35 Microsoft Sentinel Jobs

Position Summary: We are seeking a strategic and hands-on Cloud Cybersecurity Architect to lead the design, implementation, and evolution of secure cloud architectures across Microsoft Azure and AWS environments. This role plays a pivotal part in enhancing the organization's security posture, ensuring secure cloud adoption, and embedding security into enterprise workloads and DevOps practices. Key Responsibilities: Cloud Security Architecture & Strategy Design and maintain secure cloud infrastructure using Microsoft Sentinel, Defender for Cloud, Intune, Entra ID (Azure AD) , and AWS native security tools . Develop and enforce cloud security standards, architecture patterns, and reference implementations for hybrid and multi-cloud environments. Define cloud security architecture roadmaps aligned with business goals and compliance needs. Threat Detection & Incident Response Lead development of threat detection and response strategies using SIEM/SOAR platforms . Collaborate with SOC teams to ensure effective monitoring and alerting for cloud-native and hybrid workloads. Provide technical leadership during incident response, forensics, and post-incident analysis. Identity & Device Management Architect secure identity and access management (IAM) policies, conditional access , and privilege access management for both Microsoft and AWS platforms. Design and enforce endpoint protection and device management strategies using Microsoft Intune and Entra ID. Security Governance & Risk Management Perform cloud architecture security reviews and risk assessments for new projects and third-party integrations. Collaborate with compliance and audit teams to ensure adherence to regulatory standards (e.g., NIST, ISO 27001, HIPAA, GDPR ). DevSecOps & CI/CD Security Integration Partner with DevOps and IT teams to embed security throughout the CI/CD pipeline and infrastructure lifecycle. Enable secure design and deployment of cloud-native and containerized workloads (e.g., EKS, AKS ). Innovation & Continuous Improvement Stay current on evolving cloud threat landscapes and security technologies. Recommend and implement security enhancements based on industry trends and internal assessments. Required Qualifications & Skills: Bachelor's degree in Computer Science, Cybersecurity , or a related field ( Master's preferred ). 7+ years of experience in IT security , with at least 3+ years in cloud security architecture . Deep expertise in Microsoft Sentinel, Defender for Cloud, Intune, Entra ID (Azure AD) . Strong hands-on experience with AWS security tools (e.g., IAM, GuardDuty, Security Hub, CloudTrail, WAF ). Solid understanding of Zero Trust architecture , endpoint security, and identity governance . Experience with securing cloud-native and container workloads (Kubernetes/EKS/AKS). Familiarity with regulatory frameworks (NIST, ISO 27001, HIPAA, CIS, GDPR). Relevant certifications such as: Microsoft Azure Security Engineer Associate AWS Certified Security Specialty CISSP , CCSP (preferred) Preferred Qualifications: Experience with Infrastructure as Code (IaC) tools like Terraform, CloudFormation, ARM . Scripting and automation proficiency in PowerShell, Python , or equivalent. Familiarity with additional Microsoft tools like Purview, Defender for Endpoint , and Cloud DLP .

You should be highly proficient in Microsoft Sentinel and Azure Log Analytics, with at least 5-8 years of experience. You will be responsible for connecting any type of logs from various sources to Sentinel Log Analytic work space. Your role will involve creating playbook analytic rule workbooks, notebooks, incidents, and threat hunting. Additionally, you should have experience in developing KQL queries for data normalization and parsing capability for Log Analytics data ingestion pipeline. As part of your responsibilities, you will automate and integrate developed use cases into DevOps CI/CD pipeline and develop incident response capabilities using Azure Logic Apps. You should also be able to develop Jupyter notebooks using scripts in Python and integrate them with Microsoft Sentinel. Knowledge of different Microsoft Defender products, implementation and integration of defender for cloud services, as well as experience in cloud computing and cloud security roles are required. The ideal candidate should have a minimum of 5 years of experience in Microsoft Sentinel and Azure log analytics, with a strong background in developing Kusto Query Language. Experience in SIEM and SOAR implementation, along with working on automation scripts, will be beneficial for this role. The position is based in Mumbai, Pune, Chennai, Hyderabad, Bangalore, Kolkata, Delhi, or Coimbatore.,

Job Description CyberSecOn is looking for a talented and dedicated Cyber Security Analyst who can work remotely. A Cyber Security Analyst is responsible for maintaining the security and integrity of data. The security analyst must possess knowledge of every aspect of information security to protect company assets from evolving threat vectors.The main responsibilities will include: Monitor and investigate security events and alerts from various sources, such as logs, network traffic, threat intelligence, and user reports. Conduct proactive and reactive threat hunting campaigns to uncover hidden or emerging threats on the cloud environment. Perform root cause analysis and incident response to contain and remediate cloud abuse incidents. Document and communicate findings, recommendations, and lessons learned to relevant stakeholders and management. Develop and update cloud abuse detection rules, indicators, and signatures. Research and stay updated on the latest cloud abuse trends, tactics, techniques, and procedures (TTPs) of threat actors. Provide guidance and training to other security teams and cloud users on best practices and standards for cloud security. Manage multiple client environment cyber security infrastructure and applications. Knowledge of ServiceNow, Zoho desk, Jira/Confluence, etc. Perform vulnerability risk reviews using Qualys, Rapid7 and/or Tenable. Responsible for managing and improving the defined patch management & configuration review process and activities. Proactively manage applications, infrastructure security & network risks; ensuring security infrastructure aligns with companys compliance requirements. Skills & Experience: 4 years + years of experience in a security analyst role, preferably in a SOC environment. Good knowledge on security analyst, engineering, and project management experience Experience in client management for security projects. Knowledge and hands-on experience with SIEM technologies such as Microsoft Sentinel, Rapid7 Insight IDR, Wazuh, etc. Create play books and automation on Microsoft sentinel is desirable. Strong experience in Virtualisation, Cloud (Azure, AWS, other service providers) design, configuration, and management. Ability to manage priorities, perform multiple tasks and work under dynamic environment and tight deadlines. Ability to perform vulnerability assessments, penetration testing using manual testing techniques, scripts, commercial and open-source tools. Experience and ability to perform Phishing campaign and/or similar social engineering exercise. Subject matter expert in one or multiple areas as Windows, Unix, Linux OS. Vendor or Security specific certifications is preferred. Demonstrated analytical, conceptual and problem-solving skills. Ability to work effectively with limited supervision on multiple concurrent operational activities. Ability to communicate effectively via email, report, procedures in a professional and succinct manner. Preferred : Candidates who can join immediately or within 15 days.

As a global group of life-saving technology companies, Halma is dedicated to pushing the boundaries of science and technology. With headquarters in the UK and operations spanning 23 countries, including regional hubs in India, China, Brazil, and the US, we have a diverse portfolio of nearly 50 companies specializing in market-leading technologies. For over 42 years, our purpose-driven approach, strategic initiatives, talented workforce, unique DNA, and sustainable business model have consistently delivered remarkable long-term growth in revenues and profits. Halma stands out as an FTSE 100 company by annually increasing dividends by 5%, a feat unparalleled by any other company on the London Stock Exchange. Why Join Us Certified as a Great Place to Work, Halma fosters an employee-centric culture based on autonomy, trust, respect, humility, work-life balance, team spirit, and approachable leadership. We provide a safe and inclusive workplace where individuality is celebrated, and everyone is encouraged to leverage their unique talents and backgrounds to drive meaningful outcomes. Position Objective: We are currently looking for dedicated cyber security professionals to join our 24/7 security operations team. In this role, you will play a crucial part in monitoring Halma Group's centralized infrastructure for malicious activities, analyzing logs to detect attack patterns, and ensuring timely responses to infiltration attempts. Additionally, you will manage technical support requests related to security devices integrated into Halma's infrastructure. Responsibilities: - Lead a team of security analysts on an 8-hour rotational shift schedule. - Conduct real-time security monitoring and respond to incidents using various tools and methodologies. - Maintain the group's infrastructure to meet service level expectations. - Develop and manage Security Information and Event Management (SIEM) use cases. - Identify and document incidents through proactive threat hunting. - Perform vulnerability assessments within Halma's network infrastructure and collaborate with stakeholders to mitigate risks. - Design and refine the Incident Response Playbook for enhanced reaction protocols. - Conduct post-incident analyses to improve Halma's incident response processes. - Propose innovative security control measures and solutions. - Provide technical support for security infrastructure, including SIEM, VPN, Antivirus, EDR, and Endpoint Management systems. - Possess a strong understanding of Windows/macOS operating systems and related security measures. - Monitor and manage security incidents for Halma's headquarters and subsidiary companies. - Utilize problem-solving skills during security incidents and alerts investigations. - Perform additional tasks such as generating vulnerability reports and contributing to process improvements. Critical Success Factors: - Resolve security incidents, support issues, and service requests within SLAs. - Contribute to enhancing processes, systems, and services provided by Halma IT. Qualifications: - Bachelor's degree in computer science or IT. Preferred Certifications: - CompTIA Security+, CEH - Microsoft Security certifications like SC-200/SC-300/SC-400 Desirable Certifications: - Any SIEM certifications, any Network certifications Experience: - 5 to 8 years of total experience. - Knowledge of vendor firewall and Remote Access solutions. - Exposure to security technologies, including Incident Response and Microsoft Sentinel. - Familiarity with Active Directory, server virtualization, and Microsoft technologies. - Experience with Microsoft Defender, Microsoft Intune, Cato Networks (VPN and Firewall), Azure Sentinel, and KQL is advantageous.,

Threat Protection Engineer | ACPL Must have Microsoft Threat Detection & Protection, Defender, and Cloud Security experience. Should be able to provide L3 support.its a 2 yrs bond with ACPL Company/Manesar location-Hybrid

Wipro Limited is a leading technology services and consulting company dedicated to developing innovative solutions that cater to the complex digital transformation needs of clients. With a comprehensive portfolio encompassing consulting, design, engineering, and operations, we assist clients in achieving their ambitious goals and establishing sustainable, future-ready businesses. Our global presence includes over 230,000 employees and business partners spanning 65 countries, as we strive to support our customers, colleagues, and communities in navigating an ever-evolving world. For more information, please visit our website at www.wipro.com. As a potential candidate, you should hold a Bachelor's degree in Computer Science, Information Security, or a related field, or possess equivalent practical experience. Previous experience in a SOC or cybersecurity analyst role is essential for this position. Proficiency in utilizing Microsoft Sentinel, MS Unified SecOps/XDR, and other SIEM/EDR platforms is required, along with a strong understanding of KQL and the ability to create detection rules. Hands-on experience in managing alerts and incidents from MDE & MDO is also a key aspect. The role demands advanced skills in analyzing logs, network flows, and security telemetry, coupled with excellent problem-solving, analytical, and communication abilities. Possession of certifications such as CompTIA Security+, CEH, or equivalent is highly desired. The ideal candidate should have a minimum of 5-8 years of experience in the field, with a focus on Security Information Event Management. At Wipro, we are embarking on a journey to build a modern organization, driven by digital transformation and bold aspirations. We seek individuals who are inspired by reinvention, both in terms of personal growth and skill development. Our vision is to continuously evolve as a business and an industry, adapting to the changing world around us. Join us in a purpose-driven environment that encourages you to shape your own reinvention. Realize your ambitions at Wipro, where applications from individuals with disabilities are warmly welcomed.,

ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it, our most valuable asset is our people. Here you'll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning; bold ideas; courage and passion to drive life-changing impact to ZS. Our most valuable asset is our people. At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systemsthe ones that comprise us as individuals, shape who we are and make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about. Senior Security Operations Analyst We are seeking an experienced professional to join our Pune, India office as a Senior Security Operations Analyst with a strong background in Security Information and Event Management (SIEM) platforms, specifically in Microsoft Sentinel and Wiz. The ideal candidate will be responsible for leading advanced threat detection, response, and monitoring activities. This role will be critical in enhancing our cybersecurity posture and ensuring the ZS environment remains secure against emerging threats. What you'll do: - Manage the day-to-day operations of Microsoft Sentinel, including rule creation, log ingestion, data analytics, and alert triaging - Develop and tune detection rules, use cases, and analytics within Sentinel to improve threat visibility and detection capabilities - Leverage Wiz Defend to detect and respond to runtime threats across cloud workloads and Kubernetes environments in real-time - Continuously monitor and investigate alerts generated by Wiz Defend to enhance threat detection, triage, and incident response capabilities - Perform proactive threat hunting to identify and mitigate advanced threats - Conduct in-depth incident investigations and coordinate response efforts to ensure swift remediation - Collaborate with internal stakeholders and the Threat Intelligence team to identify and mitigate potential security threats - Generate reports and dashboards to communicate SOC performance metrics and security posture to leadership - Continuously improve SOC processes and playbooks to streamline operations and response efforts - Mentor junior SOC analysts and provide guidance on security best practices - This role requires participation in a rotational shift - Flexibility and availability to respond to urgent incidents outside of assigned shifts, as needed What you'll bring: - Strong analytical and problem-solving abilities - Excellent communication and interpersonal skills to effectively collaborate with cross-functional teams - Proven ability to remain calm and efficient under a high-pressure environment - Proficient in using SIEM tools, such as Microsoft Sentinel - Experience with data migration strategies across SIEM platforms - Experience on Cloud Security Operations and Incident Response platforms such as Wiz - In-depth understanding of cyber threats, vulnerabilities, and attack vectors - Proficient in creating KQL queries and custom alerts within Microsoft Sentinel - Expertise in developing SIEM use cases and detection rules - Skilled in incident response and management procedures - Experienced in conducting deep-dive investigations and root cause analysis for incidents - Adept at collaborating with stakeholders to resolve complex cybersecurity challenges - Ability to automate routine SOC processes to enhance operational efficiency - Experienced in mentoring and guiding junior analysts in security operations - Knowledge of major cloud platforms (AWS, Azure, GCP), including their security models, IAM roles, virtual private cloud (VPC) configurations, and cloud-native security tools Good to have skills and abilities: - Excellent interpersonal (self-motivational, organizational, personal project management) skills - Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System - Ability to analyze cyber threats to develop actionable intelligence - Skill in using data visualization tools to convey complex security information Academic Qualifications: - Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience) - 4+ years of experience in a Security Operations Center (SOC) environment, with a focus on SIEM management - Strong hands-on experience with Microsoft Sentinel, including data connectors, KQL queries, analytics rules, and workbooks - Experience with SIEM migration - Expertise in incident response, threat detection, and security monitoring - Solid understanding of Windows, Linux, and cloud security concepts - Relevant certifications (e.g., CompTIA Security+, Microsoft Certified: Security Operations Analyst, GCIA, GCIH, OSDA, GCFA) are preferred - Preferred Security Cloud Certifications: AWS Security Specialty Perks & Benefits: ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member. We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections. Travel: Travel is a requirement at ZS for client facing ZSers; business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures. Considering applying At ZS, we're building a diverse and inclusive company where people bring their passions to inspire life-changing impact and deliver better outcomes for all. We are most interested in finding the best candidate for the job and recognize the value that candidates with all backgrounds, including non-traditional ones, bring. If you are interested in joining us, we encourage you to apply even if you don't meet 100% of the requirements listed above. ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law. To Complete Your Application: Candidates must possess or be able to obtain work authorization for their intended country of employment. An online application, including a full set of transcripts (official or unofficial), is required to be considered. NO AGENCY CALLS, PLEASE. Find Out More At: www.zs.com,

As a Security Analyst at Scybers, a cybersecurity-focused organization committed to delivering advanced security solutions and services, your primary responsibility will be to collaborate with clients to enhance their security monitoring, detection, and response capabilities using Microsoft security technologies. We are currently looking for individuals with expertise in areas such as Microsoft Defender for Cloud Apps (MDCA), Microsoft Defender for Identity (MDI), Microsoft Defender for Cloud/Defender for Server/Microsoft Defender for Endpoint (MDE), or Kusto Query Language (KQL) for Threat Hunting. Key Responsibilities: - Configure, monitor, and manage security alerts and incidents using Microsoft Defender solutions. - Assist clients in developing complex KQL queries in Microsoft Sentinel and Defender to fulfill their specific security monitoring requirements. - Conduct proactive threat hunting using KQL and Microsoft security tools. - Investigate and address security incidents, pinpointing root causes and proposing mitigation strategies. - Collaborate with clients to optimize their security posture by fine-tuning Microsoft security configurations. - Provide security advisory and recommendations based on Microsoft security best practices. Required Skills & Qualifications: - Hands-on experience in Microsoft Defender for Cloud Apps, Microsoft Defender for Identity, Microsoft Defender for Cloud/Defender for Server/Microsoft Defender for Endpoint, or Kusto Query Language (KQL) for threat hunting. - Solid grasp of cybersecurity concepts, threat landscapes, and incident response methodologies. - Proficiency in writing and optimizing KQL queries for security monitoring and threat hunting. - Experience with Microsoft Sentinel is advantageous. - Strong analytical and problem-solving abilities. - Excellent communication skills to engage effectively with clients and stakeholders. Preferred Qualifications: - Microsoft Security Certifications like SC-200 (Microsoft Security Operations Analyst) or AZ-500 (Microsoft Azure Security Technologies). - Background in security operations, SIEM, or threat intelligence. Why Join Us - Engage with cutting-edge cybersecurity technologies. - Collaborate with a team of cybersecurity experts. - Enjoy a flexible work environment with ample growth opportunities. If you possess expertise in any of the mentioned areas and have a fervor for cybersecurity, we are eager to hear from you!,

As an Azure SIEM Platform Lead at CyberProof, A UST Company, you will be responsible for managing and leading a cloud-based SIEM platform using Azure Data Explorer (ADX), Microsoft Sentinel, and Azure DevOps. Your role will involve developing and optimizing Kusto Query Language (KQL) queries for threat detection, reporting, and health monitoring, as well as onboarding and fine-tuning log sources and connectors for enhanced visibility and cost efficiency. Leading a small technical team, you will mentor engineers, drive automation and CI/CD practices, and ensure platform performance, scalability, and security. Key Responsibilities - Manage and lead the Azure SIEM platform utilizing ADX, Sentinel, and DevOps tools. - Develop and optimize KQL queries for threat detection, reporting, and health monitoring. - Onboard and fine-tune log sources and connectors for visibility and cost efficiency. - Lead and mentor a small team of engineers. - Act as the primary technical contact for customers. - Drive automation and CI/CD practices using Azure DevOps. - Ensure platform performance, scalability, and security. Mandatory Skills - Proficiency in Azure Data Explorer (ADX), Microsoft Sentinel, and KQL. - Experience with Azure DevOps for CI/CD and automation. - Strong background in cloud platform management and team leadership. - Excellent communication and customer-facing skills. - Knowledge of security operations, threat detection, and log optimization. Preferred Certifications - AZ-500, AZ-104, SC-200. - Familiarity with ARM, Bicep, or Terraform is considered a plus.,

Role: Azure HCI Consultant Exp.: 5+ years Location- WFO 5 days CV Ramnagar- Bangalore Salary Up to: CTC -35 LPA Skills: Strong, in-depth, and demonstrable hands-on experience with the following technologies: Microsoft Azure Stack HCI and its relevant build, deployment in cloud and hybrid environments Azure Kubernetes Services, Azure Arc Management, Azure Monitor, Azure Policy, Microsoft Sentinel, Storage Spaces Direct, SDN Microsoft Azure IaaS, Platform as A Service (PaaS) product such as Azure SQL, App Services, Logic Apps, Functions and other Serverless services Hands-on experience with IAC (Infrastructure as Code), Containers, Kubernetes (AKS), Ansible, Terraform, Docker, Jenkins, building CI/CD pipelines in Azure DevOps Experience Data center migration using various methods (ex. P2V, V2V) and tools (ex. Azure Migrate, Zerto, Azure Site Recovery, Carbonite) Experience with Virtualization technologies (ex. VMware vSphere, Microsoft Hyper-V/SCVMM) Azure Stack HCI troubleshooting and problem resolution. Responsibility: Exceptional presentation and communication skills. Will be expected to effectively work as part of a wider project team or independently act as technical lead on migration engagements. Revisit clients' business and operating models to unearth new opportunities, determine ways to harvest costs and target technology investments leading to competitive differentiation. You should be able to identify process gaps and work with the team to address them. In collaboration with other team members, you should be able to build a scalable and efficient model for StackHCI. Take ownership and accountability for individual deliverables. Proactively define project requirements/issues/constraints/risks and address them with PMs. You should be able to effectively collaborate within different product work streams within the team and with Business units, identify current gaps and find a way to bridge them. You should be able to mentor other team members and provide them technical and consultative guidance as needed.

Role: Azure HCI Consultant Exp.: 5+ years Location- WFO 5 days CV Ramnagar- Bangalore Salary Up to: CTC -35 LPA Skills: Strong, in-depth, and demonstrable hands-on experience with the following technologies: Microsoft Azure Stack HCI and its relevant build, deployment in cloud and hybrid environments Azure Kubernetes Services, Azure Arc Management, Azure Monitor, Azure Policy, Microsoft Sentinel, Storage Spaces Direct, SDN Microsoft Azure IaaS, Platform as A Service (PaaS) product such as Azure SQL, App Services, Logic Apps, Functions and other Serverless services Hands-on experience with IAC (Infrastructure as Code), Containers, Kubernetes (AKS), Ansible, Terraform, Docker, Jenkins, building CI/CD pipelines in Azure DevOps Experience Data center migration using various methods (ex. P2V, V2V) and tools (ex. Azure Migrate, Zerto, Azure Site Recovery, Carbonite) Experience with Virtualization technologies (ex. VMware vSphere, Microsoft Hyper-V/SCVMM) Azure Stack HCI troubleshooting and problem resolution. Responsibility: Exceptional presentation and communication skills. Will be expected to effectively work as part of a wider project team or independently act as technical lead on migration engagements. Revisit clients' business and operating models to unearth new opportunities, determine ways to harvest costs and target technology investments leading to competitive differentiation. You should be able to identify process gaps and work with the team to address them. In collaboration with other team members, you should be able to build a scalable and efficient model for StackHCI. Take ownership and accountability for individual deliverables. Proactively define project requirements/issues/constraints/risks and address them with PMs. You should be able to effectively collaborate within different product work streams within the team and with Business units, identify current gaps and find a way to bridge them. You should be able to mentor other team members and provide them technical and consultative guidance as needed.

Senior SOC Eng to lead incident response, threat detection & automation initiatives for Rocket EMS's globl security operatn. SIEM/SOAR optimization, advanced threat hunting & direct response to cyberattacks across endpoints, cloud & identity systems.

At EY, you will have the opportunity to shape a career that aligns with your unique qualities, supported by a global network, inclusive environment, and advanced technology to empower you to reach your full potential. Your individual voice and perspective are valued to contribute towards enhancing EY's capabilities. By joining us, you will not only create a fulfilling professional journey for yourself but also contribute to fostering a more sustainable working world for all. As a Cyber Managed Service - Threat Detection and Response - Security Orchestration, Automation and Response - Sentinel SOAR - Senior, you will demonstrate the following key capabilities: - Display excellent teamwork skills, a strong drive to succeed, and a commitment to combatting cyber threats effectively. - Collaborate with clients to identify security automation strategies and deliver innovative integrations and playbooks to enhance security measures. - Work closely with team members to develop creative solutions that address clients" challenges and requirements. - Responsible for executing and maintaining Sentinel SOAR related analytical processes and tasks. - Manage and administer the Sentinel SOAR platform efficiently. - Develop customized scripts and playbooks to automate repetitive tasks and response actions effectively. - Possess at least 2+ years of experience in Python programming, REST API, JSON, and basic SQL knowledge. - Familiarity with Incident Response and Threat Intelligence tools. - Create reusable and efficient Python-based Playbooks. - Utilize Splunk SOAR platform for automation and orchestration across various tools and technologies. - Collaborate with security operations teams, threat intelligence groups, and incident responders. - Previous experience in a security operations center with knowledge of SIEM solutions like Splunk, Microsoft Sentinel, and other log management platforms is preferred. - Willingness to learn new technologies, embrace challenges, and contribute to developing high-quality technical content. In terms of qualifications and experience, the ideal candidate should possess: - Minimum of 3+ years of experience in cybersecurity with a strong background in network architecture. - Experience in deploying and integrating Sentinel SOAR solution in global enterprise environments. - Familiarity with ServiceNow SOAR is advantageous. - Strong communication skills, both oral and written, are essential for effective consulting. - Proficient in network administration and capable of explaining communication at different OSI model layers. - Hands-on experience with scripting technologies such as Python, REST, JSON, SOAP, ODBC, and XML. - Technical degree in computer science, mathematics, engineering, or similar field. - Minimum 2 years of experience working in SOAR (Sentinel). - Experience in Process Development, Process Improvement, Process Architecture, and Training. - Certification in SIEM Solution (e.g., Splunk or SC-200) and core security-related disciplines are beneficial. EY is dedicated to building a better working world by creating long-term value for clients, people, and society while fostering trust in the capital markets. With diverse teams across 150 countries, EY uses data and technology to provide assurance and support clients in their growth, transformation, and operations across various sectors. Operating in assurance, consulting, law, strategy, tax, and transactions, EY teams strive to address complex global challenges through innovative solutions and insightful perspectives.,

Role & responsibilities About the Role: We are hiring a Senior SOC Engineer to lead incident response, threat detection, and automation initiatives for Rocket EMS's global security operations. This is not an analyst roleyoull be hands-on, driving SIEM/SOAR optimization, advanced threat hunting, and direct response to cyberattacks across endpoints, cloud, and identity systems. Key Responsibilities: Design and build SOC infrastructure using Microsoft Sentinel and SOAR Lead deep investigations using CrowdStrike Falcon, MDE, Tenable, and Palo Alto/Fortinet firewalls Perform threat hunting using MITRE ATT&CK framework and dark web intelligence Develop KQL queries and automation scripts in PowerShell/Python Integrate and respond to incidents across Azure and Microsoft 365 environments Collaborate with MSOC and global teams for escalations and knowledge sharing Required Skills: 7+ years in cybersecurity roles, focused on SOC/IR/Threat Hunting Expertise with Microsoft Sentinel , CrowdStrike Falcon , MDE , Tenable Deep understanding of MITRE ATT&CK , lateral movement, and APTs Scripting experience in KQL , Python , PowerShell Strong communication, leadership, and mentoring skills Preferred: Certifications: GCFA, GCIH, GCTI, CISSP, AZ-500, MS-500, OSCP, or MITRE ATT&CK Defender Experience with Palo Alto XSOAR and cloud-based threat monitoring Interested candidates please share your resume to Sirishad@ca-one.com

Job Discribtion: Global Security Operation Center (GSOC) KPMGs Global Security Operations Centre (GSOC) is internal SOC team supporting KPMG member firms to detect and respond to cyber-attacks to KPMG across locations. GSOC Operation – Monitoring & Alerting (M&A) GSOC – Engineering Services (ES) – SIEM technology management including onboarding /off-boarding /content update. Role & REsPonsibilty – Analyst (Monitoring & Alerting) Actively monitoring, analysing & escalating SIEM alerts based on correlation rules, Email protection alerts & malware analysis, Provide inputs for proactive content fine tuning & use case enablement, Active threat hunting on network flow, user behaviour & threat intelligence, Phishing email analysis for MFs, Raising incidents in Pastebin inte Should be familiar with Domain Knowledge (Cyber Security), Threat Hunting, SIEM- Azure Sentinel, SIEM - (RSA / Splunk / LogRhythm), Python Scripting, Windows Active Directory, Operating systems and servers. Ability to Triage and assignment Incident Handling. Ability to Follow Playbooks instructions- Incident Response Playbooks Ability to Comprehend Logs (HTTP, SMTP, Network) (Under guidance) Understand and imbibe current SOC process Perform quality assessment on SOC operations being performed as per existing process Record and deviations identified into tracking tool(s)/spreadsheets Perform follow-ups with respective error owners to mitigate process deviations Identify process deviations, Summarize and generate trends, patterns into process deviations / errors observed. Perform RCA into observed errors / trends and generate recommendations for process improvement Generate personnel specific recommendations for performance enhancement Contribute in overseeing quality assessment process for multiple SOC verticals In-line alignment with SOC operations for quick-detection / prevention of process deviations Support as QA touchpoint in critical cyber incidents to enhance quality of service Assessment of investigation report with assertions, evidences and recommended actions Communicate effectively and collaborate with teams in different geographie

About Rackspace Cyber Defence Rackspace Cyber Defence is our next generation cyber defence and security operations capability that builds on 20+ years of securing customer environments to deliver proactive, risk-based, threat-informed and intelligence driven security services. Our purpose is to enable our customers to defend against the evolving threat landscape across on-premises, private cloud, public cloud and multi-cloud workloads. Our goal is to go beyond traditional security controls to deliver cloud-native, DevOps-centric and fully integrated 24x7x365 cyber defence capabilities that deliver a proactive , threat-informed , risk-based , intelligence-driven approach to detecting and responding to threats. Our mission is to help our customers: Proactively detect and respond to cyber-attacks 24x7x365. Defend against new and emerging risks that impact their business. Reduce their attack surface across private cloud, hybrid cloud, public cloud, and multi-cloud environments. Reduce their exposure to risks that impact their identity and brand. Develop operational resilience. Maintain compliance with legal, regulatory and compliance obligations. What were looking for To support our continued success and deliver a Fanatical Experience to our customers, Rackspace Cyber Defence is looking for an Indian based Security Operations Analyst (L3) to support Rackspaces strategic customers. This role is particularly well-suited to a self-starting, experienced and motivated Sr. Sec Ops Analyst, who has a proven record of accomplishment in the cloud security monitoring and incident detection domain. As a Security Operations Analyst(L3), you will be responsible for detecting, analysing, and responding to threats posed across customer on-premises, private cloud, public cloud, and multi-cloud environments. The primary focus will be on triaging alerts and events (incident detection), which may indicate malicious activity, and determining if threats are real or not. You will also be required to liaise closely with the customers key stakeholders, which may include incident response and disaster recovery teams as well as information security. Key Accountabilities: Should have experience of 10 years in SOC and 5 years in Azure Sentinel. Ensure the Customer’s operational and production environment remains secure at all the times and any threats are raised and addressed in a timely manner. Critical incident handling & closure. Escalation management and handling escalations from L2 Analysts. Proactive discovery of threats based on MITRE ATT&CK framework. Deep investigation and analysis of critical security incidents. Post breach forensic incident analysis reporting. Review the weekly and monthly reports. Review new use cases created by L2 and implement in cloud-native SIEM (Security Information and Event Management). Assist with customer onboarding (such as use case development, identifying data sources, configuring data connectors etc) Advanced threat hunting. Develop custom dashboards and reporting templates. Develop complex to customer specific use cases. Advanced platform administration. Solution recommendation for issues. Co-ordinate with vendor for issue resolution. Basic and intermediate playbook and workflow enhancement. Maintain close working relationships with relevant teams and individual key stakeholders, such as incident response and disaster recovery teams as well as information security etc. Develop the custom parsers for the incident and alert enrichment. Problem specific playbook and workflow creation and enhancements Required to work flexible timings. Skills and Experience: Existing experience as a Security Operations Analyst, or equivalent. Experience of working in large scale, public cloud environments and with using cloud native security monitoring tools such as: Microsoft Sentinel Microsoft 365 Defender Microsoft Defender for Cloud Endpoint Detection & Response (EDR) tools such as Crowdstrike, Microsoft Defender for Endpoint. Firewalls and network security tools such as Palo Alto, Fortinet, Juniper, and Cisco. Web Application Firewall (WAF) tools such as Cloudflare, Akamai and Azure WAF. Email Security tools such as Proofpoint, Mimecast and Microsoft Defender for Office Data Loss Prevention (DLP) tools such as Microsoft Purview, McAfee and Symantec

Role & responsibilities Job Title: Cyber Security Engineer Location: Hyderabad Industry: Payment Card Processing / Fintech About the Role: We are looking skilled Cyber Security Engineers , you will be part of a global security landscape, helping enhance threat detection capabilities and ensure compliance readiness through active management and fine-tuning of SIEM systems and security tools. Key Responsibilities: Manage and fine-tune SIEM tools primarily Microsoft Sentinel and Wazuh Ingest, analyze, and correlate logs from tools such as CyberArk , JumpCloud , Encore , and other core platforms Update and optimize alert rules and detection logic to reduce false positives and improve threat visibility Assist in maintaining and managing the CyberArk PAM environment Collaborate with internal security teams and interface with audit teams to fulfill compliance obligations Support threat monitoring, detection, and initial incident triage activities across regions Provide technical input on security configurations and enhancements based on evolving threat and compliance needs Contribute to documentation and compliance reporting as required Help with Pen testing of all applications, coordinate with stakeholders to remediate the gaps. Key Requirements: 5–6 years of experience in Cybersecurity Engineering, SOC, or SIEM operations Hands-on experience with Microsoft Sentinel and/or Wazuh SIEM Familiarity with CyberArk or similar PAM solutions Proficiency in managing log ingestion pipelines and rule configuration Strong understanding of threat detection, incident response, and log correlation techniques Ability to work across teams and communicate effectively with audit/compliance stakeholders Experience working in a regulated environment (e.g., fintech, payment systems, banking) is a strong plus Nice to Have: Experience with compliance frameworks like PCI DSS, ISO 27001, or SOC 2 Familiarity with scripting or automation for security rule tuning Exposure to cloud-native security tools (Azure, GCP, etc.)

Description: Cyber SOC OT Security Analyst Level 2 Experience Required: 3-6 years Location: Bengaluru Shift: Must be flexible to work in 24/7 rotational shifts including weekends Reports To: OT Security Operations Center Lead/ OT Security Manager ________________________________________ Role Overview: The OT Security Analyst Level 2 (L2) plays a pivotal role in defending operational technology (OT) environments against evolving cyber threats. This role requires a deep understanding of security incident analysis, threat detection, and incident response, specifically tailored to Industrial Control Systems (ICS) and OT networks. The analyst will investigate complex security incidents within the OT infrastructure, collaborate with IT/OT teams, and enhance security posture through actionable insights. ________________________________________ Key Responsibilities: • Conduct in-depth analysis of security events and incidents within OT environments, leveraging SIEM and OT-specific monitoring tools. • Perform root cause analysis and develop incident timelines to support forensics and remediation efforts. • Apply standard incident response frameworks (e.g., NIST, MITRE ATT&CK for ICS, Cyber Kill Chain) for threat classification and response. • Use threat intelligence platforms and sandbox environments to investigate malware and suspicious artifacts in OT networks. • Analyze access logs, network traffic, and protocol behaviours across OT systems (e.g., SCADA, DCS, PLCs). • Support investigations related to unauthorized device communications, anomalous behaviours, or compromised industrial assets. • Collaborate with OT security engineers and external vendors to escalate and remediate incidents. • Refine alert rules and detection logic to reduce false positives and improve signal-to-noise ratio in OT SOC operations. • Document incident findings and support continuous improvement of the OT SOC playbooks and knowledgebase. • Liaise with the IT SOC and CIR (Cyber Incident Response) teams to align incident handling and cross-domain investigations. • Participate in threat hunting activities tailored for OT environments using behavioural analysis and attack-path simulation. ________________________________________ Technical Skills & Knowledge: • Strong understanding of OT/ICS protocols (Modbus, DNP3, OPC, etc.) and industrial network topologies. • Hands-on experience with OT cybersecurity tools and platforms (e.g., Nozomi Networks, Claroty, Dragos). • Familiar with ISA/IEC 62443, NIST SP 800-82, NIST CSF, and ISO 27001 compliance requirements for OT. • Proficiency in using SIEM systems (e.g., Microsoft Sentinel, Splunk, QRadar) for log correlation and event triage. • Understanding of firewalls, WAFs, proxies, and network segmentation principles in OT. • Working knowledge of tools such as THOR Scanner, VMRay, or Recorded Future is a plus. • Experience in vulnerability management and patch advisory for OT assets with limited patch cycles. ________________________________________ Nice to Have: • Exposure to Red Team/Blue Team exercises focused on OT/ICS. • Familiarity with GRC platforms and risk assessment tools tailored to OT.

Role & responsibilities About the Role: We are hiring a Senior SOC Engineer to lead incident response, threat detection, and automation initiatives for Rocket EMS's global security operations. This is not an analyst roleyou’ll be hands-on, driving SIEM/SOAR optimization, advanced threat hunting, and direct response to cyberattacks across endpoints, cloud, and identity systems. Key Responsibilities: Design and build SOC infrastructure using Microsoft Sentinel and SOAR Lead deep investigations using CrowdStrike Falcon, MDE, Tenable, and Palo Alto/Fortinet firewalls Perform threat hunting using MITRE ATT&CK framework and dark web intelligence Develop KQL queries and automation scripts in PowerShell/Python Integrate and respond to incidents across Azure and Microsoft 365 environments Collaborate with MSOC and global teams for escalations and knowledge sharing Required Skills: 7+ years in cybersecurity roles, focused on SOC/IR/Threat Hunting Expertise with Microsoft Sentinel , CrowdStrike Falcon , MDE , Tenable Deep understanding of MITRE ATT&CK , lateral movement, and APTs Scripting experience in KQL , Python , PowerShell Strong communication, leadership, and mentoring skills Preferred: Certifications: GCFA, GCIH, GCTI, CISSP, AZ-500, MS-500, OSCP, or MITRE ATT&CK Defender Experience with Palo Alto XSOAR and cloud-based threat monitoring

As a (Senior) IT Security Engineer, you will be a key member of the regional SOC team, responsible for the operational excellence of our Security Operations centre. You will independently analyse security incidents, define automated countermeasures, and contribute to the continuous improvement of our security posture. This role requires a proactive mindset, strong technical expertise, and a passion for cybersecurity. Key Responsibilities: Independently analyse and resolve SIEM incidents using Microsoft Sentinel. Define business cases and implement automated countermeasures based on risk assessments. Collaborate with the CSIRT team to enhance incident response capabilities. Integrate and maintain security tooling, including Microsoft and TrendMicro solutions. Utilize ServiceNow for incident tracking and resolution workflows. Develop dashboards and reports using Power BI to support SOC operations. Contribute to Factory SOC monitoring initiatives and support OT/ICS environments. Participate in security projects and cross-functional initiatives. Automate manual tasks related to incident response using Logic Apps, Power BI, or similar tools. Required Experience / Skill: Minimum 6 years of experience in IT Security operations and/or planning. Proven expertise or certification in Microsoft Sentinel. Solid understanding of Microsoft security tools, TrendMicro solutions, O365, and Power BI. Familiarity with Internet technologies, protocols, and the MITRE ATT&CK Framework. Experience in project work or project management. Basic knowledge of ITIL and NIST Cybersecurity Framework (CSF). Strong analytical and problem-solving skills. Excellent communication and documentation abilities. Scripting or automation experience (e.g., PowerShell, Logic Apps). Preferred Requirements Good communication skills (written and verbal). Problem solving skills. Security certifications such as Microsoft SC-200, CISSP, or equivalent Experience in Factory SOC monitoring. What We Offer: A dynamic and collaborative work environment. Opportunities for professional growth and certification. Involvement in cutting-edge cybersecurity initiatives.

We're Hiring: Cyber Security Analyst Location: Vijayawada Experience: 5-10 Years | Type: Full-Time | Industry: Cybersecurity, IT Security, Risk & Compliance Are you passionate about protecting digital assets and staying ahead of cyber threats? Join our cybersecurity team and help defend against evolving threats while ensuring enterprise-wide security and compliance. Role Overview We are seeking a Cyber Security Analyst to play a critical role in threat detection, vulnerability management, and compliance enforcement across our security infrastructure. Key Responsibilities Threat Detection & Response: Monitor security tools and logs, detect potential threats, and respond to incidents Vulnerability Management: Perform regular assessments, patch vulnerabilities, and enforce security standards Security Operations & Compliance: Operate and maintain SIEM tools, support internal/external audits, and ensure adherence to security policies Required Skills Proficiency in SIEM tools (Splunk, Microsoft Sentinel, IBM QRadar) and threat analysis techniques Strong understanding of network security, firewalls, antivirus, and endpoint protection Familiarity with compliance and risk frameworks: ISO 27001, NIST, GDPR, SOC 2 Ability to work collaboratively in a fast-paced security operations environment Preferred Certifications CISSP Certified Information Systems Security Professional CEH – Certified Ethical Hacker

Internal Job Title: Global Cyber Security Analyst Business: Lucy Electric Manufacturing & Technologies India Location: Halol, Vadodara, Gujarat Job Reference No: 3851 Job Purpose: Role Description: The Global Security Analyst is responsible for the maintenance and on-going support of all security systems, making sure they are designed and built by best practices, ensuring monitoring and alerting is fit for purpose, and taking the lead when issues arise. The role will closely work with all aspects of Group IT, promoting IT Security across the Lucy Group. Key Responsibilities: Help to lead all Lucy cyber security activities, helping to shape processes and following best practices Monitor and maintain current security systems Champion IT Security to Global IS by documenting processes and transitioning activities into various teams as required Be part of the Lucy Group's IT Security governance steering group Work with the Senior IT Management to raise the profile of IT Security Work on BAU activities related to security, ensuring quick resolution Lead on any major incidents or high-priority issues around IT Security, providing regular updates to Group IT Ensure documentation is current and up to date Work with the End User Support teams to transition and follow security processes Use technologies to mature the security estate using tools such as Microsoft endpoint protection and antivirus Work with the Global IT Network & Security Manager to implement new technologies to help secure Lucy Group's IT estate Work with infrastructure and cloud operations teams to keep network, software, and applications patched and updated Stay up to date on IT Security to understand and counteract new threats Help Lucy Group achieve accreditations such as Cyber Essentials and ISO27001 Skills, Qualification and Experience: Key Skills: Act always in a professional manner Excellent communication and collaboration skills with both internal and external stakeholders Ability to prioritize workloads Broad understanding of service management Ensure documentation is always up to date Agile mindset to adapt to changing situations Entrepreneurial spirit with problem-solving mindset Excellent customer relations skills Friendly, approachable, and able to communicate with colleagues of varying IT knowledge Collaborative and community focused Friendly and positive attitude Minimum Qualifications, Knowledge and Experience: 1+ years in an IT security role 3+ years in an IT Service Desk role Knowledge in security software, antivirus, SIEM, and Microsoft Sentinel ITIL4 Certification, or 2+ years equivalent experience in IT Service Management Experience with Active Directory, Windows 10+, M365, and endpoint security tools Desirable Skills, Qualifications, and Experience: Certification in Cloud Security software (e.g., Antivirus, O365 endpoint protection, Microsoft Sentinel) Project management certification or experience in delivering projects Understanding of the Data Protection Act, IDS, and IPS About Us: Lucy Group Ltd is the parent company of all Lucy Group companies. Incorporated in 1897, Lucy Group is diversified into four business units, based on the expertise gained and developed over 200 years. Today we employ in excess of 1400 people worldwide, with property and manufacturing operations in the UK, Saudi Arabia, UAE, South Africa, Brazil, Thailand, Malaysia, and India. Does this sound interesting We would love to hear from you. Our application process is quick and easy. Apply today!

We are RadarRadar, experts in the commodity production, trade and processing industry. As a technology company we continuously aim to support our clients with strong data & analytics and business intelligence tools. It is our mission to enable companies to unlock the full potential of their data to improve risk and margin management and boost performance. Awards won: Top 10 Trading & Risk Management Service Providers 2023 | Energy Business Review Technology Innovation Award 2023 | Commodities People Analytics Technology Leader of the Year 2023 | Commodities People Top Business Information Systems Company 2022 | Data Magazine We are looking for a skilled and proactive Security Associate to join our IT team. This role is very important in ensuring the security of our cloud infrastructure. The ideal candidate will have hands- on experience in Azure security services, Windows Server security, SQL Server security, and infrastructure administration. What you will do Manage and optimize Azure Security services, including Microsoft Sentinel, Azure Monitor, Defender for Cloud, Endpoint/Server, Identity etc. Configure and monitor Log Analytics Workspaces and workbooks for effective threat detection and incident response. Create and manage virtual network configurations, private endpoint connections and other networking/firewall resources. Implement security best practices for Azure resources, ensuring compliance on regulatory standards and respond to incidents. Manage security configurations using Azure Policy Manage and secure mobile devices and applications using Microsoft Intune. Manage identity, access and Conditional Access policies within Azure AD. Apply security hardening techniques to Windows Server environments. Monitor and manage security baselines, patch management, and vulnerability assessments. Implement and maintain Group Policies, security auditing, and logging. Enforce SQL Server security best practices, including log management. Conduct regular audits, compliance checks on Servers Manage roles, permissions, and security configurations to protect data integrity. Create and manage various Azure resource (VMs, SQL Servers, Storage accounts, App services, Gateways, key vaults etc.) Create, manage and optimize Azure automation runbooks Perform administrative tasks for SQL Server, Windows Server, Microsoft 365 services including Intune, Entra ID, Teams, Exchange, Purview for data governance etc. Ensure high availability and performance of servers and services. Troubleshoot and resolve infrastructure-related issues promptly. Support backup and restore, disaster recovery, and business continuity planning. What you will bring Bachelors degree in computer science, Information Technology, or related field. 3+ years of experience in Azure security and infrastructure management. Strong knowledge of Microsoft security tools (Sentinel, Defender for Cloud, Defender for Endpoint/server). Proficiency in Windows Server and SQL Server security practices. Experience with Microsoft 365 and Entra ID administration. Microsoft Certified: Azure Security Engineer Associate Microsoft Certified: Azure Administrator Associate Strong analytical and problem-solving abilities. Excellent communication and teamwork skills. Ability to manage multiple tasks and projects effectively. Strong attention to detail and a proactive security mindset. What you will get: Remote work model A competitive salary and working with an amazing international team. An inspiring environment where you learn every day. Personal development plans to help you reach your personal goals.

- Opportunity with Billion Dollar Canadian Multinational. - Looking for Strong technical acumen SOC Senior Analyst and offers the opportunity to significantly enhance the SOC's maturity by refining detection rules and incident response playbooks. Required Candidate profile 5+ Yrs in SOC. Kusto Query Language (KQL) queries, Microsoft Sentinel's Investigation Graph, User and Entity Behavior Analytics (UEBA) insights, Microsoft Defender XDR suite SC-200 Certification.

Key Responsibilities Act as an escalation point for high/critical severity incidents and perform thorough investigations. Analyze TTPs (Tools, Techniques, and Procedures) to identify attack vectors and lifecycle stages. Recommend improvements to security controls and organizational security hygiene. Conduct threat hunting and IOC/APT detection through advanced log analysis. Collaborate with clients security teams and internal teams for incident resolution and documentation. Identify process gaps and propose enhancements for the incident response lifecycle. Create, maintain, and improve runbooks, playbooks, and incident response processes. Actively participate in war room discussions, executive briefings, and team meetings. Must-Have Skills Minimum 3+ years of experience as a SOC L3 Analyst in a global SOC environment. Hands-on experience with SIEM tools such as Microsoft Sentinel, including rule writing in KQL and Use Case development. Strong incident response skills and experience writing response procedures and playbooks. Expertise in advanced threat detection, forensic investigation, and root cause analysis. Knowledge of threat hunting techniques and familiarity with attacker TTPs and MITRE ATT&CK framework. Experience with security monitoring, log analysis, and network traffic inspection. Ability to resolve and escalate incidents and provide detailed post-mortem analyses. Excellent communication and documentation skills for cross-functional collaboration. Good-to-Have Skills Familiarity with Use Case Factory and Managed Detection & Response (MDR) operations. Exposure to various security tools, including EDRs, vulnerability scanners, and SOAR platforms. Experience in training junior analysts and creating knowledge-sharing materials. Prior experience working in global customers/ MSSP environments with multiple customers.