The Imperva DB security Engineer role involves working with relevant technologies, ensuring smooth operations, and contributing to business objectives. Responsibilities include analysis, development, implementation, and troubleshooting within the Imperva DB security Engineer domain.

Role & responsibilities Security Architecture & Engineering Design and deploy secure network, infrastructure, and Azure cloud architectures using Defender for Cloud, Sentinel, Entra ID, and Purview. Select, integrate, and optimize security tools (SIEM/SOAR, firewalls, EDR, DLP). Embed security into DevOps/CI-CD pipelines via automation (Logic Apps, PowerShell, KQL). Security Operations & Incident Response Configure and tune detection rules and workbooks in Sentinel; build automated playbooks for common incidents. Lead triage, investigation, and root-cause analysis of alerts from Defender and Sentinel. Conduct proactive threat hunting, log review, and vulnerability assessments. Identity & Access Management Implement and manage Conditional Access, MFA, Privileged Identity Management, and RBAC in Entra ID. Enforce least-privilege principles and lifecycle policies across users, groups, and service identities. Governance, Risk & Compliance Maintain alignment with ISO 27001, NIST, CIS, PCI-DSS, and GDPR using Secure Score and Compliance Manager. Develop and enforce security policies, standards, and audit controls. Team Leadership & Collaboration Mentor SOC analysts and engineers, driving continuous improvement and knowledge sharing. Collaborate closely with IT, DevOps, and business units to integrate security into all projects.

The Firewall,WAF role involves working with relevant technologies, ensuring smooth operations, and contributing to business objectives. Responsibilities include analysis, development, implementation, and troubleshooting within the Firewall,WAF domain.

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Accenture MxDR Ops Security Threat Analysis Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your security skills to design, build, and protect enterprise systems, applications, data, assets, and people. Your typical day will involve collaborating with various teams to implement security measures, conducting assessments to identify vulnerabilities, and ensuring that the organization's information and infrastructure are safeguarded against potential cyber threats. You will also engage in continuous learning to stay updated on the latest security trends and technologies, contributing to a secure environment for all stakeholders. Roles & Responsibilities:Perform security monitoring by analyzing logs, traffic and alerts generated by variety of device technologiesTimely response to customer requests like detection capabilities, tuning, etc.Research new threats and provide recommendations to enhance detection capabilitiesStrong desire for continuous learning on vulnerabilities, attacks and countermeasures Identify opportunities for process improvement Professional & Technical Skills: Experience in SOC operations with customer-facing responsibilitiesDeep understanding on cyber security fundamentals, security devices, network defense concepts and threat landscapeHands-on experience in SIEM and threat hunting tools Added advantage in working with any SOAR platformDesirable knowledge in any scripting language and EDR productsPreferable GCIA, GCFA, CISSPStrong customer service and interpersonal skillsStrong problem-solving skillsAbility to communicate clearly at all levels, demonstrating strong verbal and written communication skills.Adaptability to accept change Additional Information:Work as part of analysis team that works 24x7 on a rotational shift Minimum a bachelors or a masters degree in addition to regular 15- year full time educationThe candidate should have minimum 2 years of experience This position is based at our Chennai office. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Accenture MxDR Ops Security Engineering Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build, and protect enterprise systems, applications, data, assets, and people. You will provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Your role involves ensuring the security of critical assets and data. Roles & Responsibilities:Work as part of Security Engineering handling tunings, customer requests, escalations, reporting, trainings, etc.Administration of the Accenture proprietary SIEM (Log Collection Platform) to gather security logs from customer environment.Life cycle management of the SIEM (Onboarding, Break-fix, Patching, Live update )Adhering to SOPs and notify customers on log flow/log format issuesDocument best practices and writing KB articlesIdentify opportunities for process improvements Professional & Technical Skills: Experience in SOC OperationsKnowledge on networking, Linux and security concepts Experience in configuring/managing security controls such as Firewall, DS/IPS,EDR,UTM,ProxyKnowledge on log collection mechanism such as Syslog, Log file, DB & API and build collector Knowledge in device onboarding and integrationPassion for cyber security, learning, and knowledge sharing Strong Verbal & written communication skills Proven customer service skills, problem solving and interpersonal skills Ability to handle high pressure situationsConsistently exhibit high levels of teamworkFollowing certifications is added advantage:Network+,Linux+, Security and CCNAPrior experience in information security or SOC operations Additional Information:Work as part of a global technical services team that works 24/7 on rotational shiftBachelors degree in computer science, The candidate should have minimum 2 years of experience This position is based at our Chennai office. A 15 years full time education is required. Qualification 15 years full time education

Infrastructure Engineering Senior Advisor - HIH - Evernorth Position Overview As a Splunk / Cribl Sr. Engineer (Infrastructure Engineering Senior Advisor) for Cigna’s Enterprise Logging Team you’ll provide operations, engineering, design and troubleshooting support for the teams on premise and SaaS based logging products. You’ll also be working with peers and customers gathering requirements, onboarding data, and assist with searches, dashboards, reports, and knowledge objects. The role will require you to use your hands-on technical expertise with Splunk Enterprise, Splunk Cloud, Cribl and AWS to come up with solutions for technical and business problems. You should have continuous learning and engineering mindsets along with the ability to adapt new technologies to improve Splunk and Cribl on premise and cloud operations. Responsibilities Support systems engineering lifecycle activities for large hybrid Splunk and Crib deployments, including requirements gathering, design, testing, implementation, operations, and documentation. Lead troubleshooting efforts and identify root cause of problems across the enterprise logging environment. Work on and lead projects that drive continuous improvement, enhancements of products, services offerings, and governance.Coach and mentor customers and staff that may need technical assistance or guidance.Partner with Agile Program and Product Management leads to develop, plan, and execute large initiatives.Available On-Call 24x7 support on a rotational schedule. Qualifications Required Skills: Strong written and verbal communication skills with the ability to interact with all levels of the organization. Strong influencing/negotiation skills. Strong interpersonal/relationship management skills. Strong time and project management skills. Skilled in operations, support and engineering with of the following products – Linux, Splunk Enterprise, Splunk Cloud, Cribl Stream and AWS Familiarity with agile methodology including SCRUM team leadership. Familiarity with modern delivery practices such as continuous integration, behavior/test driven development, and specification by example. Required Experience & Education: 13-16 years of experience requiredBachelor’s degree or equivalent degree and work experience is requiredA minimum of 12 years of experience supporting, operating, and managing large Splunk environments. At least 2 years specifically is with Splunk Cloud.A minimum of 8 years of experience supporting and managing Cribl Stream deployments.Experience with Splunk Premium Applications, IT Service Intelligence and Enterprise Security.A minimum of 3-4 years with AWS Services and implementations with a working knowledge of core AWS products including S3, Terraform, ALB/NLB, EC2, PrivateLink and VPCsAWS, Cribl and Splunk certifications, such as Splunk Certified Architect or AWS Associate, are highly desirable.At least 8 years of experience with LAN/WAN technologies and clear understanding of basic network concepts and services.11 to 13 years of experience with Linux operating system management or administration.Demonstrated proficiency in scripting and programming languages (e.g., Python, PowerShell) for custom Splunk app development.Experience with Ansible and leveraging playbooks for task automation. Location & Hours of Work (Specify whether the position is remote, hybrid, in-office and where the role is located as well as the required hours of work) Equal Opportunity Statement Evernorth is an Equal Opportunity Employer actively encouraging and supporting organization-wide involvement of staff in diversity, equity, and inclusion efforts to educate, inform and advance both internal practices and external work with diverse client populations. About Evernorth Health Services Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.

Driven by transformative digital technologies and trends, we are RIB and we’ve made it our purpose to propel the industry forward and make engineering and construction more efficient and sustainable. Built on deep industry expertise and best practice, and with our people at the heart of everything we do, we deliver the world's leading end-to-end lifecycle solutions that empower our industry to build better. With a steadfast commitment to innovation and a keen eye on the future, RIB comprises over 2,500 talented individuals who extend our software’s reach to over 100 countries worldwide. We are experienced experts and professionals from different cultures and backgrounds and we collaborate closely to provide transformative software products, innovative thinking and professional services to our global market. Our strong teams across the globe enable sustainable product investment and enhancements, to keep our clients at the cutting-edge of engineering, infrastructure and construction technology. We know our people are our success – join us to be part of a global force that uses innovation to enhance the way the world builds. Find out more at RIB Careers. Job Summary As part of the RIB team, you will embody our values of impact, aspiration, curiosity, and trust in everything you do. As a Cloud SecOps Engineer, you will play a key role in protecting the platforms used to deliver RIB's products within the Managed Services. The Cloud SecOps Engineer will be responsible for continuous security monitoring, threat detection, incident response, and security automation within Managed Services Product Portfolio. This role involves SIEM operations, vulnerability scanning, identity and access management, and endpoint security. The engineer will work closely with DevOps, SRE, Cloud Governance, and Application Security teams to enhance the security posture across Managed Services cloud environments. Key Responsibilities Security Monitoring & Incident Response Operate and manage SIEM solutions for real-time threat detection. Investigate security incidents, analyze logs, and escalate as needed. Work with DevOps/SRE teams on security incident containment and response. Security Automation & Orchestration (SOAR) Develop and implement security automation playbooks to streamline response. Support automated threat intelligence ingestion and response workflows. Identity & Access Management (IAM) Enforce least privilege access policies for cloud and IT environments. Assist in identity lifecycle management, MFA, and role-based access controls. Vulnerability & Risk Management Conduct vulnerability scans and misconfiguration assessments. Assist DevOps and SRE teams with security patching and risk remediation. Security Observability & Compliance Ensure security logs, alerts, and telemetry are properly integrated. Support audits and compliance initiatives for security best practices. Governance, Compliance, and Incident Response Align security operations with control frameworks (ISO 27001, GDPR, SOC 1, SOC2, CCM etc.). Work closely with CPSO., Cloud Governance, AppSec and Security Governance teams. Skills And Qualifications Bachelor's degree in cybersecurity, information security, or equivalent experience. Azure Security Engineer (AZ-500, SC-200, SC-300) 2+ years of experience in SecOps, cybersecurity, or cloud security roles. Strong understanding of SIEM solutions (e.g., Microsoft Sentinel, Splunk, QRadar, etc.). Experience with security automation (SOAR), scripting (Python, PowerShell), and incident response. Familiarity with IAM frameworks, cloud security best practices (Azure, AWS, etc.), and vulnerability management tools (Qualys, Tenable, etc.). Knowledge of DevOps, CI/CD security practices, and security control frameworks (ISO 27001, SOC1, SOC2, CIS etc.) RIB may require all successful applicants to undergo and pass a comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third party personal data may involve additional background check criteria. RIB is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business. Come and join RIB to create the transformative technology that enables our customers to build a better world. Show more Show less

The Splunk role involves working with relevant technologies, ensuring smooth operations, and contributing to business objectives. Responsibilities include analysis, development, implementation, and troubleshooting within the Splunk domain.

Job Title :Senior Information Security Analyst Vulnerability Management Reporting To Manager Work Location Bangalore We are looking for a motivated Information Security Analyst to run Information Security processes . The main focus area will be Vulnerability Management . You will be responsible for: - Analysing vulnerabilities, - Providing necessary information and guidance to IT Technology Owners, - Monitoring remediation actions. You will have the ability to continuously learn about technologies and associated vulnerabilities, practice interactions with IT stakeholders and get detailed understanding of corporate processes (e.g. IT Change Management, Software Development). SPECIFIC ASSIGNMENTS: You will be working on running the Vulnerability Management processes. You will participate in assessing and evaluating vulnerabilities. You will have the opportunity to work with vulnerability assessment technologies from industry leaders. Your task will be to get understanding of the issue, inform respective IT Technology Owner and provide guidance on recommended action and monitor the execution. In the constantly changing world of emerging vulnerabilities and bit IT landscape of Eurofins you will have numerous opportunities to learn new aspects of vulnerabilities and get better, in-depth understanding of their underlying details. Your role is strategic for the organization running the vulnerability management process is key to secure the Company, build strong layer of defence and improve Companys external posture! Technical details, leading security products, industry best practices, guidelines - you will be working with them on day-to-day basis to grow your security skills and improve Eurofins IT environment. Experience: If you have: - Previous experience in IT Security or Vulnerability Management with having experience (at least 5 years) Willingness to learn and motivation to act towards the achievable goal is key for us! On the role of Senior Information Security Analyst, you can utilize your technical skills: understanding of various IT technologies (IT infrastructure and application level), IT general knowledge, principles of software development and understanding of web technologies, utilizing CVEs, collecting and processing information from vulnerability databases, working with leading industry products and services (e.g. Qualys, Nessus, Security Scorecard, BitSight, ServiceNow etc. ), assessing and evaluating cloud-based solutions and cloud services. As you'll be working in an international environment, your English needs to be excellent . You have to be an effective communicator (both to technical and non-technical professionals), convincing that your concepts are relevant and important for the whole organization. Other skills you'll need are orientation on details, team collaboration, problem solving. Qualifications Educational background in IT or Information Security. Any related IT Security certification would be an added advantage.

The Securonix/UEBA/SIEM, Tripwire IP360, Tripwire CCM, AWS Guardduty role involves working with relevant technologies, ensuring smooth operations, and contributing to business objectives. Responsibilities include analysis, development, implementation, and troubleshooting within the Securonix/UEBA/SIEM, Tripwire IP360, Tripwire CCM, AWS Guardduty domain.

Driven by transformative digital technologies and trends, we are RIB and we’ve made it our purpose to propel the industry forward and make engineering and construction more efficient and sustainable. Built on deep industry expertise and best practice, and with our people at the heart of everything we do, we deliver the world's leading end-to-end lifecycle solutions that empower our industry to build better. With a steadfast commitment to innovation and a keen eye on the future, RIB comprises over 2,500 talented individuals who extend our software’s reach to over 100 countries worldwide. We are experienced experts and professionals from different cultures and backgrounds and we collaborate closely to provide transformative software products, innovative thinking and professional services to our global market. Our strong teams across the globe enable sustainable product investment and enhancements, to keep our clients at the cutting-edge of engineering, infrastructure and construction technology. We know our people are our success – join us to be part of a global force that uses innovation to enhance the way the world builds. Find out more at RIB Careers. Job Summary As part of the RIB team, you will embody our values of impact, aspiration, curiosity, and trust in everything you do. As a Cloud SecOps Engineer, you will play a key role in protecting the platforms used to deliver RIB's products within the Managed Services. The Cloud SecOps Engineer will be responsible for continuous security monitoring, threat detection, incident response, and security automation within Managed Services Product Portfolio. This role involves SIEM operations, vulnerability scanning, identity and access management, and endpoint security. The engineer will work closely with DevOps, SRE, Cloud Governance, and Application Security teams to enhance the security posture across Managed Services cloud environments. Key Responsibilities Security Monitoring & Incident Response Operate and manage SIEM solutions for real-time threat detection. Investigate security incidents, analyze logs, and escalate as needed. Work with DevOps/SRE teams on security incident containment and response. Security Automation & Orchestration (SOAR) Develop and implement security automation playbooks to streamline response. Support automated threat intelligence ingestion and response workflows. Identity & Access Management (IAM) Enforce least privilege access policies for cloud and IT environments. Assist in identity lifecycle management, MFA, and role-based access controls. Vulnerability & Risk Management Conduct vulnerability scans and misconfiguration assessments. Assist DevOps and SRE teams with security patching and risk remediation. Security Observability & Compliance Ensure security logs, alerts, and telemetry are properly integrated. Support audits and compliance initiatives for security best practices. Governance, Compliance, and Incident Response Align security operations with control frameworks (ISO 27001, GDPR, SOC 1, SOC2, CCM etc.). Work closely with CPSO., Cloud Governance, AppSec and Security Governance teams. Skills And Qualifications Bachelor's degree in cybersecurity, information security, or equivalent experience. Azure Security Engineer (AZ-500, SC-200, SC-300) 2+ years of experience in SecOps, cybersecurity, or cloud security roles. Strong understanding of SIEM solutions (e.g., Microsoft Sentinel, Splunk, QRadar, etc.). Experience with security automation (SOAR), scripting (Python, PowerShell), and incident response. Familiarity with IAM frameworks, cloud security best practices (Azure, AWS, etc.), and vulnerability management tools (Qualys, Tenable, etc.). Knowledge of DevOps, CI/CD security practices, and security control frameworks (ISO 27001, SOC1, SOC2, CIS etc.) RIB may require all successful applicants to undergo and pass a comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third party personal data may involve additional background check criteria. RIB is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business. Come and join RIB to create the transformative technology that enables our customers to build a better world. Show more Show less

A career in our Advisory Acceleration Centre is the natural extension of PwC’s leading class global delivery capabilities. We provide premium, cost effective, high quality services that support process quality and delivery capability in support for client engagements. To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future. Responsibilities As a Senior Associate, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to: Use feedback and reflection to develop self awareness, personal strengths and address development areas. Delegate to others to provide stretch opportunities, coaching them to deliver results. Demonstrate critical thinking and the ability to bring order to unstructured problems. Use a broad range of tools and techniques to extract insights from current industry or sector trends. Review your work and that of others for quality, accuracy and relevance. Know how and when to use tools available for a given situation and can explain the reasons for this choice. Seek and embrace opportunities which give exposure to different situations, environments and perspectives. Use straightforward communication, in a structured way, when influencing and connecting with others. Able to read situations and modify behavior to build quality relationships. Uphold the firm's code of ethics and business conduct. ,Quality Assurance SOC Analyst - CaaS As a Quality Assurance SOC Analyst (Senior Associate) within the Cyber as a Service (CaaS) practice, you’ll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. You will play a pivotal role in ensuring the quality and effectiveness of our SOC operations. You will be responsible for reviewing and enhancing our security incident response processes and procedures, evaluating the performance of SOC analysts, and implementing best practices to maintain the highest standards of security. This role is critical in maintaining the integrity of our clients' systems and Required Qualifications data. Responsibilities include but are not limited to: 3+ years of experience in a technical role in the areas of Security Operations, Quality Assurance in a SOC setting, Threat Intelligence, Incident Response, or Penetration Testing/Red Team. At a minimum, a Bachelor's Degree in a relevant area of study with a preference for Computer Science, Computer Engineering, Cybersecurity, or Information Security. Knowledge and experience working with various SIEM, EDR, NDR and Ticketing tools. Knowledge of Security Operations Centre (SOC) processes and procedures. Effective communication skills, both written and verbal. Strong attention to detail and commitment to quality. Advanced knowledge and experience analyzing attacker techniques at all stages of a breach. Knowledge of MITRE ATT&CK and Cyber Kill-Chain is a must Be available to work on a 24/7 basis (Mon-Sun) on a shift based schedule to continuously assure quality within SOC. Roles & Responsibilities Conduct regular quality assessments of security incident handling processes within the SOC for both L1 and L2 functions. Review and evaluate the effectiveness of SOC analyst activities, including incident detection, analysis, investigation and response. Identify areas for improvement and provide recommendations to enhance SOC operations and incident response capabilities. Collaborate with SOC management and leads to develop and implement quality assurance strategies and initiatives. Create and maintain comprehensive quality assurance documentation, reports, and metrics. Mentor and provide guidance to junior SOC analysts to improve their performance and investigation skills. Stay up-to-date with the latest threat landscape, attack vectors, and cybersecurity technologies through ongoing research and professional development. Assist in incident response activities as needed, including during high-priority security incidents. Participate in the development and delivery of training programs for SOC staff. Collaborate with the L2 analyst team to develop robust quality assurance practices, documentation, reports and metrics. Collaborate with L1 and L2 SOC analysts to provide training and knowledge sharing on quality assurance best practices. Communicate findings and recommendations effectively to technical and non-technical stakeholders internally and externally. Maintain detailed records of quality assurance activity, including findings, actions taken, and outcomes. Participate in knowledge-sharing initiatives with the L1 and L2 team to enhance collective expertise and investigation skills. Ensure adherence to established quality assurance processes and procedures. Identify opportunities for process improvement and contribute to the enhancement of quality assurance methodologies. Maintain composure and efficiency in high-pressure situations. Willing to work in US day shift (9AM EST - 5PM EST) / India night Shift (7 PM IST to 3 AM IST) and weekend support / on call support Experience & Skills 3+ years of experience in a technical role in the areas of Security Operations, Quality Assurance in a SOC setting, Threat Intelligence, Cyber Incident Response, or Penetration Testing/Red Team. Experience in SOC L1, SOC L2 is a must. Experience in SOC Quality Assurance is a must Experience in SIEM technologies such as Azure Sentinel, Splunk, ArcSight, QRadar, Exabeam, LogRhythm Experience and knowledge of EDR and NDR technologies such as Cortex XDR, CrowdStrike, Carbon Black, Cylance, Defender, DarkTrace Experience with ticketing system such as ServiceNow, JIRA is considered a strong asset Experience and Knowledge working with Cyber Kill-Chain model and MITRE ATT&CK framework Ability to use data to 'tell a story'; ability to communicate findings and recommendations effectively to technical and non-technical stakeholders. Proficient in preparation of reports, dashboards and documentation Excellent communication and leadership skills Ability to handle high pressure situations with key stakeholders Good Analytical skills, Problem solving and Interpersonal skills A demonstrated commitment to valuing differences and working alongside diverse people and perspectives Show more Show less

Key Responsibilities: Incident Detection & Response: Monitor security alerts and events through SIEM tools to identify potential threats. Investigate security incidents and respond in a timely and effective manner. Leverage EDR (Endpoint Detection and Response) solutions for threat detection and incident analysis. Threat Analysis & Mitigation: Conduct thorough threat and malware analysis to identify and mitigate risks. Work closely with internal teams to investigate malware, viruses, and ransomware threats. Use CrowdStrike , Defender , and other endpoint security tools to prevent attacks. Email Security Management: Monitor and manage email security systems to prevent phishing, spam, and other malicious email threats. Respond to suspicious email alerts and work with other teams to resolve them. Continuous Monitoring & Alerting: Actively monitor systems, networks, and applications for any signs of suspicious activities. Utilize Endpoint Security solutions to continuously track and protect endpoints across the network. Collaboration & Reporting: Work closely with the IT and security teams to assess, analyze, and resolve security incidents. Maintain detailed documentation of incidents, findings, and responses for future reference. Regularly report on the status of ongoing security incidents and trends to senior management. Research & Knowledge Enhancement: Stay updated with the latest security threats, vulnerabilities, and trends. Participate in security training and development to improve skills in SIEM , EDR , and other security tools. Required Skills and Qualifications: Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or a related field, or equivalent work experience. Strong experience with SIEM (e.g., Splunk, QRadar, ArcSight). Proficient in EDR and Endpoint Security tools (e.g., CrowdStrike, Microsoft Defender). Hands-on experience in threat and malware analysis . Familiarity with email security systems (e.g., Proofpoint, Mimecast). Strong understanding of network protocols, firewalls, and intrusion detection/prevention systems. Knowledge of security frameworks and industry standards (e.g., MITRE ATT&CK, NIST). Excellent analytical and problem-solving skills. Preferred Qualifications: Security certifications like CompTIA Security+ , CISSP , CEH , or GIAC are a plus. Experience with incident response and forensic investigation. Familiarity with cloud security in AWS, Azure, or Google Cloud. Show more Show less

Introduction SOC Analyst L2 Your Role And Responsibilities A SOC Analyst plays a crucial role in cybersecurity, focusing on incident response, threat analysis, and security monitoring . Here’s a general job description: Responsibilities Monitor and analyze security alerts from various sources. Investigate suspicious activities and security incidents. Coordinate and escalate incidents to appropriate teams. Perform root cause analysis and recommend solutions to mitigate risks. Collaborate with Level 1 analysts to enhance detection capabilities. Maintain and update incident response playbooks. Prepare reports and documentation of security incidents. Stay updated with the latest cybersecurity trends and threats. Assist in threat hunting to identify vulnerabilities. Preferred Education Master's Degree Required Technical And Professional Expertise Bachelor’s degree in IT, Cybersecurity, or a related field. 2-3 years of experience in a Security Operations Center (SOC). Certifications like CISSP, CEH, or CompTIA Security+ (preferred). Strong analytical and problem-solving skills. Excellent communication and teamwork abilities. Experience with incident detection and response. SIEM tools (e.g., Splunk, QRadar). Intrusion Detection Systems (IDS) & Intrusion Prevention Systems (IPS). Firewall & VPN technologies. Threat intelligence platforms. Endpoint detection & response tools. Network security protocols. Incident response techniques. Preferred Technical And Professional Experience Scripting languages (e.g., Python, Bash). Understanding of malware analysis & forensics. Show more Show less

About Company: Team1 Consulting is a leading System Integrator specializing in IT infrastructure, software, cyber security, cloud solutions, and generative AI domains. We deliver cutting-edge IT solutions tailored to drive innovation and accelerate business growth. Our expertise empowers organizations across industries to thrive in the digital era with customized, high-impact solutions that ensure success in an ever-evolving landscape. Job Title: Pre-Sales Cybersecurity Specialist Location: NOIDA , HQ Experience Required: 4–8 Years Department: Pre-Sales / Solution Engineering Employment Type: Full-Time About the Role: We are seeking an experienced and proactive Pre-Sales Cybersecurity Specialist to join our high-performance team. The ideal candidate will play a key role in supporting the sales team by understanding client security needs, designing appropriate solutions, delivering technical presentations, and building trust with prospects throughout the sales cycle. Key Responsibilities: Collaborate with the sales team to identify customer requirements and recommend relevant cybersecurity solutions. Conduct discovery sessions with enterprise clients to understand their security posture, threat landscape, and compliance requirements. Prepare and deliver technical presentations and product demonstrations to prospects and customers. Design customized security solutions using a wide range of cybersecurity technologies (e.g., endpoint security, SIEM, SOAR, XDR, IAM, firewalls, cloud security). Respond to RFPs, RFIs, and prepare detailed solution documents, BoMs, and SOWs. Assist in PoCs (Proof of Concept), solution validation, and implementation guidance. Stay updated with the latest threats, security trends, and OEM product updates. Work closely with OEMs and internal product/technical teams to stay aligned with solution capabilities and roadmaps. Support the handover of projects to delivery and ensure smooth transition from pre-sales to execution. Required Qualifications: 4–8 years of experience in cybersecurity pre-sales, solution engineering, or consulting roles. Strong understanding of cybersecurity domains including: Network Security, Endpoint Protection, Cloud Security, Identity & Access Management (IAM), SIEM/SOAR, and Compliance. Hands-on exposure or certifications in tools like: Palo Alto, Fortinet, CrowdStrike, SentinelOne, Splunk, QRadar, Microsoft Defender, Tenable, Rapid7, etc. Excellent communication, presentation, and documentation skills. Strong analytical thinking and problem-solving ability. Willingness to travel to client locations for demos and meetings as needed. Bachelor's degree in Computer Science, Information Security, or related field. Security certifications such as CEH, CompTIA Security+, CISSP (preferred but not mandatory). What We Offer: Competitive compensation with performance-linked incentives. Exposure to leading cybersecurity OEMs and enterprise accounts. Opportunity to grow in a fast-paced and innovation-driven environment. Strong collaborative culture and mentorship from industry leaders. Show more Show less

Role Description We are seeking a detail-oriented and proactive SOC Analyst – Level 2 to strengthen our cybersecurity operations. The ideal candidate will have hands-on experience in reviewing and investigating escalated security events using a variety of security tools and methodologies. This role involves working closely with L1 analysts, Incident Response teams, and Threat Hunters to ensure accurate detection, classification, and escalation of security incidents. Key Responsibilities Review and investigate escalated security events from SOC L1 analysts using tools such as SIEM, EDR, NDR, and other monitoring platforms. Perform initial triage and validation of s, classify incidents, and escalate appropriately to Incident Response or Threat Hunting teams. Leverage threat intelligence to contextualize s and correlate evidence across multiple data sources. Analyze suspicious activity across endpoints, networks, email, and cloud environments. Accurately document investigation steps, findings, and recommendations. Maintain and enhance playbooks, runbooks, and standard operating procedures (SOPs). Participate in purple team exercises, tabletop simulations, and contribute to detection engineering feedback loops. Collaborate with L1 analysts, providing guidance and training on detection logic, triage, and escalation procedures. Required Qualifications Minimum 2 years of experience in a SOC, security monitoring, or cybersecurity operations role. Proficiency with SIEM (e.g., Splunk, QRadar, Sentinel), EDR (e.g., CrowdStrike, Microsoft Defender for Endpoint), and analysis of firewall and proxy logs. Solid understanding of attacker tactics, techniques, and procedures (TTPs), especially those outlined in MITRE ATT&CK and the Cyber Kill Chain. Demonstrated experience in triaging s, classifying threats, and escalating incidents. Strong ability to write concise, accurate incident documentation and reporting. Working knowledge of both Windows and Linux operating systems from a security operations perspective. Preferred Qualifications Familiarity with detection logic tuning, custom rule creation, and threat hunting methodologies. Experience in phishing investigations, malware sandboxing, and basic memory/network forensics. Exposure to scripting languages such as Python, Bash, or PowerShell for task automation and data parsing. Knowledge of cloud security monitoring tools and practices (Azure, AWS, Google Cloud). Relevant certifications such as: Security+, CySA+, GCFE, GCIH, SC-200, or equivalent. Technical Skills Active Directory Red Hat Enterprise Linux Group Policy Management Skills SIEM, EDR, NDR Show more Show less

Analyst Level 3 - Security Operations Centre (SOC) Ways of working – Full-time with rotational shifts and mandatory Work from Office Location: Embassy Tesh Village, Bangalore Year of Experience: 5+ years in a SOC or security operations environment, with at least 2 years in a senior or advanced analyst role. About The Team & Role As a Level 3 Security Operations Centre (SOC) Analyst, you will be responsible for identifying, analyzing, and responding to security incidents and threats within an organization's IT infrastructure. This senior role demands a high level of expertise in security operations, threat analysis, and incident response. You will work closely with other teams, including Level 1 and Level 2 analysts, management, and engineering, to ensure the security of the organization's network and systems. Your work will contribute to detecting and mitigating advanced cyber threats, ensuring that the organization remains protected against emerging risks. What will you get to do here? Incident Response & Investigation Lead investigations of complex security incidents, including intrusion detection, malware analysis, and vulnerability exploitation. Perform in-depth analysis of security incidents to determine their scope, impact, and method of attack. Take immediate and appropriate action to contain, mitigate, and resolve security threats. Threat Hunting Proactively hunt for hidden threats and vulnerabilities within the organization's systems and networks. Analyze logs and data from multiple sources (e.g., firewalls, intrusion detection systems, antivirus solutions) to identify patterns indicative of malicious activity. Utilize advanced threat intelligence to stay ahead of potential attackers and new attack vectors. Security Monitoring & Analysis Oversee and manage security monitoring tools to detect potential security incidents and vulnerabilities. Analyze alerts and reports generated by various security tools, ensuring accuracy and appropriateness. Ensure the effective operation and tuning of SIEM (Security Information and Event Management) systems, IDS/IPS, and other security technologies. Identify and define new use cases as well as modify existing ones Collaboration & Knowledge Sharing Mentor and provide guidance to junior analysts (Level 1 and Level 2) in incident handling, investigation, and security best practices. Collaborate with IT, network, and engineering teams to resolve security issues and implement proactive security measures. Document incidents and maintain accurate records for reporting and auditing purposes. Reporting & Documentation Generate detailed post-incident reports that include findings, recommendations, and remediation steps. Assist in the development and maintenance of SOC procedures, playbooks, and security policies. Report trends and emerging threats to senior management and stakeholders. Create and maintain standard operating procedures (SOPs), playbooks, and runbooks. Lead root cause analysis and develop lessons learned documentation post-incident Continuous Improvement Stay up to date on the latest cybersecurity threats, trends, and technologies. Contribute to the development and improvement of incident response plans and security protocols. Participate in security training programs to continually enhance skills and capabilities. What qualities are we looking for? Education: Bachelor's degree in Computer Science, Information Security, or related field, or equivalent experience. Experience: 5+ years of experience in a SOC or security operations environment, with at least 2 years in a senior or advanced analyst role. Technical Skills: Strong experience with security tools and SaaS Application, including SIEM (Splunk, Sentinel One, QRadar, etc.), IDS/IPS, firewalls, Endpoint Protection, DLP, Active Directory/Azure and vulnerability scanners. Expertise in incident response, digital forensics, and malware analysis. Deep understanding of security frameworks, methodologies, and best practices (NIST, ISO 27001, MITRE ATT&CK, etc.). Knowledge and experience of common operating systems (Windows, Mac, Linux) and networking protocols (TCP/IP, HTTP, DNS, etc.). Advanced understanding of cyber threats and attack vectors, including APTs (Advanced Persistent Threats), ransomware, DDoS, and insider threats. Familiarity with cloud security environments and services (AWS, Azure, GCP). Skills & Abilities: Strong written and verbal communication skills, with the ability to report findings to both technical and non-technical stakeholders. Ability to work well under pressure and manage multiple tasks simultaneously. Relevant certifications such as CISSP, CISM, CEH, GIAC, or similar are a plus. Desired Skills: Experience with threat intelligence platforms and frameworks. Proficiency in scripting or automation (Python, PowerShell, etc.) for threat detection and incident response tasks. Experience with network traffic analysis tools (Wireshark, tcpdump, etc.). Knowledge of forensic tools and techniques. Familiarity with security incident management platforms (ServiceNow, Remedy, Jira, Fresdesk etc.). Preferred Certifications: CompTIA Security+ EC-Council Certified SOC Analyst (CSA) CompTIA Cybersecurity Analyst (CySA+) EC-Council SOC Essentials (S|CE) ISACA - CCOA GIAC Security Operations Certified (GSOC): GIAC Certified Incident Handler (GCIH): GIAC Certified Intrusion Analyst (GCIA): (ISC)² Systems Security Certified Practitioner (SSCP): GIAC Cyber Threat Intelligence (GCTI): GIAC Certified Forensic Analyst (GCFA) / GIAC Certified Forensic Responder (GCFR) AWS Certified Security - Specialty / Certified Cloud Security Professional (CCSP) Visit our tech blogs to learn more about some of the challenging Problem Statements the team works at:- https://bytes.swiggy.com/engineering-challenges-at-swiggy-430dea6c86a3 https://bytes.swiggy.com/the-swiggy-delivery-challenge-part-one-6a2abb4f82f6 https://bytes.swiggy.com/what-serviceability-means-at-swiggy-c94c1aad352a https://bytes.swiggy.com/architecture-and-design-principles-behind-the-swiggys-delivery-partner s-app-4db1d87a048a https://bytes.swiggy.com/swiggy-distance-service-9868dcf613f4 https://bytes.swiggy.com/the-tech-that-brings-you-your-food-1a7926229886 We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, disability status, or any other characteristic protected by the law. Show more Show less

Job Title : Network Security and Infrastructure Engineer Location : Remote Job Summary We are seeking a skilled and detail-oriented Network Security and Infrastructure Engineer to join our IT security team. The ideal candidate will be responsible for designing, implementing, and managing secure network infrastructure solutions. Proficiency with AlgoSec for firewall and security policy management, and experience using HP Lighthouse for infrastructure monitoring and reporting, is essential. Key Responsibilities Design, implement, and manage secure network infrastructure to support business operations. Use AlgoSec to manage firewall policies, analyze rule changes, and ensure regulatory compliance. Perform security policy audits and recommend rule optimization and risk mitigation strategies. Leverage HP Lighthouse for system and network performance monitoring, capacity planning, and incident reporting. Maintain detailed network diagrams and documentation. Lead vulnerability assessments and implement remediation strategies. Work closely with DevOps, compliance, and application teams to secure cloud and on-premise environments. Evaluate and deploy security products and technologies as needed. Provide support during security incidents, ensuring proper documentation and post-incident analysis. Required Skills & Qualifications Bachelors degree in Computer Science, Information Security, or related field (or equivalent experience). 5+ years of experience in network security, infrastructure management, or related roles. Hands-on experience with AlgoSec Security Management Suite. Experience working with or familiarity with HP Lighthouse (or similar HP tools like HP Operations Manager, HP IMC). Strong knowledge of firewalls (Cisco, Palo Alto, Fortinet), IDS/IPS, VPNs, and network segmentation. Understanding of cloud platforms (AWS, Azure, GCP) and hybrid network security. Familiarity with regulatory compliance frameworks (e.g., PCI-DSS, HIPAA, ISO 27001). Strong analytical and troubleshooting skills. Excellent communication and documentation abilities. Preferred Qualifications Certifications : CCNP Security, CISSP, CISM, or AlgoSec Certified Professional. Experience with SIEM tools (e.g., Splunk, QRadar). Scripting knowledge on Python (ref:hirist.tech) Show more Show less

ECI is the leading global provider of managed services, cybersecurity, and business transformation for mid-market financial services organizations across the globe. From its unmatched range of services, ECI provides stability, security and improved business performance, freeing clients from technology concerns and enabling them to focus on running their businesses. More than 1,000 customers worldwide with over $3 trillion of assets under management put their trust in ECI. At ECI, we believe success is driven by passion and purpose. Our passion for technology is only surpassed by our commitment to empowering our employees around the world . The Opportunity: ECI has an exciting opportunity for a SOC Engineer , who is responsible for analyzing and responding to network security events. The SOC Engineer will work collaboratively to detect and respond to information security incidents, maintain and follow procedures for security event alerting, and participate in security investigations. The SOC Engineer will perform tasks including monitoring, research, classification, and analysis of security events that occur on the network or endpoint. In this role, you will act as a shift lead and review tickets before they are being escalated to clients. You will Investigate intrusion attempts and perform an in-depth analysis of exploits. This is an Onsite role. What you will do: Acts as shift lead by managing the incident queue and assign incidents to available analysts based on priority. Make sure the incident is handled from end to end with defined SLA. Conduct expert analysis of SIEM logs to drive event and incident analysis. Provide expertise in categorizing and deep dive event logs to support timely and effective decision making in handling security breach cases. Launch and track investigations until resolution. Work with client or internal support teams to mitigate security threats and help them in improving the security posture of client environment. Perform threat hunt activities based on latest security vulnerabilities, advisories, and penetration techniques. Mitigate security threats and notify client. Contribute to the creation of SOC policies, procedures, and configuration standards. Manage and Administer security tools such as SIEM, EDR, Email gateway, etc. Advanced working skills with any one of the SIEM tools (ELK, Splunk, Qradar). Rule base Management, SOC Fine tuning. (Administer SIEM tool) Maintain 'On Call' availability for critical incident response scenarios and urgent threats. Demonstrate strong analytical, diagnostic, innovation, and collaboration skills. Exhibit enthusiasm, adaptability, and a passion for continuous learning, growth, and sharing of knowledge. Showcase exceptional presentation and communication abilities. Who you are: 3-5 years’ experience in the IT security industry, preferably working in a SOC environment. Bachelor’s in computer science/IT/Electronics Engineering, M.C.A. or equivalent University degree Certifications: CCNA, CEH, CHFI, GCIH, ITIL Experience with Security Information Event Management (SIEM) tools, creation of correlation rules and fine-tuning rules to administration of SIEM. Administration of Email security gateways, EDR, Antivirus Solutions. Should have expertise on TCP/IP network traffic and event log analysis. Configuration and Troubleshooting experience on Cisco ASA, PaloAlto firewalls would be an added advantage. Ability to work with minimal levels of supervision. Willingness to work in a job that involves 24/7 operations. Shift management and scheduling. Remain vigilant while continuing to maintain and enhance the overall security of ECI and the client’s receiving our services. Maintain awareness about the potential risks based on the environment they are operating in and the clients they are working on Bonus points if you have: Knowledge and hands-on experience of implementation and management of IDS/IPS, Firewall, VPN, and other security products Knowledge and hands-on experience with SIEM tools Knowledge of ITIL disciplines such as Incident, Problem and Change Management Strong verbal and written English communication. Strong interpersonal and presentation skills ECI’s culture is all about connection - connection with our clients, our technology and most importantly with each other. In addition to working with an amazing team around the world, ECI also offers a competitive compensation package and so much more! If you believe you would be a great fit and are ready for your best job ever, we would like to hear from you! Love Your Job, Share Your Technology Passion, Create Your Future Here! Show more Show less

SOC Analyst - L3 Experience Range : 8 - 15 Years Position : Permanent Location : Chennai (Taramani) Project : Banking Shift : Rotational Notice : Immediate Joiners, Serving Notice Key Responsibilities: Incident Detection & Response: Monitor security alerts and events through SIEM tools to identify potential threats. Investigate security incidents and respond in a timely and effective manner. Leverage EDR (Endpoint Detection and Response) solutions for threat detection and incident analysis. Threat Analysis & Mitigation: Conduct thorough threat and malware analysis to identify and mitigate risks. Work closely with internal teams to investigate malware, viruses, and ransomware threats. Use CrowdStrike , Defender , and other endpoint security tools to prevent attacks. Email Security Management: Monitor and manage email security systems to prevent phishing, spam, and other malicious email threats. Respond to suspicious email alerts and work with other teams to resolve them. Continuous Monitoring & Alerting: Actively monitor systems, networks, and applications for any signs of suspicious activities. Utilize Endpoint Security solutions to continuously track and protect endpoints across the network. Collaboration & Reporting: Work closely with the IT and security teams to assess, analyze, and resolve security incidents. Maintain detailed documentation of incidents, findings, and responses for future reference. Regularly report on the status of ongoing security incidents and trends to senior management. Research & Knowledge Enhancement: Stay updated with the latest security threats, vulnerabilities, and trends. Participate in security training and development to improve skills in SIEM , EDR , and other security tools. Required Skills and Qualifications: Bachelors degree in Cybersecurity, Information Security, Computer Science, or a related field, or equivalent work experience. Strong experience with SIEM (e.g., Splunk, QRadar, ArcSight). Proficient in EDR and Endpoint Security tools (e.g., CrowdStrike, Microsoft Defender). Hands-on experience in threat and malware analysis . Familiarity with email security systems (e.g., Proofpoint, Mimecast). Strong understanding of network protocols, firewalls, and intrusion detection/prevention systems. Knowledge of security frameworks and industry standards (e.g., MITRE ATT&CK, NIST). Excellent analytical and problem-solving skills. Preferred Qualifications: Security certifications like CompTIA Security+ , CISSP , CEH , or GIAC are a plus. Experience with incident response and forensic investigation. Familiarity with cloud security in AWS, Azure, or Google Cloud.

Join our high-performing Cybersecurity team as a Cybersecurity Incident Response Analyst / SOC Specialist and take on a critical role in defending our enterprise from sophisticated and evolving cyber threats. This is an exciting opportunity for experienced professionals with 5+ years of hands-on experience in Security Operations Center (SOC) environments, incident response, and threat detection to make a meaningful impact in a fast-paced and highly secure infrastructure. You will be working alongside skilled cybersecurity experts, using advanced tools and frameworks to safeguard our global operations and ensure business continuity. Key Responsibilities:- Monitor, analyze, and respond to security events using SIEM tools including Blusapphire, IBM QRadar, Securonix, and Splunk . Perform Tier 1 & Tier 2 SOC operations , including event triage, threat detection, and initial incident response. Integrate and administer SIEM platforms and develop effective use-cases, alerts, dashboards , and reports. Conduct in-depth forensic analysis and investigations using tools like EnCase, FTK, Sleuthkit, and SANS SIFT . Collaborate with global teams to ensure timely and effective incident detection, response, and resolution. Support crisis response and participate in scenario planning and deception environment development (e.g., honeypots, honeytokens). Analyze advanced attacker TTPs and contribute to the improvement of defensive controls and strategies. Maintain documentation, reporting, and communication in a clear, concise, and actionable format. Mandatory Technical Skills:- SIEM Expertise: Blusapphire, IBM QRadar, Securonix, Splunk SIEM Administration and SOC Integration SOC L1/L2 Monitoring and SOC Operations Knowledge of IDS/IPS, malware analysis, firewalls, proxies Strong grasp of network protocols (TCP, UDP, DNS, DHCP, etc.) Familiarity with Windows/Linux infrastructure , cloud platforms (AWS, Azure, GCP) Incident response and investigation tooling (e.g., Kali Linux, IDA Pro) Scripting or programming skills (Python, Bash, etc.) preferred Qualifications & Industry Experience:- 5+ years of experience in cyber incident response and/or digital forensics Experience in large enterprise or regulated sectors (e.g., finance) Industry certifications preferred: CEH, GCIH, GCIA, GCFA, GNFA, SANS, EnCE, CRISC Deep understanding of security frameworks: OWASP, ISO27001, NIST, PCI DSS, CIS Strong communication skills – able to explain complex issues clearly across technical and business audiences Self-driven, ethical, with a high sense of urgency and decision-making ability Show more Show less

Key Responsibilities 1. Demonstrated expertise in configuring, managing, and troubleshooting Fortinet Firewall systems. 2. Proficient in the operation and management of Cisco Layer 3 switches. 3. Comprehensive experience in managing core network infrastructure, including environments with multiple Internet Leased Lines (ILLs), firewalls, and Layer 3 switches operating in high availability (HA) mode, spanning multiple floors and integrating with data center connectivity. 4. Strong knowledge of Point-to-Point (P2P) and IPsec VPN tunnels, including configuration and maintenance. 5. Solid understanding of endpoint security tools such as Netskope, CrowdStrike, and CoSoSys Endpoint Protector. 6. Basic familiarity with IBM QRadar (Security Information and Event Management - SIEM tool). 7. Hands-on experience with LAN, WLAN, and WAN technologies. 8. Proven background in network security, with a focus on secure architecture and incident response. 9. Foundational understanding of Business Continuity Planning (BCP) in relation to network infrastructure. 10. Strong analytical and problem-solving abilities with a methodical approach to troubleshooting. 11. Highly self-motivated and capable of working independently while also being an effective contributor in a collaborative team setting. 12. Reliable and adaptable, with the flexibility to respond to changing requirements and priorities. Qualifications: 1. 8 to 15 years of progressive experience in the field of information technology, with a focus on network and security domains. 2. Proven track record in network and cybersecurity operations, including the design, implementation, and management of secure and scalable network infrastructures. 3. Exceptional time management and prioritization skills, with the ability to effectively manage multiple tasks and deliverables in a dynamic, high-pressure environment. Show more Show less

Position Summary We are seeking an experienced SOC Analyst to join our Security Operations team. This role demands an individual with a strong technical background in incident analysis, SIEM administration, and rule fine-tuning. The ideal candidate will have experience working with diverse environments, including Windows, Linux, and network security, and will be well-versed in ELK stack management and troubleshooting beats agents. Key Responsibilities 1. Incident Detection and Analysis: o Conduct deep-dive analysis on security incidents, assessing root causes, and recommending solutions. o Proactively monitor and respond to security alerts, managing incident escalation and resolution processes. o Prepare detailed reports and document incidents to support future analysis and security measures. 2. SIEM Administration and Rule Fine-Tuning: o Oversee SIEM configurations, including tuning rules to optimize alerting and reduce false positives. o Conduct SIEM platform upgrades, troubleshoot performance issues, and ensure platform availability. o Collaborate with IT teams to integrate new data sources into SIEM and enhance visibility. 3. System and Network Security: o Perform continuous monitoring and analysis across Windows and Linux systems and network infrastructures. o Utilize tools for traffic analysis, anomaly detection, and threat identification. o Support configurations and policies within the IT and network environment to strengthen security. 4. ELK Stack and Beats Agent Management: o Manage and troubleshoot ELK Stack components (Elasticsearch, Logstash, and Kibana) to ensure seamless data flow. o Perform regular maintenance and troubleshooting of beats agents, ensuring reliable log ingestion and parsing. 5. Security Policies and Compliance: o Contribute to policy updates, ensuring adherence to organizational and industry compliance standards. o Document and enforce security controls aligned with best practices and regulatory requirements. Skills and Qualifications Education: Bachelors degree in Information Security, Computer Science, or a related field. Experience: o Minimum of 5+ years in SOC operations or a similar cybersecurity role. o Proven experience in SIEM administration, incident analysis, and configuration fine-tuning. o Proficiency in monitoring and troubleshooting Windows and Linux systems and managing network security protocols. o Hands-on experience with the ELK Stack, with expertise in troubleshooting beats agents. Technical Skills: o Familiarity with SIEM tools (e.g., Splunk, QRadar) and network protocols. o Strong command of incident response processes, security frameworks, and best practices. o Knowledge of communication protocols and system integrations for data protection. Certifications (preferred): CISSP, CompTIA Security+, CEH, or similar security certifications. Competencies Strong analytical skills with attention to detail. Excellent verbal and written communication abilities. Ability to work independently and collaboratively in a fast-paced environment. Additional Preferred Skills Knowledge of regulatory compliance standards. Experience in using EDR solutions. Ability to document processes and create incident playbooks. This role offers an opportunity to work on advanced cybersecurity initiatives within a dynamic SOC environment, contributing to enhanced organizational security. Keywords SIEM administration,incident analysis,configuration fine-tuning,Windows,Linux,network security protocols,ELK Stack,troubleshooting beats agents,Splunk,Qradar,EDR solutions,Cybersecurity* Mandatory Key Skills SIEM administration,incident analysis,configuration fine-tuning,Windows,Linux,network security protocols,ELK Stack,troubleshooting beats agents,Splunk,Qradar,EDR solutions,Cybersecurity*

SOC Analyst (Level 1) Experience - 2 to 4 years Location : Thiruvananthapuram, Kerala Employment Type : Full-Time Role Overview As a Level 1 SOC Analyst, you will serve as the first line of defense in our Security Operations Center, responsible for monitoring, detecting, and responding to security incidents in real-time. You will utilize SIEM tools to analyze security events and collaborate with cross-functional teams to mitigate risks and enhance the organization's security posture. Key Responsibilities Security Monitoring : Continuously monitor security alerts from SIEM platforms (e.g., Splunk, Sentinel, QRadar) to identify potential threats. Incident Triage : Perform initial analysis and classification of security incidents, escalating to higher tiers when necessary. Threat Analysis : Investigate and analyze security events to determine their impact and potential risks. Incident Response : Assist in the containment, eradication, and recovery processes during security incidents. Reporting : Document incidents and actions taken, providing detailed reports for further analysis and compliance purposes. Collaboration : Work closely with IT and security teams to implement security measures and mitigate risks. Continuous Learning : Stay updated with the latest cybersecurity threats, vulnerabilities, and mitigation strategies. Required Qualifications Experience : 2 to 4 years in a SOC or similar cybersecurity role. Technical Skills Proficiency in using SIEM tools (e.g., Splunk, Sentinel, QRadar). Understanding of network protocols and security technologies. Familiarity with endpoint protection and monitoring tools. Certifications : Relevant certifications such as CEH, CompTIA Security+, or CISSP are preferred. Soft Skills Strong analytical and problem-solving abilities. Excellent communication skills for reporting and collaboration. Ability to work effectively in a 24/7 environment. (ref:hirist.tech) Show more Show less

Role & responsibilities Review Level1 Analysts Work - False positive analysis and input for rule fine tuning. Should be able to remediate incidents end to end when there is a need, work closely with Respective Customer team. Prepare monthly shift roster. Provide recommendation for existing rule changes and make necessary changes. Ensure cases are handled within defined TAT and escalate as needed. Perform daily alert review. Daily Reporting and Dashboards. Use-case creation Preferred candidate profile Candidate should ready to join within 30 days Minimum 2+ years of experience working into SIEM tool - IBM Qradar Hands on experience working in use cases creation and fine tunning