891 Qradar Jobs - Page 29

Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO) is a leading technology services and consulting company focused on building innovative solutions that address clients’ most complex digital transformation needs. Leveraging our holistic portfolio of capabilities in consulting, design, engineering, and operations, we help clients realize their boldest ambitions and build future-ready, sustainable businesses. With over 230,000 employees and business partners across 65 countries, we deliver on the promise of helping our customers, colleagues, and communities thrive in an ever-changing world. For additional information, visit us at www.wipro.com. Job Description We are looking for an experienced ServiceNow developer to join our ServiceNow Risk and Security Operations practice as a senior consultant to support client implementation projects. The ideal candidate will have a strong background in ServiceNow implementation projects, with at least one project involving ServiceNow Risk solutions (i.e., Integrated Risk Management, Third Party Risk Management, Business Continuity Management). Our team brings technical expertise, real-world experience, strong executive engagement skills, and an inspirational mindset to help our customers understand the opportunities of the “platform of platforms” vision. We act as Trusted Partners for our customers’ most complex solutions, designed to ensure that they can rapidly realize the value they need. We do this by leveraging best practices and industry standards to build customer trust and architect best-in-class solutions. While collaborating with customers, and the wider ServiceNow Risk and Security Operations delivery team, the right candidate will be able to implement ServiceNow solutions based on requirements and architectural designs approved by the client. The candidate will also lead and participate in the delivery of demonstrations, workshops, best practice overviews, and educational sessions for customers. KEY RESPONSIBILITIES: Gather and document client requirements as part of a ServiceNow implementation project. Configure and test ServiceNow Risk solutions. Be a technical delivery resource, ensuring delivery excellence, aligned to ServiceNow Risk practice expectations. Stay current with new developments in the ServiceNow platform and apply that knowledge to client solutions REQUIRED QUALIFICATIONS: Minimum of 2 years of ServiceNow developer experience. Strong understanding of ServiceNow platform, including experience with custom development, integrations, and workflows. Strong problem-solving and analytical skills. ServiceNow Certified System Administrator certification. Experience working in a consulting environment. PREFERRED QUALIFICATIONS: ServiceNow Certified Implementation Specialist certification in one or more of the following: Risk and Compliance. Third-party Risk Management (TPRM) Implementer. Micro-Certification - Business Continuity Management. ServiceNow Certified Application Developer certifications. Experience in working with an integrated global practice. Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and/or Certified Information Security Manager (CISM) Experience working with industry-leading security operations tools (e.g., CyberXM, Rapid7, Qualys, Tenable, Prisma, Snyk, Veracode, Wiz, Orca, Tanium, Splunk, QRadar. Carbon Black, CrowdStrike, ProofPoint, Cisco, etc). Reinvent your world. We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention. Come to Wipro. Realize your ambitions. Applications from people with disabilities are explicitly welcome.

Job Duties (Summary): Senior Security SOC Analyst works in 24/7 team and in shifts which include nights and rotational weekends. The role is a key part of our Security Monitoring Incident Response team, involving in investigating alerts/events that trigger from MS Sentinel / SIEM and EDR Tools and other end point tools. Senior Analyst will be the internal escalation point for the Security analysts within the shift/team and will assist Security Analysts in responding to Security Incidents. This role also needs exceptional communication skills (verbal and written), and an ability quickly understand complex information while recognizing familiar elements within complex situations. Required Skills & Experience: Responsible for 24/7 monitor, triage, analysing security events and alerts. Including Malware analysis. Should have good hands-on in Microsoft Sentinel and should have ability to query using KQL [Mandatory] Familiarity with core concepts of security incident response, e.g., the typical phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IoCs), etc... Strong knowledge of email security threats and security controls, including experience analysing email headers. Analysing Phishing emails and associated Threats and to remediate them by blocking the Url’s analysing the malware(s),link(s),IOC’s. Good understanding of Threat Intel and Hunting. Good hands on experience in investigating EDR alerts (Tanium, CrowdStrike, etc..) Good hands on experience in using XSOAR Platforms (Demisto, Phantom, etc..) Strong technical understanding of network fundamentals and common Internet protocols, specifically DNS, HTTP, HTTPS / TLS, and SMTP. Experience analysing network traffic using tools such as Wireshark, to investigate either security issues or complex operational issues. Experience reviewing system and application logs (e.g., web or mail server logs), either to investigate security issues or complex operational issues. Knowledge in investigating security issues within Cloud infrastructure such as AWS, GCP, Azure (Preferred not mandatory) Good knowledge and hands-on experience with SIEM systems such as SentinelOne/RSA Netwitness/Splunk/AlienVault/QRadar, ArcSight or similar in understanding/creating new detection rules, correlation rules etc... Experience In defining use cases for playbooks and runbooks (Preferred) Experience in understanding log types and log parsing Strong passion in information security, including awareness of current threats and security best practices. Basic Qualifications (Preferred not mandatory ? if Candidate has equivalent knowledge) Bachelor’s Degree in Computer Sciences or equivalent (Preferred not mandatory) Minimum of 3 years of experience in a Security Operations Centre (SOC) or incident response team (CSIRT Team member). Overall 3+ experience in Information Security/IT Security/Network Security. CEH, CISSP, OSCP, CHFI, ECSA, GCIH, GCIA, GSEC, GCFA certification (minimum One certification - Preferred not mandatory) A relevant specialist degree (e.g., information security or digital forensics). Knowledge in NIST CSF, MiTRE & ATTACK Framework. Active involvement in the Information Security community. Certified in Azure Security [SC-200, AZ-500, AZ-900] ? Either one or more [Mandatory]

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Threat Detection & Response Consulting - Security Orchestration, Automation and Response (SOAR) - Senior KEY Capabilities: Excellent teamwork skills, passion and drive to succeed and combat Cyber threats Working with the customer to identify security automation strategies and provide creative integrations and playbooks. Work collaboratively with other team members to find creative and practical solutions to customers’ challenges and needs. Expertise in design and implementation of SOAR solution such as Phantom (Preferable), Demisto or Resilient Responsible for execution and maintenance of SOAR related analytical processes and tasks Manage and administration of SOAR platforms Hands-on experience with Incident Response and Threat Intelligence tools. Creation of reusable and efficient Python-based Playbooks. Use Phantom platform to enable automation and orchestration on various tools and technologies by making use of existing or custom integration Partner with security operations teams, threat intelligence groups and incident responders. Should have worked in a security operations center and gained understanding of SIEM and other log management platforms. Having experience in Splunk content development will be an added advantage Should have solid experience in the design/build, test, implementation, and maintenance of integration with other security tools and platforms Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers. Knowledge in Network monitoring technology platforms such as Fidelis XPS or others Knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others Qualification & experience: Minimum of 6 years’ experience in cyber security with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated SOAR solution in global enterprise environments. Strong oral, written and listening skills are an essential component to effective consulting. Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary. Must have knowledge of Vulnerability Management, basic Windows setup, Windows Domains, trusts, GPOs, server roles, Windows security policies, basic Linux setup, user administration, Linux security and troubleshooting. Should have strong hands-on experience with scripting technologies like Python, REST, JSON, SOAP, ODBC, XML etc. Must have honours degree in a technical field such as computer science, mathematics, engineering or similar field Minimum 3 years of working in SOAR Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix and Splunk will be an added advantage Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

Join our Team About this opportunity: We are now looking for a Senior Security Engineer professional for our Managed Security team. This job role has accountability for researching, designing, engineering, implementing, and supporting security solutions in partnership with the respective stakeholders within Ericsson and / or customer organization and / or 3rd Party Providers. The professional will work alongside a highly skilled, diverse team, making sure that the information assets, that we are responsible to protect, are secured. What you will do: Design, implement, manage, monitor, and troubleshoot cybersecurity defenses, including configuration management, network security, systems security, and monitoring systems / tools. Participate in planning and audit scope development as well as project execution as a critical team member on complex technology related assessments. Play an active role in the design and execution of infrastructure initiatives to ensure an evolving adherence to industry best practices for information security. Lead the execution of the assessment of specific technical areas of a project, supervising other team members and providing coaching where needed. Perform Security Incident Management, including but not limited to: supporting SIEM tools, integrating logs into the tool, creating and modifying rules, investigating and resolving alerts, automating tasks. Research new and emerging threats to gain insight into the evolving threat landscape, and share knowledge with the team. Promote new ideas and new ways of executing projects and internal infrastructure enhancements. Innovate and automate repetitive activities and corrective actions, including broader automation initiatives. Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets, and monitors for compliance Responds to information security incidents, including investigation of countermeasures to and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement The skills you bring: Strong knowledge of information security Strong knowledge of SIEM tools (such as McAfee ESM, QRadar, ArcSight, Splunk, etc.), scanning tools (Nessus, Qualys, IBM AppScan, etc.) and PAM tools (BeyondTrust, CyberArk, etc.) Strong knowledge of both Linux-based and MS Windows-based system platforms with a strong technical understanding and aptitude for analytical problem-solving Strong understanding of enterprise, network, system and application level security issues Strong understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP/IP networks along with available security controls (technical & process controls) for respective layers Good understanding of the system hardening processes, tools, guidelines and benchmarks Fundamental understanding of encryption technologies Participate in the out-of-hours on call rotation, providing technical support to the business for incidents Strong knowledge sharing and collaboration skills Deliver results and meet customer expectations Excellent communication skills; English is a must Key Qualifications: Education: BE/ B.Tech (Telecommunication/ Computer Science) Minimum years of relevant experience: 8 to 15 years experience with at least 8 years in IT and 7 years in Security ITIL certification, CCSP, OSCP, Security +, CISSP or similar will be an advantage Basic knowledge of telecommunications networks will be an added advantage Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply? Click Here to find all you need to know about what our typical hiring process looks like. Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more. Primary country and city: India (IN) || Noida Req ID: 768174

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Threat Detection & Response Consulting - Security Orchestration, Automation and Response (SOAR) - Senior KEY Capabilities: Excellent teamwork skills, passion and drive to succeed and combat Cyber threats Working with the customer to identify security automation strategies and provide creative integrations and playbooks. Work collaboratively with other team members to find creative and practical solutions to customers’ challenges and needs. Expertise in design and implementation of SOAR solution such as Phantom (Preferable), Demisto or Resilient Responsible for execution and maintenance of SOAR related analytical processes and tasks Manage and administration of SOAR platforms Hands-on experience with Incident Response and Threat Intelligence tools. Creation of reusable and efficient Python-based Playbooks. Use Phantom platform to enable automation and orchestration on various tools and technologies by making use of existing or custom integration Partner with security operations teams, threat intelligence groups and incident responders. Should have worked in a security operations center and gained understanding of SIEM and other log management platforms. Having experience in Splunk content development will be an added advantage Should have solid experience in the design/build, test, implementation, and maintenance of integration with other security tools and platforms Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers. Knowledge in Network monitoring technology platforms such as Fidelis XPS or others Knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others Qualification & experience: Minimum of 6 years’ experience in cyber security with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated SOAR solution in global enterprise environments. Strong oral, written and listening skills are an essential component to effective consulting. Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary. Must have knowledge of Vulnerability Management, basic Windows setup, Windows Domains, trusts, GPOs, server roles, Windows security policies, basic Linux setup, user administration, Linux security and troubleshooting. Should have strong hands-on experience with scripting technologies like Python, REST, JSON, SOAP, ODBC, XML etc. Must have honours degree in a technical field such as computer science, mathematics, engineering or similar field Minimum 3 years of working in SOAR Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix and Splunk will be an added advantage Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Threat Detection & Response Consulting - Security Orchestration, Automation and Response (SOAR) - Senior KEY Capabilities: Excellent teamwork skills, passion and drive to succeed and combat Cyber threats Working with the customer to identify security automation strategies and provide creative integrations and playbooks. Work collaboratively with other team members to find creative and practical solutions to customers’ challenges and needs. Expertise in design and implementation of SOAR solution such as Phantom (Preferable), Demisto or Resilient Responsible for execution and maintenance of SOAR related analytical processes and tasks Manage and administration of SOAR platforms Hands-on experience with Incident Response and Threat Intelligence tools. Creation of reusable and efficient Python-based Playbooks. Use Phantom platform to enable automation and orchestration on various tools and technologies by making use of existing or custom integration Partner with security operations teams, threat intelligence groups and incident responders. Should have worked in a security operations center and gained understanding of SIEM and other log management platforms. Having experience in Splunk content development will be an added advantage Should have solid experience in the design/build, test, implementation, and maintenance of integration with other security tools and platforms Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers. Knowledge in Network monitoring technology platforms such as Fidelis XPS or others Knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others Qualification & experience: Minimum of 6 years’ experience in cyber security with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated SOAR solution in global enterprise environments. Strong oral, written and listening skills are an essential component to effective consulting. Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary. Must have knowledge of Vulnerability Management, basic Windows setup, Windows Domains, trusts, GPOs, server roles, Windows security policies, basic Linux setup, user administration, Linux security and troubleshooting. Should have strong hands-on experience with scripting technologies like Python, REST, JSON, SOAP, ODBC, XML etc. Must have honours degree in a technical field such as computer science, mathematics, engineering or similar field Minimum 3 years of working in SOAR Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix and Splunk will be an added advantage Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

As an L1 Threat Hunter, you will work closely with SOC analysts and incident responders to identify, analyze, and escalate suspicious activity using a variety of tools and threat intelligence sources.

Position: SOC Analyst 100% Remote Working Hours: US/UK hours Job description: We are seeking a highly motivated and skilled SOC Analyst to join our Security Operations Center. Key Responsibilities Monitor security events and alerts using tools such as Splunk, IBM QRadar, Microsoft Sentinel, and Palo Alto XSIAM. Perform initial triage and categorization of security events to determine severity and potential impact. Escalate confirmed incidents to appropriate teams or stakeholders with accurate and detailed information. Correlate logs and alerts across various platforms to detect anomalous behavior or indicators of compromise (IoCs). Utilize the MITRE ATT&CK framework to enrich detection and response processes. Collaborate with Incident Response and Threat Intelligence teams for deeper investigations. Generate reports and dashboards for incident trends, KPIs, and SOC performance. Maintain documentation of SOC procedures, playbooks, and workflows. Participate in regular threat-hunting and detection engineering activities. Continuously evaluate and tune detection rules and alerts for improved accuracy. Required Qualifications Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience) Certifications: CompTIA Security+ CySA+ Certified SOC Analyst (CSA) or equivalent Required Skills and Experience 3+ years of experience in a SOC environment or cybersecurity operations Proficient with SIEM platforms: Splunk, IBM QRadar, Microsoft Sentinel Experience with EDR/XDR platforms like Palo Alto XSIAM and CrowdStrike Falcon Familiarity with MITRE ATT&CK and threat detection mapping Preferred Qualifications Understanding of cloud security monitoring (Azure, AWS, GCP) Exposure to SOAR tools and incident response automation Knowledge of NIST, ISO 27001, and other security compliance frameworks Interested candidate can apply: dsingh15@fcsltd.com

• Strong expertise with SIEM platforms (e.g., QRadar, Sentinel, LogRhythm , Splunk,). • Proficient in EDR and XDR tools (e.g., CrowdStrike, SentinelOne, Carbon Black).

Job Statement: NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360° platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a client’s needs and budget, and external threat analysis, which provides critical intelligence, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service. We are looking for a proven, high energy, results oriented Cybersecurity Leader, where you will be a key advisor for our clients, analyzing business requirements to design and implement ideal security solutions for their needs. As an established SecOps Leader, you will span operational, tactical, and strategic levels as well as tasks that tackle difficult problems that businesses are facing when building out and improving their security posture. This is an opportunity for you to showcase your strong communication skills and experience in SOC operations, security governance & advisory, security risk management, security architecture, and cyber incident response programs. Job responsibilities: · Driving of Cybersecurity services business from a pre-sales consultancy capacity in order to support our prospects/clients from proposal to delivery · Serves as a Subject Matter Expert (SME) for SOC/SIEM/GRC/Infra-Application Security Assessment Services · Able to articulate the business benefits of Cybersecurity services to business/technical customers as appropriate, helping them to identify potential future opportunities and bringing them to the attention of people who can commit the required resources to realize those benefits. · Ability to prepare Cybersecurity documents and presentations in such a way that they are easily understood by the appropriate audience · Demonstrate personal flexibility and focused delivery to ensure the delivery of quality cybersecurity solutions and increase customer satisfaction · Shares knowledge within the ISO (SIEM/SOC) community · Documents feedback and lessons learned from customer engagements so that the colleagues can benefit from this knowledge and be alerted to potential new opportunities Job specifications: 1. Qualification: · Bachelor’s degree in Computer Science, Engineering, or related field or equivalent work experience. May hold Master's or advanced degree in related field 2. Skills: · Proven experience of a Consultative Cybersecurity Selling approach in a customer facing role · Able to conduct cybersecurity presentations, demos, POCs · 7+ years of professional experience in writing cybersecurity proposals/responding to RFPs/Presentations/SOWs on cybersecurity services · Experience in architectural design and project led implementation of Cybersecurity solutions · Demonstrate ability to coach others in the gathering of requirements, designs, plans and estimates · Expert knowledge of Splunk, IBM QRadar and LogRhythm is required (configuration, troubleshooting and design and their relative merits); comparable knowledge with products of other leading SIEM vendors helpful · Contemporary base operating systems and major database platforms architectural knowledge for enterprise environments · Demonstrates broad knowledge in other technical areas to properly manage complex integration efforts · Appreciation of the business drivers demanding Cybersecurity Services · Understanding of legislative demands and compliance requirements mitigated through Cybersecurity services · Understanding of the additional enabling features achieved from an effective Cybersecurity service/solution · Experience of the supporting policy, procedures and practices required to deliver and maintain an effective operational Cybersecurity solution - at the customer or through a service · Ability to adapt a consulting style appropriate to the situation and can identify up-sell opportunities · Ability to demonstrate a broad understanding of market dynamics, an industry area, commercial issues, and technical concerns whilst maintaining depth in Cybersecurity services focus area Show more Show less

Exp : 4yrs to 13yrs Location : Noida, Bangalore & Hyderabad Role Overview As a CyberArk Consultant, you will lead the design, implementation, and management of Privileged Access Management (PAM) solutions for enterprise clients. You will work with a range of CyberArk components, including Vault, CPM, PSM, PSMP, PVWA, and AIM, to enhance security posture and ensure compliance. 🔧 Key Responsibilities Deploy and configure CyberArk components such as Vault, CPM, PSM, PSMP, PVWA, and AIM. Integrate CyberArk with Active Directory, LDAP, SIEM tools (e.g., QRadar), and multi-factor authentication systems (e.g., RADIUS, Azure MFA). Onboard privileged accounts from various platforms (Windows, Linux, UNIX, databases) using tools like Password Upload Utility (PUU) and REST APIs. Implement Disaster Recovery Vaults with replication and failover capabilities. Develop and enforce password management policies based on CyberArk’s Master Policy. Utilize CyberArk DNA Scanner for automated discovery and auditing of privileged and non-privileged accounts. Troubleshoot and resolve issues related to CPM, PSM, and other CyberArk components. Provide training and knowledge transfer to L1 support teams. Prepare documentation, including runbooks, configuration guides, and health check reports. 📚 Required Skills & Qualifications Bachelor’s degree in Engineering or related field. 5–7 years of experience in deploying and managing CyberArk PAM solutions. Strong knowledge of CyberArk components and their integration with various platforms. Experience with scripting languages like PowerShell or AutoIT for automation tasks. Familiarity with identity and access management (IAM) concepts and best practices. Excellent communication and client-facing skills. Ability to work independently and as part of a team in a fast-paced environment. 💼 Preferred Skills Certifications such as CyberArk CDE, CISSP, or related IAM certifications. Experience with cloud platforms (AWS, Azure, GCP) and containerized environments (e.g., Kubernetes). Knowledge of security frameworks and compliance standards (e.g., PCI-DSS, HIPAA, GDPR). Role Overview As a CyberArk Consultant, you will lead the design, implementation, and management of Privileged Access Management (PAM) solutions for enterprise clients. You will work with a range of CyberArk components, including Vault, CPM, PSM, PSMP, PVWA, and AIM, to enhance security posture and ensure compliance. 🔧 Key Responsibilities Deploy and configure CyberArk components such as Vault, CPM, PSM, PSMP, PVWA, and AIM. Integrate CyberArk with Active Directory, LDAP, SIEM tools (e.g., QRadar), and multi-factor authentication systems (e.g., RADIUS, Azure MFA). Onboard privileged accounts from various platforms (Windows, Linux, UNIX, databases) using tools like Password Upload Utility (PUU) and REST APIs. Implement Disaster Recovery Vaults with replication and failover capabilities. Develop and enforce password management policies based on CyberArk’s Master Policy. Utilize CyberArk DNA Scanner for automated discovery and auditing of privileged and non-privileged accounts. Troubleshoot and resolve issues related to CPM, PSM, and other CyberArk components. Provide training and knowledge transfer to L1 support teams. Prepare documentation, including runbooks, configuration guides, and health check reports. 📚 Required Skills & Qualifications Bachelor’s degree in Engineering or related field. 5–7 years of experience in deploying and managing CyberArk PAM solutions. Strong knowledge of CyberArk components and their integration with various platforms. Experience with scripting languages like PowerShell or AutoIT for automation tasks. Familiarity with identity and access management (IAM) concepts and best practices. Excellent communication and client-facing skills. Ability to work independently and as part of a team in a fast-paced environment. 💼 Preferred Skills Certifications such as CyberArk CDE, CISSP, or related IAM certifications. Experience with cloud platforms (AWS, Azure, GCP) and containerized environments (e.g., Kubernetes). Knowledge of security frameworks and compliance standards (e.g., PCI-DSS, HIPAA, GDPR). Show more Show less

Investigate, hunt, and lead escalated incident response using advanced threat detection from SIEM, EDR, NDR platforms. Develop and manage custom detection use cases aligned to threat frameworks and customer environments. Key Responsibilities: Monitoring, Investigation & Triage Triage and correlate alerts from SIEM (QRadar/Sentinel), EDR, and NDR Identify lateral movement, C2 activity, and data exfiltration Lead incident investigations and initiate containment measures Threat Hunting & Detection Engineering Proactive hunting using logs, flow data, and behavior analytics Apply MITRE ATT&CK for hypothesis-driven hunts Develop, test, and optimize custom detection rules Maintain a backlog aligned with emerging threats Tool Proficienc y SIEM: Advanced KQL/AQL queries, rule tuning, alert optimization EDR: Defender for Endpoint binary/process analysis, endpoint containment NDR: Darktrace/LinkShadow behavioral baselining, detection logic SOAR: Sentinel Playbooks / Cortex XSOAR for automated workflows Cloud Security: Azure AD alerts, MCAS, Defender for Cloud, M365 Defender Threat Intelligence Integration IOC/TTP enrichment Threat intel feed integration Contextual alert correlation Reporting & RCA Draft technical incident reports and RCAs Executive-level summaries for major incidents Cloud Security (Optional): Investigate alerts like impossible travel, app consent abuse Respond to cloud-native security incidents using Defender for Cloud, MCAS Create advanced SOAR workflows and playbook Tool Familiarity QRadar Microsoft Sentinel Microsoft Defender for Endpoint LinkShadow or Darktrace EOP/Exchange protection Antivirus platforms Defender for Identity / Defender for Cloud Advanced SOAR workflows (Sentinel playbooks / Cortex XSOAR) Network forensic tools like Wireshark / Zeek Certifications (Preferred): GCIH / GCIA / CEH Microsoft SC-200 / SC-100 QRadar Admin or equivalent Shift Readiness: 24x7 rotational shifts, including on-call support for escalations and major incidents Soft Skills: Strong analytical and documentation skills Proactive communicator Independent problem-solver and critical thinker

As an L1 SOC Analyst, you will be responsible for monitoring alerts and triaging basic security events from SIEM, EDR, and NDR platforms. Your role includes identifying suspicious activities, escalating incidents as per defined SOPs, and supporting the security operations team in daily monitoring tasks. Key Responsibilities: Monitor alerts from SIEM (QRadar, Microsoft Sentinel), EDR (Microsoft Defender for Endpoint), and NDR (LinkShadow/Darktrace) platforms Triage basic security events and validate incidents using established playbooks Escalate potential threats to L2 analysts based on severity and context Review and respond to AV/EDR alerts and execute predefined security queries Log incidents, document actions, and maintain ticketing system with accurate updates Enrich alerts with known threat intelligence and IOCs (IP, domain, file hashes) Support incident response efforts for phishing, malware, brute-force attacks, etc. Collaborate with team members and shift leads to ensure 24x7 monitoring coverage Tool Experience (Preferred): SIEM Tools: Basic use of QRadar and Microsoft Sentinel EDR/XDR: Microsoft Defender for Endpoint, Antivirus consoles NDR: LinkShadow or Darktrace (basic familiarity) Other Tools: Microsoft Exchange Online Protection (EOP), Azure AD Sign-In Logs (optional) Certifications (Preferred): CompTIA Security+ Microsoft SC-900 Shift Readiness: This role requires flexibility to work in 24x7 rotational shifts , including nights, weekends, and holidays. Required Skills: Understanding of basic cybersecurity concepts Familiarity with security alert triage and incident logging Basic knowledge of Indicators of Compromise (IOCs) Fast learner with strong attention to detail Effective communicator and team player

Project Role : Security Delivery Lead Project Role Description : Leads the implementation and delivery of Security Services projects, leveraging our global delivery capability (method, tools, training, assets). Must have skills : Security Delivery Governance Good to have skills : Identity Access Management (IAM), Security Information and Event Management (SIEM) Minimum 15 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Delivery Lead, you will lead the implementation and delivery of Security Services projects, leveraging our global delivery capability (method, tools, training, assets). Roles & Responsibilities: Expected to be a SME with deep knowledge and experience. Should have Influencing and Advisory skills. Responsible for team decisions. Engage with multiple teams and contribute on key decisions. Expected to provide solutions to problems that apply across multiple teams. Lead and manage the Security Delivery team effectively. Develop and implement Security Delivery Governance strategies. Collaborate with cross-functional teams to ensure successful project delivery. Professional & Technical Skills: Must To Have Skills: Proficiency in Security Delivery Governance. Good To Have Skills: Experience with Identity Access Management (IAM), Security Information and Event Management (SIEM). Strong understanding of security principles and best practices. Experience in developing and implementing security policies and procedures. Knowledge of regulatory compliance requirements related to security. Excellent communication and leadership skills. Additional Information: The candidate should have a minimum of 15 years of experience in Security Delivery Governance. This position is based at our Bengaluru office. A 15 years full time education is required. Qualification 15 years full time education

Strong expertise with SIEM platforms (e.g., QRadar, Sentinel, LogRhythm , Splunk,). Proficient in EDR and XDR tools (e.g., CrowdStrike, SentinelOne, Carbon Black). Hands-on knowledge of packet capture analysis tools (e.g., Wireshark, tcpdump), forensic tools, and malware analysis tools. Familiarity with scripting or automation languages such as Python, PowerShell, or Bash. Deep understanding of networking protocols, OS internals (Windows/Linux), and security best practices. Familiar with frameworks such as MITRE ATT&CK, NIST, and the Cyber Kill Chain. Minimum of nine (9) years technical experience 7+ years of experience in SOC, security operations, cyber technical analysis, threat hunting, and threat attribution assessment with increasing responsibilities. 3+ years of rule development and tuning experience 2+ years of Incident response Experience supporting 24x7x365 SOC operations and willing to operate in Shifts including but not limited to Alert and notification activities- analysis/triage/response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported alerts and Incidents. Manage multiple tickets/alerts in parallel, including end-user coordination. Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response. Solid understanding and experience analyzing security events generated from security tools and devices not limited to QRadar, MS Sentinel, FireEye, Elastic, SourceFire, Malware Bytes, CarbonBlack/Bit9, Splunk, Prisma Cloud/Compute, Cisco IronPort, BlueCoat Experience and solid understanding of Malware analysis Demonstrated proficiencies with one or more toolsets such as QRadar, MS Sentinel, Bit9/CarbonBlack, Endgame, FireEye HX / CM / ETP, Elastic Kibana Experience and ability to use, contribute, develop and follow Standard Operating Procedures (SOPs) In-depth experience with processing and triage of Security Alerts from multiple sources but not limited to: Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources Experience with scripting languages applied to SOC operations; for example, automating investigations with tools, automating IOC reviews, support SOAR development. Experience with bash, python, and Windows PowerShell scripting Demonstrated experience with triage and resolution of SOC tasks, including but not limited to vulnerability announcements, phishing email review, Tier 1 IR support, SIEM/Security Tools - alert analysis. Demonstrated experience and understanding of event timeline analysis and correlation of events between logs sources. Demonstrated experience with the underlying logs generated by operating systems (Linux/Windows), Network Security Devices, and other enterprise tools. Demonstrated proficiencies with an enterprise SIEM or security analytics solution, including the Elastic Stack or Splunk. Solid understanding and experience analyzing security events generated from security tools and devices not limited to: QRadar, MS Sentinel, Carbon Black, FireEye, Palo Alto, Cylance, and OSSEC Expert in security incident response processes

Hiring for SOC Analyst in one of our Top Banking company @ Chennai & Hyderabad location Job Title: SOC Analyst Experience : 6 - 9 Years Department: Cybersecurity / Information Security Location: Chennai & Hyderabad Employment Type: Hybrid Mode - 3 days WFO and 2 days WFH . Job Summary: We are seeking a skilled and detail-oriented Security Operations Center (SOC) Analyst to join our cybersecurity team. The SOC Analyst will be responsible for monitoring, detecting, analyzing, and responding to cybersecurity incidents using a variety of tools and techniques. This role is critical to maintaining and improving our organization's security posture by ensuring real-time threat detection and incident response. Key Responsibilities: Monitor security alerts and events from SIEM tools (e.g., Splunk, QRadar, Microsoft Sentinel). Analyze and triage events to determine impact and severity. Investigate security incidents and provide incident reports with detailed analysis. Escalate validated threats and vulnerabilities to the appropriate teams and assist in mitigation efforts. Coordinate with IT teams to ensure containment, eradication, and recovery actions are taken for confirmed incidents. Perform threat intelligence analysis to support proactive detection and defense. Document incident handling procedures and maintain an incident knowledge base. Participate in continuous improvement of SOC operations, including playbooks and automation. Stay current on the latest cybersecurity trends, threats, and tools. Required Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field; or equivalent work experience. 13 years of experience in a SOC or information security role. Experience with SIEM platforms, IDS/IPS, firewalls, and endpoint protection tools. Understanding of TCP/IP, DNS, HTTP, VPN, and network protocols. Knowledge of common threat vectors, MITRE ATT&CK framework, and kill chain. Strong analytical and problem-solving skills. Excellent communication skills and ability to work under pressure. Preferred Qualifications: Certifications such as CompTIA Security+, CEH, GCIA, GCIH, or Splunk Certified Analyst. Experience with scripting (e.g., Python, PowerShell) for automation. Familiarity with cloud security monitoring (e.g., AWS GuardDuty, Azure Defender). Exposure to incident response frameworks and forensic tools. Work Schedule: [24x7 shift-based / Regular business hours / On-call rotation as applicable]

Roles & Responsibilities Reviews alerts generated by SentinelOne and implements appropriate containment and mitigation measures Proficient in SIEM, with a focus on QRadar SIEM, as well as threat monitoring and hunting within SIEM environments. Analyzes payloads using JoeSandbox and escalates to the appropriate team as necessary Collaborates with the Forensics team to conduct threat hunting using identified Indicators of Compromise (IoCs) and Tactics, Techniques, and Procedures (TTPs) Assists the Tiger Team in targeted collections of systems based on identified malicious activities in the client's environment Conducts historical log reviews to support threat hunting efforts and ensures all malicious artifacts are mitigated in the SentinelOne console Examines client-provided documents and files to supplement the SOC investigation and mitigation strategy Conducts perimeter scans of client infrastructure and reports any identified vulnerabilities to the Tiger Team for appropriate escalation Manages client-related tasks within the ConnectWise Manage ticketing system as part of the Client Handling Lifecycle Creates user accounts in SentinelOne console for the client Generates Threat Reports showcasing activity observed within the SentinelOne product Executes passphrase exports as needed for client offboarding Submits legacy installer requests to ensure the team is properly equipped for deployment Provides timely alert notifications to the IR team of any malicious activity impacting our clients Assists with uninstalling/migrating SentinelOne Generates Ranger reports to provide needed visibility into client environments Manages and organizes client assets (multi-site and multi-group accounts) Applies appropriate interoperability exclusions relating to SentinelOne and client applications Performs SentinelOne installation / interoperability troubleshooting as needed Contributes to the overall documentation of SOC processes and procedures Participates in “Handler on Duty (HOD) shifts as assigned to support the TT client matters Internally escalates support ticket / alerts to Tier II-IV Analysts as needed May perform other duties as assigned by management Skills And Knowledge Demonstrated knowledge of Windows and Unix operating systems Thorough understanding of Digital Forensics and Incident Response practices Proficiency in advanced analysis techniques for processing and reviewing large datasets in various formats Familiarity with TCP/IP and OSI Model concepts at a basic level Expertise in the Incident Response Life Cycle stages (Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned) Working knowledge of the MITRE ATT&CK framework at an intermediate level Proven ability to work independently and solve complex problems with little direction from management Highly detail-oriented and committed to producing quality work Job Requirements Associate’s degree and 6+ years of IT related experience or Bachelor’s Degree and 2-5 years related experience Current or previous knowledge of, or previous experience with, Endpoint Detection and Response (EDR) toolsets General knowledge of the Incident Handling Lifecycle Ability to communicate in both technical and non-technical terms both oral and written DISCLAIMER The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties and skills required personnel so classified. WORK ENVIRONMENT While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodation may be made to enable people with disabilities to perform the essential functions of this job. PHYSICAL DEMANDS No physical exertion required Travel within or outside of the state Light work: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force as frequently as needed to move objects TERMS OF EMPLOYMENT Salary and benefits shall be paid consistent with Arete salary and benefit policy. FLSA OVERTIME CATEGORY Job is exempt from the overtime provisions of the Fair Labor Standards Act. DECLARATION The Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description. EQUAL EMPLOYMENT OPPORTUNITY We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better. Arete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry. When you join Arete… You’ll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we’re about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters. Equal Employment Opportunity We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better. Show more Show less

So, what’s t he r ole all about? As a member of the Cloud Security team, a successful Cloud Security Analyst will need to be self-sufficient to collaborate effectively with multiple teams, such as Application Support, Infrastructure Operations, DevOps, Product R&D, Security teams, customers and 3 rd party auditors. This role will hold the responsibility of understanding the Cloud security policies, procedures, practices and technologies and documenting them appropriately as well as demonstrating to auditors and customers the excellent Cloud Security at NICE. A successful candidate in this role will be able to work in production cloud environments to collect and curate evidence and explain it to anyone who asks for it. Experience with Governance, Risk and Compliance (GRC) is a big plus! How will you make an impact? You will directly impact the success of the NICE cloud business by ensuring all customer and auditory security requirements are met and demonstrated. A diverse, merit-driven work environment which rewards a growth mindset and encourages innovation and continued professional development; The opportunity to work in a global, highly skilled, passionate workforce to deliver world-class service and products to market. Competitive pay and excellent benefits. Generous PTO policies. A highly focused security & compliance team which is collaborative, supportive, experienced, and driven to help everyone from the individual to enterprise to our customers realize the success for which they aim. Have you got what it takes? 1-2 years of experience with Information Security & Compliance or GRC University-level degree in InfoSec, Computer Science or other related field. knowledge with major compliance frameworks such as PCI, ISO 27001/17, SOC 2, HITRUST, GDPR. A burning curiosity to learn as much as you can about the NICE cloud environment and the services and products we offer our customers as well as the existing security infrastructure we have in place today; Excellent communications skills along to work collaboratively with security team members and operations and development teams or independently to achieve tactical and strategic security goals; Strong organization and prioritization skills; Education, training or experience with security and compliance fundamentals; Experience working with work tracking tools such as JIRA, Service Now or others. What’s in it for you? Join an ever-growing, market disrupting, global company where the teams – comprised of the best of the best – work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr! Enjoy NICE-FLEX! At NICE, we work according to the NICE-FLEX hybrid model, which enables maximum flexibility: 2 days working from the office and 3 days of remote work, each week. Naturally, office days focus on face-to-face meetings, where teamwork and collaborative thinking generate innovation, new ideas, and a vibrant, interactive atmosphere. Requisition ID: 7117 Reporting into: Technical Manager Role Type: Individual Contributor

JOB DESCRIPTION About KPMG in India KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. QUALIFICATIONS Strong hands-on experience with one or more EDR platforms (e.g., CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint, Sophos Intercept X, Trend Micro Apex One). Knowledge of MITRE ATT&CK framework and threat detection techniques. Familiarity with malware analysis, endpoint forensics, and log analysis. Experience with SIEM platforms (e.g., Splunk, QRadar, LogRhythm) for correlation and alerting. Scripting knowledge (PowerShell, Python, Bash) for automation and custom detection. Understanding of endpoint operating systems (Windows, macOS, Linux) and their security internals. Familiarity with enterprise IT infrastructure, Active Directory, and networking basics. Experience with ticketing and incident management tools (e.g., ServiceNow, JIRA). Understanding of compliance standards Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Security Managed Services Engineer (L2) is a developing engineering role, responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational. Through the proactive monitoring, identifying, investigating, and resolving of technical incidents and problems, this role is able to restore service to clients. The primary objective of this role is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA) and focuses on second-line support for incidents and requests with a medium level of complexity. The Security Managed Services Engineer (L2) may also contribute to / support on project work as and when required. What You'll Be Doing Academic Qualifications and Certifications: BE/BTech in Electronics/EC/EE/CS/IT Engineering or MCA At least one security certification such as CCNA Security, CCSA, CEH, CompTIA, GCIH/GCIA Required Experience: At least one SIEM solution certifications with one or more SIEM/ Security solutions (i.e., RSA NetWitness, Splunk ES, Elastic ELK, HP ArcSight, IBM QRadar Log Rhythm). Minimum overall 5 years of experience in handling security related products & services in a reputed organization out of which 3 years’ experience should be in SIEM solution. Person should have adequate knowledge of security devices like firewalls, IPS, Web Application Firewall, DDOS, EDR, Incident response, SOAR and other security devices Administration of SIEM environment (e.g.: deployment of solution, user management, managing the licenses, upgrades and patch deployment, addition or deletion of log sources, configuration management, change management, report management, manage backup and recovery, etc.) Construction of SIEM content required to produce Content Outputs (e.g., filters, active lists, correlation rules, reports, report templates, queries, trends, variables) Integration of customized threat intelligence content feeds provided by the Threat Intelligence & Analytics service Identifies possible sensor improvements to prevent incidents Collects/updates threat intelligence feeds from various sources Creates situational awareness briefings Co-ordinates with the different departments for incident analysis, containment and remediation Liaise with Security monitoring team to discover repeatable process that lead to new content development Provides engineering analysis and architectural design of technical solutions Knowledge of networking protocols and technologies and network security Sound analytical and troubleshooting skills Key Responsibilities: Monitors client infrastructure and solutions. Identifies problems and errors prior to or when they occur. Routinely identifies common incidents and opportunities for avoidance as well as general opportunities for incident reduction. Investigates first line incidents assigned and identifies the root cause of incidents and problems. Provides telephonic or chat support to clients when required. Schedules maintenance activity windows for patching and configuration changes. Follows the required handover procedures for shift changes to ensure service continuity. Reports and escalates incidents where necessary. Ensures the efficient and comprehensive resolutions of incidents and requests. Updates existing knowledge articles or create new ones. Identifies opportunities for work optimization including opportunities for automation of work, request fulfilment, incident resolution, and other general process improvement opportunities. May also contribute to / support on project work as and when required. May work on implementing and delivering Disaster Recovery functions and tests. Performs any other related task as required. Workplace type: On-site Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today. Show more Show less

Must have skills : Azure Sentinel L2/L3 SOC Analyst Preferred : HYD Exp : Minimum 6 yrs in security domain, and atleast 3 yrs as L2/L3 JD : .Develop and maintain playbooks runbooks and incident response procedures .Collaborate with threat intelligence teams to enrich alerts and improve detection capabilities .Conduct post incident reviews and root cause analysis .Mentor and train L1 and L2 SOC analysts .Recommend and implement improvements to SOC tools processes and detection rules .Stay current with emerging threats vulnerabilities and security technologies .The expectations from the graders would be .To evaluate the tasks that are being fed into the agent for their real world applicability .To evaluate the agent output to come up with a ground truth and rate the agent output in a .Predefined rubric based on the inputs provided by us .To have very deep SOC analyst experience and insights This also includes any other skills needed .T.o evaluate the agent output The ability to scale to around min 2030 evaluations per day per grader based on the complexity of the task. Core Technical Skills:- .SIEM Tools eg Splunk QRadar Microsoft Sentinel .Endpoint Detection and Response EDR eg CrowdStrike SentinelOne .Firewall and IDSIPS eg Palo Alto Snort Suricata .Log Analysis and Packet Capture Analysis eg Wireshark .Threat Intelligence Platforms eg MISP Recorded Future .Incident Response and Forensics .Scripting Automation Python PowerShell Bash .Operating Systems Windows Linux macOS .Networking Fundamentals TCPIP DNS HTTP VPNs Kindly share your CV at Ranjana.singh1@ltimindtree.com Regards Ranjana Singh Show more Show less

We are seeking a talented and highly motivated Microsoft Sentinel SIEM Engineer to join our Dedicated Defense group. As a key member of our team, you will be responsible for deploying and maintaining Microsoft Security technologies to enhance threat detection, response, and overall security posture. This is an exciting opportunity for an individual with expertise in major SIEM technologies, aiming to help safeguard critical systems and data from evolving cyber threats. Responsibilities: Architect, deploy, and maintain Microsoft Sentinel for SIEM use cases including log ingestion, data normalization, and incident correlation. Manage and optimize Microsoft Defender for Endpoint, Identity, Cloud, Office 365, and other Defender tools to maximize protection and visibility. Develop custom queries,detection rules, workbooks, and automation playbooks to improve threat detection and response efficiency. Lead the design and implementation of security monitoring, including data connectors, analytics rules, and incident automation. Collaborate with threat analysts and incident response teams to triage, investigate, and respond to security alerts and incidents. Provide technical guidance in security best practices, incident response procedures, and threat hunting using Microsoft security tools. Continuously assess the security landscape and recommend improvements to policies, tools, and configurations. In addition to strong technical acumen, the ideal candidate will bring excellent communication and client-facing skills to collaborate directly with customers, understand their security needs, and deliver tailored solutions that align with their risk posture and compliance requirements. Outcomes: Integration & Optimization: Integrate and optimize Microsoft Sentinel to improve visibility and automate threat detection workflows Threat Detection: Utilize Microsoft Sentinel AI-powered analytics to dashboard reports and automate critical reporting functions Automation & Playbook Development: Develop automated detection and response playbooks based on Microsoft data feeds, streamlining incident management and reducing time to resolution. Collaboration & Knowledge Sharing: Work closely with other security and IT teams to share threat intelligence, optimize SIEM use, and contribute to security strategy development. Reporting & Documentation: Develop and maintain dashboards, reports, and documentation related to Microsoft Sentinel deployment, performance, and incident metrics. Continuous Improvement: Continuously evaluate Microsoft Sentinel capabilities and other relevant security tools to recommend improvements and refine detection capabilities. Required Qualifications: 5 years of SIEM experience in Splunk, Qradar, Microsoft, and comparable SIEMS Hands-on experience with other SIEM platforms (Splunk, IBM QRadar, Microsoft Sentinel, etc.) and integrating them with endpoint security tools. Strong understanding of cybersecurity principles, threat detection, and SIEM management. Experience working with Sentinel One Core EDR technology Proficiency in scripting and automation (Python, PowerShell, etc.). Experience with cloud security (AWS, Azure, GCP) and cloud-native SIEM solutions is a plus. Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience). Preferred Qualifications: 5 years of experience in cybersecurity in a SOC or security engineering capacity. Proven hands-on expertise with Microsoft Sentinel and Microsoft Defender suite. Deep knowledge of Kusto Query Language (KQL) and building custom analytics rules and workbooks in Sentinel. Strong experience in customer-facing roles. Experience with incident response, threat detection, and threat hunting techniques. Strong understanding of cloud security, especially in Azure environments. Familiarity with MITRE ATT&CK, NIST, and other security frameworks. Experience integrating Sentinel with third-party solutions (e.g., threat intel feeds, ticketing systems).

Wells Fargo is seeking a Senior Information Security Engineer. In this role, you will: Lead or participate in computer security incident response activities for moderately complex events Conduct technical investigation of security related incidents and post incident digital forensics to identify causes and recommend future mitigation strategies Provide security consulting on medium projects for internal clients to ensure conformity with corporate information, security policy, and standards Design, document, test, maintain, and provide issue resolution recommendations for moderately complex security solutions related to networking, cryptography, cloud, authentication and directory services, email, internet, applications, and endpoint security Review and correlate security logs Utilize subject matter knowledge in industry leading security solutions and best practices to implement one or more components of information security such as availability, integrity, confidentiality, risk management, threat identification, modeling, monitoring, incident response, access management, and business continuity Identify security vulnerabilities and issues, perform risk assessments, and evaluate remediation alternatives Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals Required Qualifications: 4+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education Desired Qualifications: 4+ years of demonstrated information security applications and systems experience 4+ years of demonstrated experience leveraging security technologies such as SIEM for security incident analysis 2+ years of demonstrated experience with at least one scripting language (preferably JavaScript and its frameworks / Python) working on automation and engineering projects Proficiency in detection engineering developing and maintaining effective detection rules and correlation logic. Correlation searches, rules, alerts. Behavioral detections (e.g., brute-force, privilege escalation). Anomaly detections (e.g., unusual logon patterns, entropy-based detections). Hands-on experience with parsing configurations (props, transforms, regex, normalization techniques). Expertise in log source onboarding , source categorization, and enrichment. Strong understanding of security event types (firewall, endpoint, identity, cloud, SaaS logs). Familiarity with common attack vectors (credential abuse, privilege escalation, lateral movement). Knowledge of threat detection frameworks like MITRE ATT&CK, NIST, CIS . Ability to work with threat intelligence feeds to build contextual detections. Experience with log analysis , anomaly detection , and statistical detection methods. Proficient in developing content for SIEMs such as Splunk, Sentinel, QRadar, ArcSight, Elastic, etc. Optimize search performance and false positive tuning of existing detection rules. Maintain deployment workflows for apps, configurations, and detection packages across the SIEM infrastructure. Work with security analytics teams to develop data models or normalized schemas (CIM or equivalent). Job Expectations: Knowledge and understanding of banking or financial services industry Should possess understanding of security and threat landscape relevant to cloud technologies Excellent verbal, written, and interpersonal communication skills Strong ability to identify anomalous behavior on endpoint devices and/or network communications Advanced problem solving skills, ability to develop effective long-term solutions to complex problems Relevant certifications such as Splunk Certified Admin, Splunk Enterprise Security Certified Admin.

Understanding of network defence principles, common attack vectors, and attacker techniques. Technical baseline skills and the ability to acquire in-depth knowledge of network and host security technologies Basic Linux/Windows OS knowledge, firewall rules and policy fundamentals. Excellent analytical and problem-solving skills. Strong work ethic and commitment to accomplish assigned tasks with a sense of urgency. Windows, Linux, Network Security, Phishing, Splunk, Malware

Title: Security Analyst (SOC & EDR) Location: Gurgaon, India Type: Hybrid (work from office) Job Description Who We Are: Fareportal is a travel technology company powering a next-generation travel concierge service. Utilizing its innovative technology and company owned and operated global contact centers, Fareportal has built strong industry partnerships providing customers access to over 600 airlines, a million lodgings, and hundreds of car rental companies around the globe. With a portfolio of consumer travel brands including CheapOair and OneTravel, Fareportal enables consumers to book-online, on mobile apps for iOS and Android, by phone, or live chat. Fareportal provides its airline partners with access to a broad customer base that books high-yielding international travel and add-on ancillaries. Fareportal is one of the leading sellers of airline tickets in the United States. We are a progressive company that leverages technology and expertise to deliver optimal solutions for our suppliers, customers, and partners. FAREPORTAL HIGHLIGHTS: Fareportal is the number 1 privately held online travel company in flight volume. Fareportal partners with over 600 airlines, 1 million lodgings, and hundreds of car rental companies worldwide. 2019 annual sales exceeded $5 billion. Fareportal sees over 150 million unique visitors annually to our desktop and mobile sites. Fareportal, with its global workforce of over 2,600 employees, is strategically positioned with 9 offices in 6 countries and headquartered in New York City. Job Overview We are seeking a proactive and knowledgeable Security Analyst to join our Information Security Operations (SecOps) team . This role will focus on SOC monitoring and Endpoint Detection and Response (EDR) using SentinelOne . The ideal candidate should have solid experience in threat monitoring, incident response, and SentinelOne tool handling. Key Responsibilities: Monitor and respond to SOC alerts and security incidents in real time. Analyze logs and alerts from SIEM and SentinelOne EDR platforms. Perform incident triage , escalation, and coordination with internal teams. Troubleshoot SentinelOne-related issues , including error resolution, agent communication, and performance problems. Understand and manage SentinelOne policies , ensure proper deployment, and make necessary adjustments for better coverage. Quickly identify the root cause of issues related to endpoint protection and take corrective actions. Coordinate with the IT team for issue resolution and endpoint remediation. Collaborate with teams to reduce false positives and improve alert accuracy. Maintain incident documentation , reports, and operational dashboards. Support in threat hunting , vulnerability detection, and other BAU (Business As Usual) security tasks. Required Skills & Qualification: Bachelors/Masters Degree in Computer Science, Information Systems, Engineering. 24 years of experience in SOC operations and endpoint security monitoring. Hands-on experience with SentinelOne EDR , including troubleshooting and policy management. Good knowledge of cybersecurity threats, incident response processes, and log analysis. Ability to investigate and resolve SentinelOne alerts and agent-related errors effectively. Experience working with SIEM tools (like Splunk, Qradar, etc.). Strong understanding of false positive tuning and threat detection improvement. Basic scripting knowledge (PowerShell, Python) is a plus. Good communication and analytical skills. Preferred Skills & Qualifications: CEH , CompTIA Security+ , or any other relevant security certification. Disclaimer This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Fareportal reserves the right to change the job duties, responsibilities, expectations or requirements posted here at any time at the Companys sole discretion, with or without notice.