885 Qradar Jobs - Page 2

Security Operations Engineer II Hyderabad, Telangana, India Date posted Jul 29, 2025 Job number 1853495 Work site Microsoft on-site only Travel 0-25 % Role type Individual Contributor Profession Security Engineering Discipline Security Operations Engineering Employment type Full-Time Overview Do you love the excitement and learning opportunity to study, analyse and deal with the most complex threats to digital security in today's world? Do you have the “learner” mindset, are willing to un-learn old skills and learn new ones every day? Are you excited by the potential of influencing the state of security of our entire company, every day? If yes, then this opportunity is for you. Responsible for the installation, maintenance, support and optimization of all security-related components Facilitate incident response and forensic investigations Apply countermeasures to mitigate evolving security threats Work with other teams to ensure platform hardening, security maintenance, and vulnerability remediation procedures are followed Special Requirements Proficiency in KQL query and in a scripting language, preferably perl, PHP, or python a plus Must demonstrate basic knowledge of knowledge of Linux, Mac, and Strong understanding of Windows operating systems and networking protocols. About CDO - Cyber Defense Operations. An organization led by Microsoft’s Chief Information Security Officer enables Microsoft to deliver the most trusted devices and services. CDO’s vision is to ensure all information and services are protected, secured, and available for appropriate use through innovation and a robust risk framework. Qualifications 8+ years of work experience, with a minimum of 6 years of experience in SOC. Minimum 4 years of experience in Azure/Cloud Hands on experience with incident analysis, Threat Actor related incident handling, Large Scale incident responder and Threat Hunting. Understanding of Windows internals, Linux and Mac OS. Understanding of various attack methods, vulnerabilities, exploits, malware. Good Understanding of SIEM Console and tools such as Sentinel, Splunk, Qradar etc Social engineering - given that humans are the weakest link in the security chain, an analyst's expertise can help with awareness training Security assessments of network infrastructure, hosts and applications - another element of risk management. Conduct root cause analysis and post-incident reviews. Assist in tuning and optimizing detection rules and alerts. Forensics - investigation and analysis of how and why a breach or other compromise occurred. Develop and maintain incident response playbooks and standard operating procedures (SOPs). Collaborate with IT, DevOps, and other teams to remediate vulnerabilities and improve security controls. Troubleshooting - the skill to recognize the cause of a problem DLP, AV, FIM, web proxy, email proxy, etc. - a comprehensive understanding of the tools utilized to protect the organization. Excellent written and oral communication skills. Security certifications such as GCIH, GCFA, GREM, CySA+ Knowledge of Azure Sentinel and KQL query is a must and added advantage. Exposure to threat intelligence platforms and SOAR tools. Knowledge of MITRE ATT&CK framework and incident response methodologies. Responsibilities Technical Insight: Provides technical insight on incident analysis and management, threat mitigation, forensics, malware analysis, and automation. KRA and KPI Management: Ensures strong Key Result Areas (KRA) and Key Performance Indicators (KPI) management. Collaboration: Embraces the values of Microsoft through coaching and collaboration, and partners with peer teams working in similar areas. Stakeholder Management: Manages critical stakeholder calls and meetings (including non-business hours) while addressing critical security incidents. Security Knowledge: Possesses extensive hands-on knowledge of security concepts including cyber-attacks, techniques, threat vectors, risk management, and incident management. Automation Opportunities: Discovers potential automation opportunities or insights to enhance operational efficiency. Product Collaboration: Collaborates and advises product teams on enhancing Microsoft's first-party security products by offering actionable feedback for improvement. Team Environment: Cultivates a positive and inclusive team environment. Operational Rigor: Demonstrates exceptional operational rigor with real-world experience in cyber security operations, threat mitigation and incident response. Communication Skills: Exhibits excellent technical writing and oral communication skills. Problem-Solving: Shows a systematic problem-solving mindset. Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.  Industry leading healthcare  Educational resources  Discounts on products and services  Savings and investments  Maternity and paternity leave  Generous time away  Giving programs  Opportunities to network and connect Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.

Description What We Are Looking For: Meltwater’s collaborative Security Team needs a passionate Security Engineer to continue to advance Meltwater’s security. Working with a group of fun loving people who are genuinely excited and passionate about security, there will be more laughs than facepalms! If you believe that improving security is about constantly moving technology forward to be more secure, and shifting security tools and checks earlier in the development lifecycle, then you’ll feel at home on Meltwater’s Security Team! At Meltwater we want to ensure that we can have autonomous, empowered and highly efficient teams. Our Security Team charges head on into the challenge of ensuring our teams can maintain their autonomy without compromising the security of our systems, services and data. Through enablement and collaboration with teams, Security Engineers ensure that our development and infrastructure practices have security defined, integrated and implemented in a common-sense manner that reduces risk for our business. Security Engineers define best practices, build tools, implement security checks and controls together with the broader Engineering and IT teams to ensure that our employees and our customers' data stays safe. As part of this, we leverage AWS as a key component of our cloud infrastructure. Security Engineers play a critical role in securing and optimizing AWS environments by implementing best practices, automating security controls, and collaborating with teams to ensure scalability, resilience, and compliance with industry standards. What You’ll do: In this role, you will be designing and implementing security functions ranging from checks on IaC (Infrastructure as Code) to SAST/DAST scanners in our CI/CD pipelines. You will be collaborating closely with almost every part of the Meltwater organization and help create security impact across all teams with strong support from the business. Collaborate closely with teams to help identify and implement frictionless security controls throughout the software development lifecycle Propose and implement solutions to enhance the overall cloud infrastructure and toolset. Perform ongoing security testing, including static (SAST), dynamic (DAST), and penetration testing, along with code reviews, vulnerability assessments, and regular security audits to identify risks, improve security, and develop mitigation strategies. Educate and share knowledge around secure coding practices Identify applicable industry best practices and consult with development teams on methods to continuously improve the risk posture. Build applications that improve our security posture and monitoring/alerting capabilities Implement and manage security technologies including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, and security information and event management (SIEM) tools. Conduct vulnerability assessments, penetration testing, and regular security audits to identify risks and develop mitigation strategies. Monitor and respond to security incidents and alerts, performing root cause analysis and incident handling. Participate in incident response and disaster recovery planning, testing, and documentation. Manage identity and access management (IAM) solutions to enforce least privilege and role-based access controls (RBAC). Assist in the development of automated security workflows using scripting (Python, Bash, or similar). What You'll Bring: Strong collaboration skills with experience working cross functionally with a diverse group of stakeholders Strong communication skills with the ability to provide technical guidance to both technical and non-technical audiences Experience in implementing security controls early in the software development life cycle Knowledge of industry accepted security best practices/standards/policies such as NIST, OWASP, CIS, MITRE&ATT@CK Software developer experience in one or more of the following languages: JavaScript, Java, Kotlin or Python Experience in at least one public cloud provider, preferably AWS, with experience in security, infrastructure, and automation. Hands-on experience with SIEM platforms such as Splunk, QRadar, or similar. Proficiency in Linux operating system, network security, including firewalls, VPNs, IDS/IPS, and monitoring tools. Experience with vulnerability management tools (Snyk, Nessus, Dependabot) and penetration testing tools (Kali Linux, Metasploit). Experience in forensics and malware analysis. Self-motivated learner that continuously wants to share knowledge to improve others The ideal candidate is someone from a Software Development background with a passion for security. If you’re someone who understands the value of introducing security early in the software development lifecycle, and want to do so by enabling and empowering teams by building tools they WANT to use, we want to hear from you! What We Offer: Enjoy flexible paid time off options for enhanced work-life balance. Comprehensive health insurance tailored for you. Employee assistance programs cover mental health, legal, financial, wellness, and behaviour areas to ensure your overall well-being. Complimentary CalmApp subscription for you and your loved ones, because mental wellness matters. Energetic work environment with a hybrid work style, providing the balance you need. Benefit from our family leave program, which grows with your tenure at Meltwater. Thrive within our inclusive community and seize ongoing professional development opportunities to elevate your career. Where You'll Work: Hitec city, Hyderabad. When You'll Join: As per the offer letter Our Story At Meltwater, we believe that when you have the right people in the right environment, great things happen. Our best-in-class technology empowers our 27,000 customers around the world to make better business decisions through data. But we can’t do that without our global team of developers, innovators, problem-solvers, and high-performers who embrace challenges and find new solutions for our customers. Our award-winning global culture drives everything we do and creates an environment where our employees can make an impact, learn every day, feel a sense of belonging, and celebrate each other’s successes along the way. We are innovators at the core who see the potential in people, ideas and technologies. Together, we challenge ourselves to go big, be bold, and build best-in-class solutions for our customers. We’re proud of our diverse team of 2,200+ employees in 50 locations across 25 countries around the world. No matter where you are, you’ll work with people who care about your success and get the support you need to unlock new heights in your career. We are Meltwater. Inspired by innovation, powered by people. Equal Employment Opportunity Statement Meltwater is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: At Meltwater, we are dedicated to fostering an inclusive and diverse workplace where every employee feels valued, respected, and empowered. We are committed to the principle of equal employment opportunity and strive to provide a work environment that is free from discrimination and harassment. All employment decisions at Meltwater are made based on business needs, job requirements, and individual qualifications, without regard to race, color, religion or belief, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, marital status, veteran status, or any other status protected by the applicable laws and regulations. Meltwater does not tolerate discrimination or harassment of any kind, and we actively promote a culture of respect, fairness, and inclusivity. We encourage applicants of all backgrounds, experiences, and abilities to apply and join us in our mission to drive innovation and make a positive impact in the world.

Overview Information Security Analyst: Develops and executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. Researches attempted or successful efforts to compromise systems security and designs countermeasures. Maintains hardware, software and network firewalls and encryption protocols. Administers security policies to control physical and virtual access to systems. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems. Job Code Tip: May be internal or external, client-focused, working in conjunction with Professional Services and outsourcing functions. May include company-wide, web-enabled solutions. Individuals whose primary focus is on developing, testing, debugging and deploying code or processing routines that support security protocols for an established system or systems should be matched to the appropriate Programmer or Programmer/Analyst family in the Information Technology/MIS functional area. Responsibilities Should have process knowledge and technical knowledge on any of the SIEM tools ( like Qradar, LogRhythm, AlienVault, Splunk…etc). L2/L3 level is added advantage. Should have process knowledge and technical knowledge in AV tools like Symantec, McAfee, Trend Micro…etc. L2/L3 level is added advantage. Should have knowledge in managing Vulnerability tools and various remediation efforts. Review security logs generated by applications, devices and other systems, taking action or escalating to appropriate teams as needed. Enforce incident response service level agreement. Work with the global IT Security team to analyze, test and recommend tools to strengthen the security posture of the company Create and maintain operational reports allowing IT management team to understand the current and historical landscape of the IT security risks Vulnerability management assessment and remediation Participate in daily and ad-hoc meetings related to cyber security, controls and compliance, processes and documentation related tasks Research the latest information technology (IT) security trends Help plan and carry out an organization’s way of handling security Develop security standards and best practices for the organization Recommend security enhancements to management or senior IT staff Document security breaches and assess the damage they cause. Performs other duties as assigned. Uphold the company’s core values of Integrity, Innovation, Accountability, and Teamwork. Demonstrate behavior consistent with the company’s Code of Ethics and Conduct. It is the responsibility of every employee to report to their manager or a member of senior management any quality problems or defects in order for corrective action to be implemented and to avoid recurrence of the problem. Duties may be modified or assigned at any time to meet the needs of the business. Qualifications B. Tech, B.E or M.C.A 2-5 years’ Experience working in a Security Operations Center 2 years minimum in the computer industry Knowledge working with complex Windows environments Knowledgeable in various security frameworks such as NIST 800-53 / NIST 800-171 / ISO27001 Knowledge in design and administration of security tools Good written and verbal communication skills

We are looking for a highly skilled and experienced Security Analyst I to join our team at SteerLean, an IT Services & Consulting company. The ideal candidate will have 1-3 years of experience in the field. Roles and Responsibility Conduct thorough risk assessments and vulnerability testing to identify potential security threats. Develop and implement comprehensive security strategies to mitigate identified risks. Collaborate with cross-functional teams to ensure seamless integration of security measures. Monitor and analyze security event logs to detect anomalies and respond promptly to incidents. Stay up-to-date with emerging trends and technologies in cybersecurity. Provide expert guidance on security best practices to internal stakeholders. Job Requirements Strong understanding of security principles, including threat analysis and risk management. Proficiency in security tools such as firewalls, intrusion detection systems, and antivirus software. Excellent analytical and problem-solving skills, with attention to detail and the ability to work under pressure. Effective communication and collaboration skills, with the ability to work with diverse teams. Ability to adapt to changing priorities and deadlines in a fast-paced environment. Strong knowledge of industry standards and regulations related to security, such as HIPAA or PCI-DSS.

We are looking for a highly skilled and experienced Cyber Security Sales professional to join our team at Franchise Alpha. The ideal candidate will have a strong background in sales and management consulting, with excellent communication skills. Roles and Responsibility Develop and implement effective sales strategies to drive business growth. Build and maintain strong relationships with clients and stakeholders. Conduct market research and analyze industry trends to identify new business opportunities. Collaborate with cross-functional teams to develop and launch new products and services. Provide exceptional customer service and support to existing clients. Identify and pursue new business leads and opportunities. Job Requirements Proven experience in sales and management consulting, preferably in the cyber security industry. Excellent communication and interpersonal skills. Strong analytical and problem-solving skills. Ability to work in a fast-paced environment and meet deadlines. Strong negotiation and closing skills. Experience working with clients and stakeholders at all levels.

We are looking for a skilled Security Engineer IV to join our team at SteerLean, an IT Services & Consulting company. The ideal candidate will have 4 years of experience in the field. Roles and Responsibility Design and implement secure network architectures to protect against cyber threats. Develop and enforce security policies and procedures to ensure compliance with industry standards. Conduct vulnerability assessments and penetration testing to identify potential weaknesses. Collaborate with cross-functional teams to integrate security into all aspects of the business. Develop and maintain incident response plans and disaster recovery procedures. Stay up-to-date with emerging trends and technologies in cybersecurity. Job Requirements Bachelor's degree in Computer Science, Information Technology, or related field. Proven experience in designing and implementing secure network architectures. Strong understanding of security protocols and technologies such as firewalls, intrusion detection systems, and encryption. Experience with vulnerability assessment tools and penetration testing methodologies. Excellent problem-solving skills and attention to detail. Ability to work collaboratively in a fast-paced environment.

Project Role : Security Delivery Lead Project Role Description : Leads the implementation and delivery of Security Services projects, leveraging our global delivery capability (method, tools, training, assets). Must have skills : Managed Cloud Security Services Good to have skills : Security Information and Event Management (SIEM), Incident Management, Delivery & Service ManMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Delivery Lead, you will lead the implementation and delivery of Security Services projects, leveraging our global delivery capability (method, tools, training, assets). A typical day involves overseeing project implementation and ensuring successful delivery of security services. Roles & Responsibilities:- Expected to be an SME- Collaborate and manage the team to perform- Responsible for team decisions- Engage with multiple teams and contribute on key decisions- Provide solutions to problems for their immediate team and across multiple teams- Lead the implementation and delivery of Security Services projects- Leverage global delivery capability for successful project execution- Ensure adherence to project timelines and quality standards Professional & Technical Skills: - Must To Have Skills: Proficiency in Managed Cloud Security Services- Good To Have Skills: Experience with Incident Management- Strong understanding of security protocols and best practices- Knowledge of Security Information and Event Management (SIEM) systems- Experience in managing security incidents and response procedures Additional Information:- The candidate should have a minimum of 7.5 years of experience in Managed Cloud Security Services- This position is based at our Bengaluru office- A 15 years full-time education is required Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Oracle HCM Cloud Core HR Good to have skills : Oracle Applications Development, Security GovernanceMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your expertise to design, build, and protect enterprise systems, applications, data, assets, and people. Your typical day will involve collaborating with various teams to implement security measures, conducting risk assessments, and ensuring compliance with security policies. You will also engage in proactive monitoring of systems to identify vulnerabilities and respond to potential threats, all while maintaining a focus on safeguarding information and business processes against cyber threats. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct regular security assessments and audits to identify vulnerabilities.- Develop and implement security policies and procedures to protect enterprise systems. Professional & Technical Skills: - Must To Have Skills: Proficiency in Oracle HCM Cloud Core HR.- Good To Have Skills: Experience with Oracle Applications Development, Security Governance.- Strong understanding of security protocols and best practices.- Experience with risk assessment and management methodologies.- Familiarity with incident response and recovery processes. Additional Information:- The candidate should have minimum 3 years of experience in Oracle HCM Cloud Core HR.- This position is based at our Chennai office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Accenture MxDR Ops Security Threat Analysis Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your security skills to design, build, and protect enterprise systems, applications, data, assets, and people. A typical day involves collaborating with various teams to implement security measures, conducting assessments to identify vulnerabilities, and ensuring that all systems are fortified against potential cyber threats. You will also engage in continuous learning to stay updated on the latest security trends and technologies, contributing to a safer digital environment for the organization. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct regular security assessments and audits to identify vulnerabilities.- Develop and implement security policies and procedures to safeguard information and assets. Professional & Technical Skills: - Must To Have Skills: Proficiency in Accenture MxDR Ops Security Threat Analysis.- Strong understanding of threat detection and incident response.- Experience with security information and event management tools.- Knowledge of network security protocols and best practices.- Familiarity with compliance standards and regulations related to cybersecurity. Additional Information:- The candidate should have minimum 2 years of experience in Accenture MxDR Ops Security Threat Analysis.- This position is based at our Hyderabad office.- A 15 years full time education is required. Qualification 15 years full time education

Job Purpose and Impact The Professional, Surface Area Management job safeguards the organization's digital assets by identifying and mitigating security vulnerabilities. With limited supervision, this job maintains vulnerability management systems' effectiveness and improves the organization's overall cybersecurity posture. Key Accountabilities The Professional Vulnerability Analyst job safeguards the organizations digital assets by identifying, assessing, and helping remediate vulnerabilities across the global enterprise. With limited supervision, this job maintains vulnerability management systems' effectiveness and improves the organizations overall cybersecurity posture through close coordination with stakeholders such as IT, security engineering, and application owners. This includes the following: Analyzing vulnerability data from tools such as Tenable, Qualys, or Rapid7. Prioritizing vulnerabilities based on risk context. Tracking remediation process and driving accountability with system owners through ticketing systems like Jira or ServiceNow. Strong communication and collaboration skills to work effectively across IT and security teams. Generate and present reports on vulnerability trends, SLA compliance, and risk posture. Support vulnerability scanning operations and troubleshoot scan coverage issues. Collaborate with other cyber security teams like Threat Intelligence to validate and enrich findings. Assist in patch validation and change coordination for remediation activities. Contribute to the tuning of scanning tools and development of custom dashboards. Stay informed on emerging threats, CVEs, zero-days, and best practices in vulnerability management. Solid understanding of CVSS, MITRE ATT&CK, and modern threat landscapes. Familiarity with remediation strategies on Windows, Linux, networking equipment, and cloud services (AWS, Azure, GCP, and/or OCI) - focused specialty in cloud services is a plus. Qualifications Minimum requirement of 2 years of relevant work experience. Typically reflects 3 years or more of relevant experience.

Overview 170+ Years Strong. Industry Leader. Global Impact. At Pinkerton, the mission is to protect our clients. To do this, we provide enterprise risk management services and programs specifically designed for each client. Pinkerton employees are one of our most important assets and critical to the delivery of world-class solutions. Bonded together, we share a commitment to integrity, vigilance, and excellence. Pinkerton is an inclusive employer who seeks candidates with diverse backgrounds, experiences, and perspectives to join our family of industry subject matter experts. The Global Security Operations Center (GSOC) Operator will play a critical role in monitoring daily operations, various security systems, multiple communications outlets, and fire/life safety systems. The Operator is dedicated to ensuring a swift and effective response to security incidents and emergencies for all sites. This role is encouraged to recommend and work towards continuous improvement and proactive measures to uphold the client’s commitment to safety. Responsibilities Represent Pinkerton’s core values of integrity, vigilance, and excellence. Monitor security, CCTV, access control, alarms, communications, and fire/life safety systems within the designated region using provided monitoring systems. Respond to and manage alarms and incidents and dispatch Security Specialists to various calls for service, customer assistance, emergencies, and security situations. Utilize exceptional customer service skills to handle critical situations with a calm and problem-solving approach while following all safety and security procedures. Thoroughly document security incidents in the case management system. Respond to emergencies with urgency and maintain open communication with management and key leaders. Liaise with public safety agencies and their dispatch centers to coordinate emergency response. Assist client employees with safety and security concerns via email and phone. Investigate alarms with security patrol and facilities, and if necessary, alert fire and/or police services. Assist with after-hours administration of access badges. Conduct audits of panic/duress alarms, badge readers and doors. Perform quality assurance functions to maintain adherence to continuous improvement principles as defined by GSOC Management. Collaborate with the GSOC management and ensure compliance with Key Performance Indicators (KPIs) and/or Standard Operating Procedures (SOPs). Participate in training exercises between field Officers and Operators. All other duties, as assigned. Qualifications High school diploma or GED with one to two years of experience within a GSOC or similar environment as a Dispatcher or Security Operator. Able to ensure compliance, monitoring of assets, and making rapid notifications via mass communication tools. Able to analyze and make decisions regarding data as it pertains to operational responsibilities. Effective written and verbal communication skills. Attentive to meticulous detail and accurate documentation. Able to remain composed under pressure. Serve as a positive team player. Able to make appropriate decisions under pressure/stress. Self-motivated and proactive attitude. Able to adapt as the external environment and organization evolve. Able to effectively interact with other departments and varying levels of management. Able to prioritize workload based on urgency. Efficient time management skills. Maintain confidentiality when dealing with sensitive information Working Conditions: With or without reasonable accommodation, requires the physical and mental capacity to effectively perform all essential functions; Regular computer usage. Occasional reaching and lifting of small objects and operating office equipment. Frequent sitting, standing, and/or walking. Travel, as required. Pinkerton is an equal opportunity employer to all applicants and positions without regard to race/ethnicity, color, national origin, ancestry, sex/gender, gender identity/expression, sexual orientation, marital/prenatal status, pregnancy/childbirth or related conditions, religion, creed, age, disability, genetic information, veteran status, or any protected status by local, state, federal or country-specific law.

Job Description CyberSecOn is looking for a talented and dedicated Cyber Security Analyst who can work remotely. A Cyber Security Analyst is responsible for maintaining the security and integrity of data. The security analyst must possess knowledge of every aspect of information security to protect company assets from evolving threat vectors.The main responsibilities will include: Monitor and investigate security events and alerts from various sources, such as logs, network traffic, threat intelligence, and user reports. Conduct proactive and reactive threat hunting campaigns to uncover hidden or emerging threats on the cloud environment. Perform root cause analysis and incident response to contain and remediate cloud abuse incidents. Document and communicate findings, recommendations, and lessons learned to relevant stakeholders and management. Develop and update cloud abuse detection rules, indicators, and signatures. Research and stay updated on the latest cloud abuse trends, tactics, techniques, and procedures (TTPs) of threat actors. Provide guidance and training to other security teams and cloud users on best practices and standards for cloud security. Manage multiple client environment cyber security infrastructure and applications. Knowledge of ServiceNow, Zoho desk, Jira/Confluence, etc. Perform vulnerability risk reviews using Qualys, Rapid7 and/or Tenable. Responsible for managing and improving the defined patch management & configuration review process and activities. Proactively manage applications, infrastructure security & network risks; ensuring security infrastructure aligns with companys compliance requirements. Skills & Experience: 4 years + years of experience in a security analyst role, preferably in a SOC environment. Good knowledge on security analyst, engineering, and project management experience Experience in client management for security projects. Knowledge and hands-on experience with SIEM technologies such as Microsoft Sentinel, Rapid7 Insight IDR, Wazuh, etc. Create play books and automation on Microsoft sentinel is desirable. Strong experience in Virtualisation, Cloud (Azure, AWS, other service providers) design, configuration, and management. Ability to manage priorities, perform multiple tasks and work under dynamic environment and tight deadlines. Ability to perform vulnerability assessments, penetration testing using manual testing techniques, scripts, commercial and open-source tools. Experience and ability to perform Phishing campaign and/or similar social engineering exercise. Subject matter expert in one or multiple areas as Windows, Unix, Linux OS. Vendor or Security specific certifications is preferred. Demonstrated analytical, conceptual and problem-solving skills. Ability to work effectively with limited supervision on multiple concurrent operational activities. Ability to communicate effectively via email, report, procedures in a professional and succinct manner. Preferred : Candidates who can join immediately or within 15 days.

Job Title: SOC Consultant Location: Gurgaon / Bangalore Experience: 3+ Years Position Type: Full-time Immediate Joiners Preferred Job Description: We are seeking a skilled SOC (Security Operations Center) Consultant with 3+ years of experience in security operations, threat analysis, and incident response. The ideal candidate should have hands-on experience with SIEM tools and a strong understanding of cybersecurity principles and frameworks. Key Responsibilities: Monitor, analyze, and respond to security events and incidents Operate and manage SIEM platforms (e.g., Splunk, QRadar, ArcSight, etc.) Perform real-time threat analysis, detection, and triage of security incidents Support vulnerability management and threat intelligence integration Work closely with clients and internal teams to implement security best practices Document security incidents and contribute to knowledge base development Assist in the development of security playbooks and incident response plans Required Skills: 3+ years of experience in SOC operations or a similar cybersecurity role Proficiency in SIEM tools and log analysis Good understanding of TCP/IP, IDS/IPS, firewalls, and malware analysis Familiarity with threat hunting techniques and cybersecurity frameworks (NIST, MITRE ATT&CK) Strong analytical and problem-solving skills Excellent communication and documentation skills Certifications (Preferred): CEH / CompTIA Security+ / SSCP / Splunk Certified / Microsoft SC-200 or equivalent

Responsibilities- Configure, and maintain the SIEM platform ( ELK) Develop and fine-tune correlation rules, alerts, and dashboards to support SOC use cases. Onboard log sources from various platforms (Windows, Linux, cloud, network devices, applications). Perform health checks, upgrades, and patch management of SIEM components. Work closely with SOC analysts to improve detection capabilities and reduce false positives. Collaborate with threat intel and incident response teams to create advanced detection logic. Automate log ingestion and alert tuning using scripting (Python, PowerShell, etc.). Develop and maintain documentation, runbooks, and standard operating procedures (SOPs ). Beneficial: Good Documentation skills Good at Incident Management. Personal Characteristics: Strong communication skills, ability to work comfortably with different regions Actively participate within internal project community Good team player, ability to work on a local, regional and global basis and as part of joint cross location initiative. Self-motivated, able to work independently and with a team.

SOC L2 Engineer Location - Bangalore/Chandigarh Experience - 4+ years Hands-on expertise with either IBM QRadar and/or Microsoft Sentinel SIEM platforms As this is an immediate need, candidates who can join within 30 days may apply. About the Role: We are seeking a highly skilled and motivated L2 SOC Engineer with 4-6 years of experience in implementing security solutions, maintenance and troubleshooting. The ideal candidate will have deep hands-on expertise with either IBM QRadar and/or Microsoft Sentinel SIEM platforms. You will play a crucial role in integration, monitoring, and analyzing to security tools/incidents, and contributing to the continuous improvement of our security posture. Key Responsibilities: SIEM Administration & Optimization: Support the administration, maintenance, and health monitoring of the SIEM platform (QRadar or Microsoft Sentinel). Log source integration and parsing. Assist with log source onboarding, parser development, and data normalization within the SIEM. Contribute to the continuous improvement of SOC processes, playbooks, and standard operating procedures (SOPs). Security Monitoring & Incident Response: Conduct thorough investigations to determine the scope, root cause, and impact of security incidents (e.g., malware infections, phishing attempts, unauthorized access, denial-of-service attacks). Execute incident response procedures, including containment, eradication, and recovery, in accordance with established playbooks and industry best practices (e.g., NIST, MITRE ATT&CK). Document all incident details, analysis findings, and remediation steps accurately and comprehensively in the incident management system. Collaborate with cross-functional teams (IT operations, network, application development) to facilitate incident resolution and implement corrective actions. Participate in on-call rotation as required to ensure 24/7 security coverage. Required Skills and Qualifications: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. 4-6 years of hands-on experience in a Security Operations Center (SOC) environment. Strong expertise with either IBM QRadar and Microsoft Sentinel, including: In-depth knowledge of SIEM components and how it works. Good troubleshooting skills. In-depth knowledge of log source integration troubleshooting. Experience in developing and optimizing correlation rules, use cases, and dashboards. Familiarity with log source integration and data ingestion. (For QRadar): Experience with QRadar AQL (Ariel Query Language) and building blocks. (For Sentinel): Proficiency with KQL (Kusto Query Language) and Azure security services (Azure AD, Azure Security Center, Azure Log Analytics). Strong knowledge of network protocols (TCP/IP, HTTP, DNS, SMTP, etc.) and network security concepts (firewalls, IDS/IPS, VPNs). Proficiency in analyzing logs from various sources (Windows Event Logs, Linux logs, firewall logs, web server logs, cloud logs). Familiarity with scripting languages (e.g., Python, PowerShell) for automation and data analysis is a plus. Excellent analytical, problem-solving, and critical thinking skills. Strong written and verbal communication skills, with the ability to articulate technical issues to both technical and non-technical audiences. Ability to work effectively both independently and as part of a team in a fast-paced environment. Preferred Certifications (one or more highly desirable): Microsoft Certified: Azure Security Engineer Associate (for Sentinel focus) IBM Certified Analyst - Security QRadar SIEM

Mizuho Global Services Pvt Ltd (MGS) is a subsidiary company of Mizuho Bank, Ltd, which is one of the largest banks or so called ‘Mega Banks’ of Japan. MGS was established in the year 2020 as part of Mizuho’s long-term strategy of creating a captive global processing centre for remotely handling banking and IT related operations of Mizuho Bank’s domestic and overseas offices and Mizuho’s group companies across the globe. At Mizuho we are committed to a culture that is driven by ethical values and supports diversity in all its forms for its talent pool. Direction of MGS’s development is paved by its three key pillars, which are Mutual Respect, Discipline and Transparency, which are set as the baseline of every process and operation carried out at MGS. About the Role: SOC analyst We are seeking a highly skilled and motivated Senior Security Operations Center (SOC) Analyst to join our dynamic team. You will play a critical role in safeguarding our organization's information assets by monitoring, detecting, and responding to security threats. Roles and Responsibilities: · Monitor security events and alerts generated by SIEM tools and other security systems. · Conduct in-depth investigations of security incidents to identify root causes and potential threats. · Respond to security incidents in a timely and effective manner, following established incident response procedures. · Develop and maintain SOC rules, playbooks, and procedures. · Analyze security trends and identify potential vulnerabilities. · Collaborate with other security teams to improve overall security posture. · Stay up-to-date on the latest security threats and trends. Relevant Skills and Experience: · 5-7 years of experience in security operations, incident response, or a related field. · Strong understanding of security concepts, principles, and best practices. · Proficiency in using SIEM tools (e.g., Splunk, QRadar, ArcSight). · Experience in developing and maintaining SOC rules, playbooks, and procedures. · Knowledge of common security threats, vulnerabilities, and attack vectors. · Experience with network and system security tools (e.g., firewalls, intrusion detection systems, antivirus). · Experience with scripting languages (e.g., Python, PowerShell). · Experience with cloud security (e.g., AWS, Azure, GCP). Address : Address: Mizuho Global Services India Pvt. Ltd, 11th Floor, Q2 Building Aurum Q Park, Gen 4/1, Ttc, Thane Belapur Road, MIDC Industrial Area, Ghansoli, Navi Mumbai- 400710. Interested candidates send resume on mgs.rec@mizuho-cb.com along with the below details. Current CTC Expected CTC Notice period Experience in SOC Available for F2F ?

Area(s) of responsibility About Us Birlasoft, a global leader at the forefront of Cloud, AI, and Digital technologies, seamlessly blends domain expertise with enterprise solutions. The company’s consultative and design-thinking approach empowers societies worldwide, enhancing the efficiency and productivity of businesses. As part of the multibillion-dollar diversified CKA Birla Group, Birlasoft with its 12,000+ professionals, is committed to continuing the Group’s 170-year heritage of building sustainable communities. Location -Mumbai ,Pune ,Bangalore, Hyderabad , Noida Exp -8 yrs to 10 yrs About The Role We are seeking a skilled Network Security Engineer to design, implement, and maintain secure network infrastructures. The ideal candidate will possess strong expertise in network protocols, firewall and IDS/IPS configuration, VPN solutions, and security compliance standards. You will be instrumental in enhancing our network security posture through threat detection, risk assessment, and zero trust architecture implementation. Key Responsibilities Design, configure, and manage network security devices including firewalls (Palo Alto, Fortinet, Cisco ASA) and intrusion detection/prevention systems (Snort, Suricata). Implement and manage Network Access Control (NAC) systems utilizing 802.1X, RADIUS, and Cisco ISE for role-based access control. Configure and maintain secure VPN solutions including IPsec, SSL VPNs, and site-to-site tunnels. Conduct SIEM and log analysis using tools such as Splunk, QRadar, and ELK Stack to detect and respond to security threats. Design and enforce network segmentation and apply Zero Trust security principles. Ensure compliance with security standards such as ISO 27001, NIST, PCI-DSS, GDPR, and HIPAA. Perform threat modeling, vulnerability assessments, and risk analysis to mitigate security risks. Collaborate with cross-functional teams to develop and enforce security policies and procedures. Core Technical Competencies Deep understanding of network protocols including TCP/IP, UDP, ICMP, DNS, HTTP/S, FTP. Hands-on experience with firewall and IDS/IPS tools such as Palo Alto, Fortinet, Cisco ASA, Snort, and Suricata. Familiarity with Network Access Control frameworks (802.1X, RADIUS), especially Cisco ISE. Expertise in VPN technologies like IPsec and SSL VPNs. Proficiency in SIEM platforms and log correlation for threat detection and incident response. Knowledge of network segmentation strategies and Zero Trust architecture. Strong understanding of compliance requirements (ISO 27001, NIST, PCI-DSS, GDPR, HIPAA). Ability to conduct threat modeling and risk assessments. Required Certifications CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) CEH (Certified Ethical Hacker) CompTIA Security+ CCNP Security (Cisco Certified Network Professional Security) Palo Alto PCNSA/PCNSE Qualifications Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent experience). Proven experience in network security engineering or a similar role. Why Join Us? Work with cutting-edge security technologies. Collaborate with a passionate and dynamic security team. Opportunities for professional growth and certification support.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : BeyondTrust Privileged Access Management Good to have skills : NA Minimum 7.5 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: We are looking for a seasoned BeyondTrust Implementation Engineer with 5 to 10 years of experience in enterprise cybersecurity, particularly in Privileged Access Management (PAM) implementation. The ideal candidate will have hands-on expertise in designing, deploying, integrating, and optimizing BeyondTrust PAM solutions, with deep understanding of enterprise IT landscapes, security architecture, and regulatory compliance requirements. This is a technical, client-facing role requiring strong analytical, communication, and project management skills to drive PAM solution rollouts and ensure they align with the client’s security objectives and business processes. Roles & Responsibilities: Lead the full lifecycle of BeyondTrust deployments, including requirement gathering, environment assessment, design, deployment, testing, go-live, and support. Configure and customize BeyondTrust products such as: o Password Safe: secure credential storage, automated password rotation, credential injection. o Privilege Management for Windows/Mac/Unix: application control, policy-based least privilege. o Secure Remote Access / Remote Support: secure vendor and internal access. Develop and enforce custom policies and rules for privilege elevation, whitelisting, blacklisting, and session monitoring. Design scalable and secure PAM architectures tailored to enterprise environments (on-premise, hybrid, cloud). Integrate BeyondTrust with IT ecosystems: o Active Directory / LDAP / Azure AD o SIEM (e.g., Splunk, QRadar) o ITSM (e.g., ServiceNow, BMC Remedy) o MFA / SSO solutions (e.g., Okta, Duo, Ping) o Vaulting of SSH Keys, API Keys, and Cloud Secrets Automate BeyondTrust tasks and integrations using: o PowerShell, Bash, Python, or RESTful APIs Build custom connectors or plug-ins for third-party tools. Implement RBAC (Role-Based Access Control) for administrators, auditors, and users. Establish password rotation schedules, check-in/check-out rules, and approval workflows. Enable session recording, keystroke logging, and real-time session termination features. Conduct user acceptance testing (UAT) and performance tuning post-deployment. Produce high-quality deliverables: HLD, LLD, implementation runbooks, migration plans, SOPs, rollback procedures. Conduct hands-on training and knowledge transfer sessions for admins and security teams. Assist with creation of audit and compliance reports related to privileged access. Act as Level 3 escalation point for PAM-related incidents and service disruptions. Diagnose and resolve complex issues involving PAM platform, connectors, and integrations. Provide post-deployment support including system health checks, hotfixes, and version upgrades. Professional & Technical Skills: Minimum 5 years of experience in cybersecurity/IT infrastructure with 3+ years dedicated to BeyondTrust PAM products. In-depth experience in implementing BeyondTrust Password Safe, Privilege Management for Endpoints, and Secure Remote Access. Strong working knowledge of: o Authentication protocols (Kerberos, LDAP, RADIUS, SAML, OAuth) o Operating systems: Windows Server, Linux/Unix o Enterprise directories: AD, Azure AD o Networking basics and firewall concepts Proficiency in scripting: PowerShell, Python, Bash Familiarity with regulatory and security standards: ISO 27001, NIST, GDPR, HIPAA, SOX Hands-on experience with ITSM and ticketing platforms for automation and integration. Excellent verbal and written communication, interpersonal, and customer-facing skills. Additional Information: - 5 or more years’ experience implementing and performing integrations with BeyoundTrust. - This position is based at our Bengaluru, Chennai,Pune,Hyderabad, Gurugaon - A 15-year full time education is required

Company Description Aguna Solutions is an IT services company dedicated to leveraging technology to build better futures for our customers, colleagues, environment, and communities. We excel in transforming operations and driving innovation through Robotics Process Automation, Product Development, Cyber/Information Security, Cloud, Consulting, Implementation, and Business Intelligence services. Our commitment to quality is upheld by proven processes and models, ensuring consistent results. We are driven by a mission to fuel digital innovation through inspired creativity, unbounded by traditional software and systems. Role Description We are seeking a highly skilled and self-driven Cybersecurity Specialist with hands-on experience in Imperva Database Activity Monitoring (DAM) to join our security operations team. The ideal candidate will have deep expertise in deploying, configuring, and troubleshooting Imperva DAM solutions, along with broad knowledge of various other enterprise security tools. The role requires strong problem-solving abilities, attention to detail, and a proactive mindset for enhancing our security posture. Job Responsibilities Install, configure, and manage Imperva DAM across diverse environments. Perform ongoing administration, health checks, and tuning of Imperva systems. Develop and maintain security policies, rulesets, and custom alerts within Imperva DAM. Work closely with DBAs, system admins, and compliance teams to support audit and monitoring requirements. Troubleshoot and resolve performance, connectivity, and configuration issues related to security tools. Deploy and support other security tools such as SIEMs, vulnerability scanners, endpoint security platforms, firewalls, etc. Maintain detailed technical documentation, SOPs, and architectural diagrams. Stay current with emerging threats, vulnerabilities, and best practices in data protection and security monitoring. Assist in incident response and investigations involving data access or database-related threats. Required Qualifications 3+ years of experience in cybersecurity, with 2+ years of hands-on work with Imperva DAM. Strong understanding of database environments (Oracle, SQL Server, MySQL, etc.) and how DAM integrates with them. Proven experience in installation, configuration, upgrade, and troubleshooting of security tools in enterprise environments. Working knowledge of Linux and Windows systems. Familiarity with SIEM (e.g., Splunk, QRadar), endpoint protection (e.g., CrowdStrike, SentinelOne), and vulnerability scanners (e.g., Qualys, Nessus). Strong scripting skills (e.g., Shell, PowerShell, Python) are a plus. Excellent communication, documentation, and analytical skills. Preferred Qualifications Imperva Certified Implementation Specialist (if applicable). Experience with cloud deployments (AWS, Azure) of security tools. Prior experience supporting GRC/audit requirements (e.g., PCI-DSS, SOX). Knowledge of database security best practices and insider threat detection.

Position Summary: The SOC Engineering and Operational Lead Engineer is responsible for the engineering and administration activities of SOC tools, such as SIEM, SOAR, and deception technology. Continuously focus on enabling Automations to Support SOC Tools Administrations & Security Incident Detections and response activities. Roles & Responsibilities: Daily Operational management of SOC Tools. (Including SIEM, SOAR..etc Components Infra Maintenance). Log, Alert & Enrichment sources integrations with SOC Tools. Co-ordinate with different stakeholders to understand the Integration sources to ensure appropriate baseline created and maintained as per industry standards. Ensure appropriate correlation rules are in place against the log source types for threat/anomaly detections. Ensure proper Incident types, fields, playbooks are defined for Automations in SOAR. Continuous touch base with Incident Detection and Response team to fine tune the rules with adequate threshold based on their feedback. Evaluate New SOAR/SIEM/Log analytics/big data forensic technologies products to maintain our tools base per industry standard and Olam requirements. (including Open source) Interface with stakeholders in different parts of the globe to ensure systems are deployed to the appropriate configuration. Develop metrics dashboard to identify trends, anomalies, and opportunities for improvement. Ensure adequate change management and documents maintained for SIEM related Changes. Periodical review of SOC Tools Architecture, Log Baseline, Rules, Assets health, Automations, Playbooks..etc. Ensure high quality of Industry standards and brand consistency in all IT projects. Ensure to work with technology stakeholders to enable the deception decoys. Profile Description: Must have 4+ years of experience in Splunk On Prem & Cloud SIEM Engineering and Administration. Should have hands on experience in Implementation, configuration, and management of SIEM & SOAR technologies. (Prefer Splunk, Elk, Qradar,Securonix, Demisto, google secops, servicenow secops) Should have hands on experience in creating custom correlation rules/alerts, searches, and data analytics in Splunk or similar Log analytics tool. Should have hands on experience in creating custom playbooks, automation scripts in SOAR. Must have strong working knowledge of Linux-flavored OS environments. Strong knowledge in Broad infrastructure and technology background including demonstrable understanding of security operations in critical environment. Have sound analytical and problem-solving skills. Should have some experience with cloud infrastructure like Microsoft Azure, AWS & GCP. Prefer Splunk or Similar log analytics certified Professional. Must have strong scripting & Programming language knowledge. (Python,Powershell Vbscript,c\c++,.net..etc) We are Mindsprint! A leading-edge technology and business services firm that provides impact driven solutions to businesses, enabling them to outpace speed of change. For over three decades we have been accelerating technology transformation for the Olam Group and their large base of global clients. Working with leading technologies and empowered with the freedom to create new solutions and better existing ones, we have been inspiring businesses with pioneering initiatives. Awards bagged in the recent years: Best Shared Services in India Award by Shared Services Forum – 2019 Asia’s No.1 Shared Services in Process Improvement and Value Creation by Shared Services and Outsourcing Network Forum – 2019 International Innovation Award for Best Services and Solutions – 2019 Kincentric Best Employer India – 2020 Creative Talent Management Impact Award – SSON Impact Awards 2021 The Economic Times Best Workplaces for Women – 2021 & 2022 #SSFExcellenceAward for Delivering Business Impact through Innovative People Practices – 2022 For more info: https://www.mindsprint.org/ Follow us in LinkedIn: Mindsprint

2 - 3 Years 1 Opening Trivandrum Role description Overview: We are looking for a skilled SIEM Administrator to manage and maintain Security Information and Event Management (SIEM) solutions such as Innspark , LogRhythm , or similar tools. This role is critical to ensuring effective security monitoring, log management, and event analysis across our systems. Key Responsibilities: Design, deploy, and manage SIEM tools (e.g., Innspark, LogRhythm, Splunk). Develop and maintain correlation rules, s, dashboards, and reports. Integrate logs from servers, network devices, cloud services, and applications. Troubleshoot log collection, parsing, normalization, and event correlation issues. Work with security teams to improve detection and response capabilities. Ensure SIEM configurations align with compliance and audit requirements. Perform routine SIEM maintenance (e.g., patching, upgrades, health checks). Create and maintain documentation for implementation, architecture, and operations. Participate in evaluating and testing new SIEM tools and features. Support incident response by providing relevant event data and insights. Required Qualifications: Bachelor’s degree in Computer Science, Information Security, or related field. 3+ years of hands-on experience with SIEM tools. Experience with Innspark, LogRhythm, or other SIEM platforms (e.g., Splunk, QRadar, ArcSight). Strong knowledge of log management and event normalization. Good understanding of cybersecurity concepts and incident response. Familiarity with Windows/Linux OS and network protocols. Scripting knowledge (e.g., Python, PowerShell) is a plus. Strong troubleshooting, analytical, and communication skills. Industry certifications (CEH, Security+, SSCP, or vendor-specific) are a plus. Key Skills: SIEM Tools (Innspark, LogRhythm, Splunk) Troubleshooting Log Management & Analysis Scripting (optional) Security Monitoring Skills Siem,Splunk,Troubleshooting Skills Siem,Splunk,Troubleshooting About UST UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world’s best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients’ organizations. With over 30,000 employees in 30 countries, UST builds for boundless impact—touching billions of lives in the process.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. CMSTDR Senior (TechOps) KEY Capabilities: Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA Minimum of Splunk Power User Certification Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc. Perform remote and on-site gap assessment of the SIEM solution. Define evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations Conduct interview with stakeholders, review documents (SOPs, Architecture diagrams etc.) Evaluate SIEM based on the defined criteria and prepare audit reports Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment. Understand customer requirements and recommend best practices for SIEM solutions. Offer consultative advice in security principles and best practices related to SIEM operations Design and document a SIEM solution to meet the customer needs Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers Verification of data of log sources in the SIEM, following the Common Information Model (CIM) Experience in parsing and masking of data prior to ingestion in SIEM Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources Assist client with technical guidance to configure end log sources (in-scope) to be integrated to the SIEM Experience in handling big data integration via Splunk Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Hands-on experience in development and customization of Splunk Apps & Add-Ons Builds advanced visualizations (Interactive Drilldown, Glass tables etc.) Build and integrate contextual data into notable events Experience in creating use cases under Cyber kill chain and MITRE attack framework Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications. Experience in installation, configuration and usage of premium Splunk Apps and Add-ons such as ES App, UEBA, ITSI etc Sound knowledge in configuration of Alerts and Reports. Good exposure in automatic lookup, data models and creating complex SPL queries. Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations Experience in creating custom commands, custom alert action, adaptive response actions etc. Qualification & experience: Minimum of 3 to 10 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments. Strong oral, written and listening skills are an essential component to effective consulting. Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary. Must have knowledge of Vulnerability Management, Windows and Linux basics including installations, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting. Good to have below mentioned experience with designing and implementation of Splunk with a focus on IT Operations, Application Analytics, User Experience, Application Performance and Security Management Multiple cluster deployments & management experience as per Vendor guidelines and industry best practices Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Senior Manager_TDR (threat detection and response) Job Summary As a Senior Manager with EY’s Global Delivery Services (GDS) Cybersecurity Team, you will contribute technically to client engagement and services development activities. You will be focused on helping client’s grow and turn their Cyber security strategy into reality. You’ll work in high-performing teams that drive growth and deliver exceptional client service, making certain you play your part in building a better working world. You will be responsible for overall client service quality delivery in accordance with EY’s quality guidelines & methodologies. You will need to manage accounts and relationships on a day-to-day basis and explore new business opportunities for EY. Establishing, strengthening and nurturing relationships with clients (functional heads & key influencers) and internally across service lines. You will assist in developing new methodologies and internal initiatives and help in creating a positive learning culture by coaching, counselling and developing junior team members. Client responsibilities: Technical leadership and knowledge of cybersecurity concepts and methods including, but not limited to, SOC transformation, CTI, cloud, privacy, incident response, governance, risk and compliance, enterprise security strategies, and architecture. Excellent teamwork skills, passion and drive to succeed and combat Cyber threats Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel. Stay abreast of current business and economic developments and new pronouncements/standards relevant to the client's business. Generate new business opportunities by participating in market facing activities, executive briefings and developing thought leadership materials Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers. Should have worked in a security operations center and gained understanding of SIEM and other log management platforms. Having experience in best in breed SIEM (Splunk, Sentinel and Qradar etc) content development / architecting will be an added advantage. Should have good hands-on experience and skills on advanced and integrated key Threat Detection Technology like SIEM, SOAR, EPP, EDR solutions, Firewalls, IDPS, Web Proxy, Enterprise Forensics tools. Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure. Good knowledge in threat modelling. Knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others Work with the team and the client to create plans for accomplishing engagement objectives and a strategy that complies with professional standards and addresses the risks inherent in the engagement. Brief the engagement team on the client's environment and industry trends. Maintain relationships with client to manage expectations of service including work products, timing, fees and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations Create and demonstrate innovative insights for clients, adapts methods and practices to fit operational team needs & contributes to thought leadership documents Apply extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business. Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services Drive discussions / knowledge sharing with key client personnel and contribute to EY’s thought leadership Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services. Strong collaboration with EY senior executives, other key stakeholders and importantly other EY SOC leaders to co-establish, promote and drive a Cyber SOC ecosystem Key responsibilities: Provide industry insights (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices) that energize growth Demonstrate deep understanding of the client’s industry and marketplace Lead consulting engagements that solve complex Cyber security issues Help mentor, coach and counsel their team members and help us build an inclusive culture and high-performing teams Maximize operational efficiency through standardization and process automation on client engagements and internal initiatives Monitor delivery progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes Successfully manage engagement time and budgets Convey complex technical security concepts to technical and non-technical audiences including executives. Provide strategic and relevant insight, connectedness and responsiveness to all clients to anticipate their needs Support and drive the overall growth strategy for the Cybersecurity practice as part of the leadership team. Identify and drive development of market differentiators including new products, solutions, automation etc. Define, develop and implement strategic go-to-market plans in collaboration with local EY member firms in Americas, EMEIA and APAC. Drive new business opportunities by developing ideas, proposals and solutions Strongly represent EY and its service lines and actively assess what the firm can deliver to serve clients. Assist Consulting Partners in driving the business development process on existing client engagements by gathering appropriate esources, gaining access to key contacts & supervising proposal preparation Develop long-term relationships with networks both internally and externally Enhance the EY brand through strong external relationships across a network of existing and future clients and alliance partners Driving the quality culture agenda within the team Manage and contribute in performance management for the direct reportees and team members, as per the organization policies Able to examine and act on people related issues both strategically and analytically. Participating in the EY-wide people initiatives including recruiting, retaining and training Cybersecurity professionals Use technology to continually learn, share knowledge and enhance client service delivery Support the EY inclusiveness culture To qualify, candidates must have: At least 15 years of industry experience and serving as Manager for minimum of 10 years or 5 years as Senior Manager, of recent relevant work experience in information security or information technology discipline, preferably in a business onsulting role with a leading technology consultancy organization Strong technical experience in not limited to, attack and penetration testing, vulnerability management, cloud, privacy, incident response, governance, risk and compliance, enterprise security strategies, and architecture. Any one of the following technical certifications: CISSP, CISM, GSOC Graduates / BE / BTech / MSc / MTech / MBA in the fields of Computer Science, Information Systems, Engineering, Business or related major Any one of the following project management experience - Prince2 / PMI / MSP / CSM Experience with data analysis and visualization technologies Fluency in English, other language skills are considered an asset EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Staff (CTM – Threat Detection & Response) KEY Capabilities: Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA Minimum of Splunk Power User Certification Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc. Assist in remote and on-site gap assessment of the SIEM solution. Work on defined evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations Assist in interview with stakeholders, review documents (SOPs, Architecture diagrams etc.) Asist in evaluating SIEM based on the defined criteria and prepare audit reports Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment. Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers Verification of data of log sources in the SIEM, following the Common Information Model (CIM) Experience in parsing and masking of data prior to ingestion in SIEM Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources Assist client with technical guidance to configure their log sources (in-scope) to be integrated to the SIEM Experience in SIEM content development which includes : Hands-on experience in development and customization of Splunk Apps & Add-Ons Builds advanced visualizations (Interactive Drilldown, Glass tables etc.) Build and integrate contextual data into notable events Experience in creating use cases under Cyber kill chain and MITRE attack framework Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications. Sound knowledge in configuration of Alerts and Reports. Good exposure in automatic lookup, data models and creating complex SPL queries. Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement Experience in creating custom commands, custom alert action, adaptive response actions etc. Qualification & experience: Minimum of 3 years’ experience in Splunk and 3 to 5 years of overall experience with knowledge in Operating System and basic network technologies Experience in SOC as L1/L2 Analyst will be an added advantage Strong oral, written and listening skills are an essential component to effective consulting. Good to have knowledge of Vulnerability Management, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting Certification in any other SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage Certifications in a core security related discipline (CEH, Security+, etc.) will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Overview: Role description We are looking for a skilled SIEM Administrator to manage and maintain Security Information and Event Management (SIEM) solutions such as Innspark , LogRhythm , or similar tools. This role is critical to ensuring effective security monitoring, log management, and event analysis across our systems. Key Responsibilities: Design, deploy, and manage SIEM tools (e.g., Innspark, LogRhythm, Splunk). Develop and maintain correlation rules, s, dashboards, and reports. Integrate logs from servers, network devices, cloud services, and applications. Troubleshoot log collection, parsing, normalization, and event correlation issues. Work with security teams to improve detection and response capabilities. Ensure SIEM configurations align with compliance and audit requirements. Perform routine SIEM maintenance (e.g., patching, upgrades, health checks). Create and maintain documentation for implementation, architecture, and operations. Participate in evaluating and testing new SIEM tools and features. Support incident response by providing relevant event data and insights. Required Qualifications: Bachelor’s degree in Computer Science, Information Security, or related field. 3+ years of hands-on experience with SIEM tools. Experience with Innspark, LogRhythm, or other SIEM platforms (e.g., Splunk, QRadar, ArcSight). Strong knowledge of log management and event normalization. Good understanding of cybersecurity concepts and incident response. Familiarity with Windows/Linux OS and network protocols. Scripting knowledge (e.g., Python, PowerShell) is a plus. Strong troubleshooting, analytical, and communication skills. Industry certifications (CEH, Security+, SSCP, or vendor-specific) are a plus. Key Skills: SIEM Tools (Innspark, LogRhythm, Splunk) Troubleshooting Log Management & Analysis Scripting (optional) Security Monitoring Skills Siem,Splunk,Troubleshooting Skills Siem,Splunk,Troubleshooting