforms We are looking for team players, adept at crafting precise and effective detection rules, and committed to staying at the forefront of cybersecurity advancements If you are passionate about contributing to innovative cybersecurity solutions, come join us and be part of our dynamic team at SentinelOne What will you do As a Windows Detection Engineer, you will play a key role in crafting, owning, and packaging default rules for our Windows agent Your responsibilities will include creating rules that correlate different behavioral events collected from the OS, performing false positive analysis, and actively contributing to the ongoing enhancement of our detection capabilities You will be responsible for the following: Develop precise and effective detection rules and deliver default rules for the WIN agent Rigorously analyze and assess false positives associated with the rules you create Contribute to the optimization of rules to minimize false positives and enhance detection accuracy Collaborate with the team to optimize existing default rules for superior detection capabilities Stay informed about emerging threats, industry trends, and new technologies to continuously improve rule efficacy Follow good detection engineering practices and the default rules you develop, including logic, descriptions, and other metadata, tests, and more What experience or knowledge should you bring 2+ years of experience in Detection Engineering / Red Teaming / Offensive Research Experience writing behavioral detection rules for EDR, XDR, SIEM or other similar platforms Experience writing YARA or other types of static detections is nice to have Deep understanding of modern Windows attack TTPs (how malware operates, evasion, and exploitation techniques) Understanding of Windows internals Hands-on experience with coding in Python and C/C++ Familiarity with Detection Engineering processes including prioritizing a backlog for research and development, writing unit and integration tests, and with CI/CD technologies such as Jenkins Strong analytical and problem-solving skills, with an understanding of false-positive analysis Excellent communication and collaboration skills within a team-oriented environment Advantage Experience in malware analysis (statically and dynamically) and reverse engineering (x86/x64) Understanding of existing EDR internals Why us You will be joining a cutting-edge company, where you will tackle extraordinary challenges and work with the very best in the industry along with competitive compensation Flexible working hours and hybrid/remote work model Flexible Time Off Flexible Paid Sick Days Global gender-neutral Parental Leave (16 weeks, beyond the leave provided by the local laws) Generous employee stock plan in the form of RSUs (restricted stock units) On top of RSUs, you can benefit from our attractive ESPP (employee stock purchase plan) Gym membership/sports gears by Cultfit Wellness Coach app, with 3,000+ on-demand sessions, daily interactive classes, audiobooks, and unlimited private coaching Private medical insurance plan for you and your family Life Insurance covered by S1 (for employees) Telemedical app consultation (Practo) Global Employee Assistance Program (confidential counseling related to both personal and work life matters) High-end MacBook or Windows laptop Home-office-setup allowances (one time) and maintenance allowance Internet allowances Provident Fund and Gratuity (as per govt clause) NPS contribution (Employee contribution) Half yearly bonus program depending on the individual and company performance Above standard referral bonus as per policy Udemy Business platform for Hard/Soft skills Training & Support for your further educational activities/trainings Sodexo food coupons SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics SentinelOne participates in the E-Verify Program for all U S based roles Show more Show less

About Us At SentinelOne, were redefining cybersecurity by pushing the limits of whats possible?leveraging AI-powered, data-driven innovation to stay ahead of tomorrows threats From building industry-leading products to cultivating an exceptional company culture, our core values guide everything we do Were looking for passionate individuals who thrive in collaborative environments and are eager to drive impact If youre excited about solving complex challenges in bold, innovative ways, wed love to connect with you What are we looking for We are looking for talented Windows, Linux, and macOS researchers; people who are always looking to analyze and break things while looking for a complete understanding of how they work; people who live to beat the system and challenge it, and people who are in pursuit of outsmarting malware and overcoming it to protect our customers What will you do Youll be part of an exceptional malware detection team that will ensure we provide the best detection, protection, and visibility capabilities to our customers at any given time The team does it by performing in-depth analysis and research of threats and vulnerabilities while also being responsible for closing the detection gap through the development and deployment of signatures to millions of endpoints across the globe Youll be working closely with other detection teams to ensure our customers get the best security products they can Your time will be mostly focused on research and development Research Youll perform cutting edge research and analyze (through reverse engineering and other methods) files, TTPs, exploits, and malwares to understand how they operate and behave The research will mostly be based on binaries and sample files but may also be based on other types of data sources like events and behaviors Youll get the opportunity to work on the latest threats and malware samples to tackle sophisticated challenges of cyber security Your research findings will be used for delivering new signatures and/or shared with other detection teams to improve our productsdetection capabilities As a malware research expert, youll collaborate with many internal/external teams to form a consensus group of experts who will enhance the detection using their expertise and knowledge Development Youll be responsible for developing the signatures for all of our engines that will improve our detection, protection, and visibility, reaching all of our millions of endpoints across the globe Youll be responsible for the quality and accuracy (FP/FNs) of the deliverables and be accountable for them Youll create, maintain, and improve existing infrastructure and tools that are being used by the team You will also be encouraged to write white papers, blogs, and articles (only if you wish to) What experience or knowledge should you bring A dedication to continuous learning and skill development to meet evolving job demands Minimum 3 years of experience in both static and dynamic malware analysis and reverse engineering Proficiency with reverse engineering and analysis tools, such as disassemblers, compilers, and debuggers like IDA, Ghidra, Hopper, LLDB, GDB Strong background in malware analysis and understanding its behavior consisting of advanced malware techniques, including anti -tampering, defense evasion, lateral movement, persistence and ransomware activities Good understanding of MITRE attack TTPs A strong inclination towards automating routine tasks and increasing efficiency Excellent and deep understanding of Linux (both UM and KM) Excellent understanding how core system components (Process and Threads, IPC, tracing, Security, Virtual Memory, eBPF) work behind the scenes Understanding of Containers and K8s Understanding of ARM/ M1 architecture Understanding of sandbox internals/escapes, Transparency, Consent and Control (TCC) internals/escapes Understanding of security mechanisms File Quarantine, XProtect , Gatekeeper Why us You will be joining a cutting-edge company, where you will tackle extraordinary challenges and work with the very best in the industry along with competitive compensation Flexible working hours and hybrid/remote work model Flexible Time Off Flexible Paid Sick Days Global gender-neutral Parental Leave (16 weeks, beyond the leave provided by the local laws) Generous employee stock plan in the form of RSUs (restricted stock units) On top of RSUs, you can benefit from our attractive ESPP (employee stock purchase plan) Gym membership/sports gears Wellness Coach app, with 3,000+ on-demand sessions, daily interactive classes, audiobooks, and unlimited private coaching Private medical insurance plan for you and your family Life Insurance covered by S1 (for employees) Telemedical app consultation (zyla) Global Employee Assistance Program (confidential counseling related to both personal and work life matters) High-end MacBook or Windows laptop Home-office-setup allowances (one time) and maintenance allowance Internet allowances Provident Fund and Gratuity (as per govt clause) NPS contribution (Employee contribution) Half yearly bonus program depending on the individual and company performance Above standard referral bonus as per policy LinkedIn learning Business platform for Hard/Soft skills Training & Support for your further educational activities/trainings Sodexo food coupons SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics SentinelOne participates in the E-Verify Program for all U S based roles Show more Show less

About Us At SentinelOne, were redefining cybersecurity by pushing the limits of whats possible?leveraging AI-powered, data-driven innovation to stay ahead of tomorrows threats From building industry-leading products to cultivating an exceptional company culture, our core values guide everything we do Were looking for passionate individuals who thrive in collaborative environments and are eager to drive impact If youre excited about solving complex challenges in bold, innovative ways, wed love to connect with you What are we looking for We are looking for talented detection engineers, people who look at the world differently, who explore, "hunt", live to beat the system and challenge it People who can address tough security problems and deliver it fastly What will you do You will be responsible for detecting the newest identity threats The role includes an end to end responsibility for behaviour based detection capabilities, starting from researching attack techniques, designing new methods to detect or prevent those, and implementing it in the product in the end You will be developing and using internal research tools, PoCs and discovering new ways to detect/prevent identity-based attacks (Pass the Hash, Silver ticket, MFA bypass and more)t At the end of the day, your deliveries will enhance the security of dozens of millions of Windows endpoints which are protected by our platform What skills and knowledge should you bring 3+ years of experience in malware analysis (statically and dynamically) 3+ years of experience with C++ Excellent understanding of the Windows Internals understanding how core system components (Process and Threads, Virtual Memory and more) work behind the scenes Experienced with Identity-based attacks (Pass the Hash, Silver ticket, MFA bypass and more) Experienced with analysis tools, such as: IDA, WinDBG, SysInternals etc- Kernel development experience advantage Advanced C++ advantage Understanding of existing AVs internals advantage Why Us You will be joining a cutting-edge company, where you will tackle extraordinary challenges and work with the very best in the industry Flexible working hours and hybrid/remote work model Flexible Time Off Flexible Paid Sick Days Global gender-neutral Parental Leave (16 weeks, beyond the leave provided by the local laws) Generous employee stock plan in the form of RSUs (restricted stock units) On top of RSUs, you can benefit from our attractive ESPP (employee stock purchase plan) Gym membership/sports gears by Cultfit Wellness Coach app, with 3,000+ on-demand sessions, daily interactive classes, audiobooks, and unlimited private coaching Private medical insurance plan for you and your family Life Insurance covered by S1 (for employees) Telemedical app consultation (Practo) Global Employee Assistance Program (confidential counseling related to both personal and work life matters) High-end MacBook or Windows laptop Home-office-setup allowances (one time) and maintenance allowance Internet allowances Provident Fund and Gratuity (as per govt clause) NPS contribution (Employee contribution) Half yearly bonus program depending on the individual and company performance Above standard referral bonus as per policy Udemy Business platform for Hard/Soft skills Training & Support for your further educational activities/trainings Sodexo food coupons SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics SentinelOne participates in the E-Verify Program for all U S based roles Show more Show less