408 Qradar Jobs - Page 14

Managed Services SOC Manager Job Summary: The Security Operations Center (SOC) Security L-2 Analyst serves in a SOC team, is responsible for conducting information security investigations as a result of security incidents identified by the Level-1 security analysts who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone). The L2 SOC Security Analyst is expected to have a solid understanding of information security and computer systems concepts and should be ready to work in shifts. An engineer in this position act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques. Job Description : Responsible for conducting information security investigations as a result of security incidents identified by the Level 1 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone), Act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques. Should have experience in Developing new correlation rules & Parser writing Experience in Log source integration Act as the lead coordinator to individual information security incidents. Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Center. Document incidents from initial detection through final resolution. Participate in security incident management and vulnerability management processes. Coordinate with IT teams on escalations, tracking, performance issues, and outages. Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats. Communicate effectively with customers, teammates, and management. Prepare Monthly Executive Summary Reports for managed clients and continuously improve their content and presentation. Provide recommendations in tuning and optimization of security systems, SOC security process, procedures and policies. Define, create and maintain SIEM correlation rules, customer build documents, security process and procedures. Follow ITIL practices regarding incident, problem and change management. Staying up-to-date with emerging security threats including applicable regulatory security requirements. Maintain an inventory of the procedures used by the SOC and regularly evaluate the SOC procedures and add, remove, and update the procedures as appropriate Publish weekly reports to applicable teams Generate monthly reports on SOC activity Secondary skills like AV, HIPS, DCS, VA/ PT desirable Required Technical Expertise Must have experience in SIEM Management tool (QRADAR) Should have certifications like, ITIL, CCNA, CEH, VA (Product) Certification, CISM Process and Procedure adherence General network knowledge and TCP/IP Troubleshooting Ability to trace down an endpoint on the network, based on ticket information Familiarity with system log information and what it means Understanding of common network services (web, mail, DNS, authentication) Knowledge of host based firewalls, Anti-Malware, HIDS General Desktop OS and Server OS knowledge TCP/IP, Internet Routing, UNIX / LINUX & Windows NT

Tech Lead (Python) Experience: 7 - 10 Years Exp Salary : INR 20-22 Lacs per annum Preferred Notice Period : Within 30 Days Shift : 10:00AM to 7:00PM IST Opportunity Type: Onsite (Bengaluru) Placement Type: Permanent (*Note: This is a requirement for one of Uplers' Clients) Must have skills required : Python, flask Good to have skills : Cloud Computing, Django, QRadar, SIEM tools, Splunk, Linux, GIT, FastAPI, RestAPI Sacumen (One of Uplers' Clients) is Looking for: Tech Lead (Python) who is passionate about their work, eager to learn and grow, and who is committed to delivering exceptional results. If you are a team player, with a positive attitude and a desire to make a difference, then we want to hear from you. Role Overview Description We are looking for a Tech lead to join our cutting-edge development team as it grows. We want someone who is comfortable asking why? The ideal candidate is a divergent thinker who understands industry best practices and has experience with multiple coding languages. They are a team player possessing good analytical as well as technical skills. They are able to communicate and understand the logic behind technical decisions to non-tech stakeholders. They must be comfortable working in an agile environment and have the ability to take the wheel when necessary. Responsibilities Gather and analyze user requirements. Create clear technical specifications for reference and reporting. Analyze the third-party applications and identify the components to be integrated. Create innovative, scalable, fault-tolerant software solutions for our customers. Validate and ensure defined unit tests code coverage is achieved. Do code quality checks and code reviews regularly to ensure safe and efficient code. Ensure the setup of the deployment infrastructure and test environments. Work closely with project managers, teams, systems architects, and sales and marketing professionals to deliver project objectives. Continuously look to improve the organization's standards. Expand existing software to meet the changing needs of our key demographics. Requirements A Bachelors / Masters Degree in Engineering or Information Technology. 7-10 years of software development experience with 4+ years of experience with the Python programming language. A thorough understanding of computer architecture, operating systems, and data structures. An in-depth understanding of the Internet, Cloud Computing & Services, and REST APIs. Must have experience with any one of the python frameworks like Flask / FastAPI / Django REST. Must know GIT and Python virtual environment. Must have experience with python requests module. Should have experience with creating and using python third-party libraries. Familiarity with SIEM tools like the Qradar app / Splunk app and Splunk add-on will be an advantage. Experience working with Linux/Unix and shell scripts. A meticulous and organized approach to work. A logical, analytical, and creative approach to problem-solving. A thorough, detail-oriented work style. Interview Process - Technical Round 1 (Tech Discussion / Problem Solving) Technical Round 2 (Techno Managerial Round) CEO Round HR Round How to apply for this opportunity: Easy 3-Step Process: 1. Click On Apply! And Register or log in on our portal 2. Upload updated Resume & Complete the Screening Form 3. Increase your chances to get shortlisted & meet the client for the Interview! About Our Client: The Company is a wholly-owned subsidiary of USA, (www.opus.global) is in the process of setting up a software development team in India. The team collectively should have the following skill set. The company has become the leader in providing professionally managed solutions for centralized and decentralized I/M programs by applying leading-edge technology to data management, safety and emissions testing and diagnostic equipment, on-road Remote Sensing, and wireless Remote OBD monitoring. Opus has operations on four continents. We are among the top companies in Vehicle Inspection and a leader in Intelligent Vehicle Support. About Uplers: Our goal is to make hiring and getting hired reliable, simple, and fast. Our role will be to help all our talents find and apply for relevant product and engineering job opportunities and progress in their career. (Note: There are many more opportunities apart from this on the portal.) So, if you are ready for a new challenge, a great work environment, and an opportunity to take your career to the next level, don't hesitate to apply today. We are waiting for you!

Security Operations Centre (SOC) - Lead Location: Pune(Aundh/Baner),India (On-site, In-House SOC) Department: Security Operations Center Experience: 4-6 Years Work Type: Full-time| Hybrid Model | 24x7 Rotational Shifts Role Overview: We are looking for an experienced and technically strong SOC Lead / Senior Engineer who will own and manage the core administration, tuning, detection engineering, and incident response infrastructure within the Security Operations Center. This is a hands-on technical role for someone who thrives in a high-paced, cloud-first environment and has expertise in SIEM (QRadar), XDR (CrowdStrike), DLP (Netskope), Deception (Canary), TIP/SOAR, and AWS Security. Key Responsibilities: Monitor, investigate, and close security incidents using QRadar SIEM , with deep expertise in offense triage and management. Administer and fine-tune configurations across multiple security platforms including QRadar, CrowdStrike XDR, Netskope DLP, Canary, Sysdig/Falco, and G-Suite Security to ensure optimal performance. Architect and deploy new SIEM content such as correlation rules, filters, dashboards, active lists, reports, and trends based on threat intelligence and business needs. Lead use case design and development for new detections based on the evolving threat landscape and attack techniques (MITRE ATT&CK alignment). Own the log onboarding lifecycle, including parsing, normalization, and enrichment for diverse AWS services and third-party SaaS platforms. Manage SLAs for incident detection, escalation, and resolution; ensure robust reporting and analytics for SOC operations. Conduct advanced threat hunting, packet-level analysis, and proactive detection activities using telemetry and behavioral analytics. Integrate and manage SOAR and TIP tools to drive automation and enrichment in incident response workflows. Lead vulnerability assessments and penetration testing activities in collaboration with infrastructure and DevSecOps teams. Develop and test incident response plans (IRPs) and playbooks for high-impact scenarios like ransomware, insider threats, and data exfiltration. Stay abreast of the latest threats, vulnerabilities, and exploits; conduct periodic threat briefings and internal knowledge transfers. Maintain detailed documentation of configurations, security procedures, SOPs, incident reports, and audit logs. Mentor junior SOC analysts and provide technical guidance during critical incidents and escalations. Creation of reports, dashboards, metrics for SOC operations and presentation to Sr. Management. Experience in Designing and deploying use cases for SIEM and other security devices. Continuously monitor security alerts and events to identify potential security incidents or threats. Follow standard operating procedures (SOPs), incident response runbooks, and recommend improvements where necessary. Understanding of network protocols (TCP/IP stack, SSL/TLS, IPSEC SMTP/IMAP, FTP, HTTP, etc.). Hands-on experience in security monitoring, Incident Response (IR), security tools configuration, and security remediation. Understanding of Operating System, Web Server, database, and Security devices (firewall/NIDS/NIPS) logs and log formats. Ensure all actions are compliant with internal policies, security standards, and regulatory requirements. Required Skills & Experience: Minimum 4 years of experience in SOC operations, including administrative expertise in SIEM platforms (preferably QRadar). Strong hands-on knowledge of SIEM tuning, content development, threat detection, and incident handling. Expertise in 3 or more of the following: SIEM (QRadar), XDR (CrowdStrike), SOAR/TIP Platforms, DLP (Netskope), Cloud Security (AWS), Deception Technology (Canary) Experience with network traffic analysis, packet capture tools, and deep dive investigations. Strong analytical, problem-solving, and decision-making skills. Familiarity with security frameworks such as MITRE ATT&CK, NIST, and CIS Controls. Preferred Qualifications: Professional certifications such as GCIA, GCED, GCIH, CEH, CCSP, AWS Security Specialty, or QRadar Certified Specialist. Prior experience in managing an in-house 24x7 SOC or leading shift teams. What We Offer: Work on a modern cloud-native security stack in a dynamic FinTech environment. Opportunity to lead security engineering and detection strategy for critical financial platforms. Be part of a tight-knit, expert-level team with a strong learning and innovation culture. Competitive salary, performance-based incentives, and growth opportunities.

Cyber and 3rd party risk manager About Amgen Amgen harnesses the best of biology and technology to fight the world’s toughest diseases, and make people’s lives easier, fuller and longer. We discover, develop, manufacture and deliver innovative medicines to help millions of patients. Amgen helped establish the biotechnology industry more than 40 years ago and remains on the cutting-edge of innovation, using technology and human genetic data to push beyond what’s known today. What you will do Role Description This is a lead role to support the risk management product team in identifying, analyzing, and mitigating IT-related risks to the organization. This role will involve working closely with various departments to ensure that risk controls are in place, policies are adhered to, and security standards are met. The IT Risk Analyst will assist in developing and maintaining risk management frameworks, performing assessments, and supporting regulatory compliance efforts. Roles & Responsibilities Risk Management Leadership Support the global risk management and third-party organization in leading a team of risk analysts performing tasks related to the global risk assessment processes. Risk Identification and Assessment: Conduct risk assessments to identify vulnerabilities in IT systems, processes, and policies. Assist in the identification and evaluation of risks associated with third-party vendors and partners. Maintain the IT risk register, documenting risks, issues, and remediation actions. Risk Mitigation and Monitoring: Recommend risk mitigation strategies and implement risk management controls across IT infrastructure. Collaborate with IT, cybersecurity, and business teams to track and resolve identified risks and vulnerabilities. Monitor and report on the effectiveness of existing IT risk controls and recommend enhancements as needed. Compliance and Regulatory Support: Ensure compliance with relevant industry standards and regulatory requirements (e.g., GDPR, SOX, PCI-DSS, NIST). Assist in the preparation for audits by internal and external parties, providing documentation and evidence of IT risk management practices. Support the development and implementation of IT governance, risk, and compliance frameworks. Vendor Risk Management: Conduct vendor risk assessments, ensuring third-party services and products align with internal risk and security policies. Regularly review vendor performance and risk exposure, working with procurement and legal teams as necessary. What we expect of you We are all different, yet we all use our unique contributions to serve patients. The [vital attribute] professional we seek is a [type of person] with these qualifications. Basic Qualifications and Experience Education: Bachelor’s degree in information technology, Cybersecurity, Risk Management, or a related field. Certifications such as CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), or CISSP (Certified Information Systems Security Professional) are highly desirable. Experience 4-6 years of experience in IT risk management, IT auditing, or information security. Hands-on experience with risk management tools and frameworks (e.g., ISO 27001, NIST, COBIT). Skills and Competencies: Strong understanding of IT infrastructure, systems, and security best practices. Ability to assess technical and business risk related to information systems. Excellent problem-solving, analytical, and communication skills. Ability to communicate complex risk concepts to non-technical stakeholders. Ability to assess and interpret security-related clauses in third-party contracts, such as Security Requirements Schedules (SRS) Familiarity with regulatory frameworks and compliance standards (e.g., GDPR, HIPAA, SOX, PCI-DSS). Technical Knowledge: Proficiency with risk management tools, GRC (Governance, Risk, and Compliance) software, and security incident management tools. Experience with security controls related to networks, databases, and cloud environments. Soft Skills: Excellent analytical and troubleshooting skills Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation Ability to manage multiple priorities successfully Team oriented, with a focus on achieving team goals Strong presentation and public speaking skills Collaboration with global teams What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. Apply now for a career that defies imagination Objects in your future are closer than they appear. Join us. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

SOC Analyst Location: Pune(Aundh/Baner),India (On-site, In-House SOC) Department: Security Operations Center Experience: 1-3 Years Work Type: Full-time| Hybrid Model | 24x7 Rotational Shifts Role Overview: As a SOC Analyst, you will be part of our in-house 24x7 Security Operations Centre based in Pune. You will be responsible for monitoring, analyzing, and responding to security incidents and alerts using cutting-edge security technologies and platforms. This role is a great opportunity to grow in a fast-paced FinTech environment leveraging tools like QRadar SIEM, CrowdStrike XDR, Netskope DLP, AWS Cloud Security, Sysdig, Falco, Canary Tokens, and G-Suite Security and other security solutions. Key Responsibilities: Continuously monitor security alerts and events using QRadar SIEM , CrowdStrike , Falco , and other integrated tools. Perform initial triage and analysis to assess the nature and severity of potential security incidents. Escalate incidents in line with established procedures and severity levels. Create, update, and manage incident tickets throughout their lifecycle using ticketing systems. Analyze logs and security data from various sources, including AWS Cloud , G-Suite , and endpoint solutions. Assist in proactive threat hunting and detection of malicious activity across systems and applications. Technical experience working in a SOC and cybersecurity incident response. Generate daily, weekly, and ad-hoc reports detailing SOC operations and incident statistics. Support 24x7 operations by participating in rotational shifts, including nights and weekends. Understanding of AWS Services for security detection and mitigation. Follow standard operating procedures (SOPs), incident response runbooks, and recommend improvements where necessary. Understanding of network protocols (TCP/IP stack, SSL/TLS, IPSEC SMTP/IMAP, FTP, HTTP, etc.). Hands-on experience in security monitoring, Incident Response (IR), security tools configuration, and security remediation. Creation of reports, dashboards, metrics for SOC operations and presentation to Sr. Management. Understanding of Operating System, Web Server, database, and Security devices (firewall/NIDS/NIPS) logs and log formats. Ensure all actions are compliant with internal policies, security standards, and regulatory requirements. Required Skills & Experience : 1-3 years of hands-on experience in SOC operations or cyber security monitoring. Exposure to SIEM tools, preferably IBM QRadar . Experience with Endpoint Detection & Response (EDR) solutions such as CrowdStrike . Familiarity with DLP (preferably Netskope) and cloud-native security tools. Working knowledge of Linux/Unix command line and scripting basics. Understanding of AWS Cloud Security concepts . Knowledge of TCP/IP, DNS, HTTP, and other networking protocols. Familiarity with common attack vectors and threat landscape (MITRE ATT&CK framework is a plus). Good to Have: Experience with Falco , Sysdig , or other container security tools. Exposure to Canary tokens or deception technologies. Basic certifications such as CompTIA Security+, CEH, AWS Security Specialty, or CrowdStrike CCFA . What We Offer: Opportunity to work with modern cloud-native security stack. Learn and grow in an innovative FinTech environment. Mentorship and training on advanced threat detection and response practices. Strong team culture focused on collaboration and technical excellence. Competitive salary and shift allowances.

Job description Ensure the development of policies, procedures & documentations. Establish, document, and manage the scope, schedule and resource allocation for projects and sustaining activities to ensure successful project execution. Implement and maintain integrated work schedules and plans which ensure that the necessary deliverables are ready & available. Oversee the daily operations of 24X7X365 Security Operations Center, Develop & maintain SOC documentations, produce relevant cyber security metrics that allow the SOC to provide Executive Leadership with metrics. Support Security Analysts monitoring the network and answering phone calls and emails, about cyber operations to respond to, analyse, and manage the response to cyber incidents affecting the client information and information systems in accordance with the client Incident Response Plan (IRP). Ensure the service quality as per SLA. SOC manager should have a good command over information security solutions and SIEM architecture so that he/she will be able to effectively guide the onsite team on the operations and provide the Bank necessary insights and advice in order to improve the information security posture of the Bank. SOC manager is responsible for overall management of SOC and its operations. Following are the key responsibilities of this role: 1. Continuous review of the operations carried out by the SOC team. 2. Ensure that SOC team is fully compliant to the process defined. 3. Efficiently manage the escalation procedures followed by the SOC team. 4. Regularly monitor and review the incident and cases records. 5. Regularly track the Timeline compliance of the SOC activities. 6. Take measures to carry out SOC activities in an effective and efficient manner. 7. Regularly review the processes and procedures followed by the SOC team and propose changes if there is a scope for improvement. 8. Develop and evaluate metrics to measure the performance of the SOC team. 9. Present the security reports periodically to the IT security team and management. 10.Provide suggestions to add/remove log sources under monitoring scope. 12. Ensure the development of policies, procedures & documentations. 13. Establish, document, and manage the scope, schedule, and resource allocation for projects and sustaining activities to ensure successful project execution. 14. Implement and maintain integrated work schedules and plans which ensure that the necessary deliverers are ready & available, Oversee the daily operations of the 24x7x365 Security Operations Center. 15.Guide L2 Team to Develop and configure use cases on SOC monitoring tools concerning a specific log source upon integration. 16.Guide L2 Team Configure additional modules/packages on Qradar if there are any. 17.Guide L2 Team Develop Log Baseline for the log sources identified to be integrated with Qradar. 18.Guide L2 Team Set up a baseline security level for critical assets by means of Qradar vulnerability scans per quarter.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Senior (Endpoint Detection and Response) KEY Capabilities: Excellent teamwork skills, passion and drive to succeed and combat Cyber threats Work collaboratively with other team members to find creative and practical solutions to customers’ challenges and needs.Expertise in design, implementation and operation of EDR solution such as Carbon Black, Tanium, Crowdstrike , Cortes XDR , Microsoft Defender ATP , MacAfee, Symantec and similar technologies,(including migration)Provide consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment.Perform remote and on-site gap assessment, customization, installation, and integration of the EDR solution.Knowledge of cyber threat intelligenceExperience in several of the following areas cybersecurity operations, network security monitoring, host security monitoring, malware analysis, adversary hunting, modern adversary methodologies, all source intelligence analysis, analytical methodologies, confidence-based assessments, and writing analytical reports.Working knowledge of Cuckoo, CAPE, or any other sandbox platformsExperience with security orchestration automation and response tools (Phantom, Resilient, XSOAR) and incident response platforms/DFIR toolsetsExperience with threat hunting using cyber threat intelligence by analyzing large and unstructured data sets to identify trends and anomalies indicative of malicious cyber activities.Expertise in EDR use case development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systemsWilling to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers.Experience in responding to the RFPs and preparation of Project Plan Expertise in integrating EDR devices including unsupported (in-house built) by creating custom parsersGood knowledge in threat modelling. Experience in creating use cases under Cyber kill chain and MITRE attack frameworkKnowledge in Network monitoring technology platforms such as Fidelis XPS or others.Ability to lead a team / project on various phases.Deep understanding on Market trends and ability to adapt based on that.Below mentioned experiences/expertise will be added advantageDeep understanding in various SIEM solutions like Splunk, Qradar, LogRhythm, Securonix, Elastic.Knowledge in scripting using PythonExperiencing advising on Cloud Security capabilities across various platform mainly AzureConfigure data digestion types and connectorsAnalytic design and configuration of the events and logs being digestedDevelop, automate, and orchestrate tasks(playbooks) with logic apps based on certain events Qualification & experience: Minimum of 6 to 12 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments. Strong oral, written and listening skills are an essential component to effective consulting.Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary.Must have knowledge of Vulnerability Management, basic Windows setup, Windows Domains, trusts, GPOs, server roles, Windows security policies, basic Linux setup, user administration, Linux security and troubleshooting.Good to have experience in handling big data integration via Splunk or other SIEMDeep understanding in Malware Analysis and Incident ResponseGood knowledge in programming or Scripting languages such as Python, JavaScript, Bash, PowerShell, Bash, Ruby, Perl, etcMust have honours degree in a technical field such as computer science, mathematics, engineering or similar fieldMinimum 4 years of working in a security operations center Certification in any one of the EDR or SIEM Solution is a must Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Job requisition ID :: 77258 Date: May 5, 2025 Location: Delhi Designation: Assistant Manager Entity: Job Summary: The SIEM QRadar Engineer is responsible for deploying, configuring, and managing IBM QRadar SIEM solutions to monitor, analyze, and respond to security events and incidents across the enterprise. This role requires a strong understanding of cybersecurity principles, event management, and log analysis to provide real-time monitoring, threat detection, and incident investigation. Key Responsibilities: 1. QRadar Platform Configuration & Administration: Implement and configure IBM QRadar SIEM, including the integration of log sources (firewalls, servers, IDS/IPS, etc.). Administer and maintain QRadar appliances, including updating, patching, and tuning for performance. Ensure the proper setup of security event collection, parsing, normalization, and storage. 2. Security Monitoring & Incident Response: Monitor QRadar dashboards and alerts for security incidents and potential threats. Investigate and triage security incidents, escalating as necessary, and providing detailed reports for remediation. Create and fine-tune custom rules, offenses, and alerts to improve threat detection accuracy. 3. Log Source Management: Configure and manage log source integrations, including forwarders, collectors, and data processing. Work with teams across the organization to identify and collect relevant logs for security monitoring. 4. Correlation Rules and Customization: Develop, maintain, and optimize correlation rules to detect suspicious activities. Work with security analysts to develop custom use cases and refine QRadar correlation capabilities. 5. Threat Intelligence and Data Integration: Integrate threat intelligence feeds into QRadar for enhanced detection of external threats. Leverage external data sources and QRadar’s built-in capabilities to identify emerging threat patterns. 6. Reporting and Documentation: Generate reports for management, compliance audits, and regulatory requirements. Document configurations, rules, processes, and troubleshooting steps for knowledge sharing and incident response procedures. 7. Collaboration & Support: Work closely with IT and cybersecurity teams to integrate new systems and optimize SIEM operations. Assist in the development of incident response playbooks and provide expertise during security incidents. Required Skills & Qualifications: Experience: Minimum of 3-5 years of experience in SIEM engineering security (preferably IBM QRadar). Experience in incident response, threat hunting, and using security monitoring tools. Technical Skills: Strong understanding of SIEM concepts and security event management. In-depth knowledge of the QRadar platform (administration, configuration, and optimization). Familiarity with network security protocols, firewalls, IDS/IPS systems, and security appliances. Experience with Linux/Unix operating systems and basic scripting (Python, Bash, etc.) for automation or customization. Certifications : IBM QRadar certification.

This position you will Perform Incident Management and Response for state of art SOC. Position will be responsible to work with security tracks/technical teams in the event of an attack or incident. Fine-tune the process and bring in industry best practices, follow up with teams until incident closure and working on Aftermath. Experience in Information Security operations & management with hand on experience in large security operations center using IBM QRadar/Splunk/ArcSight or similar SIEM tool. Manage network, endpoints and forensics initiatives, malware triage and cyber security incident response. Managing Cyber Security Services engagements and engagement teams. Recognizing common attacker tools, tactics, and procedures Providing oversight for on-site examinations and collections and technology advisory services to enhance forensic client engagements. Researching and developing new digital forensics scripts, tools, and methodologies. Assessing and troubleshooting a variety of technical issues and support a cyber response lab on our clients SIEM tool and UEBA platform

Role & responsibilities SOC Operations: Monitor and analyze security events across networks, systems, and endpoints. Investigate, escalate, and respond to security incidents in a timely manner. Collaborate with the SOC team to enhance incident response procedures. Microsoft Security Solutions: Manage and maintain Microsoft Defender suite of tools, Azure Sentinel, and Microsoft Services. Implement Microsoft security configurations and policies to protect digital environments. Conduct threat hunting and data analysis using Microsoft Sentinel, KQL, and other Microsoft tools. Ensure compliance with security standards and best practices within Microsoft environments. Threat Detection and Incident Response: Conduct root cause analysis for security incidents and create actionable remediation plans. Support threat intelligence and vulnerability management programs to proactively reduce risk. Automate response and remediation workflows using Microsofts security automation tools. Security Engineering and Improvements: Develop and fine-tune security alerts and rules to improve threat detection. Collaborate with cross-functional teams to assess and improve security architecture. Assist in the design and implementation of secure cloud and hybrid environments with a focus on Microsoft platforms. Documentation and Reporting: Maintain up-to-date documentation of security procedures and incident reports. Generate reports on security incidents, SOC performance, and security posture improvements. Provide recommendations to improve security operations and incident response Preferred candidate profile 7+ years of professional experience in Security Operations Centre (SOC) or 5+ years of experience cybersecurity engineering role Strong hands-on experience with Microsoft security products, including: Microsoft Defender for Endpoint, Azure Sentinel, and Microsoft 365 Defender. Knowledge of Kusto Query Language (KQL) for threat hunting and data analysis. Familiarity with Microsoft security compliance frameworks and configurations. Act as an escalation point for high and critical severity security incidents and conduct thorough investigations to determine potential impact and understand extend of compromise. Practical knowledge of SIEM platforms, preferably Azure Sentinel, and incident response processes. Hunt for Indicators of Compromise (IOCs) and signs of Advanced Persistent Threats (APTs) within the Clients environment. Analyse attack patterns, Tools, Techniques and Procedures (TTPs) to identify methods of attacks and attack life cycle. Experience with a variety of security technologies, including firewalls, intrusion detection systems, EDR, XDR, SASE, SSE, Email Security Gateways, IDAM, and vulnerability scanners Experience with security best practices, including incident response, risk assessments, and security controls. Strong analytical and problem-solving skills with the ability to work in a fast-paced environment. Perks and benefits Perks and benefits Oreta takes pride in providing a service of excellence to our customers and looking after our employees who enable our business to succeed. The successful applicant will enjoy working in a collaborative environment in Chandigarh, India with a friendly and highly driven people (the Oreos), where ideas are always welcome and ongoing training and development is strongly encouraged. The renumeration will be negotiated and based on the relevant skills and experience of the successful applicant. If you are interested in a long-term career with potential to develop and grow with the business and are available to start immediately, then we look forward to hearing from you.

We are seeking a highly experienced and motivated Senior SOC Manager to lead our Security Operations Center (SOC) team. The Senior SOC Manager will be responsible for managing the day-to-day operations of the SOC, overseeing security monitoring, incident response, threat intelligence activities, and ensuring the organisation's information assets are protected. The ideal candidate will have a strong background in cybersecurity operations, team leadership, and incident management, with a strategic mindset and the ability to drive continuous improvement. Role & responsibilities 1. Leadership and Management: Team Leadership : Lead, mentor, Build and manage a team of SOC analysts, incident responders, and threat hunters. Foster a culture of continuous improvement, accountability, and professional development within the SOC team. Conduct regular performance reviews and provide constructive feedback to team members. Operational Management : Develop and maintain SOC processes, procedures, and documentation to ensure efficient and effective operations. Ensure the SOC team operates 24/7, providing continuous coverage for security monitoring and incident response. Coordinate shift schedules, resource allocation, and ensure adequate staffing levels. Monitoring and Detection : Oversee the monitoring of security events and alerts generated by various security tools and technologies. Ensure the timely identification, analysis, and escalation of potential security incidents. Develop and fine-tune detection rules, signatures, and use cases to enhance threat detection capabilities. Incident Response : Coordinate and manage the end-to-end incident response process, including detection, analysis, containment, eradication, and recovery. Develop, implement, and maintain incident response playbooks, runbooks, and standard operating procedures (SOPs). Lead post-incident reviews, including root cause analysis and lessons learned, to improve incident response processes. Threat Intelligence Integration : Ensure the SOC team stays up-to-date with the latest threat intelligence and cyber threat landscape. Integrate threat intelligence into SOC operations to enhance detection and response capabilities. Collaborate with threat intelligence analysts to gather, analyse, and disseminate actionable intelligence. Threat Hunting : Develop and lead proactive threat hunting activities to identify and mitigate potential threats before they impact the organisation. Utilise advanced analytical and forensic tools to uncover hidden threats and malicious activities. Internal Collaboration : Work closely with other IT and security teams to ensure seamless integration of security operations. Collaborate with the IT infrastructure team to ensure security controls are properly implemented and maintained. Engage with application development teams to ensure secure coding practices and application security measures. Stakeholder Communication : Communicate effectively with senior management, providing regular updates on SOC activities, incidents, and overall security posture. Develop and deliver regular SOC performance and incident reports to leadership. Serve as the primary point of contact for escalated security incidents and external communications. Process Enhancement : Identify areas for improvement within the SOC and implement enhancements to processes, tools, and technologies. Conduct regular SOC assessments and readiness exercises to ensure operational effectiveness. Stay informed about the latest security trends, technologies, and best practices. Metrics and Reporting : Develop and track key performance indicators (KPIs) and metrics to measure the effectiveness and efficiency of SOC operations. Provide detailed reporting on SOC activities, incidents, and trends to senior management and other stakeholders. Monthly CISO reports Regulatory Compliance : Ensure SOC operations comply with relevant regulatory requirements and industry standards (e.g., GDPR, HIPAA, PCI-DSS). Support audit activities and provide necessary documentation and evidence for compliance audits. Collaborate with the compliance team to address regulatory changes and ensure ongoing compliance. Employee Training : Develop and deliver regular cybersecurity training programs for SOC staff to enhance their skills and knowledge. Promote security awareness and best practices across the organisation through training and awareness programs. Conduct phishing simulations and other awareness activities to test and improve employee readiness. Professional Development : Encourage SOC team members to pursue relevant certifications and professional development opportunities. Provide guidance and support for career development and advancement within the SOC team. Education and Experience: Education : Bachelor's degree in Computer Science, Information Security, or a related field. Advanced degree preferred. Relevant certifications such as CISSP, CISM, GIAC, or equivalent are highly desirable. Experience : A minimum of 10-12 years of experience in cybersecurity, with at least 7-8 years in a SOC management or leadership role. Proven track record of managing and leading high-performing security teams in a dynamic and fast-paced environment. Security Operations : Strong understanding of security monitoring and incident response processes and technologies. Experience with SIEM platforms (e.g., Splunk, ArcSight, QRadar) and other security tools. Knowledge of threat intelligence and analysis methodologies. Technical Expertise : Familiarity with regulatory requirements and industry standards (e.g., GDPR, HIPAA, PCI-DSS). Proficiency in using advanced analytical and forensic tools for threat detection and incident analysis. Understanding of network security, endpoint security, application security, and cloud security principles. Leadership and Management : Excellent leadership, team management, and mentoring skills. Strong analytical and problem-solving abilities. Effective communication and interpersonal skills, with the ability to interact with technical and non-technical stakeholders. Strategic Thinking : Ability to think strategically and develop long-term plans for improving SOC operations and overall security posture. Demonstrated ability to drive continuous improvement and foster a culture of innovation. This position may require occasional on-call support and the ability to respond to security incidents outside of regular business hours. Hybrid work environment with a combination of on-site and remote work. Perks and Benefits Perks and benefits Oreta takes pride in providing a service of excellence to our customers and looking after our employees who enable our business to succeed. The successful applicant will enjoy working in a collaborative environment in Chandigarh, India with a friendly and highly driven people (the Oreos), where ideas are always welcome and ongoing training and development is strongly encouraged. The renumeration will be negotiated and based on the relevant skills and experience of the successful applicant. If you are interested in a long-term career with potential to develop and grow with the business and are available to start immediately, then we look forward to hearing from you.

Job description We are seeking a highly experienced and motivated Senior SOC Manager to lead our Security Operations Center (SOC) team. The Senior SOC Manager will be responsible for managing the day-to-day operations of the SOC, overseeing security monitoring, incident response, threat intelligence activities, and ensuring the organisation's information assets are protected. The ideal candidate will have a strong background in cybersecurity operations, team leadership, and incident management, with a strategic mindset and the ability to drive continuous improvement. Role & responsibilities Lead the analysis and investigation of information security events (IDS/DLP/SIEM/etc.) in a 24x7 SOC environment to immediately detect, verify, and respond swiftly to cyber threats, and remove false positive. Serve as a technical point of escalation. Responsible for investigating incidents, analysing attack methods, researching new defence techniques and tools, developing security policy, and documenting procedures for SOC. Maintain baselines for secure configuration and operations. Malware analysis and other attack analysis to extract indicators of compromise. Perform data security event correlation between various systems. Prepare reports, summaries, and other forms of communication that may be both internal and client facing. Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives. Develop and deploy processes to ensure efficient and effective security operations. Provide guidance and mentorship to other security analysts and junior members of the security team. Keep up-to-date with the latest trends and best practice developments in the field of cybersecurity and SIEM tools Values And Behaiviours Have Fun We take time and effort to make the workplace more enjoyable, we reward and celebrate success, our customers and partners see us as human. Move with Velocity We evolve and grow to stay ahead of the curve, we make decisions quickly and often, we are decisive and show initiative, we are outcome oriented and we question everything to determine what speeds or impedes the desired outcome. Go Further We go beyond delivering what works, we discover delights and help customers transform their business, we have a passion for learning, we have a desire to question the norms, and we are curious to step out of our comfort zones. Thrive Together We are high functioning, supportive and inclusive, collaboration is in our DNA, we step up to assist our team members, and we work as a team to achieve the right outcome. Skills and Capabilities At least 7 years of experience working in a SOC environment, with a focus on using multiple SIEM tools. Strong understanding of security operations and incident response processes Hands-on experience with at least two major SIEM tools (e.g., MS Sentinel Rapid7, Exabeam Splunk, ArcSight, QRadar,) Strong analytical and problem-solving skills Excellent communication and interpersonal skills Ability to work in a fast-paced, dynamic environment Qualifications B-Tech

Preference : Experience working with BIG4 or CMMi level 5 organisations. As the Head of Security Operations and Architecture you will be responsible for leading and managing all aspects of our organisations security infrastructure, systems, and processes. This role requires a strong background in security architecture, excellent leadership and communication skills, and a deep understanding of security best practices. Role & responsibilities Develop and implement a comprehensive security architecture strategy that aligns with the organisations goals and objectives. Lead the design, implementation, and maintenance of security systems and solutions to protect the organizations information assets and infrastructure. Collaborate with cross-functional teams to identify security requirements and ensure that security measures are integrated into the design and development of new systems and applications. Conduct regular security assessments and audits to identify vulnerabilities and recommend appropriate remediation actions. Stay up-to-date with the latest security threats, vulnerabilities, and industry trends, and provide guidance and recommendations to mitigate risks. Develop and implement security policies, procedures, and standards to ensure compliance with relevant regulations and industry best practices. Manage and oversee security incident response activities, including investigations, documentation, and resolution. Provide leadership and guidance to the security team, including training, mentoring, and performance evaluations. Collaborate with internal stakeholders and external partners to ensure effective security governance and risk management. Foster a culture of security awareness and continuous improvement within the organization. Preferred candidate profile Bachelors degree in a related field or equivalent work experience. Proven experience in security architecture, preferably in a leadership or managerial role. Strong knowledge of security principles, practices, and technologies. Excellent leadership and communication skills, with the ability to effectively collaborate with cross-functional teams and senior executives. Strong analytical and problem-solving skills, with the ability to make sound decisions in complex and high-pressure situations. In-depth understanding of security frameworks, standards, and regulations (e.g., ISO 27001, NIST, GDPR). Professional certifications such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) are highly desirable. Experience with cloud security architecture and best practices is a plus. Strong project and time management skills, with the ability to prioritize and manage multiple initiatives simultaneously. Knowledge and understanding of cyber security standards, processes, policies and metrics (encompassing network security, application security and data security). Understanding of industry best practices for security architecture frameworks, tools, standards and guidelines. Understanding of cyber security principles and security layers. Familiarity with SABSA, TOGAF, NIST 800-53, Open FAIR, MITRE ATT&CK/D3FEND, threat modelling and related methodologies or frameworks CISSP, CISM, CCSK or other related certifications Experience in a number of security technologies and vendors covering: Palo Alto Networks, Proofpoint, Netskope, Zscaler, Tenable, Rapid7, Qualys, SentinelOne, CrowdStrike, Microsoft Experience working in an Agile environment Identity and Access Management Identity Governance: Cloud security across AWS/Azure and google cloud Strong ambition and ability to develop and expand cyber security services and product support. Outstanding interpersonal skills and the capacity to develop and maintain excellent working relationships with customers, stakeholders and vendors. Excellent presentation skills focusing on technical presales and solutions Strong troubleshooting skills and analytical abilities in reviewing, diagnosing and resolving complex networking problems. Strong documentation skills to develop customer facing technical and advisory documents Prior experience working across the integration of Digital and Cloud based Technology. Extensive experience in understanding and mapping out end-to-end Architecture. Experienced in Designing solutions, system and software architecture according to business strategies and architecture standards/processes. Proven track record in analysing business requirements and determining appropriate solutions to these requirements based on business needs. Ability to resolve moderate and highly complex problems and issues in solution architectures and assess potential risks with the ability to determine solutions to these risks Understanding of technologies: CASB, Web Filtering, Attack Surface Reduction, EDR, Network segmentation Strong understanding of Zero Trust architecture and concepts Ability to analyse complex technology problems and able to find secure solutions without loosing sight of business requirements Experience with security engineering, infrastructure-as-code, CI/CD, automation, and application development desirable Experience with cloud security technologies desirable Perks and benefits Oreta takes pride in providing a service of excellence to our customers and looking after our employees who enable our business to succeed. Enjoy working with a friendly and highly driven team (the Oreos), where ideas are always welcome and ongoing learning and development is strongly encouraged. Our people are rewarded with monthly team events and, learning sponsorship and many rewards & awards. The remuneration will be negotiated based on relevant skills and experience If you are interested in a long-term career with potential to develop and grow with the business and are available to start immediately, then we look forward to hearing from you . For more information visit our webpage: www.oreta.com.au

We are seeking a highly experienced and motivated Senior SOC Manager to lead our Security Operations Center (SOC) team. The Senior SOC Manager will be responsible for managing the day-to-day operations of the SOC, overseeing security monitoring, incident response, threat intelligence activities, and ensuring the organisation's information assets are protected. The ideal candidate will have a strong background in cybersecurity operations, team leadership, and incident management, with a strategic mindset and the ability to drive continuous improvement. Role & responsibilities 1. Leadership and Management: Team Leadership : Lead, mentor, Build and manage a team of SOC analysts, incident responders, and threat hunters. Foster a culture of continuous improvement, accountability, and professional development within the SOC team. Conduct regular performance reviews and provide constructive feedback to team members. Operational Management : Develop and maintain SOC processes, procedures, and documentation to ensure efficient and effective operations. Ensure the SOC team operates 24/7, providing continuous coverage for security monitoring and incident response. Coordinate shift schedules, resource allocation, and ensure adequate staffing levels. 2. Security Monitoring and Incident Response: Monitoring and Detection : Oversee the monitoring of security events and alerts generated by various security tools and technologies. Ensure the timely identification, analysis, and escalation of potential security incidents. Develop and fine-tune detection rules, signatures, and use cases to enhance threat detection capabilities. Incident Response : Coordinate and manage the end-to-end incident response process, including detection, analysis, containment, eradication, and recovery. Develop, implement, and maintain incident response playbooks, runbooks, and standard operating procedures (SOPs). Lead post-incident reviews, including root cause analysis and lessons learned, to improve incident response processes. 3. Threat Intelligence and Analysis: Threat Intelligence Integration : Ensure the SOC team stays up-to-date with the latest threat intelligence and cyber threat landscape. Integrate threat intelligence into SOC operations to enhance detection and response capabilities. Collaborate with threat intelligence analysts to gather, analyse, and disseminate actionable intelligence. Threat Hunting : Develop and lead proactive threat hunting activities to identify and mitigate potential threats before they impact the organisation. Utilise advanced analytical and forensic tools to uncover hidden threats and malicious activities. 4. Collaboration and Communication: Internal Collaboration : Work closely with other IT and security teams to ensure seamless integration of security operations. Collaborate with the IT infrastructure team to ensure security controls are properly implemented and maintained. Engage with application development teams to ensure secure coding practices and application security measures. Stakeholder Communication : Communicate effectively with senior management, providing regular updates on SOC activities, incidents, and overall security posture. Develop and deliver regular SOC performance and incident reports to leadership. Serve as the primary point of contact for escalated security incidents and external communications. 5. Continuous Improvement: Process Enhancement : Identify areas for improvement within the SOC and implement enhancements to processes, tools, and technologies. Conduct regular SOC assessments and readiness exercises to ensure operational effectiveness. Stay informed about the latest security trends, technologies, and best practices. Metrics and Reporting : Develop and track key performance indicators (KPIs) and metrics to measure the effectiveness and efficiency of SOC operations. Provide detailed reporting on SOC activities, incidents, and trends to senior management and other stakeholders. Monthly CISO reports 6. Compliance and Audit: Regulatory Compliance : Ensure SOC operations comply with relevant regulatory requirements and industry standards (e.g., GDPR, HIPAA, PCI-DSS). Support audit activities and provide necessary documentation and evidence for compliance audits. Collaborate with the compliance team to address regulatory changes and ensure ongoing compliance. 7. Training and Awareness: Employee Training : Develop and deliver regular cybersecurity training programs for SOC staff to enhance their skills and knowledge. Promote security awareness and best practices across the organisation through training and awareness programs. Conduct phishing simulations and other awareness activities to test and improve employee readiness. Professional Development : Encourage SOC team members to pursue relevant certifications and professional development opportunities. Provide guidance and support for career development and advancement within the SOC team. Preferred candidate profile Education and Experience: Education : Bachelor's degree in Computer Science, Information Security, or a related field. Advanced degree preferred. Relevant certifications such as CISSP, CISM, GIAC, or equivalent are highly desirable. Experience : A minimum of 10-12 years of experience in cybersecurity, with at least 7-8 years in a SOC management or leadership role. Proven track record of managing and leading high-performing security teams in a dynamic and fast-paced environment. Technical Skills: Security Operations : Strong understanding of security monitoring and incident response processes and technologies. Experience with SIEM platforms (e.g., Splunk, ArcSight, QRadar) and other security tools. Knowledge of threat intelligence and analysis methodologies. Technical Expertise : Familiarity with regulatory requirements and industry standards (e.g., GDPR, HIPAA, PCI-DSS). Proficiency in using advanced analytical and forensic tools for threat detection and incident analysis. Understanding of network security, endpoint security, application security, and cloud security principles. Soft Skills: Leadership and Management : Excellent leadership, team management, and mentoring skills. Strong analytical and problem-solving abilities. Effective communication and interpersonal skills, with the ability to interact with technical and non-technical stakeholders. Strategic Thinking : Ability to think strategically and develop long-term plans for improving SOC operations and overall security posture. Demonstrated ability to drive continuous improvement and foster a culture of innovation. Work Environment: This position may require occasional on-call support and the ability to respond to security incidents outside of regular business hours. Hybrid work environment with a combination of on-site and remote work. Perks and benefits Oreta takes pride in providing a service of excellence to our customers and looking after our employees who enable our business to succeed. The successful applicant will enjoy working in a collaborative environment in Chandigarh, India with a friendly and highly driven people (the Oreos), where ideas are always welcome and ongoing training and development is strongly encouraged. The renumeration will be negotiated and based on the relevant skills and experience of the successful applicant. If you are interested in a long-term career with potential to develop and grow with the business and are available to start immediately, then we look forward to hearing from you.

Role & responsibilities SOC Operations: Monitor and analyze security events across networks, systems, and endpoints. Investigate, escalate, and respond to security incidents in a timely manner. Collaborate with the SOC team to enhance incident response procedures. Microsoft Security Solutions: Manage and maintain Microsoft Defender suite of tools, Azure Sentinel, and Microsoft Services. Implement Microsoft security configurations and policies to protect digital environments. Conduct threat hunting and data analysis using Microsoft Sentinel, KQL, and other Microsoft tools. Ensure compliance with security standards and best practices within Microsoft environments. Threat Detection and Incident Response: Conduct root cause analysis for security incidents and create actionable remediation plans. Support threat intelligence and vulnerability management programs to proactively reduce risk. Automate response and remediation workflows using Microsofts security automation tools. Security Engineering and Improvements: Develop and fine-tune security alerts and rules to improve threat detection. Collaborate with cross-functional teams to assess and improve security architecture. Assist in the design and implementation of secure cloud and hybrid environments with a focus on Microsoft platforms. Documentation and Reporting: Maintain up-to-date documentation of security procedures and incident reports. Generate reports on security incidents, SOC performance, and security posture improvements. Provide recommendations to improve security operations and incident response Preferred candidate profile 7+ years of professional experience in Security Operations Centre (SOC) or 5+ years of experience cybersecurity engineering role Strong hands-on experience with Microsoft security products, including: Microsoft Defender for Endpoint, Azure Sentinel, and Microsoft 365 Defender. Knowledge of Kusto Query Language (KQL) for threat hunting and data analysis. Familiarity with Microsoft security compliance frameworks and configurations. Act as an escalation point for high and critical severity security incidents and conduct thorough investigations to determine potential impact and understand extend of compromise. Practical knowledge of SIEM platforms, preferably Azure Sentinel, and incident response processes. Hunt for Indicators of Compromise (IOCs) and signs of Advanced Persistent Threats (APTs) within the Clients environment. Analyse attack patterns, Tools, Techniques and Procedures (TTPs) to identify methods of attacks and attack life cycle. Experience with a variety of security technologies, including firewalls, intrusion detection systems, EDR, XDR, SASE, SSE, Email Security Gateways, IDAM, and vulnerability scanners Experience with security best practices, including incident response, risk assessments, and security controls. Strong analytical and problem-solving skills with the ability to work in a fast-paced environment. Perks and benefits Perks and benefits Oreta takes pride in providing a service of excellence to our customers and looking after our employees who enable our business to succeed. The successful applicant will enjoy working in a collaborative environment in Chandigarh, India with a friendly and highly driven people (the Oreos), where ideas are always welcome and ongoing training and development is strongly encouraged. The renumeration will be negotiated and based on the relevant skills and experience of the successful applicant. If you are interested in a long-term career with potential to develop and grow with the business and are available to start immediately, then we look forward to hearing from you.

We are seeking a highly experienced and motivated Senior SOC Manager to lead our Security Operations Center (SOC) team. The Senior SOC Manager will be responsible for managing the day-to-day operations of the SOC, overseeing security monitoring, incident response, threat intelligence activities, and ensuring the organisation's information assets are protected. The ideal candidate will have a strong background in cybersecurity operations, team leadership, and incident management, with a strategic mindset and the ability to drive continuous improvement. Role & responsibilities 1. Leadership and Management: Team Leadership : Lead, mentor, Build and manage a team of SOC analysts, incident responders, and threat hunters. Foster a culture of continuous improvement, accountability, and professional development within the SOC team. Conduct regular performance reviews and provide constructive feedback to team members. Operational Management : Develop and maintain SOC processes, procedures, and documentation to ensure efficient and effective operations. Ensure the SOC team operates 24/7, providing continuous coverage for security monitoring and incident response. Coordinate shift schedules, resource allocation, and ensure adequate staffing levels. Monitoring and Detection : Oversee the monitoring of security events and alerts generated by various security tools and technologies. Ensure the timely identification, analysis, and escalation of potential security incidents. Develop and fine-tune detection rules, signatures, and use cases to enhance threat detection capabilities. Incident Response : Coordinate and manage the end-to-end incident response process, including detection, analysis, containment, eradication, and recovery. Develop, implement, and maintain incident response playbooks, runbooks, and standard operating procedures (SOPs). Lead post-incident reviews, including root cause analysis and lessons learned, to improve incident response processes. Threat Intelligence Integration : Ensure the SOC team stays up-to-date with the latest threat intelligence and cyber threat landscape. Integrate threat intelligence into SOC operations to enhance detection and response capabilities. Collaborate with threat intelligence analysts to gather, analyse, and disseminate actionable intelligence. Threat Hunting : Develop and lead proactive threat hunting activities to identify and mitigate potential threats before they impact the organisation. Utilise advanced analytical and forensic tools to uncover hidden threats and malicious activities. Internal Collaboration : Work closely with other IT and security teams to ensure seamless integration of security operations. Collaborate with the IT infrastructure team to ensure security controls are properly implemented and maintained. Engage with application development teams to ensure secure coding practices and application security measures. Stakeholder Communication : Communicate effectively with senior management, providing regular updates on SOC activities, incidents, and overall security posture. Develop and deliver regular SOC performance and incident reports to leadership. Serve as the primary point of contact for escalated security incidents and external communications. Process Enhancement : Identify areas for improvement within the SOC and implement enhancements to processes, tools, and technologies. Conduct regular SOC assessments and readiness exercises to ensure operational effectiveness. Stay informed about the latest security trends, technologies, and best practices. Metrics and Reporting : Develop and track key performance indicators (KPIs) and metrics to measure the effectiveness and efficiency of SOC operations. Provide detailed reporting on SOC activities, incidents, and trends to senior management and other stakeholders. Monthly CISO reports Regulatory Compliance : Ensure SOC operations comply with relevant regulatory requirements and industry standards (e.g., GDPR, HIPAA, PCI-DSS). Support audit activities and provide necessary documentation and evidence for compliance audits. Collaborate with the compliance team to address regulatory changes and ensure ongoing compliance. Employee Training : Develop and deliver regular cybersecurity training programs for SOC staff to enhance their skills and knowledge. Promote security awareness and best practices across the organisation through training and awareness programs. Conduct phishing simulations and other awareness activities to test and improve employee readiness. Professional Development : Encourage SOC team members to pursue relevant certifications and professional development opportunities. Provide guidance and support for career development and advancement within the SOC team. Education and Experience: Education : Bachelor's degree in Computer Science, Information Security, or a related field. Advanced degree preferred. Relevant certifications such as CISSP, CISM, GIAC, or equivalent are highly desirable. Experience : A minimum of 10-12 years of experience in cybersecurity, with at least 7-8 years in a SOC management or leadership role. Proven track record of managing and leading high-performing security teams in a dynamic and fast-paced environment. Security Operations : Strong understanding of security monitoring and incident response processes and technologies. Experience with SIEM platforms (e.g., Splunk, ArcSight, QRadar) and other security tools. Knowledge of threat intelligence and analysis methodologies. Technical Expertise : Familiarity with regulatory requirements and industry standards (e.g., GDPR, HIPAA, PCI-DSS). Proficiency in using advanced analytical and forensic tools for threat detection and incident analysis. Understanding of network security, endpoint security, application security, and cloud security principles. Leadership and Management : Excellent leadership, team management, and mentoring skills. Strong analytical and problem-solving abilities. Effective communication and interpersonal skills, with the ability to interact with technical and non-technical stakeholders. Strategic Thinking : Ability to think strategically and develop long-term plans for improving SOC operations and overall security posture. Demonstrated ability to drive continuous improvement and foster a culture of innovation. This position may require occasional on-call support and the ability to respond to security incidents outside of regular business hours. Hybrid work environment with a combination of on-site and remote work. Perks and Benefits Perks and benefits Oreta takes pride in providing a service of excellence to our customers and looking after our employees who enable our business to succeed. The successful applicant will enjoy working in a collaborative environment in Chandigarh, India with a friendly and highly driven people (the Oreos), where ideas are always welcome and ongoing training and development is strongly encouraged. The renumeration will be negotiated and based on the relevant skills and experience of the successful applicant. If you are interested in a long-term career with potential to develop and grow with the business and are available to start immediately, then we look forward to hearing from you.

Job description We are seeking a highly experienced and motivated Senior SOC Manager to lead our Security Operations Center (SOC) team. The Senior SOC Manager will be responsible for managing the day-to-day operations of the SOC, overseeing security monitoring, incident response, threat intelligence activities, and ensuring the organisation's information assets are protected. The ideal candidate will have a strong background in cybersecurity operations, team leadership, and incident management, with a strategic mindset and the ability to drive continuous improvement. Role & responsibilities Lead the analysis and investigation of information security events (IDS/DLP/SIEM/etc.) in a 24x7 SOC environment to immediately detect, verify, and respond swiftly to cyber threats, and remove false positive. Serve as a technical point of escalation. Responsible for investigating incidents, analysing attack methods, researching new defence techniques and tools, developing security policy, and documenting procedures for SOC. Maintain baselines for secure configuration and operations. Malware analysis and other attack analysis to extract indicators of compromise. Perform data security event correlation between various systems. Prepare reports, summaries, and other forms of communication that may be both internal and client facing. Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives. Develop and deploy processes to ensure efficient and effective security operations. Provide guidance and mentorship to other security analysts and junior members of the security team. Keep up-to-date with the latest trends and best practice developments in the field of cybersecurity and SIEM tools Values And Behaiviours Have Fun We take time and effort to make the workplace more enjoyable, we reward and celebrate success, our customers and partners see us as human. Move with Velocity We evolve and grow to stay ahead of the curve, we make decisions quickly and often, we are decisive and show initiative, we are outcome oriented and we question everything to determine what speeds or impedes the desired outcome. Go Further We go beyond delivering what works, we discover delights and help customers transform their business, we have a passion for learning, we have a desire to question the norms, and we are curious to step out of our comfort zones. Thrive Together We are high functioning, supportive and inclusive, collaboration is in our DNA, we step up to assist our team members, and we work as a team to achieve the right outcome. Skills and Capabilities At least 7 years of experience working in a SOC environment, with a focus on using multiple SIEM tools. Strong understanding of security operations and incident response processes Hands-on experience with at least two major SIEM tools (e.g., MS Sentinel Rapid7, Exabeam Splunk, ArcSight, QRadar,) Strong analytical and problem-solving skills Excellent communication and interpersonal skills Ability to work in a fast-paced, dynamic environment Qualifications B-Tech

About The Role : Job TitleThreat Intelligence Analyst Corporate TitleAVP LocationPune, India Role Description As a Threat Intelligence A VP in the Threat Intelligence and Assessment function, you will play a critical role in safeguarding the organization from cyber threats. In this role, you will be responsible for identifying, assessing, and mitigating threats, you will provide mitigation recommendations in response to evolving threats. You will be required to analyse complex technical issues and develop bank specific solutions while collaborating with diverse teams and stakeholders. This role will also consist of delivering against projects and strategic initiatives to continuously enhance the banks capabilities in responding to threats. What we'll offer you As part of our flexible scheme, here are just some of the benefits that youll enjoy, Best in class leave policy. Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities Pro-actively identify threats and track threat actors, TTPs, and ongoing campaigns to produce timely actionable intelligence. Produce threat assessments to support threat mitigation activities. Analyse multiple data/intelligence sources and sets to identify patterns of activity that could be attributed to threats and develop informed recommendations. Conduct analysis on files/binaries, packet captures, and supporting materials to extract relevant artifacts, observables, and IOCs. Proactively drive improvements of internal processes, procedures, and workflows. Participate in the testing and integration of new security monitoring tools. Meet strict deadlines to deliver high quality reports on threats, findings, and broader technical analysis. Take ownership for personal career development and management, seeking opportunities to develop personal capability and improve performance contribution. Develop and maintain relationships with internal stakeholders, external intelligence sharing communities. Your skills and experience Requirements 5+ years of experience in cybersecurity, with a focus on threat intelligence, analysis, and mitigation Strong operational background in intelligence related operations with experience in Open-Source Intelligence (OSINT) techniques Operational understanding of computing/networking (OSI Model or TCP/IP). Knowledge on the functions of security technologies such as IPS/IDS, Firewalls, EDR, etc A good or developing understanding of virtual environments and cloud (e.g., VSphere, Hypervisor, AWS, Azure, GCP) Demonstrated knowledge and keen interest in tracking prominent cyber threat actor groups, campaigns and TTPs in line with industry standards Knowledge of or demonstratable experience in working with intelligence lifecycle, intelligence requirements and Mitre ATT&CK Framework Non-Technical Experience Investigative and analytical problem solving skills Excellent verbal and written communication; to both technical and non-technical audiences. Self-motivated with ability to work with minimal supervision. Education and Certifications Preferred - Degree in computer science, networking, engineering, or other field associated with cyber, intelligence or analysis. Desired Experience or Certifications CISSP, CISM, GIAC, GCTI, GCIH, GCFE, GCFA, GREM, GNFA, Security+, CEH How we'll support you Training and development to help you excel in your career. Coaching and support from experts in your team. A culture of continuous learning to aid progression. A range of flexible benefits that you can tailor to suit your needs. About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

ABOUT AMGEN Amgen harnesses the best of biology and technology to fight the world’s toughest diseases, and make people’s lives easier, fuller and longer. We discover, develop, manufacture and deliver innovative medicines to help millions of patients. Amgen helped establish the biotechnology industry more than 40 years ago and remains on the cutting-edge of innovation, using technology and human genetic data to push beyond what’s known today. Role Description The SOC Tier 2 Analyst serves as the primary escalation point for the Tier 1 SOC team, responsible for advanced threat detection, investigation, and incident response coordination. This role acts as a technical lead, ensuring that security incidents are properly triaged, investigated, and remediated while continuously improving security operations processes. The SOC Tier 2 Analyst plays a critical role in cybersecurity defense, supporting real-time monitoring, forensic analysis, and threat hunting. They will assist incident responders across all lifecycle phases, from detection to post-incident reviews, and contribute to SOC process optimizations. Roles & Responsibilities: Act as the primary escalation point for SOC Tier 1 analysts, providing technical expertise and guidance in incident handling. Perform deep-dive analysis of security events, leveraging SIEM, EDR, IDS/IPS, and other security tools. Identify common attack techniques (MITRE ATT&CK framework) and investigate anomalies to detect advanced persistent threats (APTs). Assist in security incident response, leading containment, eradication, and recovery efforts. Conduct artifact analysis to determine the root cause and scope of security incidents. Collaborate with Threat Intelligence and Threat Hunting teams to improve detection rules and incident response playbooks. Develop and refine SOC standard operating procedures (SOPs) to enhance security event triage and response. Work with engineering teams to fine-tune security controls and improve overall SOC efficiency. Mentor and train Tier 1 analysts to improve SOC maturity and ensure effective knowledge transfer. Support security audits, compliance initiatives, and reporting efforts as required. Basic Qualifications and Experience: Master’s degree in Information Technology or Cybersecurity OR Bachelor’s degree with 1 year of experience in Security Operations or related field OR Diploma with 2 years of experience in Security Operations or a related field Functional Skills: Must-Have Skills: Strong understanding of SOC operations, including event triage, escalation, and investigation. Experience analyzing cybersecurity threats and understanding attacker TTPs (Tactics, Techniques, and Procedures). Proficiency in security tools such as SIEM (Splunk, QRadar, Sentinel), EDR (CrowdStrike, Defender ATP), IDS/IPS, and firewall logs. Experience in incident response across all phases (detection, containment, eradication, recovery). Knowledge of Windows and Linux security, including log analysis, PowerShell, and Bash scripting. Good-to-Have Skills: Experience in 24/7 SOC operations and shift leadership. Knowledge of forensic tools (Volatility, Autopsy, FTK) and malware analysis techniques. Understanding of cloud security monitoring (AWS, Azure, GCP). Familiarity with MITRE ATT&CK, NIST Cybersecurity Framework, and CIS controls. Threat hunting experience to proactively detect unknown threats. Professional Certifications: CompTIA Security+ (preferred) CEH (preferred) GSEC (preferred) GCFA (preferred) MTA Security Fundamentals (preferred) CISSP (preferred) Soft Skills: Strong communication and collaboration skills, particularly when working with global teams. Ability to manage and prioritize tasks effectively in a high-pressure environment. Critical thinking and problem-solving abilities, especially in incident response situations. A commitment to continuous learning and knowledge sharing. EQUAL OPPORTUNITY STATEMENT Amgen is an Equal Opportunity employer and will consider you without regard to your race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status. We will ensure that individuals with disabilities are provided with reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Apply now for a career that defies imagination Objects in your future are closer than they appear. Join us. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

We are looking for a highly skilled and experienced Senior Security Operations Centre (SOC) Manager with a focus on SIEM tools to join our security team. As a SIEM Tools Specialist, you will be responsible for monitoring and analysing security events for multiple clients utilising our SIEM tool. You will undertake timely and accurate detection, investigation, and response to security incidents. In this role, you will collaborate closely with other security professionals, including threat hunters, incident responders, and forensic analysts, to ensure that the security operations centre (SOC) is always operational and that all security incidents are handled in a timely and effective manner to meet SLAs. You will also be responsible for ensuring that the SIEM tool is properly configured, managed, and optimised to meet the clients security requirements. Key Responsibilities: Security Event Analysis: Lead the analysis and investigation of information security events (IDS/DLP/SIEM/etc.) in a 24x7 SOC environment to swiftly detect, verify, and respond to cyber threats, while eliminating false positives. Technical Escalation: Serve as a technical point of escalation for complex security issues. Incident Investigation: Investigate incidents, analyze attack methods, research new defense techniques and tools, develop security policies, and document SOC procedures. Configuration Management: Maintain baselines for secure configuration and operations. Malware & Attack Analysis: Conduct malware analysis and other attack analyses to extract indicators of compromise and perform data security event correlation across various systems. Reporting: Prepare reports, summaries, and other forms of communication for both internal and client-facing purposes. SLA Compliance: Ensure compliance with SLAs, process adherence, and process improvement to achieve operational objectives. Process Development: Develop and deploy processes to ensure efficient and effective security operations. Mentorship: Provide guidance and mentorship to other security analysts and junior members of the security team. Continuous Learning: Stay up-to-date with the latest trends and best practices in cybersecurity and SIEM tools. Qualifications: Proven experience in a similar role within a SOC environment. Strong analytical and problem-solving skills. Proficiency with IDS, DLP, SIEM, and other security tools. Excellent communication skills, both written and verbal. Ability to work in a fast-paced, 24x7 environment. Strong understanding of security policies and procedures.

Preferred Knowledge The role requires efficient incident response and digital forensics skills to minimise the impact of cyber risks. The individual will oversee Security monitoring, Security tools Operations, Security incidents, ensure incidents are managed effectively and reported to stakeholders. This role primarily consists of first responder activities and to conducting thorough response activities on behalf of a wide variety of clients across every sector. Candidate required to work in complex security environments and alongside SOC team to design, communicate and execute incident response, containment, and remediation plans. Support incident response team analysts and incident management teams. Analyse tools, processes, and procedures for responding to cyber intrusions and come up with new methods for detecting cyber adversaries. Demonstrates proven expertise and success in incident handling, triage of events, network analysis and threat detection, trend analysis. Should have the following skills: Deep understanding of computer intrusion activities, incident response techniques, tools, and procedures Knowledge of Windows, Active Directory, DNS & Linux operating systems, Good Experience in SIEM monitoring (QRadar, Sentinel, Splunk, chronicle) Knowledge of SOAR technologies, working with playbooks (Cortex, chronicle, Splunk SOAR) Experience handling malware incidents and detections from EDR (MS Defender, Crowdstrike, SenitnelOne etc..) Working experience and knowledge of ITSM tools for incident management. Must be action oriented and have a proactive approach to solving issues. Knowledge of security logs, log quality review. Knowledge on IT (Operating systems, networking, databases) and IT security knowledge (system and network security) including IT security tools. Good knowledge of office collaboration tools Detect, Analyze, Investigate, and report qualified security incidents to the Client as per the defined SLA Provide recommendations to the security incidents reported as per SLA Investigates incidents using various security event sources (FW, IDS, PROXY, AD, EDR, DLP etc.). Investigations into non-standard incidents and execution of standard scenarios. Provide dashboard and data related to Incidents/Offenses for governance reports. Escalates to L3 if investigations uncover unusual or atypical situations. Monitoring unhealthy log source/data source and escalate to engineering team to fix them. Participate in incident response (IR) efforts; detect, identify, respond, contain and remediate all information security incidents. Rapidly and accurately determine the source of a security incident and moving quickly to identify and apply containment, mitigation, and remediation steps. Contribute to the execution of Cyber Security operations, incident response, and investigations spanning across all functions of the Corporate Security organization. Track, monitor incident actions while applying intelligence, situational awareness to prioritise incident actions based on risk Responsible for Incident and Breach communications, assessments, and reports and customer facing, to include leadership and executive management for the purpose of enabling Senior Management to make decisions in a crisis Develop and document processes to ensure consistent and scalable response operations.

L1 - Cyber Defense Center (CDC) Required Skills

Managed Services SOC Manager Job Summary: The Security Operations Center (SOC) Security L-2 Analyst serves in a SOC team, is responsible for conducting information security investigations as a result of security incidents identified by the Level-1 security analysts who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone). The L2 SOC Security Analyst is expected to have a solid understanding of information security and computer systems concepts and should be ready to work in shifts. An engineer in this position act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques. Job Description : Responsible for conducting information security investigations as a result of security incidents identified by the Level 1 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone), Act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques. Should have experience in Developing new correlation rules & Parser writing Experience in Log source integration Act as the lead coordinator to individual information security incidents. Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Center. Document incidents from initial detection through final resolution. Participate in security incident management and vulnerability management processes. Coordinate with IT teams on escalations, tracking, performance issues, and outages. Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats. Communicate effectively with customers, teammates, and management. Prepare Monthly Executive Summary Reports for managed clients and continuously improve their content and presentation. Provide recommendations in tuning and optimization of security systems, SOC security process, procedures and policies. Define, create and maintain SIEM correlation rules, customer build documents, security process and procedures. Follow ITIL practices regarding incident, problem and change management. Staying up-to-date with emerging security threats including applicable regulatory security requirements. Maintain an inventory of the procedures used by the SOC and regularly evaluate the SOC procedures and add, remove, and update the procedures as appropriate Publish weekly reports to applicable teams Generate monthly reports on SOC activity Secondary skills like AV, HIPS, DCS, VA/ PT desirable Required Technical Expertise Must have experience in SIEM Management tool (QRADAR) Should have certifications like, ITIL, CCNA, CEH, VA (Product) Certification, CISM Process and Procedure adherence General network knowledge and TCP/IP Troubleshooting Ability to trace down an endpoint on the network, based on ticket information Familiarity with system log information and what it means Understanding of common network services (web, mail, DNS, authentication) Knowledge of host based firewalls, Anti-Malware, HIDS General Desktop OS and Server OS knowledge TCP/IP, Internet Routing, UNIX / LINUX & Windows NT

Dear Candidate, We are looking for a skilled Cybersecurity Analyst to monitor, detect, and respond to security threats. If you have expertise in threat intelligence, SIEM tools, and incident response, wed love to hear from you! Key Responsibilities: Monitor network traffic and systems for potential security threats. Investigate and analyze security incidents to prevent breaches. Implement security controls and best practices for data protection. Manage security tools such as SIEM, IDS/IPS, and endpoint protection. Conduct vulnerability assessments and recommend mitigation strategies. Ensure compliance with security standards like ISO 27001, NIST, and GDPR. Required Skills & Qualifications: Strong knowledge of security frameworks and incident response. Experience with SIEM tools (Splunk, QRadar, ArcSight). Proficiency in scripting (Python, Bash, PowerShell) for security automation. Understanding of network protocols, firewalls, and VPN security. Knowledge of penetration testing and ethical hacking techniques. Soft Skills: Strong analytical and problem-solving skills. Excellent attention to detail and ability to work under pressure. Good communication and teamwork skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

Manager - SIEM - Splunk Location Bangalore 9 to 15 Years As a Platform Engineer, you will be responsible for the management and optimization of various security solutions, including SIEM, SOAR, UEBA, NBAD, DLP, Anti-APT, Deception, VM, and other in-scope solutions. You will work closely with other security teams to enhance threat detection, investigation, and response processes. Platform management for SIEM, SOAR, UEBA, NBAD, DLP, Anti-APT, Deception, VM, etc. solutions. • Log Source Management, Ensure timely integration of log sources • SIEM Rule Management - Ensure rules are up to date to reduce false positives • Performance Tuning: Optimize SIEM performance to ensure efficient processing and alerting. • Compliance and Reporting: Generate reports for compliance and audit requirements. • Integrate UEBA solutions with existing security infrastructure. • Model Development: Develop and fine-tune machine learning models to detect abnormal activities.