891 Qradar Jobs - Page 16

Analyst Level 3 - Security Operations Centre (SOC) Ways of working – Full-time with rotational shifts and mandatory Work from Office Location: Embassy Tesh Village, Bangalore Year of Experience: 5+ years in a SOC or security operations environment, with at least 2 years in a senior or advanced analyst role. About The Team & Role As a Level 3 Security Operations Centre (SOC) Analyst, you will be responsible for identifying, analyzing, and responding to security incidents and threats within an organization's IT infrastructure. This senior role demands a high level of expertise in security operations, threat analysis, and incident response. You will work closely with other teams, including Level 1 and Level 2 analysts, management, and engineering, to ensure the security of the organization's network and systems. Your work will contribute to detecting and mitigating advanced cyber threats, ensuring that the organization remains protected against emerging risks. What will you get to do here? Incident Response & Investigation Lead investigations of complex security incidents, including intrusion detection, malware analysis, and vulnerability exploitation. Perform in-depth analysis of security incidents to determine their scope, impact, and method of attack. Take immediate and appropriate action to contain, mitigate, and resolve security threats. Threat Hunting Proactively hunt for hidden threats and vulnerabilities within the organization's systems and networks. Analyze logs and data from multiple sources (e.g., firewalls, intrusion detection systems, antivirus solutions) to identify patterns indicative of malicious activity. Utilize advanced threat intelligence to stay ahead of potential attackers and new attack vectors. Security Monitoring & Analysis Oversee and manage security monitoring tools to detect potential security incidents and vulnerabilities. Analyze alerts and reports generated by various security tools, ensuring accuracy and appropriateness. Ensure the effective operation and tuning of SIEM (Security Information and Event Management) systems, IDS/IPS, and other security technologies. Identify and define new use cases as well as modify existing ones Collaboration & Knowledge Sharing Mentor and provide guidance to junior analysts (Level 1 and Level 2) in incident handling, investigation, and security best practices. Collaborate with IT, network, and engineering teams to resolve security issues and implement proactive security measures. Document incidents and maintain accurate records for reporting and auditing purposes. Reporting & Documentation Generate detailed post-incident reports that include findings, recommendations, and remediation steps. Assist in the development and maintenance of SOC procedures, playbooks, and security policies. Report trends and emerging threats to senior management and stakeholders. Create and maintain standard operating procedures (SOPs), playbooks, and runbooks. Lead root cause analysis and develop lessons learned documentation post-incident Continuous Improvement Stay up to date on the latest cybersecurity threats, trends, and technologies. Contribute to the development and improvement of incident response plans and security protocols. Participate in security training programs to continually enhance skills and capabilities. What qualities are we looking for? Education: Bachelor's degree in Computer Science, Information Security, or related field, or equivalent experience. Experience: 5+ years of experience in a SOC or security operations environment, with at least 2 years in a senior or advanced analyst role. Technical Skills: Strong experience with security tools and SaaS Application, including SIEM (Splunk, Sentinel One, QRadar, etc.), IDS/IPS, firewalls, Endpoint Protection, DLP, Active Directory/Azure and vulnerability scanners. Expertise in incident response, digital forensics, and malware analysis. Deep understanding of security frameworks, methodologies, and best practices (NIST, ISO 27001, MITRE ATT&CK, etc.). Knowledge and experience of common operating systems (Windows, Mac, Linux) and networking protocols (TCP/IP, HTTP, DNS, etc.). Advanced understanding of cyber threats and attack vectors, including APTs (Advanced Persistent Threats), ransomware, DDoS, and insider threats. Familiarity with cloud security environments and services (AWS, Azure, GCP). Skills & Abilities: Strong written and verbal communication skills, with the ability to report findings to both technical and non-technical stakeholders. Ability to work well under pressure and manage multiple tasks simultaneously. Relevant certifications such as CISSP, CISM, CEH, GIAC, or similar are a plus. Desired Skills: Experience with threat intelligence platforms and frameworks. Proficiency in scripting or automation (Python, PowerShell, etc.) for threat detection and incident response tasks. Experience with network traffic analysis tools (Wireshark, tcpdump, etc.). Knowledge of forensic tools and techniques. Familiarity with security incident management platforms (ServiceNow, Remedy, Jira, Fresdesk etc.). Preferred Certifications: CompTIA Security+ EC-Council Certified SOC Analyst (CSA) CompTIA Cybersecurity Analyst (CySA+) EC-Council SOC Essentials (S|CE) ISACA - CCOA GIAC Security Operations Certified (GSOC): GIAC Certified Incident Handler (GCIH): GIAC Certified Intrusion Analyst (GCIA): (ISC)² Systems Security Certified Practitioner (SSCP): GIAC Cyber Threat Intelligence (GCTI): GIAC Certified Forensic Analyst (GCFA) / GIAC Certified Forensic Responder (GCFR) AWS Certified Security - Specialty / Certified Cloud Security Professional (CCSP) Visit our tech blogs to learn more about some of the challenging Problem Statements the team works at:- https://bytes.swiggy.com/engineering-challenges-at-swiggy-430dea6c86a3 https://bytes.swiggy.com/the-swiggy-delivery-challenge-part-one-6a2abb4f82f6 https://bytes.swiggy.com/what-serviceability-means-at-swiggy-c94c1aad352a https://bytes.swiggy.com/architecture-and-design-principles-behind-the-swiggys-delivery-partner s-app-4db1d87a048a https://bytes.swiggy.com/swiggy-distance-service-9868dcf613f4 https://bytes.swiggy.com/the-tech-that-brings-you-your-food-1a7926229886 We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, disability status, or any other characteristic protected by the law.

A Cloud Security Engineer in our team is responsible for successful implementation of non-routine and complex business solutions ensuring high quality and timely delivery within budget to the customers’ happiness. Analyze business needs to help ensure Oracle’s solution meets the customers objectives by combining industry standard methodologies and product knowledge. Individual should possess a deep knowledge of: Cloud or mobile security including OAuth, OpenID Connect, SAML federation, Single Sign-On. MFA and strong authentication. Identity management / governance, and provisioning In addition to the above knowledge of fundamental enabling technologies including: Secure coding practices Network security SSL / TLS Encryption Key Management Certificate Management Intrusion Detection and Prevention Systems Data Loss Prevention Configuration of a secure tenancy in OCI, AWS, Azure, or GCP. Use and configuration of services such as OCI Cloud Guard, AWS Control Tower, Azure Security Center. Use and configuration of SIEM systems such as Splunk, QRadar, or LogRhythm Minimum Qualifications Minimum of 10 years of experience in progressively responsible information technology including. 5+ years of experience in developing, implementing, or architecting information systems 3+ years technical architecture experience integrating identity and access management software into cloud infrastructure and applications 2+ years' experience in managing the security aspect of cloud deployments in OCI/Azure/AWS/GCP OR deployments of at least one identity and access management product such as: Oracle OAM/OIM/OVD/OID, CA/Netegrity SiteMinder/IdentityMinder/TransactionMinder, IBM Tivoli Identity Manager and/or Access Manager, Sun Identity Manager and/or Access Manager, Ping Access and/or Ping Federate, or similar Experience developing identity management strategies, architectures and implementation plans Experience with at least one of the following development environments/languages: Java / J2EE, Python, JavaScript, C#, c/C++

Location : Bangalore Mode: 5 days WF Office Exp:4-7 yrs JD: Should have minimum 4-6 years in IBM Qradar administration. Monitor and analyze security alerts from QRadar SIEM and other security tools. Perform in-depth investigation of security incidents . Tune and optimize QRadar rules, filters, and use cases to reduce false positives. Must have experience in creating Usecases as per the customer requirement. Should be able to understand the existing usecases/logics configurated and able to perform break fix or improvement on own. should be able to handle the SIEM administration on own and drive the topics. Should have good administration skill in Qradar console/server management. Able to perform upgrade, drill activities for Qradar servers. Conduct root cause analysis and document findings in incident reports. Maintain and update incident response playbooks and procedures. Support threat hunting activities and contribute to continuous improvement of detection capabilities. Generate periodic reports on security posture and incident trends.

At Allstate, great things happen when our people work together to protect families and their belongings from life’s uncertainties. And for more than 90 years our innovative drive has kept us a step ahead of our customers’ evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection. Job Description Global Security Fusion Center (GSFC) Threat Detection and response team provide services by analyzing, responding to, and remediating cyber-security incidents for on-premises, cloud, and affiliated networks for Allstate and its family of companies. Incident Management Senior Consultant I is responsible for monitoring multiple security technologies and alert systems to engage in the detection and remediation of potential security events and incidents. Primary Responsibilities Monitor, analyze, and respond to security alerts/incidents, ensuring timely escalation and resolution. Investigate the nature, scope, and impact of security incidents, taking steps to contain and mitigate the threat. Follow detailed operational process and procedures to appropriately and communicate incident status and findings to relevant stakeholders, documenting all actions taken during the incident response process. Primary Skills & Criteria Good operating system knowledge on Windows/Linux/MACOS Good knowledge on information security concepts Good knowledge on networking fundamentals (TCP/IP, Network Layers, etc.) Good knowledge on Server/Active Directory Good knowledge and hands-on experience with any SIEM tool ArcSight, Qradar etc. and preferably Splunk/Sentinel Good knowledge and hands-on experience with any EDR/XDR tools like CrowdStrike, Microsoft Defender for Endpoint etc. Good knowledge and log analysis experience on Cloud solutions like AWS/Azure/GCP Strong written and verbal communication skills. Willing to work on weekends and night shifts on rotational basis. Experience & Certifications Minimum 6 years of total experience and 3-4 years of relevant experience as an information security analyst. Good to have any of the basic security certifications like GIAC Information Security Fundamentals (GISF)/GIAC Security Essentials (GSEC)/GIAC Certified Incident Handler (GCIH)/Certified Ethical Hacker/CompTIA Security+ etc. Primary Skills Shift Time Recruiter Info Yateesh B G ybgaa@allstate.com About Allstate The Allstate Corporation is one of the largest publicly held insurance providers in the United States. Ranked No. 84 in the 2023 Fortune 500 list of the largest United States corporations by total revenue, The Allstate Corporation owns and operates 18 companies in the United States, Canada, Northern Ireland, and India. Allstate India Private Limited, also known as Allstate India, is a subsidiary of The Allstate Corporation. The India talent center was set up in 2012 and operates under the corporation's Good Hands promise. As it innovates operations and technology, Allstate India has evolved beyond its technology functions to be the critical strategic business services arm of the corporation. With offices in Bengaluru and Pune, the company offers expertise to the parent organization’s business areas including technology and innovation, accounting and imaging services, policy administration, transformation solution design and support services, transformation of property liability service design, global operations and integration, and training and transition. Learn more about Allstate India here.

Key Responsibilities: A day in the life of an Infoscion As part of the Infosys consulting team your primary role would be to actively aid the consulting team in different phases of the project including problem definition effort estimation diagnosis solution generation and design and deployment You will explore the alternatives to the recommended solutions based on research that includes literature surveys information available in public domains vendor evaluation information etc and build POCs You will create requirement specifications from the business needs define the to be processes and detailed functional designs based on requirements You will support configuring solution requirements on the products understand if any issues diagnose the root cause of such issues seek clarifications and then identify and shortlist solution alternatives You will also contribute to unit level and organizational initiatives with an objective of providing high quality value adding solutions to customers If you think you fit right in to help our clients navigate their next in their digital transformation journey this is the place for you Technical Requirements: Primary skills Technology Finacle Core Payments Real Time Gross Settlement Master Technology Infrastructure Security Security Incident and Event Management SIEM Technology Infrastructure Security Virtual Private Network Firewall Technology Network Firewall and Media Check Point Technology Network Firewall and Media Juniper Firewall Technology Network Firewall and Media Palo Alto Additional Responsibilities: Ability to work with clients to identify business challenges and contribute to client deliverables by refining analyzing and structuring relevant data Awareness of latest technologies and trends Logical thinking and problem solving skills along with an ability to collaborate Ability to assess the current processes identify improvement areas and suggest the technology solutions One or two industry domain knowledge Preferred Skills: Technology->Infrastructure Security->Secure Web Gateway->Zscaler ZIA,Technology->Infrastructure Security->Security Incident and Event Management (SIEM)->IBM Qradar,Technology->Network-Firewall_and_Media->Check Point->firewall,Technology->Infrastructure Security->Virtual Private Network, Firewall->Zscaler ZPA,Technology->Network-Firewall_and_Media->Juniper-Firewall->firewall,Technology->Network-Firewall_and_Media->Palo Alto

Summary Position Summary Red Team — Senior Consultant 1 - Solution Delivery Lead Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do Manages Cyber Threat Management projects, guides the team on a day-to-day basis and ensures that assigned tasks and responsibilities are fulfilled in a timely fashion Demonstrates understanding of complex business and information technology management processes (move it additional skills - if they don’t have this at LSA level, it will be difficult to build and sustain them in the firm) Interacts with clients, managers and partners to build and nurture strong relationships (required with managers at a minimum and clients if they are interacting directly or if deployed on client site ) Assists in implementing standard operating procedures Adheres to Service Level Agreements Identified opportunities for service optimization Tailors firm tools and methodologies as per client requirements Evaluates, counsels, mentors and provides feedback on performance of others Manages day-to-day client relationships at appropriate management levels Participates in proposal development efforts to sell quot;add-on quot; work to clients Identifies opportunities to improve engagement economics Lead practice development initiatives The Team Deloitte’s Red Team is a standardized process, to help clients combat today’s growing array of system threats. We help organizations assess their infrastructure, networks and application environments to identify vulnerabilities and controlweaknesses.Wedevelopanddeploythetechnicalandarchitecturalimprovementsnecessarytoreduceattack exposure OurApplicationandVulnerabilityManagementserviceshelporganizationsidentifythetechnicalandarchitectural improvements needed to minimize exposure to attacks. With our customized methodology, we assess the many aspects of risk to support identification of both internal and external facing threats. Required: - Core Skills: Strong written and verbal communication skills with experience writing comprehensive technical reports and delivering engagement debriefs. Ability to analyze complex attack paths and provide both tactical and strategic remediation recommendations to enhance security. Knowledge and experience in project management, managing complex red team engagements from planning to execution. In-depth understanding of threat analysis, enterprise-level defense mechanisms, and mitigation strategies. Hands-on experience in bypassing security mechanisms such as firewalls, EDR, IDS/IPS, and SIEM solutions (e.g., Splunk, QRadar, ArcSight). Understanding of cyber kill chains and how adversaries can execute multi-stage attacks using open-source tools. Experience in reverse engineering binaries or malware to understand functionality and identify weaknesses. Strong knowledge of cloud penetration testing (AWS, Azure, GCP) and how to conduct adversarial simulation against cloud infrastructures. Strong knowledge of operating systems (Windows/Linux) and networking technologies used in red team operations. Advanced knowledge in Red Teaming, Offensive Security, Adversarial Simulation, and Penetration Testing across various network and application environments. Expertise in reconnaissance, exploitation, lateral movement, and persistence techniques used in red team engagements. In-depth understanding of business and information technology processes, with a focus on bridging the gap between offensive operations and business risks. Deep knowledge of commonly used attack protocols such as TCP/IP, DNS, HTTP/S, and their exploitation. Hands-on experience in conducting social engineering and phishing campaigns, as well as advanced attack scenarios (HTML smuggling, payload delivery, etc.). Strong knowledge of the SANS Top 25 and MITRE ATT&CK framework, and how these apply to real-world adversarial techniques. Hands-on experience in architecting, deploying, and managing Red Team/Offensive Security technology solutions (such as Cobalt Strike, Metasploit, Sliver, Nessus, nmap, Qualys, Tenable). Deep understanding of EDR/AV evasion techniques and OpSec considerations during adversarial engagements. Assist clients by conducting sophisticated adversarial simulations, mimicking the tools, tactics, and procedures of real-world threat actors. Plan and execute complex red team engagements, including phishing, social engineering, network exploitation, and covert lateral movement. Analyze, enrich, and prioritize attack vectors, leveraging real-time threat feeds and tools to enhance the adversarial simulation. Develop detailed engagement reports, providing both actionable remediation steps and strategic recommendations to improve the client's defense. Assist in maintaining red team infrastructure, including command and control (C2) systems, attack vectors, and exploit tools. Engage with leadership and stakeholders to review findings and guide them through the recommendations for improving their security posture. Stay ahead of emerging attack trends and evolve red team tactics accordingly, ensuring OpSec compliance at all times. Collaborate with blue team counterparts during purple team engagements to improve detection and response capabilities. Mandatory Certifications - OSCP, OSWP, GPEN, OSCE, CRTO, GXPN, CREST Certified Simulated Attack Specialist Preferred Certifications - OSCE3, OSWE, OSEP, OSED, CREST Certified Simulated Attack Specialist, SABSA, AWS Security Specialist Preferred: B. E / B.Tech / M.S in any engineering discipline; 5-7 years of cyber risk services experience. Proven ability to emulate sophisticated adversary tactics, techniques, and procedures (TTPs) to identify and exploit weaknesses in organizational defenses. Familiarity with red teaming methodologies, offensive security tools, and frameworks such as MITRE ATT&CK. Experience with tools like Cobalt Strike, Metasploit, and Empire for command and control, exploitation, and lateral movement within environments. Proficiency in scripting languages like Python, PowerShell, or Bash for automation and custom tool creation. Knowledge of evasion techniques to bypass antivirus (AV), endpoint detection and response (EDR), and network monitoring tools. Strong understanding of privilege escalation, lateral movement, and persistence mechanisms in both Windows and Linux environments. Hands-on experience conducting phishing campaigns, social engineering attacks, and delivering payloads via HTML smuggling or other covert techniques. Ability to assess and manipulate Active Directory configurations, conduct password spraying, and exploit common misconfigurations. Strong knowledge of reverse engineering tools such as IDA Pro and Ghidra for analyzing malware or binaries. Excellent ability to create detailed post-engagement reports and recommendations for improving detection and response capabilities. Knowledge of operational security (OpSec) best practices to avoid detection during adversarial engagements. Ability to think creatively in developing offensive strategies and adapting to blue team defenses. Strong desire to continuously learn emerging attack vectors and defensive countermeasures. Outstanding communication skills, with the ability to explain offensive security techniques to both technical and non-technical stakeholders. Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin their own way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-based learning,and eLearning.Deloitte University(DU):The LeadershipCenter in India,our state-of-the-art, world-class learning centerin the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best workeveryday. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandarecontinuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesourdiversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 300440

Summary Position Summary Red Team — Senior Consultant 1 - Solution Delivery Lead Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do Manages Cyber Threat Management projects, guides the team on a day-to-day basis and ensures that assigned tasks and responsibilities are fulfilled in a timely fashion Demonstrates understanding of complex business and information technology management processes (move it additional skills - if they don’t have this at LSA level, it will be difficult to build and sustain them in the firm) Interacts with clients, managers and partners to build and nurture strong relationships (required with managers at a minimum and clients if they are interacting directly or if deployed on client site ) Assists in implementing standard operating procedures Adheres to Service Level Agreements Identified opportunities for service optimization Tailors firm tools and methodologies as per client requirements Evaluates, counsels, mentors and provides feedback on performance of others Manages day-to-day client relationships at appropriate management levels Participates in proposal development efforts to sell quot;add-on quot; work to clients Identifies opportunities to improve engagement economics Lead practice development initiatives The Team Deloitte’s Red Team is a standardized process, to help clients combat today’s growing array of system threats. We help organizations assess their infrastructure, networks and application environments to identify vulnerabilities and controlweaknesses.Wedevelopanddeploythetechnicalandarchitecturalimprovementsnecessarytoreduceattack exposure OurApplicationandVulnerabilityManagementserviceshelporganizationsidentifythetechnicalandarchitectural improvements needed to minimize exposure to attacks. With our customized methodology, we assess the many aspects of risk to support identification of both internal and external facing threats. Required: - Core Skills: Strong written and verbal communication skills with experience writing comprehensive technical reports and delivering engagement debriefs. Ability to analyze complex attack paths and provide both tactical and strategic remediation recommendations to enhance security. Knowledge and experience in project management, managing complex red team engagements from planning to execution. In-depth understanding of threat analysis, enterprise-level defense mechanisms, and mitigation strategies. Hands-on experience in bypassing security mechanisms such as firewalls, EDR, IDS/IPS, and SIEM solutions (e.g., Splunk, QRadar, ArcSight). Understanding of cyber kill chains and how adversaries can execute multi-stage attacks using open-source tools. Experience in reverse engineering binaries or malware to understand functionality and identify weaknesses. Strong knowledge of cloud penetration testing (AWS, Azure, GCP) and how to conduct adversarial simulation against cloud infrastructures. Strong knowledge of operating systems (Windows/Linux) and networking technologies used in red team operations. Advanced knowledge in Red Teaming, Offensive Security, Adversarial Simulation, and Penetration Testing across various network and application environments. Expertise in reconnaissance, exploitation, lateral movement, and persistence techniques used in red team engagements. In-depth understanding of business and information technology processes, with a focus on bridging the gap between offensive operations and business risks. Deep knowledge of commonly used attack protocols such as TCP/IP, DNS, HTTP/S, and their exploitation. Hands-on experience in conducting social engineering and phishing campaigns, as well as advanced attack scenarios (HTML smuggling, payload delivery, etc.). Strong knowledge of the SANS Top 25 and MITRE ATT&CK framework, and how these apply to real-world adversarial techniques. Hands-on experience in architecting, deploying, and managing Red Team/Offensive Security technology solutions (such as Cobalt Strike, Metasploit, Sliver, Nessus, nmap, Qualys, Tenable). Deep understanding of EDR/AV evasion techniques and OpSec considerations during adversarial engagements. Assist clients by conducting sophisticated adversarial simulations, mimicking the tools, tactics, and procedures of real-world threat actors. Plan and execute complex red team engagements, including phishing, social engineering, network exploitation, and covert lateral movement. Analyze, enrich, and prioritize attack vectors, leveraging real-time threat feeds and tools to enhance the adversarial simulation. Develop detailed engagement reports, providing both actionable remediation steps and strategic recommendations to improve the client's defense. Assist in maintaining red team infrastructure, including command and control (C2) systems, attack vectors, and exploit tools. Engage with leadership and stakeholders to review findings and guide them through the recommendations for improving their security posture. Stay ahead of emerging attack trends and evolve red team tactics accordingly, ensuring OpSec compliance at all times. Collaborate with blue team counterparts during purple team engagements to improve detection and response capabilities. Mandatory Certifications - OSCP, OSWP, GPEN, OSCE, CRTO, GXPN, CREST Certified Simulated Attack Specialist Preferred Certifications - OSCE3, OSWE, OSEP, OSED, CREST Certified Simulated Attack Specialist, SABSA, AWS Security Specialist Preferred: B. E / B.Tech / M.S in any engineering discipline; 5-7 years of cyber risk services experience. Proven ability to emulate sophisticated adversary tactics, techniques, and procedures (TTPs) to identify and exploit weaknesses in organizational defenses. Familiarity with red teaming methodologies, offensive security tools, and frameworks such as MITRE ATT&CK. Experience with tools like Cobalt Strike, Metasploit, and Empire for command and control, exploitation, and lateral movement within environments. Proficiency in scripting languages like Python, PowerShell, or Bash for automation and custom tool creation. Knowledge of evasion techniques to bypass antivirus (AV), endpoint detection and response (EDR), and network monitoring tools. Strong understanding of privilege escalation, lateral movement, and persistence mechanisms in both Windows and Linux environments. Hands-on experience conducting phishing campaigns, social engineering attacks, and delivering payloads via HTML smuggling or other covert techniques. Ability to assess and manipulate Active Directory configurations, conduct password spraying, and exploit common misconfigurations. Strong knowledge of reverse engineering tools such as IDA Pro and Ghidra for analyzing malware or binaries. Excellent ability to create detailed post-engagement reports and recommendations for improving detection and response capabilities. Knowledge of operational security (OpSec) best practices to avoid detection during adversarial engagements. Ability to think creatively in developing offensive strategies and adapting to blue team defenses. Strong desire to continuously learn emerging attack vectors and defensive countermeasures. Outstanding communication skills, with the ability to explain offensive security techniques to both technical and non-technical stakeholders. Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin their own way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-based learning,and eLearning.Deloitte University(DU):The LeadershipCenter in India,our state-of-the-art, world-class learning centerin the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best workeveryday. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandarecontinuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesourdiversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 300440

Summary Position Summary Red Team — Senior Consultant 1 - Solution Delivery Lead Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do Manages Cyber Threat Management projects, guides the team on a day-to-day basis and ensures that assigned tasks and responsibilities are fulfilled in a timely fashion Demonstrates understanding of complex business and information technology management processes (move it additional skills - if they don’t have this at LSA level, it will be difficult to build and sustain them in the firm) Interacts with clients, managers and partners to build and nurture strong relationships (required with managers at a minimum and clients if they are interacting directly or if deployed on client site ) Assists in implementing standard operating procedures Adheres to Service Level Agreements Identified opportunities for service optimization Tailors firm tools and methodologies as per client requirements Evaluates, counsels, mentors and provides feedback on performance of others Manages day-to-day client relationships at appropriate management levels Participates in proposal development efforts to sell quot;add-on quot; work to clients Identifies opportunities to improve engagement economics Lead practice development initiatives The Team Deloitte’s Red Team is a standardized process, to help clients combat today’s growing array of system threats. We help organizations assess their infrastructure, networks and application environments to identify vulnerabilities and controlweaknesses.Wedevelopanddeploythetechnicalandarchitecturalimprovementsnecessarytoreduceattack exposure OurApplicationandVulnerabilityManagementserviceshelporganizationsidentifythetechnicalandarchitectural improvements needed to minimize exposure to attacks. With our customized methodology, we assess the many aspects of risk to support identification of both internal and external facing threats. Required: - Core Skills: Strong written and verbal communication skills with experience writing comprehensive technical reports and delivering engagement debriefs. Ability to analyze complex attack paths and provide both tactical and strategic remediation recommendations to enhance security. Knowledge and experience in project management, managing complex red team engagements from planning to execution. In-depth understanding of threat analysis, enterprise-level defense mechanisms, and mitigation strategies. Hands-on experience in bypassing security mechanisms such as firewalls, EDR, IDS/IPS, and SIEM solutions (e.g., Splunk, QRadar, ArcSight). Understanding of cyber kill chains and how adversaries can execute multi-stage attacks using open-source tools. Experience in reverse engineering binaries or malware to understand functionality and identify weaknesses. Strong knowledge of cloud penetration testing (AWS, Azure, GCP) and how to conduct adversarial simulation against cloud infrastructures. Strong knowledge of operating systems (Windows/Linux) and networking technologies used in red team operations. Advanced knowledge in Red Teaming, Offensive Security, Adversarial Simulation, and Penetration Testing across various network and application environments. Expertise in reconnaissance, exploitation, lateral movement, and persistence techniques used in red team engagements. In-depth understanding of business and information technology processes, with a focus on bridging the gap between offensive operations and business risks. Deep knowledge of commonly used attack protocols such as TCP/IP, DNS, HTTP/S, and their exploitation. Hands-on experience in conducting social engineering and phishing campaigns, as well as advanced attack scenarios (HTML smuggling, payload delivery, etc.). Strong knowledge of the SANS Top 25 and MITRE ATT&CK framework, and how these apply to real-world adversarial techniques. Hands-on experience in architecting, deploying, and managing Red Team/Offensive Security technology solutions (such as Cobalt Strike, Metasploit, Sliver, Nessus, nmap, Qualys, Tenable). Deep understanding of EDR/AV evasion techniques and OpSec considerations during adversarial engagements. Assist clients by conducting sophisticated adversarial simulations, mimicking the tools, tactics, and procedures of real-world threat actors. Plan and execute complex red team engagements, including phishing, social engineering, network exploitation, and covert lateral movement. Analyze, enrich, and prioritize attack vectors, leveraging real-time threat feeds and tools to enhance the adversarial simulation. Develop detailed engagement reports, providing both actionable remediation steps and strategic recommendations to improve the client's defense. Assist in maintaining red team infrastructure, including command and control (C2) systems, attack vectors, and exploit tools. Engage with leadership and stakeholders to review findings and guide them through the recommendations for improving their security posture. Stay ahead of emerging attack trends and evolve red team tactics accordingly, ensuring OpSec compliance at all times. Collaborate with blue team counterparts during purple team engagements to improve detection and response capabilities. Mandatory Certifications - OSCP, OSWP, GPEN, OSCE, CRTO, GXPN, CREST Certified Simulated Attack Specialist Preferred Certifications - OSCE3, OSWE, OSEP, OSED, CREST Certified Simulated Attack Specialist, SABSA, AWS Security Specialist Preferred: B. E / B.Tech / M.S in any engineering discipline; 5-7 years of cyber risk services experience. Proven ability to emulate sophisticated adversary tactics, techniques, and procedures (TTPs) to identify and exploit weaknesses in organizational defenses. Familiarity with red teaming methodologies, offensive security tools, and frameworks such as MITRE ATT&CK. Experience with tools like Cobalt Strike, Metasploit, and Empire for command and control, exploitation, and lateral movement within environments. Proficiency in scripting languages like Python, PowerShell, or Bash for automation and custom tool creation. Knowledge of evasion techniques to bypass antivirus (AV), endpoint detection and response (EDR), and network monitoring tools. Strong understanding of privilege escalation, lateral movement, and persistence mechanisms in both Windows and Linux environments. Hands-on experience conducting phishing campaigns, social engineering attacks, and delivering payloads via HTML smuggling or other covert techniques. Ability to assess and manipulate Active Directory configurations, conduct password spraying, and exploit common misconfigurations. Strong knowledge of reverse engineering tools such as IDA Pro and Ghidra for analyzing malware or binaries. Excellent ability to create detailed post-engagement reports and recommendations for improving detection and response capabilities. Knowledge of operational security (OpSec) best practices to avoid detection during adversarial engagements. Ability to think creatively in developing offensive strategies and adapting to blue team defenses. Strong desire to continuously learn emerging attack vectors and defensive countermeasures. Outstanding communication skills, with the ability to explain offensive security techniques to both technical and non-technical stakeholders. Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin their own way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-based learning,and eLearning.Deloitte University(DU):The LeadershipCenter in India,our state-of-the-art, world-class learning centerin the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best workeveryday. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandarecontinuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesourdiversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 300440

The IBM Technology Expert Labs organization is looking for an IBM zSecurity Delivery Consultant with expertise in IBM Z, RACF and Security products to lead and deliver pre-sales and post-sales client engagements that enable the adoption of IBM zSecure Suite and IBM ZMFA Ideal candidates will have demonstrated a successful history of implementing IBM Zsecure Suite engagements, be familiar with sysplex architectural methods, can independently assess IT infrastructures, evaluate gaps in best practices and create IBM Security solution recommendations for client environments while displaying excellent collaboration and communication with Clients, Sellers, Business Partners and Colleagues by delivering reports to clients. You will be responsible for developing and delivering IBM Security architecture, and implementation of IBM Security products which may include: Implement security policies and procedures to protect the integrity, confidentiality, and availability of information extensive knowledge of security administration by using the zSecure suite products Designing and customizing the ZMFA features, based on the client requirements Integrating and designing security with IBM Guardium Data centre and Quantum safe solutions. Assisting with customer to extract the audit reports for system vulnerabilities and implement security measures to mitigate risks Providing technical guidance and skills transfer to customer personnel for IBM zSecure suite products, ZMFA features, IBM Guardium and Quantum safe Producing planning and implementation reports and documentation. Installation, configuration, testing and maintenance of IBM RACF, and related Z software Other technical tasks as necessary to accomplish successful customer outcomes Aid customers to migrate the other vendor security products to the IBM RACF And Z security software’s. This role requires a strong knowledge of the IBM Systems Z security and software ecosystem, focusing on Strong Security and IBM Zsecure, Guardium and Quantum safe, are needed. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Professional and Technical Expertise: 8+ years’ experience working with: RACF Security Administrators and capabilities of IBM zSecurity products including (zSecure ,ZMFA, Guardium and Quantum safe) z/OS RACF Security Administrators ,zSecure Admin Ability to migrate the other vendor security products to the RACF and IBM z Security related products. Successfully delivering IBM Z projects and/or architecting and planning infrastructures for customer’s Security Needs 5+ years’ experience in: Customer or executive facing communications, requirements analysis, documentation, and report presentations. Create and manage RACF user profiles, group profiles, and access rights Implement security policies, extracting the Security audit reports using the zSecure suite products and procedures to protect integrity of the system Ability to lead customer technical workshops up to 20+ people. Strong written and verbal communication skills EnglishFluent Preferred technical and professional experience Preferred Professional and Technical Expertise: Knowledge or experience with RACF, zsecure products suite, Guardium data center, ZMFA, Quantum safe Experience on Security Migrations (ACF2 to RACF or TSS to RACF) Practical SMP/E knowledge Assembler, JCL, REXX and CLIST knowledge

The SIEM Administrator will be responsible for administering the deployed SIEM service. The candidate is also expected to have hands on experience of deploying a SIEM solution from scratch, where the candidate should have the skills and knowledge to gather all the required information to build the SIEM solution. In-depth knowledge of technical approaches in security analytics, monitoring and alerting. Maintains technical knowledge within areas of expertise. This role is also responsible for identifying, analyzing, developing new or tuning & Refinement of the content or use cases. Strong problem solving and troubleshooting skills including the ability to perform root cause analysis for preventative investigation Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Should have experience in any of the query language i.e AQL ,KQL, SPL, LEQL etc for writing the complex queries & saved search creation. Should have strong knowledge of different cybersecurity frameworks i.e.MITRE, NIST and Cyber kill chain model. Should have understanding of regular expression writing and custom parsing Preferred technical and professional experience Collaborate with key stakeholders within technology, application and cyber security to develop use cases to address specific business needs. Create technical documentation around the content deployed to the SIEM. Creates and develops correlation and detection rules with SIEM solution, reports & dashboards to detect emerging threats

Senior SOC Analyst works within the 24/7 Cyber Fusion Center (CFC). The role is responsible for monitoring, triaging, analyzing and escalating incidents and events in the technology environment. This Senior SOC Analyst will evaluate data collected from a variety of cyber operations tools (e.g., SIEM, IDS/IPS, Firewalls, network traffic logs, cloud platforms, and SOAR solutions to analyze events that occur within the environments for the purposes of detecting and mitigating threats in both structured and unstructured situations. Individuals in this role are proactive and well-versed in log, identity, cloud, network, and root cause analysis Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Senior SOC Analyst must have skills in email security, system event, network event, log analysis. Knowledge of common IT and security technology concepts with emphasis on TCP/IP network security, operating system security, modern attack and exploitation techniques is important. Experience conducting event analysis in AWS and Azure environments. Characterize and analyse alerts to understand potential and active threats. Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the nature and characteristics of events that could be an observed attack Preferred technical and professional experience Document and escalate events/incidents that may cause adverse impact to the environment. Provide daily summary reports of events and activity relevant to cyber operations. Perform Cyber Operations trend analysis and reporting. Perform high-quality triage and thorough analysis for all alerts. Demonstrate effective communication skills both written and verbal. Actively engage in team chats, calls, and face to face settings. Constantly contribute to SOC runbooks/playbooks Recommend improvements to automations, alert fidelity, and security controls. Preferred ExperienceExperience / Knowledge in CyberArk, Azure SSO. Knowledge of enterprise web technologies, security, and cutting-edge infrastructures

About Position: As a SOC Level 2 Analyst, you will play a crucial role in monitoring, analyzing, and responding to security incidents and threats within our organization's environment. You will work closely with SOC Level 1 analysts, as well as other cybersecurity professionals, to ensure the integrity, confidentiality, and availability of our systems and data. Role: SOC L2/L3 Support Location: Pune Experience: 5-12Years Job Type: Full Time Employment What You'll Do: Security Monitoring and Analysis: Monitor security event alerts generated by various security systems, including Sumo logic, QRadar, Palo Alto, Splunk, CrowdStrike, SentinelOne, SIEM, IDS/IPS, and endpoint detection platforms. Analyze security events to identify potential security incidents or anomalies that may pose a risk to the organization. Incident Triage and Investigation: Triage incoming security alerts based on their severity and potential impact on the organization. Conduct preliminary investigations to determine the nature and scope of security incidents. Gather and analyze evidence, including logs, network traffic, and system artifacts, to identify indicators of compromise (IOCs). Incident Response and Mitigation: Assist in the containment, eradication, and recovery phases of security incidents. Follow established incident response procedures and workflows to ensure timely and effective response to security threats. Collaborate with other members of the SOC team and relevant stakeholders to coordinate incident response efforts. Threat Intelligence Analysis: Stay informed about the latest cyber threats, vulnerabilities, and attack techniques by analyzing threat intelligence feeds and reports. Use threat intelligence to enhance the organization's detection capabilities and proactively identify emerging threats. Documentation and Reporting: Maintain accurate and detailed records of security incidents, including timelines of events, actions taken, and findings. Prepare incident reports and post-mortems to document the outcomes of security incidents and lessons learned. Ensure that all documentation complies with internal policies and regulatory requirements. Continuous Improvement: Participate in ongoing training and professional development activities to enhance knowledge and skills in cybersecurity. Provide feedback and suggestions for improving SOC processes, procedures, and tools. Stay abreast of industry best practices and emerging technologies in cybersecurity. Expertise You'll Bring: Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience). 5+ years of experience in a cybersecurity role, preferably in a SOC environment. Strong understanding of cybersecurity principles, concepts, and technologies. Experience with security monitoring tools such as QRadar, Palo Alto, Splunk, CrowdStrike, SentinelOne, SIEM, IDS/IPS, and endpoint detection platforms. Familiarity with incident response procedures and frameworks (e.g., NIST, SANS). Excellent analytical and problem-solving skills. Strong communication and interpersonal skills. Relevant certifications (e.g., CompTIA Security+, GIAC Security Essentials) are a plus. Benefits: Competitive salary and benefits package Culture focused on talent development with quarterly promotion cycles and company-sponsored higher education and certifications Opportunity to work with cutting-edge technologies Employee engagement initiatives such as project parties, flexible work hours, and Long Service awards Annual health check-ups Insurance coverage: group term life, personal accident, and Mediclaim hospitalization for self, spouse, two children, and parents Inclusive Environment: Persistent Ltd. is dedicated to fostering diversity and inclusion in the workplace. We invite applications from all qualified individuals, including those with disabilities, and regardless of gender or gender preference. We welcome diverse candidates from all backgrounds. We offer hybrid work options and flexible working hours to accommodate various needs and preferences. Our office is equipped with accessible facilities, including adjustable workstations, ergonomic chairs, and assistive technologies to support employees with physical disabilities. If you are a person with disabilities and have specific requirements, please inform us during the application process or at any time during your employment. We are committed to creating an inclusive environment where all employees can thrive. Our company fosters a values-driven and people-centric work environment that enables our employees to: Accelerate growth, both professionally and personally Impact the world in powerful, positive ways, using the latest technologies Enjoy collaborative innovation, with diversity and work-life wellbeing at the core Unlock global opportunities to work and learn with the industry's best Let's unleash your full potential at Persistent "Persistent is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind."

Job requisition ID :: 85019 Date: Jul 3, 2025 Location: Delhi Designation: Consultant Entity: Deloitte Touche Tohmatsu India LLP Your potential, unleashed. India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Your work profile. We are seeking a skilled SOC Operations to manage, maintain, and enhance our SOC platform, ensuring effective monitoring, detection, and response to security incidents. The ideal candidate will have strong experience in SOC administration, threat detection, and SOC operations to provide continuous security improvements and support to the SOC team. Key Responsibilities: Responsible for adherence of SLA for all tickets and deliverables in the project. Advise and tracks remediation of issues found during an incident or vulnerability that is required to conclude a security investigation Responsible for the validation and analysis of investigations within Security Operations Center (SOC) done by L1s Good understanding of SOC concepts and log analysis from various sources such as SIEM, AV, EDR, XDR and SOAR Responsible for completing the documentation of the investigation; determine the validity and priority of the activity and Carry out Level 2 triage of incoming issues and escalate to L3 if needed. Creation of SOPs and run book and maintain it. Provide communication and escalation support to L1 throughout the incident as per the SOC guidelines. Ensure that all security events and incidents (internal / external) are logged and regularly updated and closed within the set SLAs Strong technical understanding of network fundamentals like OSI, TCP/IP and common Internet protocols, specifically DNS, HTTP, HTTPS / TLS, DHCP and SMTP. Knowledgeable in the fundamentals of firewall, IDS/IPS, EPP/EDR, Proxy, WAF, VPN, and other security protective/detective controls. Knowledge of email security threats and security controls, including experience analyzing email headers. Familiar with malware analysis and phishing analysis using tools like knowbe4/phisher, anyrun, joesandbox, etc. to investigate the threats much deeper and with good clarity. Familiarity with core concepts of security incident response, e.g., the typical phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IoCs), Indicators of Attackers (IOA), etc. Must be able to map security incidents with MITRE ATT&CK framework or the cyber kill chain. Consulting for creation of threat-based and AI driven attack based use cases will be an added advantage. Must have good knowledge in latest malware attacks and trends. Would be playing the role of a shift lead for L1 teams. Must be creating Bi-weekly, Monthly and Governance reports around the SOC operations for the Senior Management. Preferred Certifications IBM QRadar SIEM Certification. CISSP, CEH, CISM, or other relevant security certifications. Location and way of working Base location: Mumbai/Navi Mumbai Professional is required to work from office How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome… entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution. In this regard, you may refer to a more detailed advisory given on our website at: https://www2.deloitte.com/in/en/careers/advisory-for-career-aspirants.html?icid=wn_

Join our Team We are seeking a skilled SIEM Engineer to join our Managed Security Services team. You will be responsible for designing, implementing, managing, and supporting cybersecurity solutions, with a focus on SIEM tools and incident response. This is a hands-on technical role working with internal teams, customers, and third-party vendors to ensure robust security practices. Key Responsibilities: Design, deploy, and manage SIEM tools (e.g., QRadar, ArcSight, Splunk, McAfee ESM) and log integrations Create, tune, and maintain detection rules and dashboards Investigate and respond to security incidents and alerts Participate in security audits, threat hunting, and compliance checks Research emerging threats and enhance detection capabilities Support configuration management, system hardening, and network defense strategies Collaborate across teams to improve security operations and automation Required Skills: Strong hands-on experience with SIEM platforms & SIEM tools (e.g., QRadar, ArcSight, Splunk, McAfee ESM) and log integrations Deep understanding of security operations , incident response , and network/system security Experience with scanning tools (e.g., Nessus, Qualys ) and PAM solutions (e.g., CyberArk, BeyondTrust ) Solid knowledge of Linux/Windows environments and enterprise networks Familiar with encryption, security controls, and system hardening best practices Excellent analytical, troubleshooting, and communication skills Preferred: Security certifications (e.g., CEH, CISSP, GCIA, GCIH) Experience in automation and scripting for SOC workflows Willingness to participate in on-call support rotation Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply? Click Here to find all you need to know about what our typical hiring process looks like. Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more. Primary country and city: India (IN) || Noida Req ID: 769625

About Position: As a SOC Level 2 Analyst, you will play a crucial role in monitoring, analyzing, and responding to security incidents and threats within our organization's environment. You will work closely with SOC Level 1 analysts, as well as other cybersecurity professionals, to ensure the integrity, confidentiality, and availability of our systems and data. Role: SOC L2/L3 Support Location: Pune Experience: 5-12Years Job Type: Full Time Employment What You'll Do: Security Monitoring and Analysis: Monitor security event alerts generated by various security systems, including Sumo logic, QRadar, Palo Alto, Splunk, CrowdStrike, SentinelOne, SIEM, IDS/IPS, and endpoint detection platforms. Analyze security events to identify potential security incidents or anomalies that may pose a risk to the organization. Incident Triage and Investigation: Triage incoming security alerts based on their severity and potential impact on the organization. Conduct preliminary investigations to determine the nature and scope of security incidents. Gather and analyze evidence, including logs, network traffic, and system artifacts, to identify indicators of compromise (IOCs). Incident Response and Mitigation: Assist in the containment, eradication, and recovery phases of security incidents. Follow established incident response procedures and workflows to ensure timely and effective response to security threats. Collaborate with other members of the SOC team and relevant stakeholders to coordinate incident response efforts. Threat Intelligence Analysis: Stay informed about the latest cyber threats, vulnerabilities, and attack techniques by analyzing threat intelligence feeds and reports. Use threat intelligence to enhance the organization's detection capabilities and proactively identify emerging threats. Documentation and Reporting: Maintain accurate and detailed records of security incidents, including timelines of events, actions taken, and findings. Prepare incident reports and post-mortems to document the outcomes of security incidents and lessons learned. Ensure that all documentation complies with internal policies and regulatory requirements. Continuous Improvement: Participate in ongoing training and professional development activities to enhance knowledge and skills in cybersecurity. Provide feedback and suggestions for improving SOC processes, procedures, and tools. Stay abreast of industry best practices and emerging technologies in cybersecurity. Expertise You'll Bring: Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience). 5+ years of experience in a cybersecurity role, preferably in a SOC environment. Strong understanding of cybersecurity principles, concepts, and technologies. Experience with security monitoring tools such as QRadar, Palo Alto, Splunk, CrowdStrike, SentinelOne, SIEM, IDS/IPS, and endpoint detection platforms. Familiarity with incident response procedures and frameworks (e.g., NIST, SANS). Excellent analytical and problem-solving skills. Strong communication and interpersonal skills. Relevant certifications (e.g., CompTIA Security+, GIAC Security Essentials) are a plus. Benefits: Competitive salary and benefits package Culture focused on talent development with quarterly promotion cycles and company-sponsored higher education and certifications Opportunity to work with cutting-edge technologies Employee engagement initiatives such as project parties, flexible work hours, and Long Service awards Annual health check-ups Insurance coverage: group term life, personal accident, and Mediclaim hospitalization for self, spouse, two children, and parents Inclusive Environment: Persistent Ltd. is dedicated to fostering diversity and inclusion in the workplace. We invite applications from all qualified individuals, including those with disabilities, and regardless of gender or gender preference. We welcome diverse candidates from all backgrounds. We offer hybrid work options and flexible working hours to accommodate various needs and preferences. Our office is equipped with accessible facilities, including adjustable workstations, ergonomic chairs, and assistive technologies to support employees with physical disabilities. If you are a person with disabilities and have specific requirements, please inform us during the application process or at any time during your employment. We are committed to creating an inclusive environment where all employees can thrive. Our company fosters a values-driven and people-centric work environment that enables our employees to: Accelerate growth, both professionally and personally Impact the world in powerful, positive ways, using the latest technologies Enjoy collaborative innovation, with diversity and work-life wellbeing at the core Unlock global opportunities to work and learn with the industry’s best Let’s unleash your full potential at Persistent “Persistent is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind.”

Join our Team We are seeking a skilled SIEM Engineer to join our Managed Security Services team. You will be responsible for designing, implementing, managing, and supporting cybersecurity solutions, with a focus on SIEM tools and incident response. This is a hands-on technical role working with internal teams, customers, and third-party vendors to ensure robust security practices. Key Responsibilities: Design, deploy, and manage SIEM tools (e.g., QRadar, ArcSight, Splunk, McAfee ESM) and log integrations Create, tune, and maintain detection rules and dashboards Investigate and respond to security incidents and alerts Participate in security audits, threat hunting, and compliance checks Research emerging threats and enhance detection capabilities Support configuration management, system hardening, and network defense strategies Collaborate across teams to improve security operations and automation Required Skills: Strong hands-on experience with SIEM platforms & SIEM tools (e.g., QRadar, ArcSight, Splunk, McAfee ESM) and log integrations Deep understanding of security operations, incident response, and network/system security Experience with scanning tools (e.g., Nessus, Qualys) and PAM solutions (e.g., CyberArk, BeyondTrust) Solid knowledge of Linux/Windows environments and enterprise networks Familiar with encryption, security controls, and system hardening best practices Excellent analytical, troubleshooting, and communication skills Preferred: Security certifications (e.g., CEH, CISSP, GCIA, GCIH) Experience in automation and scripting for SOC workflows Willingness to participate in on-call support rotation Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply? Click Here to find all you need to know about what our typical hiring process looks like. Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more. Primary country and city: India (IN) || Noida Req ID: 769625

Our Company At Teradata, we believe that people thrive when empowered with better information. That’s why we built the most complete cloud analytics and data platform for AI. By delivering harmonized data, trusted AI, and faster innovation, we uplift and empower our customers—and our customers’ customers—to make better, more confident decisions. The world’s top companies across every major industry trust Teradata to improve business performance, enrich customer experiences, and fully integrate data across the enterprise. The Security Operations Analyst is responsible for monitoring, analyzing, and responding to cybersecurity incidents and threats promptly. This role is crucial in protecting the organization’s digital infrastructure, data, and assets by supporting daily security operations, investigating alerts, and enhancing the security posture through continuous improvement of detection and response capabilities. Work You’ll Do Monitor SIEM and security tools for suspicious activity and potential threats. Triage and analyze security alerts to determine impact and urgency. Investigate and respond to cybersecurity incidents, including malware infections, phishing, unauthorized access, and data exfiltration. Escalate significant incidents to senior analysts or incident response teams as needed. Maintain and tune security tools such as SIEM, EDR, IDS/IPS, and firewalls. Assist in rule creation and fine-tuning to reduce false positives and improve detection. Consume and correlate threat intelligence feeds with internal data. Identify indicators of compromise (IOCs) and proactively hunt for threats. Analyze logs from various sources (network, system, application) for anomalies. Correlate events across multiple data sets to uncover patterns and threats. Document incidents, response actions, and findings in incident management systems. Prepare regular reports on security posture, incident metrics, and threat trends. Assist in educating users on secure practices and common threats. What Makes You a Qualified Candidate Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field. 2–5 years of experience in a security operations or SOC role. Experience with SIEM platforms (e. g. , Splunk, Microsoft Sentinel, QRadar, etc. ). Hands-on knowledge of security tools (e. g. , EDR, IDS, firewalls, threat intelligence platforms). Familiarity with common threat vectors, attack techniques (MITRE ATT&CK), and incident response processes. Working knowledge of TCP/IP, networking concepts, Windows/Linux logs, and cloud security. Why We Think You’ll Love Teradata We prioritize a people-first culture because we know our people are at the very heart of our success. We embrace a flexible work model because we trust our people to make decisions about how, when, and where they work. We focus on well-being because we care about our people and their ability to thrive both personally and professionally. We are an anti-racist company because our dedication to Diversity, Equity, and Inclusion is more than a statement. It is a deep commitment to doing the work to foster an equitable environment that celebrates people for all of who they are. Teradata invites all identities and backgrounds in the workplace. We work with deliberation and intent to ensure we are cultivating collaboration and inclusivity across our global organization. ​ We are proud to be an equal opportunity and affirmative action employer. We do not discriminate based upon race, color, ancestry, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related conditions), national origin, sexual orientation, age, citizenship, marital status, disability, medical condition, genetic information, gender identity or expression, military and veteran status, or any other legally protected status.

The Security Operation Specialist has the end-to-end responsibility for the physical and logical security of the Network/Services, OSS/SQM, and Infrastructure in accordance with the security policy technically manage and operate components of security services provided to end users of Nokia customers, within service levels agreed with those customers. You have: 10+ years of extensive relevant experience and a graduate / postgraduate equivalent degree. Exposure to telecom technologies Security analytics and working knowledge of SOC technologies like SIEM, SOAR, etc. Scripting capabilities Industry certifications like CISSP/CEH/CISM/CISA It would be nice if you also had: Understanding of hacking techniques Understanding of 3GPP security requirements, ITU-T x.805, ISO27001, NIST, Mitre attack framework Build and maintain a library of threat hunting or analytics use cases for non-signature-based threat detection Build and maintain a library of pre-developed connectors to integrate leading SIEMs with diverse network elements Build and maintain a customizable library of remediation workflows or cyber playbooks Use cases should cover the entire kill chain, starting from reconnaissance, weaponization, delivery, exploitation, installation, C2, exfiltration, remediation, etc. Provide SME support to the delivery organization Testing and PoC of use cases in a lab environment Support in building use case demos. Work with different product lines to validate and test the feasibility of security use cases Build risk-driven cyber attack scenarios by clearly identifying threats, vulnerabilities, business impact, likelihood, approach, use case, scenarios, rules, remediation workflows, or a cyber playbook.

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Security Managed Services Engineer (L2) is a developing engineering role, responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational. Through the proactive monitoring, identifying, investigating, and resolving of technical incidents and problems, this role is able to restore service to clients. The primary objective of this role is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA) and focuses on second-line support for incidents and requests with a medium level of complexity. The Security Managed Services Engineer (L2) may also contribute to / support on project work as and when required. What You'll Be Doing Academic Qualifications and Certifications: BE/BTech in Electronics/EC/EE/CS/IT Engineering or MCA At least one security certification such as CCNA Security, CCSA, CEH, CompTIA, GCIH/GCIA Required Experience: At least one SIEM solution certifications with one or more SIEM/ Security solutions (i.e., RSA NetWitness, Splunk ES, Elastic ELK, HP ArcSight, IBM QRadar Log Rhythm). Minimum overall 5 years of experience in handling security related products & services in a reputed organization out of which 3 years’ experience should be in SIEM solution. Person should have adequate knowledge of security devices like firewalls, IPS, Web Application Firewall, DDOS, EDR, Incident response, SOAR and other security devices Administration of SIEM environment (e.g.: deployment of solution, user management, managing the licenses, upgrades and patch deployment, addition or deletion of log sources, configuration management, change management, report management, manage backup and recovery, etc.) Construction of SIEM content required to produce Content Outputs (e.g., filters, active lists, correlation rules, reports, report templates, queries, trends, variables) Integration of customized threat intelligence content feeds provided by the Threat Intelligence & Analytics service Identifies possible sensor improvements to prevent incidents Collects/updates threat intelligence feeds from various sources Creates situational awareness briefings Co-ordinates with the different departments for incident analysis, containment and remediation Liaise with Security monitoring team to discover repeatable process that lead to new content development Provides engineering analysis and architectural design of technical solutions Knowledge of networking protocols and technologies and network security Sound analytical and troubleshooting skills Key Responsibilities: Monitors client infrastructure and solutions. Identifies problems and errors prior to or when they occur. Routinely identifies common incidents and opportunities for avoidance as well as general opportunities for incident reduction. Investigates first line incidents assigned and identifies the root cause of incidents and problems. Provides telephonic or chat support to clients when required. Schedules maintenance activity windows for patching and configuration changes. Follows the required handover procedures for shift changes to ensure service continuity. Reports and escalates incidents where necessary. Ensures the efficient and comprehensive resolutions of incidents and requests. Updates existing knowledge articles or create new ones. Identifies opportunities for work optimization including opportunities for automation of work, request fulfilment, incident resolution, and other general process improvement opportunities. May also contribute to / support on project work as and when required. May work on implementing and delivering Disaster Recovery functions and tests. Performs any other related task as required. Workplace type: On-site Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Job Overview We are seeking an experienced DevSecOps Engineer . The ideal candidate will secure our applications, AWS infrastructure, and Content Delivery Networks (CDNs) by embedding security into every phase of the development lifecycle. You will collaborate with DevOps, development, and security teams to design, automate, and implement vulnerability management strategies, with a focus on CI/CD pipelines, Infrastructure as Code (IaC), and CDN optimization. Key Responsibilities Vulnerability Identification & Management Conduct automated scans and assessments of AWS infrastructure, applications, and CDN configurations for vulnerabilities using DevSecOps-integrated tools. Evaluate and deploy security tools within CI/CD pipelines for continuous vulnerability detection, tracking, and reporting. Prioritize vulnerabilities based on risk impact, leveraging threat intelligence, and drive remediation efforts across cross-functional teams. AWS & CDN Security Implement and enforce security best practices across AWS services (e.g., EC2, S3, IAM, Lambda, VPC) and CDN platforms (e.g., Cloudflare, Akamai, AWS CloudFront). Monitor AWS environments and CDN edge nodes for misconfigurations, threats, and performance-related security risks. Leverage AWS Security Hub, Inspector, GuardDuty, and CDN-specific security features (e.g., WAF, DDoS protection) to maintain a robust security posture. Application Security & DevSecOps Perform security reviews of application architecture, microservices, APIs, and CDN-integrated delivery systems. Embed security into the Software Development Life Cycle (SDLC) by integrating SAST/DAST tools (e.g., Snyk, SonarQube) into CI/CD workflows. Collaborate with development teams to shift security left, automating vulnerability detection and remediation in code and deployment pipelines. Incident Response & Remediation Respond to security incidents across AWS, applications, and CDN infrastructure, coordinating with internal and external teams. Conduct root cause analysis for incidents, including CDN-related vulnerabilities, and recommend automated preventative measures. Develop and maintain playbooks for vulnerability management and incident response, optimized for DevSecOps workflows. Collaboration & Automation Partner with DevOps, Security, and Development teams to integrate security into CI/CD pipelines, IaC (e.g., Terraform, CloudFormation), and CDN deployments. Drive adoption of DevSecOps practices, including container security (Docker, Kubernetes) and automated threat modeling. Provide training and mentorship on secure coding, AWS security, and CDN optimization to stakeholders. Required Skills and Qualifications Bachelors Degree in Information Security, Computer Science, or a related field, or equivalent experience. 8+ years of experience in vulnerability management, AWS security, application security, or DevSecOps roles. Strong expertise in AWS services (IAM, S3, EC2, Lambda) and CDN platforms (e.g., CloudFront, Cloudflare, Akamai). Proficiency with vulnerability scanning tools (e.g., Wiz, Qualys, AWS Inspector) and DevSecOps-integrated security tools. Hands-on experience with SAST/DAST tools (e.g., Snyk, SonarQube) and their integration into CI/CD pipelines. Deep understanding of OWASP Top 10, CWE, and CDN-specific security risks (e.g., cache poisoning, DDoS). Proven experience with automation, CI/CD pipelines (e.g., Jenkins, GitLab CI), and IaC (Terraform, CloudFormation). Familiarity with container security (Docker, Kubernetes) and securing CDN-integrated architectures. Knowledge of threat modeling, risk assessments, and penetration testing in a DevSecOps context. Preferred Qualifications AWS Certifications (e.g., AWS Certified Security Specialty, AWS Certified DevOps Engineer). Experience with DevSecOps frameworks and tools (e.g., HashiCorp Vault, Checkmarx). Hands-on experience securing APIs, microservices, and CDN edge configurations. Familiarity with CDN security features like Web Application Firewalls (WAF), rate limiting, and bot management. Certification in DevSecOps or related fields (e.g., Certified DevSecOps Professional).

5 - 13 Years 20 Openings Chennai, Kochi, Trivandrum Role description Must-Have Skills: Experience with SIEM vendors such as QRadar, Sentinel, Splunk Incident response and threat hunting expertise Strong knowledge of attack patterns, Tools, Techniques, and Procedures (TTPs) Experience in writing procedures, runbooks, and playbooks Strong analytical and problem-solving skills Hands-on experience with system logs, network traffic analysis, and security tools Proficiency in identifying Indicators of Compromise (IOCs) and Advanced Persistent Threats (APTs) Good-to-Have Skills: Experience setting up SIEM solutions and troubleshooting connectivity issues Familiarity with security frameworks and best practices Ability to collaborate with IT and security teams effectively Responsibilities: Act as an escalation point for high and critical severity security incidents Conduct in-depth investigations to assess impact and understand the extent of compromise Analyze attack patterns and provide recommendations for security improvements Perform proactive threat hunting and log analysis to detect potential threats Provide guidance on mitigating risks and improving security hygiene Identify gaps in security processes and propose enhancements Ensure end-to-end management of security incidents Document and update incident response processes and define future outcomes Participate in war room discussions, team meetings, and executive briefings Train team members on security tools and incident resolution procedures Skills L3 SOC Analyst, Qradar OR Sentinel OR Splunk or Google Chronicle) - Any 2 of the SIEM tools required EDR tools (Crowdstrike OR Defender OR SentinelOne) - Any 2 of the EDR tools required About UST UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world’s best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients’ organizations. With over 30,000 employees in 30 countries, UST builds for boundless impact—touching billions of lives in the process.

Position Title: SOC Level 3 Implementation Engineer/Analyst Responsibilities : Security Solution Design and Architecture: Collaborate with stakeholders to understand business requirements and define the architecture and design of security solutions within the SOC. Actively participate in Technical Table Top Drills (internal and external). Actively participate in Incident Response bridge calls. Develop comprehensive security architecture blueprints, SOC Maturity, and defense-in-depth strategies. Experience with security technologies and tools, such as QRadar, Splunk, SumoLogic, Palo Alto SIEM SOAR, CrowdStrike SentinelOne EDR, and endpoint protection platforms. Technology Evaluation and Selection: Evaluate and recommend security technologies, products, and vendors based on organizational needs, industry best practices, and emerging threats. Conduct proof-of-concept (POC) evaluations to assess the performance, functionality, and suitability of security solutions for deployment within the SOC environment. Security Solution Implementation: Lead the implementation and deployment of security technologies SIEM and SOAR and solutions within the SOC, ensuring adherence to design specifications and security standards. Configure and customize security products and tools to align with organizational requirements and operational workflows. Coordinate with cross-functional teams, including network engineering, system administration, and application development, to facilitate smooth deployment and integration. Process Development and Optimization: Define and document security processes, procedures, and workflows within the SOC, including incident detection, response, and remediation. Implement automation and orchestration capabilities to streamline SOC operations and improve response times to security incidents. Continuously assess and optimize security processes to enhance efficiency, effectiveness, and scalability. Security Tool Management and Administration: Administer and maintain security monitoring and detection tools deployed within the SOC environment, such as SIEM (Security Information and Event Management), SOAR and EDR (Endpoint Detection and Response) platforms. Perform routine maintenance tasks, including software updates, patch management, and configuration changes, to ensure the reliability and performance of security tools. Troubleshoot and resolve technical issues related to security tools and infrastructure, collaborating with vendors and support teams as needed. Log Source integration and its troubleshooting. Documentation and Knowledge Transfer: Prepare RCA for P1 and P2 Security Incidents. Maintain comprehensive documentation of implemented security solutions, configurations, and processes, including design documents, deployment guides, and standard operating procedures (SOPs). Provide training and knowledge transfer to SOC analysts and other stakeholders on new security technologies, tools, and procedures. Conduct technical training sessions, workshops, and brown bag sessions to enhance the skills and capabilities of the SOC team. Qualifications: Bachelors degree in Computer Science, Information Security, or a related field (or equivalent experience). 8+ years of experience in a cybersecurity role, with a focus on security solution design and implementation. Strong understanding of cybersecurity principles, concepts, and technologies, including network security, endpoint security, and threat detection. Experience with security technologies and tools, such as QRadar, Splunk, SumoLogic, Palo Alto SIEM SOAR, CrowdStrike SentinelOne EDR, firewalls, and endpoint protection platforms. Proficiency in scripting and automation languages (e.g., Python, PowerShell) for integration and workflow automation. Excellent analytical, problem-solving, and communication skills.Relevant certifications (e.g., CEH, CISSP, CCSP, CISM, GIAC) are preferred.

What youll be doing your accountabilities Leading a squad of skilled cyber security practitioners delivering new security controls and enhancements. Ensuring that delivery work is aligned with strategy and feeding outcomes and learning back into strategy. Developing Agile business cases in conjunction with key stakeholders. Prioritising squad work to deliver the greatest impact for the investment. Mobilising and overseeing end-to-end delivery of epics (from concept to closure). Ensuring that all required policies and procedures are complied with. Setting up and maintaining accurate epic financial forecasting and tracking glide-path to budget. Risk/issue and management. Managing change. Working across BT Group ensuring that deliveries of changes/risk controls are embedded in the operational organisation Working across BT Group ensuring that the operational effectiveness of delivered changes/risk controls are measured. Working across BT Group ensuring that benefits are realised and measured. Providing reporting to Security Portfolio Board (stakeholders up to BT CISO and BT CIO) and Security governance forums e.g. Security Council, Security Forum. Experience youd be expected to have MANDATORY 5+ years demonstrable experience of successfully leading complex, high value deliveries in an IT domain Excellent communication skills Strong stakeholder management skills Self-starter and able to manage time effectively Able to work accurately with numbers and data In receipt of formal training in Agile methodologies and can apply the knowledge to specific circumstances (accreditation doesnt need to be current) Demonstrable experience of successfully using Agile methodologies for delivery PREFERRED Degree or equivalent qualification/experience Experience leading complex cyber security deliveries Knowledge and experience of cyber assessment frame works Knowledge and experience of cyber risk management Experience of managing a significant budget in excess of 1m

About Gruve Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks. Position Summary We are seeking an experienced and highly skilled Technical Lead with a strong background in Java/Python, SaaS architectures, firewalls and cybersecurity products, including SIEM and SOAR platforms. The ideal candidate will lead technical initiatives, design and implement scalable systems, and drive best practices across the engineering team. This role requires deep technical expertise, leadership abilities, and a passion for building secure and high-performing security solutions. Key Responsibilities Lead the design and development of scalable and secure software solutions using Java/Python. Architect and build SaaS-based cybersecurity applications, ensuring high availability, performance, and reliability. Provide technical leadership, mentoring, and guidance to the development team. Ensure best practices in secure coding, threat modeling, and compliance with industry standards. Collaborate with cross-functional teams including Product Management, Security, and DevOps to deliver high-quality security solutions. Design and implement security analytics, automation workflows and ITSM integrations. Drive continuous improvements in engineering processes, tools, and technologies. Basic Qualifications A bachelor’s or master’s degree in computer science, electronics engineering or a related field 8-10 years of software development experience, with expertise in Java and/or Python. Strong background in building SaaS applications with cloud-native architectures (AWS, GCP, or Azure). In-depth understanding of microservices architecture, APIs, and distributed systems. Experience with containerization and orchestration tools like Docker and Kubernetes. Knowledge of DevSecOps principles, CI/CD pipelines, and infrastructure as code (Terraform, Ansible, etc.). Strong problem-solving skills and ability to work in an agile, fast-paced environment. Excellent communication and leadership skills, with a track record of mentoring engineers. Preferred Qualifications Experience with cybersecurity solutions, including SIEM (e.g., Splunk, ELK, IBM QRadar) and SOAR (e.g., Palo Alto XSOAR, Swimlane). Knowledge of zero-trust security models and secure API development. Hands-on experience with machine learning or AI-driven security analytics. ‍ Why Gruve At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you’re passionate about technology and eager to make an impact, we’d love to hear from you. Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.

Overview: We are looking for a skilled SIEM Administrator to manage and maintain Security Information and Event Management (SIEM) solutions such as Innspark , LogRhythm , or similar tools. This role is critical to ensuring effective security monitoring, log management, and event analysis across our systems. Key Responsibilities: Design, deploy, and manage SIEM tools (e.g., Innspark, LogRhythm, Splunk). Develop and maintain correlation rules, s, dashboards, and reports. Integrate logs from servers, network devices, cloud services, and applications. Troubleshoot log collection, parsing, normalization, and event correlation issues. Work with security teams to improve detection and response capabilities. Ensure SIEM configurations align with compliance and audit requirements. Perform routine SIEM maintenance (e.g., patching, upgrades, health checks). Create and maintain documentation for implementation, architecture, and operations. Participate in evaluating and testing new SIEM tools and features. Support incident response by providing relevant event data and insights. Required Qualifications: Bachelor's degree in Computer Science, Information Security, or related field. 5+ years of hands-on experience with SIEM tools. Experience with Innspark, LogRhythm, or other SIEM platforms (e.g., Splunk, QRadar, ArcSight). Strong knowledge of log management and event normalization. Good understanding of cybersecurity concepts and incident response. Familiarity with Windows/Linux OS and network protocols. Scripting knowledge (e.g., Python, PowerShell) is a plus. Strong troubleshooting, analytical, and communication skills. Industry certifications (CEH, Security+, SSCP, or vendor-specific) are a plus. Key Skills: SIEM Tools (Innspark, LogRhythm, Splunk) Troubleshooting Log Management & Analysis Scripting (optional) Security Monitoring Job location: Thiruvananthpuram Notice period: Immediate Required Skills Siem,Splunk,Troubleshooting