891 Qradar Jobs - Page 22

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Senior (CTM – Threat Detection & Response) KEY Capabilities: Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA Minimum of Splunk Power User Certification Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc. Perform remote and on-site gap assessment of the SIEM solution. Define evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations Conduct interview with stakeholders, review documents (SOPs, Architecture diagrams etc.) Evaluate SIEM based on the defined criteria and prepare audit reports Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment. Understand customer requirements and recommend best practices for SIEM solutions. Offer consultative advice in security principles and best practices related to SIEM operations Design and document a SIEM solution to meet the customer needs Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers Verification of data of log sources in the SIEM, following the Common Information Model (CIM) Experience in parsing and masking of data prior to ingestion in SIEM Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources Assist client with technical guidance to configure end log sources (in-scope) to be integrated to the SIEM Experience in handling big data integration via Splunk Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Hands-on experience in development and customization of Splunk Apps & Add-Ons Builds advanced visualizations (Interactive Drilldown, Glass tables etc.) Build and integrate contextual data into notable events Experience in creating use cases under Cyber kill chain and MITRE attack framework Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications. Experience in installation, configuration and usage of premium Splunk Apps and Add-ons such as ES App, UEBA, ITSI etc Sound knowledge in configuration of Alerts and Reports. Good exposure in automatic lookup, data models and creating complex SPL queries. Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations Experience in creating custom commands, custom alert action, adaptive response actions etc. Qualification & experience: Minimum of 5 to 11 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments. Strong oral, written and listening skills are an essential component to effective consulting. Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary. Must have knowledge of Vulnerability Management, Windows and Linux basics including installations, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting. Good to have below mentioned experience with designing and implementation of Splunk with a focus on IT Operations, Application Analytics, User Experience, Application Performance and Security Management Multiple cluster deployments & management experience as per Vendor guidelines and industry best practices Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Senior (CTM – Threat Detection & Response) KEY Capabilities: Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA Minimum of Splunk Power User Certification Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc. Perform remote and on-site gap assessment of the SIEM solution. Define evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations Conduct interview with stakeholders, review documents (SOPs, Architecture diagrams etc.) Evaluate SIEM based on the defined criteria and prepare audit reports Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment. Understand customer requirements and recommend best practices for SIEM solutions. Offer consultative advice in security principles and best practices related to SIEM operations Design and document a SIEM solution to meet the customer needs Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers Verification of data of log sources in the SIEM, following the Common Information Model (CIM) Experience in parsing and masking of data prior to ingestion in SIEM Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources Assist client with technical guidance to configure end log sources (in-scope) to be integrated to the SIEM Experience in handling big data integration via Splunk Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Hands-on experience in development and customization of Splunk Apps & Add-Ons Builds advanced visualizations (Interactive Drilldown, Glass tables etc.) Build and integrate contextual data into notable events Experience in creating use cases under Cyber kill chain and MITRE attack framework Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications. Experience in installation, configuration and usage of premium Splunk Apps and Add-ons such as ES App, UEBA, ITSI etc Sound knowledge in configuration of Alerts and Reports. Good exposure in automatic lookup, data models and creating complex SPL queries. Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations Experience in creating custom commands, custom alert action, adaptive response actions etc. Qualification & experience: Minimum of 5 to 11 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments. Strong oral, written and listening skills are an essential component to effective consulting. Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary. Must have knowledge of Vulnerability Management, Windows and Linux basics including installations, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting. Good to have below mentioned experience with designing and implementation of Splunk with a focus on IT Operations, Application Analytics, User Experience, Application Performance and Security Management Multiple cluster deployments & management experience as per Vendor guidelines and industry best practices Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Senior (CTM – Threat Detection & Response) KEY Capabilities: Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA Minimum of Splunk Power User Certification Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc. Perform remote and on-site gap assessment of the SIEM solution. Define evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations Conduct interview with stakeholders, review documents (SOPs, Architecture diagrams etc.) Evaluate SIEM based on the defined criteria and prepare audit reports Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment. Understand customer requirements and recommend best practices for SIEM solutions. Offer consultative advice in security principles and best practices related to SIEM operations Design and document a SIEM solution to meet the customer needs Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers Verification of data of log sources in the SIEM, following the Common Information Model (CIM) Experience in parsing and masking of data prior to ingestion in SIEM Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources Assist client with technical guidance to configure end log sources (in-scope) to be integrated to the SIEM Experience in handling big data integration via Splunk Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Hands-on experience in development and customization of Splunk Apps & Add-Ons Builds advanced visualizations (Interactive Drilldown, Glass tables etc.) Build and integrate contextual data into notable events Experience in creating use cases under Cyber kill chain and MITRE attack framework Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications. Experience in installation, configuration and usage of premium Splunk Apps and Add-ons such as ES App, UEBA, ITSI etc Sound knowledge in configuration of Alerts and Reports. Good exposure in automatic lookup, data models and creating complex SPL queries. Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations Experience in creating custom commands, custom alert action, adaptive response actions etc. Qualification & experience: Minimum of 5 to 11 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments. Strong oral, written and listening skills are an essential component to effective consulting. Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary. Must have knowledge of Vulnerability Management, Windows and Linux basics including installations, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting. Good to have below mentioned experience with designing and implementation of Splunk with a focus on IT Operations, Application Analytics, User Experience, Application Performance and Security Management Multiple cluster deployments & management experience as per Vendor guidelines and industry best practices Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Senior (CTM – Threat Detection & Response) KEY Capabilities: Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA Minimum of Splunk Power User Certification Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc. Perform remote and on-site gap assessment of the SIEM solution. Define evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations Conduct interview with stakeholders, review documents (SOPs, Architecture diagrams etc.) Evaluate SIEM based on the defined criteria and prepare audit reports Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment. Understand customer requirements and recommend best practices for SIEM solutions. Offer consultative advice in security principles and best practices related to SIEM operations Design and document a SIEM solution to meet the customer needs Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers Verification of data of log sources in the SIEM, following the Common Information Model (CIM) Experience in parsing and masking of data prior to ingestion in SIEM Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources Assist client with technical guidance to configure end log sources (in-scope) to be integrated to the SIEM Experience in handling big data integration via Splunk Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Hands-on experience in development and customization of Splunk Apps & Add-Ons Builds advanced visualizations (Interactive Drilldown, Glass tables etc.) Build and integrate contextual data into notable events Experience in creating use cases under Cyber kill chain and MITRE attack framework Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications. Experience in installation, configuration and usage of premium Splunk Apps and Add-ons such as ES App, UEBA, ITSI etc Sound knowledge in configuration of Alerts and Reports. Good exposure in automatic lookup, data models and creating complex SPL queries. Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations Experience in creating custom commands, custom alert action, adaptive response actions etc. Qualification & experience: Minimum of 5 to 11 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments. Strong oral, written and listening skills are an essential component to effective consulting. Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary. Must have knowledge of Vulnerability Management, Windows and Linux basics including installations, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting. Good to have below mentioned experience with designing and implementation of Splunk with a focus on IT Operations, Application Analytics, User Experience, Application Performance and Security Management Multiple cluster deployments & management experience as per Vendor guidelines and industry best practices Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Senior (CTM – Threat Detection & Response) KEY Capabilities: Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA Minimum of Splunk Power User Certification Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc. Perform remote and on-site gap assessment of the SIEM solution. Define evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations Conduct interview with stakeholders, review documents (SOPs, Architecture diagrams etc.) Evaluate SIEM based on the defined criteria and prepare audit reports Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment. Understand customer requirements and recommend best practices for SIEM solutions. Offer consultative advice in security principles and best practices related to SIEM operations Design and document a SIEM solution to meet the customer needs Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers Verification of data of log sources in the SIEM, following the Common Information Model (CIM) Experience in parsing and masking of data prior to ingestion in SIEM Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources Assist client with technical guidance to configure end log sources (in-scope) to be integrated to the SIEM Experience in handling big data integration via Splunk Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Hands-on experience in development and customization of Splunk Apps & Add-Ons Builds advanced visualizations (Interactive Drilldown, Glass tables etc.) Build and integrate contextual data into notable events Experience in creating use cases under Cyber kill chain and MITRE attack framework Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications. Experience in installation, configuration and usage of premium Splunk Apps and Add-ons such as ES App, UEBA, ITSI etc Sound knowledge in configuration of Alerts and Reports. Good exposure in automatic lookup, data models and creating complex SPL queries. Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations Experience in creating custom commands, custom alert action, adaptive response actions etc. Qualification & experience: Minimum of 5 to 11 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments. Strong oral, written and listening skills are an essential component to effective consulting. Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary. Must have knowledge of Vulnerability Management, Windows and Linux basics including installations, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting. Good to have below mentioned experience with designing and implementation of Splunk with a focus on IT Operations, Application Analytics, User Experience, Application Performance and Security Management Multiple cluster deployments & management experience as per Vendor guidelines and industry best practices Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Senior (CTM – Threat Detection & Response) KEY Capabilities: Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA Minimum of Splunk Power User Certification Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc. Perform remote and on-site gap assessment of the SIEM solution. Define evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations Conduct interview with stakeholders, review documents (SOPs, Architecture diagrams etc.) Evaluate SIEM based on the defined criteria and prepare audit reports Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment. Understand customer requirements and recommend best practices for SIEM solutions. Offer consultative advice in security principles and best practices related to SIEM operations Design and document a SIEM solution to meet the customer needs Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers Verification of data of log sources in the SIEM, following the Common Information Model (CIM) Experience in parsing and masking of data prior to ingestion in SIEM Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources Assist client with technical guidance to configure end log sources (in-scope) to be integrated to the SIEM Experience in handling big data integration via Splunk Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Hands-on experience in development and customization of Splunk Apps & Add-Ons Builds advanced visualizations (Interactive Drilldown, Glass tables etc.) Build and integrate contextual data into notable events Experience in creating use cases under Cyber kill chain and MITRE attack framework Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications. Experience in installation, configuration and usage of premium Splunk Apps and Add-ons such as ES App, UEBA, ITSI etc Sound knowledge in configuration of Alerts and Reports. Good exposure in automatic lookup, data models and creating complex SPL queries. Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations Experience in creating custom commands, custom alert action, adaptive response actions etc. Qualification & experience: Minimum of 5 to 11 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments. Strong oral, written and listening skills are an essential component to effective consulting. Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary. Must have knowledge of Vulnerability Management, Windows and Linux basics including installations, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting. Good to have below mentioned experience with designing and implementation of Splunk with a focus on IT Operations, Application Analytics, User Experience, Application Performance and Security Management Multiple cluster deployments & management experience as per Vendor guidelines and industry best practices Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Skills: Solution Engineer Cyber Security, SIEM SOAR Threat Hunting EDR Deception NTAA NBAD UEBA, IBM Splunk Qradar Email Security Gateway, Detection Engineer MITRE ATT&CK Framework OS Linux Networking, Implementing Cybersecurity Solutions, CISSP CEH GCIH OSCP OSCE, PreSales Solution Delivery, Greetings from Netsach - A Cyber Security Company. Currently we are looking for experienced, dynamic professionals for Solution Engineer role . This position plays a vital role in designing and implementing cybersecurity solutions to our esteemed clients. Job Title: Solution Engineer Location Hyderabad, Bangalore Desired Qualification B.Tech or BE Computers / MCA. Experience 8+ years ( Hands on Experience) Employment Type Full Time Certifications from CISSP, CEH, GCIH, OSCP, OSCE is a plus. Job Requirements Minimum 3 years experience working in a large-scale IT environment with focus on Cyber / Information Security. Areas of expertise should include Pre-Sales support, Service & Solution delivery, part of program management (Transition & Transformation). Key areas of expertise should include knowledge in SIEM, SOAR, Threat Hunting, EDR, Deception, NTA, NBAD, UEBA. 3+ years of hands-on experience on leading analytical platforms like Splunk, IBM QRadar, Hunters, Sumo Logic, Sentinel. Knowledge of other security technologies (such as Email Security Gateway, SOAR, IPS/IDS, Proxy, EDR, TI, DLP, CASB, PAM etc.) will be an added advantage. Deep understanding of Detection Engineering, MITRE ATT&CK Framework. Strong knowledge of OS (Linux, Windows) and Networking. Strong analytical and problem-solving skills. Staying up to date with IT/OT industry. Knowledge of Security Best Practices and Concepts. Seasoned in Digital Forensics, Malware Assessment, Incident Response and Threat Hunting. Good interpersonal skills clear communication, attentive & careful listening, empathetic behavior, being positive, supporting useful ideas & honest efforts of colleagues, being positive. Reliability and overall good communication skills both verbal and written. Capability to communicate and listen to needs from organizational or client stakeholders. Job Responsibilities Defining, Planning, and Implementing Cybersecurity Solutions. Conduct gap analysis in identifying and measuring the difference between the current state and the desired state of an organizations security posture. Possess detailed knowledge about requirement management and solution designing. Conduct technical, proof-of-concept (POC) demonstration to highlight solution ensuring alignment to organizational requirements. Translating technical solutions into business values in alignment with organizational objectives to enhance business efficiency. Respond to complex RFPs, delivering customized security solutions that meet client needs. Conduct thorough and meticulous design and implementation of security solutions across diverse industries. Conduct Competitive analysis, security workshops, technical briefing and executive presentations. Designing and presenting customized cybersecurity solutions that address specific client needs. Collaborate with cross-functional teams, to ensure end to end service delivery of Cybersecurity Solution as per client needs. Develop scenarios or use cases based on potential attacks on data relevant to the clients industry. Nice To Have Ethical hacking certifications or CISSP or GCIH or training is a major advantage. Thank You Emily Jha emily@netsach.co.in Netsach - A Cyber Security Company www.netsachglobal.com

Saint-Gobain group through its group company Grindwell Norton Limited has established INDEC - an International Delivery Center in Mumbai to provide IT solutions and services to the groups’ businesses Globally. INDEC is currently organized into INDEC Application Development, INDEC Infrastructure Management and Cyber Security Management. While INDEC Apps specializes in Software application development and maintenance services (ADM), INDEC Infra specializes in monitoring and managing the key IT infrastructure assets of the group deployed globally across 70 countries worldwide. INDEC provides IT Services and Solutions to the Saint-Gobain group through its state-of-the-art delivery centers based at Andheri – East in Mumbai. There are approximately 1200+ associates working in INDEC currently. INDEC Apps provides software application development and maintenance services across a wide spectrum covering SAP, Java, PHP, .Net, CRM, Mobility, Digital, Artificial Intelligence (AI), and Robotic Automation. INDEC Infra on the other hand operates the following service lines: Network Coordination Center (NCC/NOC), Data Center Infrastructure Support, IT Standards, Tools Engineering and Reporting Automation. INDEC Cybersecurity provides 24/7 Security monitoring to detect & react on any suspicious activity in Saint- Gobain. It provides services on vulnerability scanning, web application firewall, endpoint protection, strong authentication, digital certificate, Win 10 MBAM and SFTS support . Key Responsibiities: • Evaluate and enhance the performance of SIEM/SOAR systems to ensure optimal threat detection and incident response. • Develop and maintain automation scripts and playbooks to streamline incident detection, analysis, and response processes. Leverage SOAR capabilities to reduce manual intervention and improve response times. • Oversee the day-to-day administration of SIEM/SOAR platforms, ensuring their availability, reliability, and security. Perform regular updates, patches, and configuration changes. • Collaborate with the Incident Response team to ensure seamless integration of detection and response functions. Provide support during security incidents to ensure timely and effective remediation. • Work closely with other IT and security teams to develop specific use cases and to enhance the overall security posture of the organization. Share insights and recommendations to improve overall cybersecurity posture. • Maintain detailed documentation of automation, scripts, and improvement. • Manage execution of standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/SOAR platforms. • Manage technical documentation around the content deployed to the SIEM/SOAR. • Manage reports, dashboards, metrics for CyberSOC KPIs and presentation to senior management & other stakeholders Qualificaton: • Bachelor's degree in Computer Science, Information Security, EXTC or related field. • Relevant certifications (e.g., CISSP, CCSP, CompTIA Security+) are highly desirable. • Proven experience (3+ years) working within the Cybersecurity field, with a focus on security platform implementation & administration. • Experience with deploying and managing a large SIEM/SOAR environment. • Experience with Palo Alto XDR and/or other SIEM platforms like Sentinel, Qradar, Splunk, ArcSight, etc. • Experience with Palo Alto XSOAR and/or equivalent SOAR Platforms like Resilient, Phantom, etc. • Proficiency in scripting languages (e.g., Python, Bash) for automation and customization of security processes is highly desirable. Functional Skills/Competencies: • Has a systematic, disciplined, and analytical approach to problem solving. • Excellent ability to think critically under pressure. • Strong communication skills to convey technical concepts clearly to both technical and non- technical stakeholders. • Willingness to stay updated with evolving cyber threats, technologies, and industry trends. • Capacity to work collaboratively with cross-functional teams, developers, and management to implement robust security measures. SELECTION PROCESS: Interested Candidates are mandatorily required to apply through this listing on Jigya. Only applications received through Jigya will be evaluated further. Shortlisted candidates may be required to appear in an Online Assessment administered by Jigya on behalf of Saint-Gobain INDEC Candidates selected after the screening test will be interviewed by Saint-Gobain INDEC

Please note this is an urgent requirement. Job Summary: We are seeking a forward-thinking and experienced Manager – Information Security to lead our enterprise-wide security posture across on-premise, cloud, and third-party environments. The candidate will be responsible for managing security governance, technical controls, incident response, data protection, and regulatory compliance while also enabling secure digital transformation initiatives. This role demands strong technical acumen, leadership capabilities, and deep understanding of both global and local regulatory frameworks, such as ISO 27001 , PCI DSS , DPDPA , and GDPR . Key Responsibilities: Security Governance & Compliance Develop, maintain, and enforce security policies, standards, and procedures aligned with ISO 27001 , NIST CSF , PCI DSS , DPDPA , GDPR , and CCPA . Lead periodic internal risk assessments , audits, and ensure timely closure of findings. Manage regulatory and third-party security audits, and track risk remediation activities. Drive organization-wide security awareness and training programs. Security Operations & Incident Response Lead security incident response, including triage, root cause analysis, and reporting. Oversee SIEM/SOAR platforms (e.g., Splunk, Sentinel, QRadar) and coordinate with SOC teams for threat detection and response. Own and regularly test Cyber Crisis Management Plan (CCMP) and DR/BCP cyber resilience procedures. Cloud, Network & Infrastructure Security Ensure secure deployment and configuration of cloud platforms ( AWS , Azure , GCP ) using CSPM tools (e.g., Prisma Cloud, AWS Security Hub). Oversee network security controls across firewalls (Palo Alto, SonicWALL) , VPN, NAC, and segmentation. Review cloud workload protections, IAM roles, VPC designs, and encryption management (KMS, Azure Key Vault). Identity, Access & Data Protection Manage Identity and Access Management (IAM) systems, enforcing RBAC , MFA , SSO , and least privilege principles . Implement and monitor Data Loss Prevention (DLP) tools across endpoints, cloud services, and email. Ensure strong data classification , encryption at rest/in transit , and compliance with data retention policies. DevSecOps & Application Security Collaborate with DevOps and engineering teams to embed security in the SDLC , enabling DevSecOps practices such as code reviews, pipeline scanning, and container security. Support secure design reviews and threat modeling for new applications or major changes. Third-Party & Supply Chain Security Lead vendor security evaluations, contract reviews, and third-party risk assessments. Implement ongoing monitoring of vendor performance and regulatory compliance. Maintain an approved list of vendors with documented security controls. Security Metrics, Strategy & Reporting Define and track KPIs, KRIs, and compliance dashboards for executive and board-level reporting. Own and drive the execution of the Information Security Program , aligned with business goals and regulatory mandates. Provide guidance to business and IT stakeholders to ensure secure digital enablement. Required Qualifications & Experience: Bachelor’s degree in Computer Science, Information Security, or related field. 7–10 years of relevant InfoSec experience with 2+ years in a leadership/managerial role. Industry certifications: CISSP , CISA , CEH , ISO 27001 Lead Auditor/Implementer (any two strongly preferred). Strong hands-on and strategic experience with: Security frameworks: ISO 27001, NIST, PCI DSS, GDPR, DPDPA Tools: SIEM, EDR/XDR, DLP, IAM, CSPM, SAST/DAST Platforms: AWS, Azure, GCP Controls: Firewall, VPN, NAC, Encryption, DevSecOps pipelines Key Skills: Information security leadership across multi-cloud and on-prem environments Risk management and compliance Security incident and crisis handling Secure architecture and DevSecOps collaboration Third-party and supply chain risk governance Excellent communication, reporting, and cross-functional influence Job Types: Full-time, Permanent Pay: Up to ₹1,300,000.00 per year Benefits: Health insurance Paid sick time Provident Fund Ability to commute/relocate: Lower Parel, Mumbai, Maharashtra: Reliably commute or planning to relocate before starting work (Preferred) Application Question(s): How many years of relevant experience you have? Have you done setup of policies for DAM, XDR, DLP, PAM, IAM based on use cases. How many years of experience you have in devsecops. How many years of experience you have in managing the information security audits. Willingness to travel: 25% (Preferred) Work Location: In person Application Deadline: 10/07/2025

Overview. ormation Security Analyst: Develops and executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. Researches attempted or successful efforts to compromise systems security and designs countermeasures. Maintains hardware, software and network firewalls and encryption protocols. Administers security policies to control physical and virtual access to systems. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems. Job Code Tip: May be internal or external, client-focused, working in conjunction with Professional Services and outsourcing functions. May include company-wide, web-enabled solutions. Individuals whose primary focus is on developing, testing, debugging and deploying code or processing routines that support security protocols for an established system or systems should be matched to the appropriate Programmer or Programmer/Analyst family in the Information Technology/MIS functional area, Responsibilities. Should have process knowledge and technical knowledge on any of the SIEM tools ( like Qradar, LogRhythm, AlienVault, Splunketc). L2/L3 level is added advantage, Should have process knowledge and technical knowledge in AV tools like Symantec, McAfee, Trend Microetc, L2/L3 level is added advantage, Should have knowledge in managing Vulnerability tools and various remediation efforts, Review security logs generated by applications, devices and other systems, taking action or escalating to appropriate teams as needed, Enforce incident response service level agreement, Work with the global IT Security team to analyze, test and recommend tools to strengthen the security posture of the company. Create and maintain operational reports allowing IT management team to understand the current and historical landscape of the IT security risks. Vulnerability management assessment and remediation. Participate in daily and ad-hoc meetings related to cyber security, controls and compliance, processes and documentation related tasks. Research the latest information technology (IT) security trends. Help plan and carry out an organization’s way of handling security. Develop security standards and best practices for the organization. Recommend security enhancements to management or senior IT staff. Document security breaches and assess the damage they cause, Performs other duties as assigned. Qualifications. Tech, B. 2-5 years’ Experience working in a Security Operations Center. 2 years minimum in the computer industry. Knowledge working with complex Windows environments. Knowledgeable in various security frameworks such as NIST 800-53 / NIST 800-171 / ISO27001. Knowledge in design and administration of security tools. Good written and verbal communication skills. Show more Show less

About NCR Atleos Responsible for planning and performing Application Risk Assessments, as per the guidelines provided by regulations and standards. Build expertise on security governance and compliance that includes all Cloud providers and Cloud security monitoring. Build tool expertise on tools - Wiz, Algosec, Fortinet, Forscout, etc. Effectively collaborates and communicates with the stakeholders and ensure satisfaction Foster teamwork. Train and coach team members to ensure effective knowledge management activity. EEO Statement NCR Atleos is an equal-opportunity employer. It is NCR Atleos policy to hire, train, promote, and pay associates based on their job-related qualifications, ability, and performance, without regard to race, color, creed, religion, national origin, citizenship status, sex, sexual orientation, gender identity/expression, pregnancy, marital status, age, mental or physical disability, genetic information, medical condition, military or veteran status, or any other factor protected by law. Statement to Third Party Agencies To ALL recruitment agenciesNCR Atleos only accepts resumes from agencies on the NCR Atleos preferred supplier list. Please do not forward resumes to our applicant tracking system, NCR Atleos employees, or any NCR Atleos facility. NCR Atleos is not responsible for any fees or charges associated with unsolicited resumes.

Driven by transformative digital technologies and trends, we are RIB and we’ve made it our purpose to propel the industry forward and make engineering and construction more efficient and sustainable. Built on deep industry expertise and best practice, and with our people at the heart of everything we do, we deliver the world's leading end-to-end lifecycle solutions that empower our industry to build better. With a steadfast commitment to innovation and a keen eye on the future, RIB comprises over 2,500 talented individuals who extend our software’s reach to over 100 countries worldwide. We are experienced experts and professionals from different cultures and backgrounds and we collaborate closely to provide transformative software products, innovative thinking and professional services to our global market. Our strong teams across the globe enable sustainable product investment and enhancements, to keep our clients at the cutting-edge of engineering, infrastructure and construction technology. We know our people are our success – join us to be part of a global force that uses innovation to enhance the way the world builds. Find out more at RIB Careers. Job Summary As part of the RIB team, you will embody our values of impact, aspiration, curiosity, and trust in everything you do. As a Cloud SecOps Engineer, you will play a key role in protecting the platforms used to deliver RIB's products within the Managed Services. The Cloud SecOps Engineer will be responsible for continuous security monitoring, threat detection, incident response, and security automation within Managed Services Product Portfolio. This role involves SIEM operations, vulnerability scanning, identity and access management, and endpoint security. The engineer will work closely with DevOps, SRE, Cloud Governance, and Application Security teams to enhance the security posture across Managed Services cloud environments. Key Responsibilities Security Monitoring & Incident Response Operate and manage SIEM solutions for real-time threat detection. Investigate security incidents, analyze logs, and escalate as needed. Work with DevOps/SRE teams on security incident containment and response. Security Automation & Orchestration (SOAR) Develop and implement security automation playbooks to streamline response. Support automated threat intelligence ingestion and response workflows. Identity & Access Management (IAM) Enforce least privilege access policies for cloud and IT environments. Assist in identity lifecycle management, MFA, and role-based access controls. Vulnerability & Risk Management Conduct vulnerability scans and misconfiguration assessments. Assist DevOps and SRE teams with security patching and risk remediation. Security Observability & Compliance Ensure security logs, alerts, and telemetry are properly integrated. Support audits and compliance initiatives for security best practices. Governance, Compliance, and Incident Response Align security operations with control frameworks (ISO 27001, GDPR, SOC 1, SOC2, CCM etc.). Work closely with CPSO., Cloud Governance, AppSec and Security Governance teams. Skills And Qualifications Bachelor's degree in cybersecurity, information security, or equivalent experience. Azure Security Engineer (AZ-500, SC-200, SC-300) 2+ years of experience in SecOps, cybersecurity, or cloud security roles. Strong understanding of SIEM solutions (e.g., Microsoft Sentinel, Splunk, QRadar, etc.). Experience with security automation (SOAR), scripting (Python, PowerShell), and incident response. Familiarity with IAM frameworks, cloud security best practices (Azure, AWS, etc.), and vulnerability management tools (Qualys, Tenable, etc.). Knowledge of DevOps, CI/CD security practices, and security control frameworks (ISO 27001, SOC1, SOC2, CIS etc.) RIB may require all successful applicants to undergo and pass a comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third party personal data may involve additional background check criteria. RIB is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business. Come and join RIB to create the transformative technology that enables our customers to build a better world.

HackIT Technology & Advisory Services is looking for Security Analyst - Red Team to join our dynamic team and embark on a rewarding career journey Gather, interpret, and analyze data to identify trends, patterns, and opportunities that support strategic decision-making Prepare clear, actionable reports, dashboards, and visualizations using tools like Excel, SQL, Power BI, or Tableau Collaborate with stakeholders to define business problems and recommend data-driven solutions Ensure data integrity, validate findings, and document methodologies Present insights to management and cross-functional teams in a concise and impactful manner Stay updated on industry best practices, tools, and emerging trends to enhance analysis quality and business outcomes

Driven by transformative digital technologies and trends, we are RIB and we’ve made it our purpose to propel the industry forward and make engineering and construction more efficient and sustainable. Built on deep industry expertise and best practice, and with our people at the heart of everything we do, we deliver the world's leading end-to-end lifecycle solutions that empower our industry to build better. With a steadfast commitment to innovation and a keen eye on the future, RIB comprises over 2,500 talented individuals who extend our software’s reach to over 100 countries worldwide. We are experienced experts and professionals from different cultures and backgrounds and we collaborate closely to provide transformative software products, innovative thinking and professional services to our global market. Our strong teams across the globe enable sustainable product investment and enhancements, to keep our clients at the cutting-edge of engineering, infrastructure and construction technology. We know our people are our success – join us to be part of a global force that uses innovation to enhance the way the world builds. Find out more at RIB Careers. Job Summary As part of the RIB team, you will embody our values of impact, aspiration, curiosity, and trust in everything you do. As a Cloud SecOps Engineer, you will play a key role in protecting the platforms used to deliver RIB's products within the Managed Services. The Cloud SecOps Engineer will be responsible for continuous security monitoring, threat detection, incident response, and security automation within Managed Services Product Portfolio. This role involves SIEM operations, vulnerability scanning, identity and access management, and endpoint security. The engineer will work closely with DevOps, SRE, Cloud Governance, and Application Security teams to enhance the security posture across Managed Services cloud environments. Key Responsibilities Security Monitoring & Incident Response Operate and manage SIEM solutions for real-time threat detection. Investigate security incidents, analyze logs, and escalate as needed. Work with DevOps/SRE teams on security incident containment and response. Security Automation & Orchestration (SOAR) Develop and implement security automation playbooks to streamline response. Support automated threat intelligence ingestion and response workflows. Identity & Access Management (IAM) Enforce least privilege access policies for cloud and IT environments. Assist in identity lifecycle management, MFA, and role-based access controls. Vulnerability & Risk Management Conduct vulnerability scans and misconfiguration assessments. Assist DevOps and SRE teams with security patching and risk remediation. Security Observability & Compliance Ensure security logs, alerts, and telemetry are properly integrated. Support audits and compliance initiatives for security best practices. Governance, Compliance, and Incident Response Align security operations with control frameworks (ISO 27001, GDPR, SOC 1, SOC2, CCM etc.). Work closely with CPSO., Cloud Governance, AppSec and Security Governance teams. Skills And Qualifications Bachelor's degree in cybersecurity, information security, or equivalent experience. Azure Security Engineer (AZ-500, SC-200, SC-300) 2+ years of experience in SecOps, cybersecurity, or cloud security roles. Strong understanding of SIEM solutions (e.g., Microsoft Sentinel, Splunk, QRadar, etc.). Experience with security automation (SOAR), scripting (Python, PowerShell), and incident response. Familiarity with IAM frameworks, cloud security best practices (Azure, AWS, etc.), and vulnerability management tools (Qualys, Tenable, etc.). Knowledge of DevOps, CI/CD security practices, and security control frameworks (ISO 27001, SOC1, SOC2, CIS etc.) RIB may require all successful applicants to undergo and pass a comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third party personal data may involve additional background check criteria. RIB is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business. Come and join RIB to create the transformative technology that enables our customers to build a better world.

6 -8 Years experience on creating Design documents, Implementation/ Change Management Plans or Optimization of reports (beyond day-to-day routine operations) is a must. Expertise in Implement &/or design (design is must) of one of the following - Priority is Firewall and good if candidates have hands on exp on Identity solutions, Email Security, Web Security/Proxy, Cloud Security. Cisco ISE is a plus

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The Role Are you ready to embark on a technical adventure and become a hero to our external and internal users? As Technical Support at Kyndryl, you'll be part of an elite team that provides exceptional technical assistance, enabling our clients to achieve their desired business outcomes. You'll be a troubleshooter extraordinaire, diagnosing and repairing complex equipment, software, and systems with ease. Nothing will be too challenging for you to solve as you respond to escalated issues, report critical design flaws, reliability and maintenance problems, and bugs. You'll be the go-to person for our customers who require assistance with highly technical or sophisticated products, as well as for customer installations and training. With your passion for technology, you'll provide world-class support that exceeds customer expectations. As Technical Support, you'll perform varying degrees of problem determination and resolution of desktop hardware and software issues using your technical expertise and available resources to ensure that our customers' issues are resolved efficiently and effectively. You'll also have the opportunity to perform installs, moves, adds, and changes (IMAC) activities, as well as data backup and restore on certain accounts for clients, ensuring that all related administrative duties are completed within Service Level Agreement objectives. You will develop a deep understanding of the local and regional infrastructure, as well as key contacts in other competencies, which will enable you to ensure that the proper team is aware of – and taking action on the problem. If you're a technical wizard, a customer service superstar, and have an unquenchable thirst for knowledge, we want you to join our team. Your Future at Kyndryl Imagine being part of a dynamic team that values your growth and development. As Technical Support at Kyndryl, you'll receive an extensive and diverse set of technical trainings, including cloud technology, and free certifications to enhance your skills and expertise. You'll have the opportunity to pursue a career in advanced technical roles and beyond – taking your future to the next level. With Kyndryl, the sky's the limit. Who You Are You’re good at what you do and possess the required experience to prove it. However, equally as important – you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused – someone who prioritizes customer success in their work. And finally, you’re open and borderless – naturally inclusive in how you work with others. Required Technical and Professional Expertise 7+ Years of experience in Manage, maintain, and optimize the Elastic-based log management infrastructure to ensure stability, performance, and scalability. Perform routine maintenance such as cluster health checks, node management, and index lifecycle management. Ensure high availability and fault tolerance of the Elastic Stack components.Assist cus tomers with onboarding new data sources and configuring ingestion pipelines Create and manage basic dashboards tailored to customer needs Provide technical support for log ingestion, dashboard visualization, and performance troubleshooting. Design, configure, and maintain log ingestion pipelines using Logstash and Beats. Ensure seamless integration of custom log formats and various data sources into the Elastic Stack. Optimize ingestion pipelines for performance and reliability. Monitor the health and performance of the Elastic Stack components (Elasticsearch, Kibana, Logstash, Beats). Proactively detect and resolve performance bottlenecks and failures. Maintain platform security, including access control and data protection policies. Develop and maintain index templates and mappings for efficient data structuring. Implement strategies for index rollover and lifecycle management. Leverage automation tools (Terraform, Puppet, Shell) for deployment and configuration management. Develop scripts for automation of log ingestion, system monitoring, and dashboard provisioning. Advise internal stakeholders on log analytics strategies, visualizations, and best practices. Provide input for system improvement and log analysis frameworks using SIEM and machine learning. Ensure Admin On Duty (AOD) coverage for uninterrupted service and SLA compliance. Document Standard Operating Procedures (SOPs) and adhere to organization-wide rules and standards. Provide RCA documentation for P1/P2 incidents and actively contribute to problem management. Preferred Technical And Professional Experience Familiarity with Agile practices (e.g., Scrum) Knowledge of CI/CD pipelines for log platform deployment and updates Elastic Stack certification (Elastic Certified Engineer or Analyst) Certifications in automation tools (Terraform, Puppet SIEM tool certification (Splunk, QRadar, Elastic SIEM) – preferred Cloud platform certifications (AWS, Azure) – optional Strong communication and interpersonal skills Ability to multitask and perform under pressure in a 24/7 operational environment Customer-centric attitude and problem-solving mindset Being You Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way. What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. Get Referred! If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address.

Managed Services SOC Manager Job Summary: The Security Operations Center (SOC) Security L-2 Analyst serves in a SOC team, is responsible for conducting information security investigations as a result of security incidents identified by the Level-1 security analysts who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone). The L2 SOC Security Analyst is expected to have a solid understanding of information security and computer systems concepts and should be ready to work in shifts. An engineer in this position act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques. Job Description : Responsible for conducting information security investigations as a result of security incidents identified by the Level 1 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone), Act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques. Should have experience in Developing new correlation rules & Parser writing Experience in Log source integration Act as the lead coordinator to individual information security incidents. Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Center. Document incidents from initial detection through final resolution. Participate in security incident management and vulnerability management processes. Coordinate with IT teams on escalations, tracking, performance issues, and outages. Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats. Communicate effectively with customers, teammates, and management. Prepare Monthly Executive Summary Reports for managed clients and continuously improve their content and presentation. Provide recommendations in tuning and optimization of security systems, SOC security process, procedures and policies. Define, create and maintain SIEM correlation rules, customer build documents, security process and procedures. Follow ITIL practices regarding incident, problem and change management. Staying up-to-date with emerging security threats including applicable regulatory security requirements. Maintain an inventory of the procedures used by the SOC and regularly evaluate the SOC procedures and add, remove, and update the procedures as appropriate Publish weekly reports to applicable teams Generate monthly reports on SOC activity Secondary skills like AV, HIPS, DCS, VA/ PT desirable Required Technical Expertise Must have experience in SIEM Management tool (QRADAR) Should have certifications like, ITIL, CCNA, CEH, VA (Product) Certification, CISM Process and Procedure adherence General network knowledge and TCP/IP Troubleshooting Ability to trace down an endpoint on the network, based on ticket information Familiarity with system log information and what it means Understanding of common network services (web, mail, DNS, authentication) Knowledge of host based firewalls, Anti-Malware, HIDS General Desktop OS and Server OS knowledge TCP/IP, Internet Routing, UNIX / LINUX & Windows NT

Job Title: FortiSIEM Administrator Location: Gurgaon Experience: 3–6 Years Job Summary: We are hiring a FortiSIEM Administrator to manage and maintain our SIEM infrastructure and security tools. The ideal candidate will have deep experience in SIEM architecture (FortiSIEM) , EDR , DLP , and a sound understanding of cybersecurity frameworks like MITRE ATT&CK, NIST, CIS Controls , and ISO 27001 . The role requires someone who can ensure complete visibility and protection of IT assets while supporting incident response and compliance. Key Responsibilities: Deploy, configure, and maintain the FortiSIEM platform for real-time monitoring and alerting. Integrate log sources across firewalls, servers, endpoints, and cloud environments. Develop and manage SIEM rules, parsers, dashboards, and alerts. Operate and optimize EDR , DLP , and other advanced security tools. Conduct incident triage, investigation, and provide root cause analysis. Align monitoring and response activities with MITRE ATT&CK, NIST, CIS Controls , and ISO 27001 frameworks. Collaborate with SOC, infrastructure, and application teams for end-to-end threat visibility. Maintain updated documentation and support internal and external security audits. Ensure regular health checks, version upgrades, and platform tuning for performance. Required Skills & Qualifications: 3–6 years of experience in cybersecurity with a focus on SIEM administration (preferably FortiSIEM) . Hands-on expertise in deploying and managing EDR , DLP , and other endpoint security tools. Good understanding of SIEM architecture , log ingestion, and threat correlation. Knowledge of networking fundamentals, TCP/IP, firewalls, VPNs, and IDS/IPS. Familiarity with security frameworks like MITRE ATT&CK, NIST, CIS Controls , and ISO 27001 . Scripting knowledge (PowerShell, Python, Bash) is an advantage. Fortinet certification (e.g., NSE 5/7) is a plus. Nice to Have: Experience with cloud platforms (AWS, Azure) and cloud security monitoring. Exposure to other SIEM tools (Splunk, QRadar, etc.) is beneficial. Experience in compliance-driven environments (PCI-DSS, SOC 2, etc.). Kindly share your acknowledgment to process your candidature Regards , Aayushi Rathod Team HR Email- aayushi.rathod@progression.com www.progression.com

Role: S enior SOC Analyst, Alerts & Automation Standard Title: Senior Analyst, Cyber Defence (SOC) Location: Bangalore, India About Us Founded in 2014, Circles is a global technology company reimagining the telco industry with its innovative SaaS platform, empowering telco operators worldwide to effortlessly launch innovative digital brands or refresh existing ones, accelerating their transformation into techcos. Today, Circles partners with leading telco operators across multiple countries and continents, including KDDI Corporation, Etisalat Group (e&), AT&T, and Telkomsel, creating blueprints for future telco and digital experiences enjoyed by millions of consumers globally. Besides its SaaS business, Circles operates three other distinct businesses: Circles.Life: A wholly-owned digital lifestyle telco brand based in Singapore, Circles.Life is powered by Circles’ SaaS platform and pioneering go-to-market strategies. It is the digital market leader in Singapore and has won numerous awards for marketing, customer service, and innovative product offerings beyond connectivity. Circles Aspire: A global provider of Communications Platform-as-a-Service (CPaaS) solutions. Its cloud-based Experience Cloud platform enables enterprises, service providers and developers to deliver and scale mobile, messaging, IoT, and connectivity services worldwide. Jetpac: Specializing in travel tech solutions, Jetpac provides seamless eSIM roaming for over 200 destinations and innovative travel lifestyle products, redefining connectivity for digital travelers. Jetpac was awarded Travel eSIM of the Year. Circles is backed by renowned global investors, including Peak XV Partners (formerly Sequoia), Warburg Pincus, Founders Fund, and EDBI (the investment arm of the Singapore Economic Development Board), with a track record of backing industry challengers. What You'll Do As a Security Incident and SIEM Specialist , you will support Circle’s SOC team in areas such as cybersecurity incident response, SIEM alert creation, fine-tuning, and noise reduction. Your role includes managing threat intelligence, monitoring security events, investigating incidents, performing forensic analysis, and coordinating global incident response efforts. You will play a key role in enhancing SOC monitoring capabilities by optimizing alert quality and reducing false positives, thereby improving overall SOC efficiency and productivity. What We’re Looking For Bachelor's degree in Computer Science, Engineering, or related field (or equivalent experience). 2+ years of hands-on SOC or information security experience in a global IT environment. Experience with SIEM tools (Graylog, Splunk, ELK, Rapid7, LogRhythm, QRadar). Relevant certifications (GCIH, GCIA, Splunk/QRadar) are a plus. Key Responsibilities Triage and analyze security alerts, assess threats, and prioritize based on risk and impact. Execute incident response procedures and document findings clearly. Distinguish false positives from real threats using SIEM and security tools. Understand common attack vectors, TTPs, and apply contextual log analysis. Collaborate with cross-functional teams to ensure effective incident response. Stay updated on emerging threats and security trends. SIEM & Scripting Strong UNIX/Linux skills and proficiency in Bash or Python scripting. Skilled in RegEx, log parsing, pipeline creation, and data normalization. Experience in SIEM tuning, use case development, and alert optimization. Familiar with building and enhancing detection rules and threat analytics. Exposure to AI/ML for noise reduction and threat detection is a plus. Other Requirements Willingness to work in a hybrid setup and 24x7 environment. To all recruitment agencies: Circles will only acknowledge resumes shared by recruitment agencies if selected in our preferred supplier partnership program. Please do not forward resumes to our jobs alias, Circles employees or any other company location. Circles will not be held accountable for any fees related to unsolicited resumes not uploaded via our ATS. Circles is committed to a diverse and inclusive workplace. We are an equal opportunity employer and do not discriminate on the basis of race, national origin, gender, disability or age.

Job Statement: NopalCyber makes cybersecurity manageable, affordable, dependable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360° platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are tailored to client’s needs and budget, and external threat analysis, which provides critical intelligence at no-cost, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service. Job responsibilities: Monitor, analyze, and interpret security/system logs for events, operational irregularities, and potential incidents, and escalate issues as appropriate Responsible for monitoring, detection of analysis through various input tools and systems (SIEM, IDS / IPS, Firewalls, EDR, etc.) Conduct basic red team exercises to test the effectiveness of preventive and monitoring controls Provides support for complex system/network exploitation and defense techniques to include deterring, identifying, and investigating system and network intrusions Support malware analysis, host and network, log analysis, and triage in support of incident response Maintaining and improving the security technologies deployed, including creating use cases, customizing or better configuring the tools based on past and current threats Monitoring threat/vulnerability landscape, security advisories, and acting on them as appropriate Continuously monitors the security alerts and escalation queue, triages security alerts Monitoring and tuning SIEM (content, parsing, maintenance) Monitoring Cloud infrastructure for security-related events Delivers scheduled and ad-hoc reports Develop and coach L1 analysts Author Standard Operating Procedures (SOPs) and training documentation Work the full ticket lifecycle; handle every step of the alert, from detection to remediation Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty Perform threat-intel research, learn new attack patterns, actively participate in security forums. Job specifications: Qualification: Bachelor’s degree in Engineering or closely related coursework in technology development disciplines Certifications like CISSP, CEH, CISM, GCIH, GCIA are desirable Experience with the following or related tools: SIEM Tools such as Splunk, IBM QRadar, SecureOnix; Case Management Tools such as Swimlane, Phantom, etc.; EDR tools such as Crowdstrike, Sentinel, VMware, McAfee, Microsoft Defender ATP, etc; Network Analysis Tools such as Darktrace, FireEye, NetWitness, Panorama, etc. Experience: 6+ years of SOC related work experience Desired Skills: Full understanding of SOC L1 responsibilities/duties and how the duties feed into L2/L3. The ability to take lead on incident research when appropriate and be able to mentor junior analysts. Advanced knowledge of TCP/IP protocols and event log analysis Strong understanding of Windows, Linux and networking concepts Experience analyzing both log and packet data to include the use of WireShark, tcpdump and other capture/analysis tools Good understanding of security solutions including SIEMs, Web Proxies, EDR, Firewalls, VPN, authentication, encryption, IPS/IDS etc. Functional understanding of Cloud environments Ability to conduct research into IT security issues and products as required Working in a TAT based IT security incident resolution practice and knowledge of ITIL Knowledge and experience with scripting and programming (Python, PERL, etc.) are also highly preferred Malware analysis and reverse engineering is a plus Personal Attributes Self-starter and quick learner requiring minimal ramp-up Excellent written, oral, and interpersonal communication skills Highly self-motivated, self-directed, and attentive to detail Ability to effectively prioritize and execute tasks in a high-pressure environment

Embark your transformative journey as Vice President Cyber Operations. You will work as an Incident Response T3 Analyst at Barclays and become a crucial defender of our digital landscape. In this role, you will be instrumental in protecting our systems and data, ensuring its confidentiality, integrity and availability. As a key member of the Cyber Operations Team, your insights will significantly impact our ability to proactively identify, thoroughly investigate, and effectively neutralize security threats. You will focus on rapid response, meticulous containment, and continuous improvement, collaborating closely with security engineers, threat intelligence experts, and key stakeholders across the organization. To be successful as Vice President Cyber Operations, you should have experience with: Security Information and Event Management (SIEM) platforms (e.g., Splunk, QRadar, etc) for real-time monitoring, correlation and analysis of security events. Endpoint Detection and Response (EDR) tools (e.g., CrowdStrike) for threat detection, investigation and response on endpoints. Incident response methodologies (e.g., NIST, SANS) and frameworks for handling security incidents effectively. Operating systems (Windows, Linux, macOS) and networking concepts for understanding system behavior and network traffic. Security tools and technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), vulnerability scanners and penetration testing tools. Additional Relevant Skills Include Analyzing security logs and events to identify potential security threats and incidents,Conducting initial triage and analysis of security incidents to determine scope, severity and impact. Following established incident response procedures to contain, eradicate and recover from security incidents and hands-on experience in analyzing high priority large scale Cyber Incidents. *Experience with Cyber Regulatory Exercises and create Work Instructions for Junior analysts to work on Cyber Incidents. Documenting security incidents thoroughly and accurately, including details of the incident, actions taken and lessons learned and communicating effectively with technical and non-technical stakeholders regarding security incidents. Experience with threat intelligence platforms and sources for staying up-to-date on the latest threats and vulnerabilities Knowledge of malware analysis and reverse engineering techniques for understanding malicious software, scripting skills (e.g., Python, PowerShell) for automating incident response tasks. Certifications such as CompTIA Security+, GSEC, GCIH, GPEN, GCFA, CISM, CISSP. You may be assessed on the key critical skills relevant for success in role, such as risk and controls, change and transformation, business acumen strategic thinking and digital and technology, as well as job-specific technical skills. This role is for Pune Location. Purpose of the role To monitor the performance of operational controls, implement and manage security controls and consider lessons learnt in order to protect the bank from potential cyber-attacks and respond to threats. Accountabilities Management of security monitoring systems, including intrusive prevention and detection systems, to alert, detect and block potential cyber security incidents, and provide a prompt response to restore normal operations with minimised system damage. Identification of emerging cyber security threats, attack techniques and technologies to detect/prevent incidents, and collaborate with networks and conferences to gain industry knowledge and expertise. Management and analysis of security information and event management systems to collect, correlate and analyse security logs, events and alerts/potential threats. Triage of data loss prevention alerts to identify and prevent sensitive data for being exfiltrated from the banks network. Management of cyber security incidents including remediation & driving to closure. Vice President Expectations Advise key stakeholders, including functional leadership teams and senior management on functional and cross functional areas of impact and alignment. Manage and mitigate risks through assessment, in support of the control and governance agenda. Demonstrate leadership and accountability for managing risk and strengthening controls in relation to the work your team does. Demonstrate comprehensive understanding of the organisation functions to contribute to achieving the goals of the business. Collaborate with other areas of work, for business aligned support areas to keep up to speed with business activity and the business strategies. Create solutions based on sophisticated analytical thought comparing and selecting complex alternatives. In-depth analysis with interpretative thinking will be required to define problems and develop innovative solutions. Adopt and include the outcomes of extensive research in problem solving processes. Seek out, build and maintain trusting relationships and partnerships with internal and external stakeholders in order to accomplish key business objectives, using influencing and negotiating skills to achieve outcomes. All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship – our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset – to Empower, Challenge and Drive – the operating manual for how we behave.

About Toast Toast is driven by building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love. Because our technology is purpose-built for restaurants, our customers trust that we will deliver on their needs today while investing in innovative experiences that will power the future of the industry. About this roll*: We are seeking a strategic and experienced leader to manage our Corporate Security and Governance, Risk, and Compliance functions in India. You will lead and grow both teams, strengthen our security posture, drive compliance with industry frameworks, and support enterprise risk efforts, while partnering closely with global stakeholders on key initiatives. What you will do: Corporate Security: Provide leadership and oversight to the CorpSec team, ensuring the implementation of best practices across endpoint protection, vulnerability management, and threat mitigation. Guide the design and management of a secure enterprise endpoint strategy, ensuring the CorpSec team aligns with policy and compliance requirements. Supervise the CorpSec team in conducting vendor risk assessments and coordinate with global stakeholders to drive remediation activities. Oversee the management of secure email gateway and Data Loss Prevention (DLP) systems, ensuring the CorpSec team enforces data protection and policy compliance across all endpoints (Windows, macOS, Linux). Manage endpoint investigations and root cause analysis, directing the CorpSec team to collaborate with the SOC for integrating telemetry into SIEM platforms (e.g., Splunk, Datadog). Ensure the CorpSec team maintains documentation, SOPs, and training resources, and oversees the delivery of awareness sessions to improve endpoint hygiene. Stay informed on emerging threats to provide strategic guidance to the CorpSec team for enhancing threat detection and response capabilities. Governance, Risk, and Compliance (GRC): Oversee the development and maintenance of GRC frameworks (SOC 2, PCI DSS, ISO 27001), ensuring the Technical GRC team aligns with global standards and maintains ongoing compliance. Manage the review process for third-party security attestations (e.g., SOC 2, ISO 27001) and guide the Technical GRC team in assessing vendors in collaboration with Legal, Procurement, and IT. Supervise periodic vendor risk reviews, ensuring the Technical GRC team identifies gaps and drives remediation plans effectively. Partner with internal audit and external assessors to support security evaluations and regulatory alignment. Provide oversight for regular reporting on compliance posture, risk trends, and incident metrics to senior stakeholders, ensuring the Technical GRC team delivers accurate and timely updates. Team Leadership and Development: Provide leadership and mentorship to the Corporate Security and GRC teams in India, fostering a high-trust, collaborative environment. Recruit, train, and grow security talent to build a resilient, high-performing organization. Set performance goals, conduct evaluations, and support team members' ongoing development. Do you have the right ingredients*? Bachelor’s in Computer Science, InfoSec, or related field (Master’s preferred). Industry certifications like CISSP, CISM, or CEH are strongly preferred. 10+ years in cybersecurity, with hands-on experience in vulnerability management, compliance automation, and GRC. Strong understanding of SOC operations, incident response, and security tooling (SIEM, IDS/IPS, WAF). Proven leadership experience managing distributed security teams in dynamic environments. Skilled in communication, collaboration, and team development. Deep knowledge of compliance frameworks (e.g., SOC 2, PCI DSS, ISO 27001) and regulatory expectations.

Embark your transformative journey as Vice President Cyber Operations. You will work as an Incident Response T3 Analyst at Barclays and become a crucial defender of our digital landscape. In this role, you will be instrumental in protecting our systems and data, ensuring its confidentiality, integrity and availability. As a key member of the Cyber Operations Team, your insights will significantly impact our ability to proactively identify, thoroughly investigate, and effectively neutralize security threats. You will focus on rapid response, meticulous containment, and continuous improvement, collaborating closely with security engineers, threat intelligence experts, and key stakeholders across the organization. To be successful as Vice President Cyber Operations, you should have experience with: Security Information and Event Management (SIEM) platforms (e.g., Splunk, QRadar, etc) for real-time monitoring, correlation and analysis of security events. Endpoint Detection and Response (EDR) tools (e.g., CrowdStrike) for threat detection, investigation and response on endpoints. Incident response methodologies (e.g., NIST, SANS) and frameworks for handling security incidents effectively. Operating systems (Windows, Linux, macOS) and networking concepts for understanding system behavior and network traffic. Security tools and technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), vulnerability scanners and penetration testing tools. Additional Relevant Skills Include Analyzing security logs and events to identify potential security threats and incidents,Conducting initial triage and analysis of security incidents to determine scope, severity and impact. Following established incident response procedures to contain, eradicate and recover from security incidents and hands-on experience in analyzing high priority large scale Cyber Incidents. *Experience with Cyber Regulatory Exercises and create Work Instructions for Junior analysts to work on Cyber Incidents. Documenting security incidents thoroughly and accurately, including details of the incident, actions taken and lessons learned and communicating effectively with technical and non-technical stakeholders regarding security incidents. Experience with threat intelligence platforms and sources for staying up-to-date on the latest threats and vulnerabilities Knowledge of malware analysis and reverse engineering techniques for understanding malicious software, scripting skills (e.g., Python, PowerShell) for automating incident response tasks. Certifications such as CompTIA Security+, GSEC, GCIH, GPEN, GCFA, CISM, CISSP. You may be assessed on the key critical skills relevant for success in role, such as risk and controls, change and transformation, business acumen strategic thinking and digital and technology, as well as job-specific technical skills. This role is for Pune Location. Purpose of the role To monitor the performance of operational controls, implement and manage security controls and consider lessons learnt in order to protect the bank from potential cyber-attacks and respond to threats. Accountabilities Management of security monitoring systems, including intrusive prevention and detection systems, to alert, detect and block potential cyber security incidents, and provide a prompt response to restore normal operations with minimised system damage. Identification of emerging cyber security threats, attack techniques and technologies to detect/prevent incidents, and collaborate with networks and conferences to gain industry knowledge and expertise. Management and analysis of security information and event management systems to collect, correlate and analyse security logs, events and alerts/potential threats. Triage of data loss prevention alerts to identify and prevent sensitive data for being exfiltrated from the banks network. Management of cyber security incidents including remediation & driving to closure. Vice President Expectations Advise key stakeholders, including functional leadership teams and senior management on functional and cross functional areas of impact and alignment. Manage and mitigate risks through assessment, in support of the control and governance agenda. Demonstrate leadership and accountability for managing risk and strengthening controls in relation to the work your team does. Demonstrate comprehensive understanding of the organisation functions to contribute to achieving the goals of the business. Collaborate with other areas of work, for business aligned support areas to keep up to speed with business activity and the business strategies. Create solutions based on sophisticated analytical thought comparing and selecting complex alternatives. In-depth analysis with interpretative thinking will be required to define problems and develop innovative solutions. Adopt and include the outcomes of extensive research in problem solving processes. Seek out, build and maintain trusting relationships and partnerships with internal and external stakeholders in order to accomplish key business objectives, using influencing and negotiating skills to achieve outcomes. All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship – our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset – to Empower, Challenge and Drive – the operating manual for how we behave. Back to nav Share job X(Opens in new tab or window) Facebook(Opens in new tab or window) LinkedIn(Opens in new tab or window)

Job Description SecurityHQ is a global cybersecurity company. Our specialist teams design, engineer and manage systems that promote clarity and an inclusive culture of trust, build momentum around improving security posture, and increase the value of cybersecurity investment. Around the clock, 365 days per year, our customers are never alone. We’re SecurityHQ. We’re focused on engineering cybersecurity, by design Responsibilities Lead response to complex, high-impact security incidents in AWS, including unauthorized access, data breaches, malware infections, DDoS attacks, phishing, APTs, zero-day exploits, and cloud misconfigurations. Perform in-depth analysis of security incidents, including advanced log analysis, digital forensic investigation, and root cause analysis. Develop and implement containment, eradication, and recovery plans for complex security incidents, minimizing disruption and improving security posture. Coordinate with internal and external stakeholders during incident response activities. Document incident details, analysis findings, and remediation actions, including detailed forensic reports and security posture assessments. Identify and recommend security improvements to prevent future incidents and enhance cloud security posture, including: AWS security best practices Security tool implementation and configuration (with a focus on CSPM tools) Vulnerability management Security awareness training Threat hunting strategies Security architecture enhancements CSPM implementation and optimization Develop and maintain AWS-specific incident response plans, playbooks, and procedures, emphasizing automation, orchestration, and continuous security posture improvement. Stay current on cloud security, digital forensics, and cloud security posture management. Mentor junior security analysts in incident response and security posture management. Participate in on-call rotation, providing expert-level support and guidance on security posture. Develop and deliver training on incident response, forensic best practices, and cloud security posture management. Conduct proactive threat hunting and security posture assessments. Contribute to the development of security tools and automation to improve incident response efficiency, effectiveness, and security posture. Location Pune, India Essential Skills Excellent communication and interpersonal skills, with the ability to convey highly technical information to technical and non-technical audiences, including executive leadership and legal counsel, regarding incident response and security posture. Exceptional problem-solving and analytical skills; ability to remain calm, focused, and decisive under high-pressure situations, including those involving significant security posture deficiencies. Ability to work independently, lead a team, and collaborate effectively to improve the organization’s security posture. Expert-level understanding of AWS services, including: EC2, S3, RDS, VPC, Lambda CloudTrail, CloudWatch, Config, Security Hub, GuardDuty IAM, KMS AWS Organizations, AWS Control Tower Extensive experience with SIEM systems (e.g., Datadog, Qradar, Azure Sentinel) in a cloud environment, with a focus on security posture monitoring. Mastery of log analysis, network analysis, and digital forensic investigation techniques, including experience with specialized forensic tools (e.g., EnCase, FTK, Autopsy, Velociraptor) and CSPM tools. Strong experience with scripting (e.g., Python, PowerShell) for automation, analysis, tool development, and security posture management. Deep familiarity with security tools and technologies, including: IDS/IPS EDR Vulnerability scanners Firewalls Network forensics tools CSPM tools Education Requirements & Experience Master’s degree in Computer Science, Cybersecurity, or a related field. AWS Security certifications (e.g., AWS Certified Security – Specialty). Relevant security certifications (e.g., CISSP, GCIH, GCIA, GREM, GNFA, OSCP). Experience leading incident response teams and security posture improvement initiatives. Experience with cloud automation and orchestration (e.g., AWS Systems Manager, Lambda) for incident response and security posture management. Knowledge of DevSecOps principles and practices, including security integration into CI/CD pipelines and infrastructure as code (IaC) security. Experience with container security (e.g., Docker, Kubernetes) in AWS, including forensic analysis and security posture assessment. Experience with reverse engineering and malware analysis, focused on identifying threats that impact cloud security posture.

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Security Managed Services Engineer (L2) is a developing engineering role, responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational. Through the proactive monitoring, identifying, investigating, and resolving of technical incidents and problems, this role is able to restore service to clients. The primary objective of this role is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA) and focuses on second-line support for incidents and requests with a medium level of complexity. The Security Managed Services Engineer (L2) may also contribute to / support on project work as and when required. What You'll Be Doing Academic Qualifications and Certifications: BE/BTech in Electronics/EC/EE/CS/IT Engineering or MCA At least one security certification such as CCNA Security, CCSA, CEH, CompTIA, GCIH/GCIA Required Experience: At least one SIEM solution certifications with one or more SIEM/ Security solutions (i.e., RSA NetWitness, Splunk ES, Elastic ELK, HP ArcSight, IBM QRadar Log Rhythm). Minimum overall 5 years of experience in handling security related products & services in a reputed organization out of which 3 years’ experience should be in SIEM solution. Person should have adequate knowledge of security devices like firewalls, IPS, Web Application Firewall, DDOS, EDR, Incident response, SOAR and other security devices Administration of SIEM environment (e.g.: deployment of solution, user management, managing the licenses, upgrades and patch deployment, addition or deletion of log sources, configuration management, change management, report management, manage backup and recovery, etc.) Construction of SIEM content required to produce Content Outputs (e.g., filters, active lists, correlation rules, reports, report templates, queries, trends, variables) Integration of customized threat intelligence content feeds provided by the Threat Intelligence & Analytics service Identifies possible sensor improvements to prevent incidents Collects/updates threat intelligence feeds from various sources Creates situational awareness briefings Co-ordinates with the different departments for incident analysis, containment and remediation Liaise with Security monitoring team to discover repeatable process that lead to new content development Provides engineering analysis and architectural design of technical solutions Knowledge of networking protocols and technologies and network security Sound analytical and troubleshooting skills Key Responsibilities: Monitors client infrastructure and solutions. Identifies problems and errors prior to or when they occur. Routinely identifies common incidents and opportunities for avoidance as well as general opportunities for incident reduction. Investigates first line incidents assigned and identifies the root cause of incidents and problems. Provides telephonic or chat support to clients when required. Schedules maintenance activity windows for patching and configuration changes. Follows the required handover procedures for shift changes to ensure service continuity. Reports and escalates incidents where necessary. Ensures the efficient and comprehensive resolutions of incidents and requests. Updates existing knowledge articles or create new ones. Identifies opportunities for work optimization including opportunities for automation of work, request fulfilment, incident resolution, and other general process improvement opportunities. May also contribute to / support on project work as and when required. May work on implementing and delivering Disaster Recovery functions and tests. Performs any other related task as required. Workplace type: On-site Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.