891 Qradar Jobs - Page 27

The Group Security (GS) Cybersecurity Defense Center (CDC) team is looking for a Security Operations Center (SOC) Analyst, responsible for execution of incident response, investigative analysis of security incidents, reporting, continuous improvement, and post-incident activities. Will work closely with the CDC Engineering Team, internal Nokia teams, external Security Suppliers, and various technology vendors. Group Security (GS) is part of Strategy & Technology and Nokias central knowledge center for Nokias cybersecurity policies and standards, the cybersecurity architecture and roadmap, and the monitoring and alerting of security incidents. You have: 5+ years of experience in a Security Operations Center (SOC) or similar role 2+ years of experience working with one or more of following systemsMicrosoft Sentinel, Microsoft Defender for Endpoint (MDE), Microsoft Defender for Identity (MDI), SentinelOne or Rapid7 Deep knowledge of incident response methodologies and forensic analysis techniques Strong understanding of cloud security principles and experience with major cloud platforms (AWS, Azure, GCP) Expertise in leveraging automation tools for enhancing security operations It would be nice if you also had: Certifications such as CompTIA Cybersecurity Analyst (CySA+), GIAC Certified Incident Handler (GCIH), or Certified SOC Analyst (CSA) Mentoring experience with junior analysts Execute complex security investigations using log analysis and threat intelligence across all Nokia assets Collaborate with SOC Engineers to drive automation and implement AI-powered security solutions Apply cloud security best practices and zero-trust architecture principles in security operations Engage with senior stakeholders to communicate security risks and improve incident response efforts Lead advanced threat hunting initiatives leveraging expertise in security tools and techniques Contribute to the continuous development of SOC processes, technologies, and techniques for enhanced security Mentor and guide junior analysts to foster a culture of learning and professional growth Facilitate post-incident activities, ensuring comprehensive reporting and continuous improvement of security measures

Job Title: SIEM Engineer Experience: 5 - 15 Years Location: Bengaluru / Noida Employment Type: Full-time About the Role: We are seeking a skilled SIEM Engineer to join our Managed Security Services team. You will be responsible for designing, implementing, managing, and supporting cybersecurity solutions, with a focus on SIEM tools and incident response. This is a hands-on technical role working with internal teams, customers, and third-party vendors to ensure robust security practices. Key Responsibilities: Design, deploy, and manage SIEM tools (e.g., QRadar, ArcSight, Splunk, McAfee ESM) and log integrations Create, tune, and maintain detection rules and dashboards Investigate and respond to security incidents and alerts Participate in security audits, threat hunting, and compliance checks Research emerging threats and enhance detection capabilities Support configuration management, system hardening, and network defense strategies Collaborate across teams to improve security operations and automation Required Skills: Strong hands-on experience with SIEM platforms & SIEM tools (e.g., QRadar, ArcSight, Splunk, McAfee ESM) and log integrations Deep understanding of security operations , incident response , and network/system security Experience with scanning tools (e.g., Nessus, Qualys ) and PAM solutions (e.g., CyberArk, BeyondTrust ) Solid knowledge of Linux/Windows environments and enterprise networks Familiar with encryption, security controls, and system hardening best practices Excellent analytical, troubleshooting, and communication skills Preferred: Security certifications (e.g., CEH, CISSP, GCIA, GCIH) Experience in automation and scripting for SOC workflows Willingness to participate in on-call support rotation

3+ years of experience working in the field of Content development and experience in delivering and/or building content on any of the SIEM tools like Splunk/Arc sight /QRadar/Nitro ESM/etc. Deep understanding of MITRE ATT&CK Framework. Experience in SOC Incident analysis with an exposure to information security technologies such as Firewall, VPN, Intrusion detection tools, Malware tools, Authentication tools, endpoint technologies, EDR and cloud security tools. Good understanding of networking concepts. Experience interpreting, searching, and manipulating data within enterprise logging solutions (e.g. SIEM, IT Service Management (ITSM) tools, workflow, and automation) In depth knowledge of security data logs and an ability to create new content on advanced security threats on a need basis as per Threat Intelligence. Ability to identify gaps in the existing security controls. Good experience in writing queries/rules/use cases for security analytics (ELK, Splunk or any other SIEM platform) and deployment of content. Experience on EDR tools like Crowd strike and good understanding on TTPs like Process Injection. Excellent communication, listening & facilitation skills Ability to demonstrate an investigative mindset. Excellent problem-solving skills. Understanding of MITRE ATT&CK framework. Location: Pan India

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Accenture MxDR Ops Security Threat Analysis Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your security skills to design, build, and protect enterprise systems, applications, data, assets, and people. A typical day involves collaborating with various teams to implement security measures, conducting assessments to identify vulnerabilities, and ensuring that all systems are fortified against potential cyber threats. You will also engage in continuous learning to stay updated on the latest security trends and technologies, contributing to a safer digital environment for the organization. Roles & Responsibilities:Perform security monitoring by analyzing logs, traffic and alerts generated by variety of device technologiesTimely response to customer requests like detection capabilities, tuning.Research new threats and provide recommendations to enhance detection capabilitiesStrong desire for continuous learning on vulnerabilities, attacks and countermeasures Identify opportunities for process improvement Professional & Technical Skills: Experience in SOC operations with customer-facing responsibilitiesDeep understanding on cyber security fundamentals, security devices, network defense concepts and threat landscapeHands-on experience in SIEM and threat hunting tools Added advantage in working with any SOAR platformDesirable knowledge in any scripting language and EDR productsPreferable GCIA, GCFA, CISSPStrong customer service and interpersonal skillsStrong problem-solving skillsAbility to communicate clearly at all levels, demonstrating strong verbal and written communication skills. Additional Information:Work as part of analysis team that works 24x7 on a rotational shift The candidate should have minimum 2 years of experience This position is based at our Chennai office.Minimum a bachelors or a masters degree in addition to regular 15- year full time educationAdaptability to accept change Qualification 15 years full time education

Should have done SIEM Engineeringactivities for more than 2 years. Hands on Experience to Configure,manage, and maintain the Microsoft Sentinel SIEM platform including logmanagement, retention configurations, maintenance of logs at low cost. Monitor, analyze, investigate andrespond to security incidents in MS Sentinel by collaborating with the SOC teamand Customers. Should be able to Integrate/onboarddevices (Linux, Palo Alto, Fortinet, windows and other devices etc.) to Azuresentinel Should have expertise in integratingdata sources which are not supported by Sentinel tool OOB. Custom parserdevelopment and ability to solve technical issues in Sentinel. Troubleshoot and resolve issuesrelated to SIEM (Sentinel) infrastructure and integrations like logs notreporting to Sentinel. Creation of integration documentsand sending them to customers as per requirement. Strong Knowledge of different MicrosoftDefender products Generate and reviewWeekly/Monthly reports to provide insights on security posture and SIEMeffectiveness to Customers Regularly review use caseperformance and keep track of any fine tuning done to use cases includingidentifying scenarios where fine tuning can be done and effectively communicateto customer/internal for fine tuning. Act as single point of contact forthe client during any issues of Integration or Incidents. What you ll do: Creation and Fine Tuning inCustom KQL queries and functions for complex detection and monitoring Requirements. Knowledge of Workbooks creation, Building Playbooks (Enrichment andResponse) in Sentinel automation through logic apps. Preference should be given to candidateswho have completed expert training and certifications in Sentinel and Defender productsof Microsoft. Strong communication, collaborationand multi-tasking skills to work effectively with cross-functional teams andstakeholders. Relevant professionalcertifications such as: AZ-900, SC-900, SC-200, Certified Ethical Hacker (CEH)or any other SIEM Engineering certification. Stay updated with the latesttrends and developments in SIEM technologies and cybersecurity threats andutilize it in System if required. What we offer: Insurance Group Medical Coverage, Group Personal Accident, Group Term Life Insurance Rewards and Recognition Program,Employee Referral Program, Wellness Program and CSR Initiatives Maternity and Paternity Leaves Company Sponsored CertificationProgram

The primary responsibility of this role is to provide advanced incident analysis and management within our SOC environment, while also leading the development and training of the L1 SOC team in incident analysis, parsers creation, rule views, and report management. The ideal candidate will have a strong background in cybersecurity, incident response, and leadership skills. Responsibilities: Advanced Incident Analysis: Utilize advanced tools and techniques to analyze and investigate security incidents detected within the organization's networks and systems. Incident Response: Lead incident response efforts, coordinating with internal and external stakeholders to mitigate and remediate security incidents promptly. Team Leadership: Provide mentorship and guidance to the L1 SOC team, assisting in the development of their skills in incident analysis, parser creation, rule views, and report management. Parser Creation: Develop and maintain parsers to enhance the capability of the SOC's security information and event management (SIEM) system in detecting and correlating security events. Rule View Management: Manage and optimize rule views within the SIEM platform to ensure accurate and timely detection of security threats. Report Management: Oversee the generation and distribution of security reports, including incident reports, trend analysis, and recommendations for improvement. Collaboration: Work closely with other teams within the organization, including IT operations, network engineering, and application development, to improve overall security posture and incident response capabilities. Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field. Equivalent work experience may be considered. Minimum of 3 years of experience in a SOC environment, with a focus on incident analysis and response. Strong understanding of cybersecurity principles, including threat detection, malware analysis, and vulnerability management. Experience with SIEM platforms (e.g., Securonix, QRadar) and familiarity with creating and managing parsers and rule views. Leadership experience, with the ability to mentor and motivate team members effectively. Excellent communication skills, both written and verbal, with the ability to convey complex technical concepts to non-technical stakeholders.

Advanced Incident Analysis: Utilize advanced tools and techniques to analyze and investigate security incidents detected within the organization's networks and systems. Incident Response: Lead incident response efforts, coordinating with internal and external stakeholders to mitigate and remediate security incidents promptly. Team Leadership: Provide mentorship and guidance to the L1 SOC team, assisting in the development of their skills in incident analysis, parser creation, rule views, and report management. Parser Creation: Develop and maintain parsers to enhance the capability of the SOC's security information and event management (SIEM) system in detecting and correlating security events. Rule View Management: Manage and optimize rule views within the SIEM platform to ensure accurate and timely detection of security threats. Report Management: Oversee the generation and distribution of security reports, including incident reports, trend analysis, and recommendations for improvement. Collaboration: Work closely with other teams within the organization, including IT operations, network engineering, and application development, to improve overall security posture and incident response capabilities.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Senior (CTM – Threat Detection & Response) KEY Capabilities: Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA Minimum of Splunk Power User Certification Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc. Perform remote and on-site gap assessment of the SIEM solution. Define evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations Conduct interview with stakeholders, review documents (SOPs, Architecture diagrams etc.) Evaluate SIEM based on the defined criteria and prepare audit reports Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment. Understand customer requirements and recommend best practices for SIEM solutions. Offer consultative advice in security principles and best practices related to SIEM operations Design and document a SIEM solution to meet the customer needs Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers Verification of data of log sources in the SIEM, following the Common Information Model (CIM) Experience in parsing and masking of data prior to ingestion in SIEM Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources Assist client with technical guidance to configure end log sources (in-scope) to be integrated to the SIEM Experience in handling big data integration via Splunk Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Hands-on experience in development and customization of Splunk Apps & Add-Ons Builds advanced visualizations (Interactive Drilldown, Glass tables etc.) Build and integrate contextual data into notable events Experience in creating use cases under Cyber kill chain and MITRE attack framework Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications. Experience in installation, configuration and usage of premium Splunk Apps and Add-ons such as ES App, UEBA, ITSI etc Sound knowledge in configuration of Alerts and Reports. Good exposure in automatic lookup, data models and creating complex SPL queries. Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations Experience in creating custom commands, custom alert action, adaptive response actions etc. Qualification & experience: Minimum of 3 to 6 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments. Strong oral, written and listening skills are an essential component to effective consulting. Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary. Must have knowledge of Vulnerability Management, Windows and Linux basics including installations, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting. Good to have below mentioned experience with designing and implementation of Splunk with a focus on IT Operations, Application Analytics, User Experience, Application Performance and Security Management Multiple cluster deployments & management experience as per Vendor guidelines and industry best practices Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

7 - 9 Years 1 Opening Kochi, Trivandrum Role description L2 SOC Lead Experience : 7 to 9 years Location : Bangalore/Trivandrum/Kochi Company: CyberProof, A UST Company About CyberProof CyberProof is a leading cyber security services and platform company dedicated to helping customers react faster and smarter to security threats. We enable enterprises to create and maintain secure digital ecosystems through automation, threat detection, and rapid incident response. As part of the UST family, we are trusted by some of the world’s largest enterprises. Our Security Operations Group is composed of a global team of highly skilled cyber security professionals, with our tier 3-4 expertise rooted in Israeli Intelligence Cyberproof is looking to hire a L2 team Lead for managing the existing shared services team. Role Proficiency: SOC Analyst L2 is an operational role, focusing on ticket quality and security incident deeper investigation and will be responsible to handle the escalated incidents from Level 1 team within SLA. The lead will be responsible for quality and ensuring processes are defined globally across all customers in Cyberproof. Responsibilities: SOC Analyst L2 would work closely with SOC L1 team, L3 team & customer and responsible for performing deeper analysis and need to interact with client in daily calls and need to take the responsibility of handling the True Positive incidents on time. When L1 escalates an incident to L2, need to conduct more analysis and, if needed, escalate to the customer/L3 team, or L2 analyst must advise L1 team members until the incident is resolved. Perform deep analysis to security incidents to identify the full kill chain Handle L2 and above level technical escalations from L1 Operations team and resolve within SLA. Identify the security gaps and need to recommend new rules/solution to L3/Customer Need to suggest finetuning for existing rules based on the high count/wherever required Create and manage the Incident handling playbook, process runbooks and ad-hoc documents whenever needed Respond to clients’ requests, concerns, and suggestions Proactively support L1 team during an incident. Performs and reviews tasks as identified in a daily task list. Ready to work in 24x7 rotational shift model including night shift Incident detection, triage, analysis and response. Coordinating with customers for their security related problems and providing solutions. Share knowledge to other analysts in their role and responsibilities Provide knowledge transfer to L1 such as advance hunting techniques, guides, cheat sheets etc Knowledge Experience: Experience of Managing L2 resources in a multi-location basis. Minimum of 3 years of experience in Cyber security, SOC At least 2 years of working in the SOC Proficient in Incident Management and Response Experience in leading a team of more than 9 analysts Experience in searching and log analysis in at least 2 of the below SIEM tools or more than 3 SIEM in total: Sentinel, QRadar, Splunk, LogRhythm, Google Chronicle Experience in analysis and response in at least 2 of the below EDR tools or more than 3 EDR in total:Crowd strike, MS Defender, Carbon Black, Cybereason, Sentinel One In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc. Up to date in cyber security and incidents; intermediate understanding of enterprise IT Infrastructure including Networks Firewalls OS Databases Web Applications etc. Understanding of ISMS principles and guidelines; relevant frameworks (e.g. ISO27001) Desirable – Training / Certification in Ethical Hacking/SIEM Tool etc. Additional Desired Skills: Strong verbal and written English communication Strong interpersonal and presentation skills Ability to work with minimal levels of supervision Responsible for working in a 24x7 Security Operation centre (SOC) environment. Essential Skills: Knowledge and hands-on experience with Azure Sentinel, Microsoft 365 Defender, Microsoft Defender for Cloud Apps & Identity Protection. Continuous Learning innovation and optimization: Ensure completion of learning programs as suggested by Managers Suggest ideas that will help innovation and optimization of processes. Help develop the ideas into proposals. Provide suggestions to reduce the manual work Teamwork Assist L1 team members where possible. About UST UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world’s best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients’ organizations. With over 30,000 employees in 30 countries, UST builds for boundless impact—touching billions of lives in the process.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Senior Manager_TDR (threat detection and response) Job Summary As a Senior Manager with EY’s Global Delivery Services (GDS) Cybersecurity Team, you will contribute technically to client engagement and services development activities. You will be focused on helping client’s grow and turn their Cyber security strategy into reality. You’ll work in high-performing teams that drive growth and deliver exceptional client service, making certain you play your part in building a better working world. You will be responsible for overall client service quality delivery in accordance with EY’s quality guidelines & methodologies. You will need to manage accounts and relationships on a day-to-day basis and explore new business opportunities for EY. Establishing, strengthening and nurturing relationships with clients (functional heads & key influencers) and internally across service lines. You will assist in developing new methodologies and internal initiatives and help in creating a positive learning culture by coaching, counselling and developing junior team members. Client responsibilities: Technical leadership and knowledge of cybersecurity concepts and methods including, but not limited to, SOC transformation, CTI, cloud, privacy, incident response, governance, risk and compliance, enterprise security strategies, and architecture. Excellent teamwork skills, passion and drive to succeed and combat Cyber threats Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel. Stay abreast of current business and economic developments and new pronouncements/standards relevant to the client's business. Generate new business opportunities by participating in market facing activities, executive briefings and developing thought leadership materials Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers. Should have worked in a security operations center and gained understanding of SIEM and other log management platforms. Having experience in best in breed SIEM (Splunk, Sentinel and Qradar etc) content development / architecting will be an added advantage. Should have good hands-on experience and skills on advanced and integrated key Threat Detection Technology like SIEM, SOAR, EPP, EDR solutions, Firewalls, IDPS, Web Proxy, Enterprise Forensics tools. Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure. Good knowledge in threat modelling. Knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others Work with the team and the client to create plans for accomplishing engagement objectives and a strategy that complies with professional standards and addresses the risks inherent in the engagement. Brief the engagement team on the client's environment and industry trends. Maintain relationships with client to manage expectations of service including work products, timing, fees and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations Create and demonstrate innovative insights for clients, adapts methods and practices to fit operational team needs & contributes to thought leadership documents Apply extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business. Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services Drive discussions / knowledge sharing with key client personnel and contribute to EY’s thought leadership Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services. Strong collaboration with EY senior executives, other key stakeholders and importantly other EY SOC leaders to co-establish, promote and drive a Cyber SOC ecosystem Key responsibilities: Provide industry insights (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices) that energize growth Demonstrate deep understanding of the client’s industry and marketplace Lead consulting engagements that solve complex Cyber security issues Help mentor, coach and counsel their team members and help us build an inclusive culture and high-performing teams Maximize operational efficiency through standardization and process automation on client engagements and internal initiatives Monitor delivery progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes Successfully manage engagement time and budgets Convey complex technical security concepts to technical and non-technical audiences including executives. Provide strategic and relevant insight, connectedness and responsiveness to all clients to anticipate their needs Support and drive the overall growth strategy for the Cybersecurity practice as part of the leadership team. Identify and drive development of market differentiators including new products, solutions, automation etc. Define, develop and implement strategic go-to-market plans in collaboration with local EY member firms in Americas, EMEIA and APAC. Drive new business opportunities by developing ideas, proposals and solutions Strongly represent EY and its service lines and actively assess what the firm can deliver to serve clients. Assist Consulting Partners in driving the business development process on existing client engagements by gathering appropriate resources, gaining access to key contacts & supervising proposal preparation Develop long-term relationships with networks both internally and externally Enhance the EY brand through strong external relationships across a network of existing and future clients and alliance partners Driving the quality culture agenda within the team Manage and contribute in performance management for the direct reportees and team members, as per the organization policies Able to examine and act on people related issues both strategically and analytically. Participating in the EY-wide people initiatives including recruiting, retaining and training Cybersecurity professionals Use technology to continually learn, share knowledge and enhance client service delivery Support the EY inclusiveness culture To qualify, candidates must have: At least 15 years of industry experience and serving as Manager for minimum of 10 years or 5 years as Senior Manager, of recent relevant work experience in information security or information technology discipline, preferably in a business consulting role with a leading technology consultancy organization Strong technical experience in not limited to, attack and penetration testing, vulnerability management, cloud, privacy, incident response, governance, risk and compliance, enterprise security strategies, and architecture. Any one of the following technical certifications: CISSP, CISM, GSOC Graduates / BE / BTech / MSc / MTech / MBA in the fields of Computer Science, Information Systems, Engineering, Business or related major Any one of the following project management experience - Prince2 / PMI / MSP / CSM Experience with data analysis and visualization technologies Fluency in English, other language skills are considered an asset EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. CMS-TDR Senior As part of our EY-cyber security team, who shall work as SME for Microsoft Sentinel solutions in TDR team The opportunity We’re looking for Senior Consultant with expertise in Cloud Security solutions. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your key responsibilities Architecting and implementation of cloud security monitoring platforms MS Sentinel Provide consulting to customers during the testing, evaluation, pilot, production, and training phases to ensure a successful deployment. Perform as the subject matter expert on Cloud Security solutions for the customer, use the capabilities of the solution in the daily operational work for the end customer. Securing overall cloud environments by applying cybersecurity tools and best practices Advise customers on best practices and use cases on how to use this solution to achieve customer end state requirements. Content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Skills and attributes for success Customer Service oriented - Meets commitments to customers; Seeks feedback from customers to identify improvement opportunities. Expertise in content management in MS Sentinel Good knowledge in threat modelling. Experience in creating use cases under Cyber kill chain and Mitre attack framework Expertise in integrating critical devices/applications including unsupported (in-house built) by creating custom parsers Below mentioned experiences/expertise on Sentinel Develop a migration plan from Splunk/QRadar/LogRhythm to MS Sentinel Deep understanding of how to implement best practices for designing and securing Azure platform Experiencing advising on Microsoft Cloud Security capabilities across Azure platform Configure data digestion types and connectors Analytic design and configuration of the events and logs being digested Develop, automate, and orchestrate tasks(playbooks) with logic apps based on certain events Configure Sentinel Incidents, Workbooks, Hunt queries, Notebooks Experience in other cloud native security platforms like AWS and GCP is a plus Scripting knowledge (Python, Bash, PowerShell) Extensive knowledge of different security threats Good knowledge and experience in Security Monitoring Good knowledge and experience in Cyber Incident Response To qualify for the role, you must have B. Tech./ B.E. with sound technical skills Strong command on verbal and written English language. Demonstrate both technical acumen and critical thinking abilities. Strong interpersonal and presentation skills. Certification in Azure (any other cloud vendor certification is a plus) Ideally, you’ll also have People/Project management skills. What working at EY offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Job Description The role of Senior Network Security Engineer is to design, implement, maintain and improve security compliance protecting our organization's network infrastructure from Cyber Threats, vulnerabilities, and unauthorized access. This role is primarily responsible for rolling our network security monitoring and visibility tools like Arista, Gigamon, Viavi, Plixer and NDR. This focuses on ensuring that security technologies are optimized for detecting, preventing, and responding to security threats in real-time. This also involves collaboration with Network engineers, IT, and security operations to deploy and support enterprise-level Cyber security platforms and solutions. Responsibilities Define and enforce network security policies, standards, and best practices. Setup network port, IP, rack and stack the hardware for the network visibility tools like Arista, Gigamon & Viavi. Design, deploy, and manage security solutions such as firewalls, VPNs, intrusion detection/prevention systems (IDS/IPS), and endpoint protections. Conduct regular security assessments, vulnerability scans, and penetration tests to identify and mitigate risks. Monitor network activity, analyse traffic logs, and investigate security incidents or breaches. Perform root cause analysis on incidents and coordinate incident response and remediation efforts to improve security posture and prevent security breaches. Maintain and update security documentation, including policies, incident reports, and network diagrams. Build observability dashboard on the health of the network monitoring tools and the traffic visibility on various network infrastructure and tools. Collaborate with stakeholders, network and cross-functional teams to align security with organizational goals and compliance requirements. Lead or participate in security projects, disaster recovery planning, and business continuity initiatives. Stay updated on emerging threats, vulnerabilities, and security technologies, and recommend improvements. Optimize network security tools and platforms for performance and effectiveness, ensuring they meet compliance and organizational requirements. Maintain comprehensive documentation for network configurations, troubleshooting guides, and operational procedures. Qualifications Technical Skills: Experience with IDS/IPS, and security frameworks (e.g., NIST, ISO 27001). Strong scripting skills in Python, PowerShell, or Bash for automation and tool integration. Experience in Cloud security tools and platforms (GCP, AWS, Azure) and DevOps. Experience in Observability tools (Dynatrace, Splunk, Prometheus Grafana). Understanding of the SIEM tools (e.g., Splunk, QRadar, SecOps or equivalent) Familiarity with ITSM processes, Agile practices, ServiceNow, JIRA. Proficiency with network monitoring tools such as Gigamon, Viavi, Arista or equivalent, NDR tools like Arista, Cisco or equivalent, NetOps like Plixer and SIEM tools like (e.g., Splunk, QRadar, SecOps or equivalent). Strong experience in rack & stack and rolling out network security tools and architecting various tools to build an optimized solution. Strong knowledge of network architectures, protocols (TCP/IP, UDP), routing, switching, and load balancing. Expertise in firewall technologies (e.g., Check Point, Cisco, Fortinet), VPNs (SSL, IPSec), authentication protocols (LDAP, RADIUS), load balancers and cloud security. Experience: Bachelor's or Master’s degree in Computer Science, Information Security, or related field, or equivalent practical experience. Minimum 5-10 years of experience in network engineering and security management. Proven experience in managing security platforms and tools in a large, complex environment. Experience with Network security, analysis, and response, including knowledge of common attack vectors. Certifications: Relevant certifications such as CISSP, CEH, CCNA/CCNP Security, NSE (Fortinet), or equivalent. Cybersecurity certificates (preferred) Show more Show less

Role Description L1 SOC Lead Experience : 7 to 9 years Location : Hyderabad/Trivandrum/Kochi Company: CyberProof, A UST Company About CyberProof CyberProof is a leading cyber security services and platform company dedicated to helping customers react faster and smarter to security threats. We enable enterprises to create and maintain secure digital ecosystems through automation, threat detection, and rapid incident response. As part of the UST family, we are trusted by some of the world’s largest enterprises. Our Security Operations Group is composed of a global team of highly skilled cyber security professionals, with our tier 3-4 expertise rooted in Israeli Intelligence Job Description SOC Lead Position Overview: We are seeking an experienced and technically proficient SOC Lead to manage a medium-sized SOC team. The ideal candidate will provide technical mentorship, effectively manage security incidents, and ensure efficient project management within the SOC environment. This role requires a strategic leader with strong technical expertise and excellent management skills to oversee daily SOC operations and support team development. Under leadership's guidance, responsibilities include P&L, delivery, compliance, and other operational goals. Key Responsibilities Effectively lead a medium-sized cybersecurity SOC team accountable for delivering cybersecurity services to global customers. Effectively manage the deliverables for SOC for an MSSP team Manage resources, headcount, and profitability objectives under leadership guidance. Ensure the team's quality of deliverables aligns with organizational standards. Manage stakeholder relationships and ensure effective communication. Drive initiatives to promote continuous improvement, innovation, and customer satisfaction under leadership's guidance. Job Requirements Required Skills: Previous operational experience in cybersecurity incident management and response teams like CSIRT, CIRT, SOC, or CERT. Experience with MSSP teams. Proven experience in leading/managing a team size of 10 or more. Proficiency with SIEM tools such as ArcSight, Splunk, QRadar, etc. Strong ability to write technical documentation and present technical briefings to varying audiences. Desired Skills Cybersecurity Fundamentals: In-depth understanding of cybersecurity concepts, threats, vulnerabilities, and attack vectors. Knowledge of security technologies, including SIEM, EDR, firewalls, IDS/IPS, and vulnerability scanners. o Familiarity with network protocols, operating systems, and cloud environments. Incident Response Expertise in incident handling, investigation, and remediation. Knowledge of forensic analysis techniques. Ability to develop and implement incident response plans. Experience Atleast 3 years of experience managing a team of SOC Analysts 5+ years of information security experience is required. At least 3 years of experience in security monitoring, digital forensic analysis, or incident response is preferred. Show more Show less

Role Description L2 SOC Lead Experience : 7 to 9 years Location : Bangalore/Trivandrum/Kochi Company: CyberProof, A UST Company About CyberProof CyberProof is a leading cyber security services and platform company dedicated to helping customers react faster and smarter to security threats. We enable enterprises to create and maintain secure digital ecosystems through automation, threat detection, and rapid incident response. As part of the UST family, we are trusted by some of the world’s largest enterprises. Our Security Operations Group is composed of a global team of highly skilled cyber security professionals, with our tier 3-4 expertise rooted in Israeli Intelligence Cyberproof is looking to hire a L2 team Lead for managing the existing shared services team. Role Proficiency SOC Analyst L2 is an operational role, focusing on ticket quality and security incident deeper investigation and will be responsible to handle the escalated incidents from Level 1 team within SLA. The lead will be responsible for quality and ensuring processes are defined globally across all customers in Cyberproof. Responsibilities SOC Analyst L2 would work closely with SOC L1 team, L3 team & customer and responsible for performing deeper analysis and need to interact with client in daily calls and need to take the responsibility of handling the True Positive incidents on time. When L1 escalates an incident to L2, need to conduct more analysis and, if needed, escalate to the customer/L3 team, or L2 analyst must advise L1 team members until the incident is resolved. Perform deep analysis to security incidents to identify the full kill chain Handle L2 and above level technical escalations from L1 Operations team and resolve within SLA. Identify the security gaps and need to recommend new rules/solution to L3/Customer Need to suggest finetuning for existing rules based on the high count/wherever required Create and manage the Incident handling playbook, process runbooks and ad-hoc documents whenever needed Respond to clients’ requests, concerns, and suggestions Proactively support L1 team during an incident. Performs and reviews tasks as identified in a daily task list. Ready to work in 24x7 rotational shift model including night shift Incident detection, triage, analysis and response. Coordinating with customers for their security related problems and providing solutions. Share knowledge to other analysts in their role and responsibilities Provide knowledge transfer to L1 such as advance hunting techniques, guides, cheat sheets etc Knowledge Experience Experience of Managing L2 resources in a multi-location basis. Minimum of 3 years of experience in Cyber security, SOC At least 2 years of working in the SOC Proficient in Incident Management and Response Experience in leading a team of more than 9 analysts Experience in searching and log analysis in at least 2 of the below SIEM tools or more than 3 SIEM in total: Sentinel, QRadar, Splunk, LogRhythm, Google Chronicle Experience in analysis and response in at least 2 of the below EDR tools or more than 3 EDR in total:Crowd strike, MS Defender, Carbon Black, Cybereason, Sentinel One In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc. Up to date in cyber security and incidents; intermediate understanding of enterprise IT Infrastructure including Networks Firewalls OS Databases Web Applications etc. Understanding of ISMS principles and guidelines; relevant frameworks (e.g. ISO27001) Desirable – Training / Certification in Ethical Hacking/SIEM Tool etc. Additional Desired Skills Strong verbal and written English communication Strong interpersonal and presentation skills Ability to work with minimal levels of supervision Responsible for working in a 24x7 Security Operation centre (SOC) environment. Essential Skills Knowledge and hands-on experience with Azure Sentinel, Microsoft 365 Defender, Microsoft Defender for Cloud Apps & Identity Protection. Continuous Learning Innovation And Optimization Ensure completion of learning programs as suggested by Managers Suggest ideas that will help innovation and optimization of processes. Help develop the ideas into proposals. Provide suggestions to reduce the manual work Teamwork Assist L1 team members where possible. Show more Show less

Role Description L2 SOC Analyst Experience : 5 to 7 years Location : Mumbai Company: CyberProof, A UST Company About CyberProof CyberProof is a leading cyber security services and platform company dedicated to helping customers react faster and smarter to security threats. We enable enterprises to create and maintain secure digital ecosystems through automation, threat detection, and rapid incident response. As part of the UST family, we are trusted by some of the world’s largest enterprises. Our Security Operations Group is composed of a global team of highly skilled cyber security professionals, with our tier 3-4 expertise rooted in Israeli Intelligence "5 Years or SOC experience Certifications – CEH or CCNA or CCNP or QRadar relevant certification " "SOC Analyst L2 SOC Analyst L2 is an operational role, focusing on ticket quality and security incident deeper investigation and will be responsible to handle the escalated incidents from Level 1 team within SLA. Responsibilities SOC Analyst L2 would work closely with SOC L1 team, L3 team & customer and responsible for performing deeper analysis and need to interact with client in daily calls and need to take the responsibility of handling the True Positive incidents on time. When L1 escalates an incident to L2, need to conduct more analysis and, if needed, escalate to the L3 team, or L2 analyst must advise L1 team members until the incident is resolved. Perform deep analysis to security incidents to identify the full kill chain Perform remediation steps according to the findings or initiate steps for remediation Prepare RCA for major incidents Handle L2 and above level technical escalations from L1 Operations team and resolve within SLA. Identify the security gaps and need to recommend new rules/solution to L3/Customer Need to suggest finetuning for existing rules based on the high count/wherever required Create and manage the Incident handling playbook, process runbooks and ad-hoc documents whenever needed Recommend finetuning for s with logic and threshold, and possibly the query as well for the SIEM Recommend new usecases with logic and threshold, and possibly the query as well for the SIEM Respond to clients’ requests, concerns, and suggestions Proactively support L1 team during an incident. Performs and reviews tasks as identified in a daily task list. Ready to work in 24x7 rotational shift model including night shift Incident detection, triage, analysis and response. Coordinating with customers for their security related problems and providing solutions. Share knowledge to other analysts in their role and responsibilities Provide knowledge transfer to L1 such as advance hunting techniques, guides, cheat sheets etc Knowledge Experience Minimum 5 Years of experience in Security Operations Security event monitoring, triage, and thorough incident investigation. Research and understand log sources for effective security monitoring. Isolate issues, respond to incidents, and mitigate threats swiftly. Adjust SIEM rules for better and incident specifications. Optimize SIEM capabilities, aid in audit/logging, and generate timely reports. Conduct vulnerability scans, prioritize, and plan remediation. Proactively search for suspicious activities through Threat Hunts. Offer valuable Threat Intelligence to verify security concerns. Identify endpoint threats using EDR/AV analysis and Cybereason scans. Develop and maintain security operation standards, procedures, and playbooks. Essential Skills Knowledge and hands-on experience with SIEM Platofrms- Splunk & Qradar. Knowledge and hands-on experience with EDR Platforms- Crowdstrike & CyberReason. Continuous Learning innovation and optimization Ensure completion of learning programs as suggested by Managers Suggest ideas that will help innovation and optimization of processes and help develop the ideas into proposals. Provide suggestions to reduce the manual work Strong verbal and written English communication Strong interpersonal and presentation skills Ability to work with minimal levels of supervision Available to work in a 24x7 Security Operation centre (SOC) environment- shared MSSP. Show more Show less

Role Description The Cybersecurity Incident Management and Response Team is responsible for effectively and efficiently managing all information and cybersecurity incidents across the Group on a 24x7 basis. This function is structured into two primary missions: Incident Management: Coordinating and orchestrating the global technical response to cybersecurity incidents, and ensuring timely, effective communication to Global Business and Functional stakeholders, Senior Executive Leadership, and relevant regulatory bodies. Incident Response: Conducting technical and forensic investigations arising from threat intelligence, security testing, and user-reported incidents. The goal is to effectively contain, mitigate, and remediate both active and potential attacks. Key Responsibilities Lead and perform technical and forensic investigations into global cybersecurity events, ensuring timely threat identification and mitigation. Conduct post-incident reviews to assess the effectiveness of controls and response capabilities; drive improvements where necessary. Deliver forensic services including evidence collection, processing, preservation, analysis, and presentation. Stay updated on emerging technology trends and cybersecurity best practices to provide guidance to business and IT functions. Collaborate with Global Cybersecurity Operations (GCO) and business teams to develop and maintain effective incident response playbooks. Contribute to the creation and enhancement of detection mechanisms (use cases) and security automation workflows. Define and refine detailed processes and procedures for managing cybersecurity events. Enhance technical capabilities of security platforms and incident response tools. Support the development of the team’s capabilities, including training and mentoring junior team members. Promote a culture of transparency and continuous improvement by identifying and addressing weaknesses in people, processes, and technology. Drive self-improvement and maintain subject matter expertise in cybersecurity. Engage with global stakeholders to improve cybersecurity awareness and communicate the impact of cybersecurity initiatives. Generate and present management information and incident reports tailored for various audiences, supported by data and expert analysis. Required Skills & Competencies Strong understanding of cybersecurity incident management and investigation techniques. Hands-on experience with IDS/IPS systems, TCP/IP protocols, and common attack vectors. Ability to independently analyze complex problems and determine root causes. Effective communication skills with the ability to convey technical issues clearly to both technical and non-technical audiences. Sound decision-making abilities under pressure, with a focus on risk mitigation and operational resilience. Strong collaboration and stakeholder engagement skills across diverse teams. High level of integrity, urgency, and personal accountability. Demonstrated ethical conduct and commitment to organizational values. Knowledge of cybersecurity principles, global financial services, compliance requirements, and regulatory standards. Familiarity with industry frameworks and standards such as OWASP, ISO 27001/27002, PCI DSS, GLBA, FFIEC, CIS, and NIST. Experience in responding to advanced threats, including offensive security knowledge or experience with deception technologies (honeypots, tripwires, honey tokens, etc.). Preferred Technical Skills Cybersecurity Incident Management Intrusion Detection/Prevention Systems (IDS/IPS) TCP/IP Protocols and Network Analysis Forensics Tools and Techniques Security Automation & Orchestration Platforms Threat Intelligence Integration SIEM Tools (e.g., Splunk, QRadar, etc.) Skills Incident response,Forensic Show more Show less

Job Title: ServiceNow SecOps Consultant / Developer Experience: 5+ years in ServiceNow with minimum 2 years in SecOps module Job Description: We are looking for a highly skilled ServiceNow Security Operations (SecOps) Consultant/Developer to join our team. The ideal candidate will have experience in implementing and customizing ServiceNow SecOps modules including Security Incident Response (SIR), Vulnerability Response (VR), Threat Intelligence, and Security Incident Enrichment. Key Responsibilities: Implement, configure, and maintain ServiceNow Security Operations modules. Integrate external security tools (e.g., Qualys, Splunk, Rapid7, Tenable) with ServiceNow SecOps. Design and develop workflows, automation scripts, and business rules to streamline SecOps processes. Configure and maintain playbooks for automated response actions. Manage security incident lifecycle using ServiceNow SIR module. Enable vulnerability identification and remediation using VR module. Collaborate with InfoSec, IT, and third-party security tools teams. Support continuous improvement efforts and provide recommendations for platform optimization. Required Skills: Strong hands-on experience with ServiceNow Security Operations Suite. Knowledge of ServiceNow CMDB, Discovery, and MID server setup. Experience with Security Incident Response, Vulnerability Response, and Threat Intelligence modules. Proficiency in scripting (JavaScript) and ServiceNow development/customization. Experience with integration tools like REST/SOAP APIs. Familiarity with SIEM tools (e.g., Splunk, QRadar), Vulnerability scanners (e.g., Qualys, Tenable). Good to Have: ServiceNow Certified Implementation Specialist – Security Operations. Experience in SOC processes, NIST/ISO frameworks, and risk management. ITIL certification or working knowledge of ITIL processes. Experience with MITRE ATT&CK framework and threat intelligence feeds. Educational Qualification: Bachelor’s Degree in Computer Science, Information Technology, Cybersecurity, or related field. Show more Show less

EXPERIENCE: 5 – 8 Years RESPONSIBILITIES (INCLUDES TASKS AND AUTHORITIES): Key Responsibilities Detect, identify, and promptly alert on potential attacks, intrusions, anomalous activities, and misuse, distinguishing them from benign events. Conduct research, analysis, and correlation across diverse data sets to identify indications and warnings of threats. Analyze network alerts from multiple sources and determine their root causes and potential impact. Provide daily summary reports of relevant network and security events. Notify and coordinate with managers and incident responders, clearly articulating event history, status, and potential business impact as per the incident response plan. Analyze and report on system security posture trends. Assess access controls based on the principles of least privilege and need-to-know. Perform vulnerability management, including scanning, analysis, and follow-up on critical vulnerabilities. Lead and participate in incident response activities, including root cause analysis and remediation recommendations. Develop, review, and maintain SIEM correlation rules and incident response playbooks. Provide mentorship and guidance to L1 SOC analysts, reviewing and escalating tickets as needed. Stay current with emerging threats, vulnerabilities, and regulatory security requirements. Required Skills & Experience 2–4 years of experience in a SOC environment, with at least 1 year in a Level 2 (L2) role Proficiency in Splunk SIEM: log analysis, rule creation, dashboarding, and incident investigation1 Hands-on experience with Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) platforms. Strong knowledge of network security protocols, intrusion detection/prevention systems (IDS/IPS), and firewall/VPN technologies Ability to perform packet-level analysis using tools such as Wireshark or tcpdump Experience in malware analysis, digital forensics, and threat intelligence platforms1 Familiarity with authentication, authorization, and access control methods. Strong understanding of incident response and handling methodologies. Experience interpreting data from network tools (e.g., nslookup, ping, traceroute). Knowledge of Windows/Unix ports, services, and operating system command-line tools. Understanding of key security management concepts (e.g., patch management, release management). Excellent analytical, problem-solving, and communication skills Experience in documenting and reporting security incidents and trends. CERTIFICATIONS(Any three): Relevant certifications such as SPLUNK, Certified SOC Analyst (CSA) , CompTIA Security+: TECHNICAL SKILLS /COMPETENCIES: MANDATORY Experience with SIEM (e.g. Splunk, XDR) SIEM tools (e.g., Splunk, QRadar) Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) Firewall and VPN technologies Threat intelligence platforms & Endpoint detection and response tools Hands-on experience with Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) platforms. Strong knowledge of network security protocols, intrusion detection/prevention systems (IDS/IPS), and firewall/VPN technologiesa Show more Show less

Assist in defining security Policies Standards and reference Architecture for Network design and deployment related to above technologies. Proactive analysis of Network for secure deployments, secure configurations against Global Security Best Practices. Assisting network design team with security inputs while designing an architecture for new offices/ branches/ data centres etc. for Security by Design. Developing network security standards and guiding network design to meet corporate requirements. Strategize and formulate high and low-level monitoring mechanism for security posture of network deployments and advise measures to improve them. Possess and maintain technical knowledge of aspects of DDoS mitigation, NAC, Internet Proxy, DNS etc. Conducting analysis of network security and Strategize and formulate high and low-level monitoring mechanism for DDoS mitigation, NAC, Internet Proxy, DNS. Taking proactive measures for enhancing the security posture of the Bank's network by studying the vulnerabilities issued/ published by various OEMs, internal and external agencies such as CERTetc. Working with internal and external business stakeholders on ensuring that IT infrastructure meet global network security standards. Produce and track metrics for the effectiveness and maturity of Secure network deployments.

Dedicated lead to work with the Happiest Minds Shared SOC team and ITteam to enhance the overall Incident response processes Run any critical incident response along with SOC and IT team Review and update the use caserepository as applicable to Happiest Minds Environment Work on root causeanalysis and remediations for alerts/incidents raised by customers Review andupdate existing automation playbooks Continuous updates of detectiontechniques Periodic threat hunting Use cases to prioritize based on thefindings from the threat and vulnerability management program

Implementation and Deployment: - Design and deploy IDS (ARMIS)solutions tailored to OT environments. - Develop comprehensive deploymentarchitectures, ensuring seamless integration with existing systems. - Configure and optimize network andfirewall settings to support IDS deployments. Data Network Security - IDS, Cybersecurity.

Senior Cybersecurity Analyst with a minimum of 6+ years of experience in thefield of Operation technology, particularly focusing on Endpoint Detection andResponse (EDR) and Intrusion Detection System #40;IDS#41; monitoringtools. The ideal candidate will have demonstrated expertise in Carbon Black AppControl. Carbon Black, MS Defender for Endpoints (EDR/ATP),Data Network Security - IDS, Unix Administration, Windows, Carbon Black, MS Defender for Endpoints (EDR/ATP), Data Network Security - IDS, Unix Administration, Windows. Senior Cybersecurity Analyst with a minimum of 6+ years of experience in the field of Operation technology, particularly focusing on Endpoint Detection and Response (EDR) and Intrusion Detection System (IDS) monitoring tools. The ideal candidate will have demonstrated expertise in Carbon Black App Control.

Cybersecurity, Azure Sentinel SIEM,MS Defender for Endpoints (EDR/ATP),AWS IAM,SOAR Concept, Fortinet FortiSOAR, Palo Alto Networks - Firewalls, Cortex XSOAR, Python We are seeking a Cybersecurity Analyst with 1-6years of experience in fundamental cybersecurity concepts, including SIEM, EDR, IAM, and SOAR platforms The ideal candidate should have a basic understanding of security automation and orchestration using platforms like FortiSOAR, Palo Alto XSOAR, and ThreatConnect (preferred) Experience with SOAR play book creation , integration etc Additionally, knowledge of Python scripting for automation and security tasks will be an added advantage

Job Overview As a Senior Cybersecurity Engineer, you will be responsible for designing, implementing, and maintaining robust security infrastructures to safeguard the organization's digital assets. You will lead initiatives to identify vulnerabilities, respond to incidents, and ensure compliance with industry standards and regulations. Key Responsibilities Security Architecture & Design: Develop and implement security solutions across IT and engineering environments, including firewalls, SIEM, IDS/IPS, and endpoint protection systems. Incident Response & Forensics: Lead investigations into security breaches, conduct root cause analysis, and develop mitigation strategies. Vulnerability Management: Perform regular vulnerability assessments, penetration testing, and manage patching processes to address potential threats. Security Monitoring: Oversee the deployment and tuning of security monitoring tools, ensuring effective detection and response capabilities. Policy Development: Create and maintain security policies, procedures, and documentation in alignment with industry standards like ISO 27001, NIST, and GDPR. Compliance & Audits: Ensure adherence to regulatory requirements and conduct internal audits to assess security posture. Team Leadership & Mentorship: Guide and mentor junior security engineers, fostering a culture of continuous improvement and learning. Stakeholder Collaboration: Work closely with IT, development, and operations teams to integrate security best practices into all aspects of the organization's infrastructure. Required Qualifications Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Experience: Minimum of 7 years in cybersecurity roles, with a focus on engineering, architecture, and incident response. Technical Skills: Proficiency with security tools such as SIEM (e.g., Splunk, QRadar), firewalls, IDS/IPS, and endpoint protection systems. Strong understanding of network protocols, encryption methods, and secure application development principles. Hands-on experience with cloud security platforms (AWS, Azure, GCP) and containerization technologies (e.g., Docker, Kubernetes). Scripting skills in languages like Python, PowerShell, or Bash for automation and tool integration. Certifications: Industry-recognized certifications such as CISSP, CISM, CEH, or GIAC are highly desirable. Preferred Qualifications Advanced Certifications: OSCP, GIAC Security Essentials (GSEC), Microsoft SC-200, or AZ-500. Specialized Knowledge: Experience with industrial control systems (ICS), OT security, and frameworks like IEC 62443. Analytical Tools: Familiarity with data analytics platforms like Tableau or Power BI for reporting and dashboard creation Show more Show less

Skills: SIEM TOOLS, VPN technologies, SPLUNK, IDS/IPS, SOC environment, XDR, Windows/Unix ports, EXPERIENCE: 5 8 Years Key Responsibilities RESPONSIBILITIES (INCLUDES TASKS AND AUTHORITIES): Detect, identify, and promptly alert on potential attacks, intrusions, anomalous activities, and misuse, distinguishing them from benign events. Conduct research, analysis, and correlation across diverse data sets to identify indications and warnings of threats. Analyze network alerts from multiple sources and determine their root causes and potential impact. Provide daily summary reports of relevant network and security events. Notify and coordinate with managers and incident responders, clearly articulating event history, status, and potential business impact as per the incident response plan. Analyze and report on system security posture trends. Assess access controls based on the principles of least privilege and need-to-know. Perform vulnerability management, including scanning, analysis, and follow-up on critical vulnerabilities. Lead and participate in incident response activities, including root cause analysis and remediation recommendations. Develop, review, and maintain SIEM correlation rules and incident response playbooks. Provide mentorship and guidance to L1 SOC analysts, reviewing and escalating tickets as needed. Stay current with emerging threats, vulnerabilities, and regulatory security requirements. Required Skills & Experience 24 years of experience in a SOC environment, with at least 1 year in a Level 2 (L2) role Proficiency in Splunk SIEM: log analysis, rule creation, dashboarding, and incident investigation1 Hands-on experience with Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) platforms. Strong knowledge of network security protocols, intrusion detection/prevention systems (IDS/IPS), and firewall/VPN technologies Ability to perform packet-level analysis using tools such as Wireshark or tcpdump Experience in malware analysis, digital forensics, and threat intelligence platforms1 Familiarity with authentication, authorization, and access control methods. Strong understanding of incident response and handling methodologies. Experience interpreting data from network tools (e.g., nslookup, ping, traceroute). Knowledge of Windows/Unix ports, services, and operating system command-line tools. Understanding of key security management concepts (e.g., patch management, release management). Excellent analytical, problem-solving, and communication skills Experience in documenting and reporting security incidents and trends. CERTIFICATIONS(Any Three) Relevant certifications such as SPLUNK, Certified SOC Analyst (CSA) , CompTIA Security+: Technical Skills /Competencies MANDATORY Experience with SIEM (e.g. Splunk, XDR) SIEM tools (e.g., Splunk, QRadar) Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) Firewall and VPN technologies Threat intelligence platforms & Endpoint detection and response tools Hands-on experience with Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) platforms. Strong knowledge of network security protocols, intrusion detection/prevention systems (IDS/IPS), and firewall/VPN technologies Show more Show less