891 Qradar Jobs - Page 23

Work with Us. Change the Word. At AECOM, we're deivering a better word. Whether improving your commute, keeping the ights on, providing access to cean water, or transforming skyines, our work heps peope and communities thrive. We are the word's trusted infrastructure consuting firm, partnering with cients to sove the word’s most compex chaenges and buid egacies for future generations. There has never been a better time to be at AECOM. With acceerating infrastructure investment wordwide, our services are in great demand. We invite you to bring your bod ideas and big dreams and become part of a goba team of over 50,000 panners, designers, engineers, scientists, digita innovators, program and construction managers and other professionas deivering projects that create a positive and tangibe impact around the word. We're one goba team driven by our common purpose to deiver a better word. Join us. Fow & quaity data anaysis Preparing process fow diagrams, P&IDs Producing mass baances/process sizing cacuations Preparing process & performance specifications Process Modeing and simuation using software ike BioWin Providing mentoring and support for junior engineers and CAD technicians Contribute to the production and deivery of concise high-quaity technica documentation in Engish. Quaifications B.E./M.Tech. (preferred) in Chemica or Environmenta Engineering fied from a recognized university. Professiona registration or icensure in their designated home office country or be inactive pursuit of such registration. Awareness of pipe network design codes. Experience in designing Water Treatment systems incuding conventiona and advance system. Experience in designing Wastewater Treatment systems ike – ASP, MBBR, SBR, MBR, Digesters, Soids Handing system, Desaination system, etc. Awareness of Quaity aspects (i.e., registers, design issues ogs, QC process and design transmittas etc.). Abe to independenty work efficienty and meet required deadines by foowing reevant design manuas/standards and practices. 8 - 10 Years of experience in water/wastewater industry. Having hands-on experience in process simuation modeing. Experience in Detaied Design of Wastewater Water, Water, Biosoids and Desaination Systems. Good Engish communication skis. Good team payer Additiona Information AECOM provides a wide array of compensation and benefits programs to meet the diverse needs of our empoyees and their famiies. We aso provide a robust goba we-being program. We’re the word’s trusted goba infrastructure firm, and we’re in this together – your growth and success are ours too. As an Equa Opportunity Empoyer, we beieve in each person’s potentia, and we’ hep you reach yours. #LI-FS1

Design, implement, and manage enterprise perimeter security solutions including firewalls, proxies, and load balancers, Configure, deploy, and troubleshoot next-generation firewalls (NGFWs) from Palo Alto Networks, Cisco ASA/FTD, and Fortinet (FortiGate), Design secure network architectures involving layer 4-7 load balancers (e-g , F5, Citrix ADC), Manage and optimize proxy servers and secure web gateways (e-g , Blue Coat, Zscaler, or equivalent), Perform packet capture and deep packet inspection (DPI) using tools such as Wireshark, tcpdump, or TShark for incident investigation and traffic analysis, Integrate firewall logs and alerts into SIEM platforms (e-g , Splunk, QRadar, LogRhythm) to support real-time monitoring, correlation, and incident response, Implement and maintain SASE solutions, integrating cloud-delivered security with network connectivity, Document configurations, playbooks, and operational procedures; contribute to security architecture standards, Participate in firewall rule audits, risk assessments, and vulnerability mitigation activities, Stay updated on the latest threats, vulnerabilities, and compliance requirements (PCI-DSS, HIPAA, NIST, etc ), , 10+ years of hands-on experience in perimeter/network security engineering or a similar role, Strong experience with at least two of the following firewall platforms: Palo Alto Networks (PanOS) Cisco ASA / Firepower Threat Defense (FTD) Fortinet FortiGate Proficiency in proxy technologies (e-g , Zscaler, Blue Coat, Squid), Working knowledge of load balancing technologies (e-g , F5 BIG-IP, Citrix ADC), Expertise in network protocols (TCP/IP, BGP, DNS, SSL/TLS) and packet capture analysis, Experience integrating security events into SIEM systems (Splunk, QRadar, etc ), Familiarity with cloud-based security and SASE frameworks (e-g , Zscaler, Netskope, Prisma Access), Solid understanding of firewall rulebase optimization, NAT, VPNs, and threat prevention mechanisms,

Ways of working: Mandate 3 : Onsite Office / Field: Employees are expected to work from the office on all days out of their respective base locations, About Swiggy Swiggy Instamart, is building the convenience grocery segment in India We offer more than 30000 + assortments / products to our customers within 10-15 mins We are striving to augment our consumer promise of enabling unparalleled convenience by making grocery delivery instant and delightful Instamart has been operating in 90+ cities across India and plans to expand to a few more soon We have seen immense love from the customers till now and are excited to redefine how India shops, Job Description Custodian of finance for 3PL (Contracts, surges, base pay) and overall CPD alignment Verifying invoices shared from 3PL Base pay computation Taxation clauses Incentive payouts Coordinate with the Finance Automation team to enhance the reporting requirements through system automation, Uploading on finly / oracle and following up on payments process as per DOA Recon with 3PL partners and finance team for quarterly/yearly closures Desired Skills Integrity: Accepting and adhering to high moral, ethical, and personal values in decisions, communications, actions, and when dealing with others, Strong analytical skills: able to clearly link financial results to operational performance drivers, generate alternatives and drive positive change, Excellent verbal and written communication skills and the ability to communicate complex business issues in a clear/concise manner, Adaptable/Flexible: being open to change in response to new information, different or unexpected circumstances, and/or to working in ambiguous situations, Strong knowledge of MS excel, We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regards to race, colour, religion, sex, disability status, or any other characteristic protected by the law"

Ready to shape the future of work? At Genpact, we don’t just adapt to change—we drive it. AI and digital innovation are redefining industries, and we’re leading the charge. Genpact’s AI Gigafactory, our industry-first accelerator, is an example of how we’re scaling advanced technology solutions to help global enterprises work smarter, grow faster, and transform at scale. From large-scale models to agentic AI, our breakthrough solutions tackle companies’ most complex challenges. If you thrive in a fast-moving, tech-driven environment, love solving real-world problems, and want to be part of a team that’s shaping the future, this is your moment. Genpact (NYSE: G) is an advanced technology services and solutions company that delivers lasting value for leading enterprises globally. Through our deep business knowledge, operational excellence, and cutting-edge solutions – we help companies across industries get ahead and stay ahead. Powered by curiosity, courage, and innovation, our teams implement data, technology, and AI to create tomorrow, today. Get to know us at genpact.com and on LinkedIn, X, YouTube, and Facebook. We are inviting applications for the role of Process Associate, Investigations (MOSE) Responsibilities: Investigative Analysis: Assess large datasets to identify trends and anomalies indicating potential malicious activities or policy violations. Utilize critical thinking to establish relevant evidence for investigations. Compliance Oversight: Review API product datasets, ensuring compliance with platform policies and highlighting inconsistencies. Intelligence Reporting: Produce high-quality intelligence reports and assessments, managing sensitive data, and communicating findings to internal and external stakeholders. Multi-tasking & Prioritization: Manage multiple investigations independently, prioritizing time effectively to meet deadlines. Clear Communication: Clearly communicate investigative findings to leadership through written and verbal reports, adapting communication for various audiences. English fluency is a must. Methodical Investigation: Employ various methodologies (on and off platform) to understand abuse patterns and attribute responsible parties. Self-Motivation & Initiative: Demonstrate self-drive in investigative processes, following leads independently with minimal guidance, and understanding complex problems. Qualifications we seek in you Minimum qualifications Bachelor's or Master's degree in relevant fields (e.g., Criminal Justice, Cyber Security) Relevant experience in investigations, risk, fraud, or related fields. Ability to draft investigative reports, work independently, and collaborate within a cross-functional team. Strong analytical/coding and communication skills. Ability to be flexible, multitask and learn in a fast-paced environment. Customer-focused and can demonstrate understanding and empathy. Creative problem solver with excellent troubleshooting skills. Self-driven nature with strong attention to detail and follow-through. Preferred qualifications Proficient in data-driven problem-solving, utilising search tools, OSINT research methods, and investigative tools like QRadar, Splunk etc. Experience in IT Security or Networking; background in cybercrime investigations, and experience with research-driven insights in a fast-paced environment Lean & Six Sigma Methodologies Why join Genpact? Be a transformation leader – Work at the cutting edge of AI, automation, and digital innovation Make an impact – Drive change for global enterprises and solve business challenges that matter Accelerate your career – Get hands-on experience, mentorship, and continuous learning opportunities Work with the best – Join 140,000+ bold thinkers and problem-solvers who push boundaries every day Thrive in a values-driven culture – Our courage, curiosity, and incisiveness - built on a foundation of integrity and inclusion - allow your ideas to fuel progress Come join the tech shapers and growth makers at Genpact and take your career in the only direction that matters: Up. Let’s build tomorrow together. Genpact is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. Genpact is committed to creating a dynamic work environment that values respect and integrity, customer focus, and innovation. Furthermore, please do note that Genpact does not charge fees to process job applications and applicants are not required to pay to participate in our hiring process in any other way. Examples of such scams include purchasing a 'starter kit,' paying to apply, or purchasing equipment or training. Job Process Associate Primary Location India-Hyderabad Schedule Full-time Education Level Bachelor's / Graduation / Equivalent Job Posting Jun 19, 2025, 5:39:52 AM Unposting Date Ongoing Master Skills List Operations Job Category Full Time

AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation. At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD. We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived. We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD. A Security Technical Writer will play a crucial part in supporting our cybersecurity initiatives by producing clear, comprehensive, and accurate technical documentation for a variety of customer-facing and internal audiences. You will be responsible for creating and maintaining a wide range of documents, including but not limited to: Security practice standards and procedures, incident response guides, technical manuals, system architecture overviews, user guides for security tools, and compliance documentation aligned with industry frameworks such as NIST, ISO 27001, SOC 2, and others. The ideal candidate will have a strong background in both technical writing and cybersecurity concepts, with the ability to translate complex technical information into easy-to-understand content. You will collaborate closely with security engineers, analysts, and risk / compliance professionals to gather accurate and timely information for your documentation efforts. Additionally, you will help standardize documentation practices, ensure consistent formatting and terminology, and contribute to the continuous improvement of our knowledge-sharing processes. This role requires someone who is proactive, self-directed, and capable of managing multiple projects under tight deadlines. A strong understanding of the cybersecurity landscape—including threat modeling, risk assessment, data protection, and secure systems design—is highly valuable. Key Responsibilities The following are the expectations of a Security Technical Writer: Client Delivery Develop clear, concise, and accurate documentation related to cybersecurity operations, including: Security policies and standards System architecture diagrams Incident response playbooks Compliance documentation (e.g. NIST, ISO 27001, SOC 2) User and administrator guides for security tools Translate complex technical concepts into easy-to-understand content for various audiences (technical and non-technical). Work closely with cybersecurity teams to gather information and validate documentation. Ensure all documentation is up to date and aligns with organizational policies and regulatory requirements. Create and maintain templates and documentation standards. Assist in the development of training materials and internal communications related to cybersecurity awareness. Technical Mastery Documentation Tools: Proficient with documentation platforms such as Confluence, SharePoint, Git/GitHub, Markdown, and Microsoft Office Suite Security Tools (familiarity required): Experience documenting tools like SIEMs (e.g., Splunk, QRadar), endpoint protection systems, vulnerability scanners (e.g., Qualys, Nessus), firewalls, identity and access management (IAM) solutions, and cloud security platforms (e.g., AWS Security Hub, Azure Security Center) Writing Standards: Strong knowledge of style guides (e.g., Microsoft Manual of Style, APA, Chicago Manual) and documentation best practices Diagramming Tools: Proficiency in tools like Lucidchart, Draw.io, or Visio for architecture and data flow diagrams Markup Languages (a plus): Familiarity with XML & Markdown Domain Experience Required Cybersecurity Fundamentals: Strong understanding of core cybersecurity principles, including threat modeling, risk assessment, encryption, access control, vulnerability management, and incident response Compliance Frameworks: Hands-on experience documenting against security standards such as: NIST Cybersecurity Framework (CSF), NIST SP 800-53, NIST 800-171 ISO/IEC 27001 and 27002 PCI-DSS, HIPAA, GDPR, etc. Industry Context (Preferred): Prior experience working in regulated industries such as finance, healthcare, technology, or government contracting Cloud Security (Preferred): Knowledge of cloud-native security controls, cloud shared responsibility model, and cloud platform compliance (AWS, Azure, GCP) Qualifications Bachelor’s degree in Technical Writing, Cybersecurity, Computer Science, or related field. 5 years of experience in technical writing, preferably within a cybersecurity or IT environment. Familiarity with cybersecurity concepts, frameworks, and tools (e.g., firewalls, IDS/IPS, IAM, etc.). Excellent written and verbal communication skills. Ability to work independently and collaboratively in a fast-paced environment. Why AHEAD: Through our daily work and internal groups like Moving Women AHEAD and RISE AHEAD, we value and benefit from diversity of people, ideas, experience, and everything in between. We fuel growth by stacking our office with top-notch technologies in a multi-million-dollar lab, by encouraging cross department training and development, sponsoring certifications and credentials for continued learning. USA Employment Benefits include: Medical, Dental, and Vision Insurance 401(k) Paid company holidays Paid time off Paid parental and caregiver leave Plus more! See benefits https://www.aheadbenefits.com/ for additional details. The compensation range indicated in this posting reflects the On-Target Earnings (“OTE”) for this role, which includes a base salary and any applicable target bonus amount. This OTE range may vary based on the candidate’s relevant experience, qualifications, and geographic location.

We are seeking a dynamic Pre-Sales Consultant with over 6 years of customer-facing experience in the cybersecurity domain. The ideal candidate will be instrumental in understanding client requirements, translating business challenges, and proposing tailored solutions. Key Responsibilities Engage with customers directly to gather requirements and articulate business challenges. Collaborate with internal teams to design and present appropriate solutions. Deliver impactful product demos and Proofs of Value (POVs) at customer locations. Prepare high-quality documentation including scope of work, prerequisites, and deliverables. Required Skills & Experience Minimum 6 years of presales experience in cybersecurity or related domains. Hands-on experience with demo/POV delivery. Strong documentation and communication skills. Proficiency in at least two of the technology domains listed below, with experience in any two OEMs in those areas. Technology Domains & Preferred OEM Experience Domain Preferred OEMs Proxy - Zscaler, Netskope, Forcepoint DLP Zscaler, Netskope, Forcepoint WAF Cloudflare, F5 Identity Okta, BeyondTrust, CyberArk SIEM IBM QRadar, Splunk, Fortinet Good-to-Have Skills Excellent Oral Communication skills and Written skills, Excellent presentation skills Good analytical skills who can understand customer’s business challenges and arrive at right Key Performance Indicators Conduct pre-engagement meetings Create end-user knowledge transfer Function as a requirements analyst Serve as a conduit between sales and Delivery team Conduct Cybersecurity solution & service research Make contributions to the Cybersecurity technical portfolio Benefits Opportunity to work with leading cybersecurity OEMs. Exposure to cutting-edge technologies and enterprise clients. Competitive salary with performance-based incentives. Flexible work culture and hybrid work opportunities. Continuous learning and certification support. Strong internal collaboration and growth-driven environment. Skills: pre-sales,communication,pov delivery,product demos,cybersecurity,presales,documentation,technology,analytical skills,oem Show more Show less

Job Summary: We are looking for a skilled and proactive L2 SOC Engineer with hands-on expertise in Database Activity Monitoring (DAM), Cyber ARK and Web Application Firewall (WAF) technologies. Experience with Privileged Identity Management (PIM) tools such as CyberArk is highly desirable. The candidate will be responsible for handling escalated incidents, threat analysis, and supporting the security infrastructure within a 24x7 SOC environment. Key Responsibilities: Monitor, analyze, and respond to security events and alerts escalated from L1 analysts. Operate and manage DAM and WAF systems for threat detection and response (MANDATORY). Perform threat hunting and deep-dive investigations on suspicious activities using logs and monitoring tools. Work with PIM tools (preferably CyberArk) to manage and secure privileged access. Perform rule tuning and policy management in DAM and WAF platforms to reduce false positives and improve detection. Coordinate with internal IT, application, and compliance teams to contain and remediate threats. Document incident response steps, create detailed reports, and support post-incident reviews. Stay updated on emerging threats and recommend proactive improvements in the SOC processes. Required Skills & Qualifications: 2–4 years of experience working in a Security Operations Center (SOC) environment. MANDATORY: Hands-on experience in: Database Activity Monitoring (DAM) Web Application Firewalls (WAF) (e.g., Imperva, F5, Akamai, Fortinet) Preferred: Experience with Privileged Identity Management (PIM) solutions, especially CyberArk . Strong understanding of networking, OS-level security, and incident response practices. Familiarity with SIEM tools such as Splunk, QRadar, ArcSight, etc. Ability to work in shifts, including 24x7 rotational support if required. Show more Show less

3 -7 years of working experience in a security operations centre or relevant. Experience with incident response frameworks and methodologies (e.g., MITRE ATT&CK) Strong knowledge of incident response, incident management, change management, process flow, etc. and their best practices. Excellent communication and collaboration skills Ability to work independently and as part of a team Ability to handle pressure and work effectively in a fast-paced environment Experience with security tools and technologies (e.g., SIEM, SOAR, EDR) a plus Knowledge of legal and regulatory requirements related to data breaches a plus Good understanding of Incident life cycle and Triage process. Good experience in OS logs, WAF, IPS, firewall etc. log analysis. Insight knowledge about DFIR and Malware analysis Knowledge of Threat Intelligence and Security Advisories research and analysis would be added advantage.

Experience: 3- 8 years Location: Hyderabad Working Shift: Rotational Shift Key Responsibilities: Conduct email analysis and reverse engineer to identify and mitigate threats. Perform static and dynamic analysis of PE and non-PE files. Analyze network traffic and develop heuristic signatures to detect malicious activities. Investigate security incidents, including data breaches, system intrusions, and policy violations. Collaborate with crossfunctional teams to improve detection capabilities and response strategies. Develop and implement incident response plans and coordinate incident investigations. Provide continuous monitoring and analysis of network traffic and security events. Conduct research on advanced persistent threats (APTs) and develop protection solutions. Maintain and update real-time block lists and URL block lists. Write and review regular expressions for spam and fraud detection. Perform URL and email grading to assess and categorize potential threats. Engage in security response activities to address and resolve security incidents. Participate in endpoint detection and response (EDR) efforts to identify and mitigate threats. Conduct threat hunting to proactively identify and address potential security risks. Basic Qualifications: Bachelor's or Master's degree in Computer Science, Computer Engineering, Information Security, or a related field. Strong understanding of computer security, network architecture, and threat landscape. Familiarity with operating systems internals (Windows, MacOS, Linux, Android, iOS). Strong knowledge of networking concepts and OSI layers. Understanding of enterprise IT architecture, operating systems, and file systems. Excellent analytical skills and ability to identify patterns and trends. Strong research skills and ability to analyze and present complex data. Good logical reasoning and deep analytical skills. Good communication skills and attention to detail. Ability to perform well under stress, particularly in critical response situations. Basic qualities of a researcher, including curiosity, persistence, and attention to detail. Technical Skills Threat Analysis and Incident Response: Ability to analyze email threats, identify indicators of compromise (IOCs), and respond to incidents promptly. Phishing Detection and Mitigation: Expertise in identifying and mitigating phishing attacks, including spear-phishing and whaling. Malware Analysis: Skills in analysing email borne malware, understanding its behavior, and developing countermeasures. Cryptography: Knowledge of encryption techniques to secure email communications and protect sensitive data. Network Security: Understanding of network protocols and security measures to detect and prevent email-based attacks. Regulatory Compliance: Familiarity with regulations such as GDPR, HIPAA, and others that impact email security practices. Programming and Scripting: Proficiency in languages like Kusto, Python, PowerShell, or Bash for automating security tasks and analyzing email logs. Tools Secure Email Gateways (SEGs): Tools like Microsoft Defender for Office, Proofpoint, Mimecast, or Barracuda to filter and block malicious emails. Email Encryption Tools: Solutions like PGP (Pretty Good Privacy) or S/MIME (Secure/Multipurpose Internet Mail Extensions) for encrypting email content. Threat Intelligence Platforms: Tools other than VirusTotal, MX Tool box like ThreatConnect or Recorded Future to gather and analyze threat intelligence data. Sandboxing Solutions: Tools like Windows Sandbox, FireEye or Palo Alto Networks WildFire to safely analyze suspicious email attachments. AntiPhishing Tools: Solutions like PhishMe or Cofense to detect and respond to phishing attempts. Security Information and Event Management (SIEM): Platforms like Splunk or IBM QRadar to monitor and analyze security events, including email threats. Incident Response Tools: Solutions like TheHive or MISP (Malware Information Sharing Platform) for managing and sharing incident response data. Show more Show less

Role & responsibilities The primary role of a Security Analyst (L2) is the detailed and repeatable execution of all operational tasks as documented in processes and subordinate procedures. Specifically, these analysts will be responsible for monitoring the SIEM tools for security events and closing or escalating those events as necessary. Security Analysts maintain the group email address and distribution lists, answer the main phone lines, and update all relevant documentation such as shift logs and tickets. Additionally, assist the MDR Analyst in an incident workflow and assist the MDR team in incident detection, remediation and communicate with external teams in proper incident resolution. We are currently seeking a Senior Security Associate for our KPMG Managed Services (Spectrum) practice to join us in our Bangalore office. Note : Candidate must be willing to Work from Office only ( Bangalore Location) & willing to do 24x7 rotational shift (Mandatory requirement for this role) Specifically, Security Analysts (L2) will: 1. Rapidly identify, categorize, prioritize and investigate events as the initial cyber event detection group for the enterprise using all available security logs and intelligence sources to include but not limited to: a. Firewalls (Zscalar, Cisco ASA & Palo Alto etc.,) b. Systems and Network Devices c. Web Proxies (Zscalar) d. Intrusion Detection/Prevention Systems (Zscalar, Cisco ASA & Palo Alto etc.,) e. Data Loss Prevention (Zscalar) f. EDR / Antivirus Systems (Crowd Strike, MDE etc.,) g. Knowledgebase Framework (Confluence) 2. Continuously monitor SIEM and logging environments for security events and alerts to threats, intrusions, and/or compromises, including: SIEM tools like Splunk & Microsoft Sentine queue management from different data sources Network/EndPoint/Firewall etc., (Splunk & Microsoft Sentinel etc.,) Security email inbox (ProofPoint, Rapid7, Area1 etc.,) Intel feeds via email and other sources (e.g. NH-ISAC) Incident Ticketing queue (ServiceNow) 3. Validate alerts as they come in to eliminate false positives and use other internal and external data sources to enrich alerts with additional context 4. Perform triage of service requests from customers and internal teams 5. Use playbook procedures to carry out standard plays for routine event types and escalate alerts to Level 2 Analysts for further triage and remediation 6. Assist with containment of threats and remediation of environment during or after an incident 7. Act as a participant during Threat Hunting activities at the direction of one or more Incident Response Handlers 8. Document event analysis and write comprehensive reports of incident investigations 9. Proactively improve security-related operational processes and procedures 10. Use available security tools for historical analysis purposes as necessary for detected events; for example, historical searches using SIEM tools (Splunk & Microsoft Sentinel) 11. Maintain operational shift logs with relevant activity from the Analysts shift. Document investigation results, ensuring relevant details are passed to Level 2 or MDR Analysts for final event analysis 12. Update/reference knowledgebase tool (e.g. Confluence) as necessary for changes to processes and procedures, and ingest of daily intelligence reports and previous shift logs 13. Conduct research and document events of interest within the scope of IT Security 14. Alternatively, consulting, or advisory experience in Security Operations 15. Monitor and analyse Intrusion Detection Systems (IDS), Anomaly Detection Systems (ADS), Firewall event logs, Security Incident and Event Management (SIEM) toolset and other event logs to identify security attacks and threats for remediation/suppression. 16. Validate IOCs that triggered the original alert. 17. Research additional internal and external data sources for additional enrichment of event information 18. Determine when an event has reached the threshold of an incident and engage Incident Response Handler to declare an incident. 19. Create filters, data monitors, dashboards, and reports within monitoring utilities. 20. Troubleshoot security monitoring devices to improve event correlation and performance. 21. Handle high and critical severity incidents as described in the operations playbook. 22. Operational level experience in some of these domains (not all): security engineering, alert triaging, rule writing, incident response, DFIR, threat intelligence and management, vulnerability management, and security control testing 23. In-depth knowledge of at least one SIEM platform or security data lake and related processes 24. Knowledge of various security tools, their functions, and comparisons 25. Knowledge of network and cloud security fundamentals 26. Ability to explain complex technical concepts in business terms. 27. Extensive experience in report writing and presentation. 28. Strong, adaptable, and flexible work ethic 29. Good time management skills 30. Ability to work under pressure and prioritise activities Qualifications Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field 5+ years of technical experience of prior MDR/SOC/Incident response experience Demonstrated technical knowledge of current network security, network hardware, protocols, and standards required Shall have demonstrated professional experience in incident detection and response, malware analysis, or cyber forensics Act as a workstream participant to support tier-1, tier-2, or tier-3 SOC environments Demonstrated strong oral and written communication and client facing skills Demonstrated strong analytical and communications skills Flexibility to adapt to different types of engagement, working hours, work environments, and locations Proven ability to work creatively, analytically in a problem-solving environment Ability to work nights, weekends, and/or holidays in the event of an incident response emergency Be comfortable working against deadlines in a fast-paced environment Identify issues, opportunities for improvement, and communicate them to an appropriate senior member Demonstrated technical knowledge of current network security, network hardware, protocols, and standards required Required skills: 6+ years of technical experience in Information Security Experience with SIEM tools (Qradar, Splunk, Logrhythm, Solarwinds, etc.) Experience in Azure Sentinel Familiarity with common IDS/IPS and Firewalls (Snort, Cisco, Fortigate, Sourcefire) Familiarity with incident response process and activities Familiarity with TCP/IP protocol, OSI Seven Layer Model Knowledge of Windows, Unix-based systems, architectures, and network security devices Intermediate level of knowledge of LAN and WAN technologies Must have a solid understanding of information technology, information security domains Knowledge of security best practices and concepts Desired certifications: Security+, C|EH, Network+, Certified Information Systems Security Professional (CISSP), GIAC Certified Intrusion Analyst, GIAC Certified Incident Handler, or GIAC Reverse Engineering Malware Familiarity with ticketing tool / ITSM tool Personal drive, positive work ethic to deliver results within tight deadlines and in demanding situations Preferred candidate profile

Role & responsibilities Responsibilities: • Escalate validated and confirmed incidents to designated SOC Lead/ Incidents response team. • Security Event Correlation as received from L2 SOC or Incident Response staff or relevant sources to determine increased risk to the business. • Indepth knowledge on multiple SIEM platforms like Securonix, IBM QRadar, LogRhythm, Arcsight, FortiSIEM , Microsoft Sentinel, and others • Support the SOC Manager in his duties (e.g. extension of SOC services) • Update Security Operations reporting • Triage security events and incidents, detect anomalies, and report/direct remediation actions. • Development and execution of SOC procedures • Should have indepth knowledge of Firewall, EDR, IDS/ IPS, VPN, Cloud Security • Should have hands on Experience in Threat Hunting. • Should have good hands-on experience in VAPT. • Should have good knowledge in integrating TI feeds and Third-Party tools. • Should have knowledge in Building SIEM platform with SOAR, NBAD, UEBA Integration. • Should have hands on experience in developing Use case and Parser Creation. • Should have knowledge in Breach simulation attack. • Sound knowledge in Unix, Linux, Windows, and security devices like firewall, etc. • Preparation of RCA, Preparation of runbook and Training to L2 and L1 team. Qualification: B.E./B.Tech/MCA Certification CEH, ECIH, CISSP, CISM, GCIH, GCFA, Certified Threat Hunter, SIEM certifications for platforms like (Qradar, LogRhythm etc) Work experience: 8 + Years NOTE : Work location will be Mumbai Andheri Seepz, and this is permanent Work from Office role NO HYBRID Option

SOC SIEM MANAGEMENT Qradar Log source integration (ingestion & parser selection) XSIAM / XDR Custom DSM / parser development & maintenance MANAGE AWS AND GCP ,L3 Change Requests, XSOAR Air Liquide and MSP (e.g. TCS, Accenture) and L2, L3 support

Key Responsibilities: Monitor security events and alerts from SIEM tools (e.g., Splunk, IBM QRadar, Azure Sentinel). Analyze logs, network traffic, and endpoint data to identify malicious activity ,

This role involves the development and application of engineering practice and knowledge in designing, managing and improving the processes for Industrial operations, including procurement, supply chain and facilities engineering and maintenance of the facilities. Project and change management of industrial transformations are also included in this role. Job Description - Grade Specific Focus on Industrial Operations Engineering. Develops competency in own area of expertise. Shares expertise and provides guidance and support to others. Interprets clients needs. Completes own role independently or with minimum supervision. Identifies problems and relevant issues in straight forward situations and generates solutions. Contributes in teamwork and interacts with customers. Skills (competencies)

About Zscaler Serving thousands of enterprise customers around the world including 40% of Fortune 500 companies, Zscaler (NASDAQ: ZS) was founded in 2007 with a mission to make the cloud a safe place to do business and a more enjoyable experience for enterprise users. As the operator of the world’s largest security cloud, Zscaler accelerates digital transformation so enterprises can be more agile, efficient, resilient, and secure. The pioneering, AI-powered Zscaler Zero Trust Exchange™ platform, which is found in our SASE and SSE offerings, protects thousands of enterprise customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Named a Best Workplace in Technology by Fortune and others, Zscaler fosters an inclusive and supportive culture that is home to some of the brightest minds in the industry. If you thrive in an environment that is fast-paced and collaborative, and you are passionate about building and innovating for the greater good, come make your next move with Zscaler. At Zscaler, our Customer Success Organization is a global, customer-focused team dedicated to delivering high-impact experiences and identifying innovative solutions. We leverage valuable data and research to provide expert, hands-on support starting from the implementation phase and beyond, ensuring customers achieve their goals and leverage our technology to its fullest potential. Together, we create a customer-centric culture that fosters success, adoption, and continuous growth. We're looking for an experienced Product Support Engineer III - DLP to join our Global Customer Support team. Reporting to the Manager, Product Support you'll be responsible for: Serving as the primary point of contact for escalated DLP issues, providing advanced troubleshooting and resolution for the escalated DLP cases Taking ownership of complex and critical cases, ensuring they are resolved effectively and efficiently Performing detailed root cause analysis to identify underlying issues and implement long-term solutions for the customers Working closely with product development, engineering, and other cross-functional teams to resolve issues and improve Zscaler DLP products and services Maintaining clear and proactive communication with customers throughout the escalation process, providing regular updates and managing expectations What We're Looking for (Minimum Qualifications) Minimum of 7+ years of experience in technical support, with at least 3 years focused on DLP/CASB solutions and escalations Expert knowledge of DLP technologies and tools (e.g., Symantec DLP, McAfee DLP, Forcepoint DLP, etc.) Experience with data loss prevention, securing SaaS and Cloud Access Security Brokers (CASB) Good understanding of Unix/Linux and Windows operating systems Strong understanding of data protection principles and practices What Will Make You Stand Out (Preferred Qualifications) Experience with scripting and automation e.g., Python, PowerShell Knowledge of regulatory requirements and compliance standards (e.g., GDPR, HIPAA, PCI-DSS) Familiarity with ticketing systems and support tools (e.g., ServiceNow, Salesforce, JIRA etc) #LI-Hybrid #LI-RR1 At Zscaler, we are committed to building a team that reflects the communities we serve and the customers we work with. We foster an inclusive environment that values all backgrounds and perspectives, emphasizing collaboration and belonging. Join us in our mission to make doing business seamless and secure. Our Benefits program is one of the most important ways we support our employees. Zscaler proudly offers comprehensive and inclusive benefits to meet the diverse needs of our employees and their families throughout their life stages, including: Various health plans Time off plans for vacation and sick time Parental leave options Retirement options Education reimbursement In-office perks, and more! By applying for this role, you adhere to applicable laws, regulations, and Zscaler policies, including those related to security and privacy standards and guidelines. Zscaler is committed to providing equal employment opportunities to all individuals. We strive to create a workplace where employees are treated with respect and have the chance to succeed. All qualified applicants will be considered for employment without regard to race, color, religion, sex (including pregnancy or related medical conditions), age, national origin, sexual orientation, gender identity or expression, genetic information, disability status, protected veteran status, or any other characteristic protected by federal, state, or local laws. See more information by clicking on the Know Your Rights: Workplace Discrimination is Illegal link. Pay Transparency Zscaler complies with all applicable federal, state, and local pay transparency rules. Zscaler is committed to providing reasonable support (called accommodations or adjustments) in our recruiting processes for candidates who are differently abled, have long term conditions, mental health conditions or sincerely held religious beliefs, or who are neurodivergent or require pregnancy-related support.

Job Title: SOC Analyst Location: Bangalore (on site) Experience Level: 1 to 4 years The candidate must be willing to work in rotational shifts 24/7. About ColorTokens At ColorTokens, we empower businesses to stay operational and resilient in an increasingly complex cybersecurity landscape. Breaches happen—but with our cutting-edge ColorTokens Xshield™ platform, companies can minimize the impact of breaches by preventing the lateral spread of ransomware and advanced malware. We enable organizations to continue operating while breaches are contained, ensuring critical assets remain protected. Our innovative platform provides unparalleled visibility into traffic patterns between workloads, OT/IoT/IoMT devices, and users, allowing businesses to enforce granular micro-perimeters, swiftly isolate key assets, and respond to breaches with agility. Recognized as a Leader in the Forrester Wave™: Microsegmentation Solutions (Q3 2024), ColorTokens safeguards global enterprises and delivers significant savings by preventing costly disruptions. Join us in transforming cybersecurity. Learn more at www.colortokens.com. Our culture We foster an environment that values customer focus, innovation, collaboration, mutual respect, and informed decision-making. We believe in alignment and empowerment so you can own and drive initiatives autonomously. Self-starters and highly motivated individuals will enjoy the rewarding experience of solving complex challenges that protect some of the world’s impactful organizations - be it a children’s hospital, or a city, or the defense department of an entire country. Company Overview: ColorTokens is a fast-growing cybersecurity product company that is redefining the way enterprises protect their digital assets. Our market-leading Xshield platform enables Zero Trust microsegmentation and real-time visibility into application traffic, ensuring robust protection against modern cyber threats. We are looking for passionate and driven individuals to join our mission in building cutting-edge security products. Job Description: Skills and Experience: 1 to 4 years of experience in Cyber Incident response and investigations. Correlate and analyze events using the Splunk/Log Rhythm/Qradar and stellar cyber SIEM tool to detect IT security incidents. Knowledge of network and endpoint security, threat intelligence, and vulnerabilities. Conduct analysis of log files, including forensic analysis of system resource access. Monitor multiple security technologies, such as SIEM, IDS/IPS, Firewalls, Switches, VPNs, networking, and other security threat data sources. Knowledge of sandbox and malware analysis. Knowledge of Cyber Kill Chain and MITRE ATT&CK frameworks functionality. Possible attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc. and possible abnormal activities, such as worms, Trojans, viruses, etc. CCNA, CEH, CISSP, GCA, GCIA, GCIH, SANS certification would be preferable. High level of integrity, professionalism, and attention to detail Ability to communicate complex security issues to peers and management alike. A motivated, self-managed individual who can demonstrate above average analytical skills and work professionally with peers and customers even under pressure. Roles & Responsibilities: Investigate alerts, triage, deep dives, and come up with proper action items and remediation plans. Conduct investigation, containment, and other response activities with business stakeholders and groups. Compose incident analysis and find reports for management, including gap identification and recommendations for improvement. Recommend or develop new detection logic and tune existing sensors/security controls. Participate in security incident response through in-depth, technical (log, forensic, malware, packet) analysis. Provide oversight of security alert detection and analysis capabilities across multiple technologies to ensure that security incidents are identified in a timely manner. Escalate and support potential security incidents in line with appropriate processes. Support communications of potential security incidents via multiple channels. Participate in the response to potential security incidents by identifying and communicating relevant supplementary information. Identify and analyze new and emerging threats to determine impacts to G-P and provide guidelines and recommendations pertaining to opportunities to strengthen G-P security posture. Assist with information security due diligence requests as needed. Provide security recommendations to other team members, management, and business stakeholders for solutions, enhancements to existing systems, and new security tools to help mitigate security vulnerabilities and automate repeatable tasks. Conduct security reviews, perform vulnerability assessments, recommend remediation actions, and manage security policies and access controls to monitor, protect, and govern data and applications across private and cloud environments. Qualifications: Education: Bachelor’s degree in information technology, Computer Science, Business, Engineering required, or equivalent experience. Certifications: Advanced certifications such as OSCP, GCIH, GSOC, or GCIA. Incident Response Experience: 1 to 4 years of experience in Cyber Incident response and investigations. Strong interpersonal skills with the ability to collaborate well with others. And, strong written, verbal and communication skills must be needed. Why Join Us? Work on a cutting-edge cybersecurity product in a fast-paced startup environment. Collaborate with a world-class team of engineers and security experts. Opportunity to learn, grow, and make a real impact from day one. Show more Show less

John Cockerill, enablers of opportunities Driven since 1817 by the entrepreneurial spirit and thirst for innovation of its founder, the John Cockerill Group develops large-scale technological solutions to meet the needs of its time: facilitating access to low carbon energies, enabling sustainable industrial production, preserving natural resources, contributing to greener mobility, enhancing security and installing essential infrastructures. Its offer to businesses, governments and communities consists of services and associated equipment for the sectors of energy, defence, industry, the environment, transports, and infrastructures. With over 6,000 employees, John Cockerill achieved a turnover of € 1,209 billion in 2023 in 29 countries, on 5 continents. www.johncockerill.com Location: Navi Mumbai Job Purpose As a Security Operations Senior Specialist will be responsible for implementing and managing the SIEM solution (Rapid7) deployed and performing L2 activities for Security Incidents in JOHN COCKERILL. You should be able to manage the SIEM tool as administrator and react on the escalated Security Incidents from L1 Team. You will also be responsible for overseeing monitoring SOC capabilities to improve the efficiency ensuring our Environment is secured. The team’s mission is to manage the SIEM tool, ensure all new core infrastructure components are added to the SIEM for incident management and monitoring, reacting to potential threats in JOHN COCKERILL Environment, analyse the severity and scope of the issue and work with the Cybersecurity Incident Management and Response Team to contain, mitigate and remediate the issue. In addition, the team is also responsible for providing the ideas to constantly improve the monitoring and detection capability. Key Responsibilities Responsible for implementing and managing the SIEM tool (Rapid 7) Responsible for L2 activities for Security Incidents as part of SOC Adding all new servers, network equipment, security tools, cloud workloads to the SIEM for incident management and monitoring Triaging, investigating and management of ongoing Security Incidents which come as escalations from L1 team, and oversees the SOC monitoring capabilities and reporting of security related events. Support in the creation of operational documents such as- use cases, play/run books and training materials for incident response, and ensures regular updating of these documents. Support in the creation of various metrics, reporting, review of incident progress to Operations Manager Communicate potential threats, suspicious/anomalous activity, malware, etc., to the Security SOC provider, and be a point of contact for JOHN COCKERILL Cybersecurity issues Continuously improve processes for use across multiple detection sets for more efficient operations Should be responsible for Cybersecurity incident management and own the Incident under resolution Provide remediation advice and assist incident response team in security incident response activities, escalate if required Should be adoptable to work with multi-vendor organization Working across different cultures and organizations Education & Experience Bachelor of Engineering. Overall 5+ Years in System Infrastructure with 3+ Years in Security Operations Soft Skills Background, Skills and Competencies Excellent problem-solving skills Good oral and written communication skills Customer and service oriented Team player, sharing information spontaneously Pragmatic and solution-oriented Organized and rigorous Available and flexible Autonomous, self-taught, responsible. Technical Skills Rapid 7/Arcsight/Splunk/IBM QRadar tool administration, configuration and report writing skills are mandatory (any one tool) Certifications in Cybersecurity like COMPTIA+, CISSP or other specialized security certifications would be added advantage, cybersecurity fundamental concepts Minimum 5 years of relevant experience in managing large Windows server based platforms Very good knowledge of Windows operating systems and working knowledge of Microsoft Active Directory, ADFS, Exchange, IIS, SCCM Knowledge of Powershell scripts for the automation and management of Windows infrastructure Knowledge of Office365 and Azure Knowledge of network switching: TCP/IP, subnetwork calculations, VLAN concepts, firewall, NAT Installation of active devices in data center Good knowledge of MITRE attack Mandatory experience in pen test tools (PenTera, Kali Linux) Should possess in-depth knowledge on Network Security, Endpoint security etc Mandatory experience in working with Microsoft security landscape, e.g. Microsoft defender ATP, Microsoft cloud App security, Office ATP, Azure AD identity protection, Azure Security center, Azure sentinel. Should be having knowledge on ITIL Process Equal Opportunity Employer John Cockerill and all John Cockerill Companies are equal opportunity employers that evaluate qualified applicants without regard to race, color, national origin, religion, ancestry, sex (including pregnancy, childbirth and related medical conditions), age, marital status, disability, veteran status, citizenship status, sexual orientation, gender identity or expression, and other characteristics protected by law. John Cockerill offers you career and development opportunities within its various sectors in a friendly working environment. Do you want to work for an innovative company that will allow you to take up technical challenges on a daily basis? We look forward to receiving your application and to meeting you! Discover our job opportunities in details on www.johncockerill.com Show more Show less

We are hiring a FortiSIEM Administrator to manage and maintain our SIEM infrastructure and security tools. The ideal candidate will have deep experience in SIEM architecture (FortiSIEM) , EDR , DLP , and a sound understanding of cybersecurity frameworks like MITRE ATT&CK, NIST, CIS Controls , and ISO 27001 . The role requires someone who can ensure complete visibility and protection of IT assets while supporting incident response and compliance. Tasks Deploy, configure, and maintain the FortiSIEM platform for real-time monitoring and alerting. Integrate log sources across firewalls, servers, endpoints, and cloud environments. Develop and manage SIEM rules, parsers, dashboards, and alerts. Operate and optimize EDR , DLP , and other advanced security tools. Conduct incident triage, investigation, and provide root cause analysis. Align monitoring and response activities with MITRE ATT&CK, NIST, CIS Controls , and ISO 27001 frameworks. Collaborate with SOC, infrastructure, and application teams for end-to-end threat visibility. Maintain updated documentation and support internal and external security audits. Ensure regular health checks, version upgrades, and platform tuning for performance Requirements Required Skills & Qualifications: 3–6 years of experience in cybersecurity with a focus on SIEM administration (preferably FortiSIEM) . Hands-on expertise in deploying and managing EDR , DLP , and other endpoint security tools. Good understanding of SIEM architecture , log ingestion, and threat correlation. Knowledge of networking fundamentals, TCP/IP, firewalls, VPNs, and IDS/IPS. Familiarity with security frameworks like MITRE ATT&CK, NIST, CIS Controls , and ISO 27001 . Scripting knowledge (PowerShell, Python, Bash) is an advantage. Fortinet certification (e.g., NSE 5/7) is a plus. Nice to Have: Experience with cloud platforms (AWS, Azure) and cloud security monitoring. Exposure to other SIEM tools (Splunk, QRadar, etc.) is beneficial. Experience in compliance-driven environments (PCI-DSS, SOC 2, etc.). Show more Show less

Responsibilities: * Ensure compliance with PCI DSS, NIST, HIPAA & ISO standards. * Design, implement & maintain secure systems using Infosec principles. * Conduct regular security audits & risk assessments. * Experience in SOC and SIEM tools-Qradar

Job requisition ID :: 84448 Date: Jun 16, 2025 Location: Delhi Designation: Assistant Manager Entity: Your potential, unleashed. India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Technology & Transformation is about much more than just the numbers. It’s about attesting to accomplishments and challenges and helping to assure strong foundations for future aspirations. Deloitte exemplifies what, how, and why of change so you’re always ready to act ahead. Learn more about Technology & Transformation Practice Job Summary: We are looking for a skilled Microsoft Sentinel SIEM Engineer to join our Cybersecurity Operations team. The ideal candidate will be responsible for the deployment, configuration, integration, and operational support of Microsoft Sentinel as a core SIEM platform, ensuring efficient threat detection, incident response, and security monitoring. Key Responsibilities: Design, implement, and manage Microsoft Sentinel for enterprise security monitoring. Develop and maintain analytic rules (KQL-based) and detection use cases aligned with MITRE ATT&CK. Integrate various log sources (on-prem and cloud) including Microsoft 365, Azure, AWS, endpoints, firewalls, etc. Create and manage playbooks using Azure Logic Apps for automated incident response. Monitor data connectors and ensure log ingestion health and optimization. Conduct threat hunting and deep dive analysis using Kusto Query Language (KQL). Optimize performance, cost, and retention policies in Sentinel and Log Analytics workspace. Collaborate with SOC analysts, incident responders, and threat intelligence teams. Participate in use case development, testing, and fine-tuning of alert rules to reduce false positives. Support compliance and audit requirements by producing relevant reports and documentation. Required Skills & Qualifications: 3+ years of experience working with Microsoft Sentinel SIEM. Strong hands-on experience with KQL (Kusto Query Language) . Solid understanding of log ingestion from different sources including Azure, O365, Defender, firewalls, and servers. Experience with Azure Logic Apps for playbook creation and automation. Familiarity with incident response workflows and threat detection methodologies. Knowledge of security frameworks such as MITRE ATT&CK, NIST, or ISO 27001 . Microsoft certifications such as SC-200 (Microsoft Security Operations Analyst) or AZ-500 are preferred. Good to Have: Experience with Defender for Endpoint, Defender for Cloud, Microsoft Purview. Knowledge of other SIEM platforms (e.g., Splunk, QRadar) for hybrid environments. Scripting experience (PowerShell, Python) for automation and integration. Certifications (Preferred but not mandatory): SC-200 : Microsoft Security Operations Analyst AZ-500 : Microsoft Azure Security Technologies CEH , CompTIA Security+ , or equivalent How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome… entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals.

Job Title: Subject Matter Expert (SME) – Windows Digital Forensics and Incident Response (DFIR) Location: On-site Department: Cybersecurity / Incident Response / Digital Forensics Employment Type: Full-time Experience Level: Senior (5+ years in DFIR) Job Summary: We are seeking a highly skilled Windows Digital Forensics and Incident Response (DFIR) Subject Matter Expert (SME) to lead Research & Develop to enhance our incident response capabilities. The ideal candidate will have deep expertise in Windows internals, malware analysis, memory forensics, and enterprise-scale incident response . Key Responsibilities: Provide Expert Guidance: Offer specialized knowledge and insights to cross-functional teams, including incident response, security, and IT teams, on Windows DFIR-related matters. Windows Event Logs (EVTX), Registry, Prefetch, ShimCache, AmCache, SRUM, and other forensic artifacts Tool Development & Automation: Improve IR playbooks for Windows-centric attacks. Develop memory analysis techniques for modern Windows versions (Win10/11, Linux). Conduct R&D on Forensic Investigations: in-depth analysis of Windows systems, network traffic, and related artifacts to identify and analyse malicious activities, data breaches, and other security incidents. Assist in Incident Response: Provide technical expertise and support during incident response activities, including evidence collection, analysis, containment, and remediation. Develop and Implement DFIR Procedures: Contribute to the development and implementation of Windows-specific DFIR procedures, guidelines, and tools. Stay Updated on DFIR Trends: Keep abreast of the latest advancements in Windows DFIR technologies, methodologies, and threat landscapes. Collaborate with Stakeholders: Work effectively with various stakeholders, including internal teams, external consultants, and law enforcement, to ensure successful outcomes. Document and Communicate Findings: Clearly and concisely document investigation findings, incident response actions, and technical recommendations. Provide Training and Mentorship: Share knowledge and expertise with colleagues through training sessions, mentoring, and knowledge sharing initiatives. Validate and Improve DFIR Capabilities: Continuously evaluate and improve the organization's Windows DFIR capabilities. Skills and Qualifications: Deep Knowledge of Windows: Extensive understanding of Windows operating systems, architecture, and internal components. Expertise in DFIR: Proven experience in digital forensics, incident response, and threat analysis. Proficiency in Forensic Tools: Familiarity with a range of digital forensics tools, including but not limited to: Windows-specific forensic tools (e.g., EnCase, FTK). Network forensic tools (e.g., Wireshark). SIEM tools (e.g., LogRhythm, QRadar). Threat intelligence platforms. Strong Communication Skills: Ability to effectively communicate technical information to both technical and non-technical audiences. Problem-Solving Skills: Capacity to analyze complex security issues and develop effective solutions. Analytical Skills: Ability to analyze data, identify patterns, and draw conclusions. Collaboration Skills: Ability to work effectively with diverse teams and stakeholders. Additional Requirements: Relevant certifications (e.g., GCFE, CISSP, CEH) are highly desirable. Experience with Windows/Linux technologies and related DFIR practices is an advantage. Experience with network traffic analysis and incident response methodologies is beneficial. Show more Show less

Mizuho Global Services Pvt Ltd (MGS) is a subsidiary company of Mizuho Bank, Ltd, which is one of the largest banks or so called ‘Mega Banks’ of Japan. MGS was established in the year 2020 as part of Mizuho’s long term strategy of creating a captive global processing centre for remotely handling banking and IT related operations of Mizuho Bank’s domestic and overseas offices and Mizuho’s group companies across the globe. At Mizuho we are committed to a culture that is driven by ethical values and supports diversity in all its forms for its talent pool. Direction of MGS’s development is paved by its three key pillars, which are Mutual Respect, Discipline and Transparency, which are set as the baseline of every process and operation carried out at MGS. What’s in it for you? o Immense exposure and learning o Excellent career growth o Company of highly passionate leaders and mentors o Ability to build things from scratch Know more about MGS: https://www.mizuhogroup.com/asia-pacific/mizuho-global-services About the Role: We are seeking a highly skilled and motivated Senior Security Operations Center (SOC) Analyst to join our dynamic team. You will play a critical role in safeguarding our organization's information assets by monitoring, detecting, and responding to security threats. Roles and Responsibilities: · Monitor security events and alerts generated by SIEM tools and other security systems. · Conduct in-depth investigations of security incidents to identify root causes and potential threats. · Respond to security incidents in a timely and effective manner, following established incident response procedures. · Develop and maintain SOC rules, playbooks, and procedures. · Analyze security trends and identify potential vulnerabilities. · Collaborate with other security teams to improve overall security posture. · Stay up-to-date on the latest security threats and trends. Relevant Skills and Experience: · 5-7 years of experience in security operations, incident response, or a related field. · Strong understanding of security concepts, principles, and best practices. · Proficiency in using SIEM tools (e.g., Splunk, QRadar, ArcSight). · Experience in developing and maintaining SOC rules, playbooks, and procedures. · Knowledge of common security threats, vulnerabilities, and attack vectors. · Experience with network and system security tools (e.g., firewalls, intrusion detection systems, antivirus). · Experience with scripting languages (e.g., Python, PowerShell). · Experience with cloud security (e.g., AWS, Azure, GCP). Qualifications: · Bachelor's degree in computer science, information technology, or a related field. · Security certifications (e.g., CISSP, CISM, CEH). · Strong problem-solving and analytical skills. · Excellent communication and interpersonal skills. · Ability to work independently and as part of a team. Additional Skills (Preferred): · Experience with threat intelligence platforms. · Experience with digital forensics. · Experience with security incident response frameworks (e.g., NIST, ISO 27001). Note : Only F2F interviews will be conducted if shortlisted. Interested candidates can send resume on mgs.rec@mizuho-cb.com along with the below details. Current CTC Expected CTC Notice period Experience in SOC Available for F2F ? Address: Mizuho Global Services India Pvt. ltd. 8th Floor, Campus 5, RMZ Millenia Business Park II, No.143, Dr. MGR Road, Perungudi Village, Kandanchavadi, Sholinganallur Taluk, Chennai - 600096, Tamil Nadu. Show more Show less

Solution Engineer - Cybersecurity Location : Hyderabad, Bangalore Employment Type : Full-Time Experience : 8+ years (Hands-on Experience) Desired Qualification : B.Tech or BE in Computers / MCA. Certifications such as CISSP, CEH, GCIH, OSCP, OSCE are a plus. Job Requirements Minimum 3 years of experience in a large-scale IT environment focusing on Cyber/Information Security. Expertise in Pre-Sales support, Service & Solution delivery, and Program Management (Transition & Transformation). Strong knowledge of security technologies including SIEM, SOAR, Threat Hunting, EDR, Deception, NTA, NBAD, and UEBA. Hands-on experience (3+ years) with leading analytical platforms like Splunk, IBM QRadar, Hunters, Sumo Logic, and Sentinel. Familiarity with additional security tools such as Email Security Gateway, SOAR, IPS/IDS, Proxy, EDR, TI, DLP, CASB, and PAM is an advantage. Deep understanding of Detection Engineering and the MITRE ATT&CK Framework. Strong proficiency in OS (Linux, Windows) and Networking. Analytical and problem-solving skills with an ability to assess security challenges effectively. Up-to-date knowledge of IT/OT industry trends and Security Best Practices. Expertise in Digital Forensics, Malware Assessment, Incident Response, and Threat Hunting. Strong interpersonal and communication skills, both verbal and written. Ability to collaborate with organizational and client stakeholders to identify and implement security solutions. Job Responsibilities : Define, plan, and implement cybersecurity solutions tailored to organizational needs. Conduct gap analysis to assess and improve an organization's security posture. Develop detailed security requirements and design cybersecurity solutions. Perform technical proof-of-concept (POC) demonstrations to validate security solutions. Translate technical security solutions into business values aligned with organizational objectives. Respond to complex RFPs, delivering customized security solutions that meet client needs. Execute thorough design and implementation of security solutions across various industries. Conduct competitive analysis, security workshops, and executive presentations. Design and present customized cybersecurity solutions based on client requirements. Collaborate with cross-functional teams to ensure seamless service delivery of cybersecurity solutions. Develop threat scenarios and use cases based on industry-specific attack patterns. Nice to Have : Ethical hacking certifications such as CISSP, GCIH, or equivalent training are highly preferred. (ref:hirist.tech) Show more Show less

Job Overview St. Fox is looking for a proactive and seasoned L2 - Next-Gen SIEM Security Engineer to join our skilled team in Bengaluru/Pune. This onsite role involves direct collaboration at our esteemed customer's location, offering a stimulating environment with substantial opportunities to enhance your professional growth and technical expertise. You will be instrumental in the administration, management, and optimization of cutting-edge Next-Gen SIEM/EDR platforms, focusing on threat hunting, detection rule development, and fostering a strong security : Administer and provide comprehensive management support for CrowdStrike Next-Gen SIEM/EDR solutions, ensuring their optimal performance and configuration. Perform proactive threat research and threat hunting to identify emerging tactics, techniques, and procedures (TTPs) and translate these insights into actionable detection requirements using an intelligence-driven approach. Develop, thoroughly test, and deploy high-fidelity CrowdStrike Next-Gen SIEM detection rules to enhance the customer's security monitoring capabilities. Collaborate effectively with Security Analysts to create detailed playbooks for triage and response specifically for actionable high-fidelity detections, streamlining incident handling. Work closely with SIEM architects to develop and define best practices for parsing and normalizing data to a common event schema, ensuring consistency and usability of security logs. Build and maintain utilities and tools to enable the managed security services team to operate quickly, efficiently, and at a large scale. Analyze security data, such as logs or packet captures, from various sources within the enterprise environment and draw accurate conclusions regarding past and potential future security incidents. Develop and maintain clear, concise processes and documentation for all security operations, configurations, and incident response Skills & Qualifications : B.Tech/B.E/BCS, BCA with sound technical skills. Minimum 5+ years of hands-on experience supporting SIEM/SOAR platforms, Threat Hunting, and various Security solutions and technologies. Strong command of both verbal and written English language. Demonstrated ability to combine technical acumen with critical thinking abilities to solve complex security challenges. Strong interpersonal and presentation skills, capable of articulating technical concepts to diverse Skills : Certification in any of the SIEM platforms (Splunk, Sentinel, QRadar, Elastic SIEM). Certifications such as CEH (Certified Ethical Hacker), CompTIA Security+, CompTIA Network+, CCNA (Cisco Certified Network Associate). Direct experience with CrowdStrike products, particularly their SIEM/EDR capabilities. Experience with incident response processes and procedures. Knowledge of scripting languages for automation (e.g., Python) (ref:hirist.tech) Show more Show less

SOC Analyst L2 We are hiring an experienced SOC Analyst L2 for managing advanced security threats, conducting deep-dive investigations, and leading incident response initiatives. This role requires a strong background in multi-scanning, CDR solutions, and incident handling Analyze and respond to advanced security threats and alerts. Lead incident investigations and perform root cause analysis. Configure, tune, and optimize SIEM tools (IBM QRadar). Guide and mentor L1 analysts during incident triage and resolution. Maintain playbooks, response procedures, and threat intelligence reports. Collaborate with cross-functional teams on remediation Skills & Qualifications : Bachelors or Masters degree in Computer Science, Computer Engineering, or equivalent. Minimum of 5 years of SOC experience, with at least 1 year in multi-scanning or similar technologies. Proficiency with SIEM tools like IBM QRadar. Experience with CDR tools, network monitoring, and forensic analysis. Knowledge of malware detection and remediation techniques. Excellent problem-solving and analytical skills (ref:hirist.tech) Show more Show less