394 Qradar Jobs - Page 3

Description and Requirements "At BMC trust is not just a word - it's a way of life!" Description And Requirements CareerArc Code CA-JF Hybrid "At BMC trust is not just a word - it's a way of life!" We are an award-winning, equal opportunity, culturally diverse, fun place to be. Giving back to the community drives us to be better every single day. Our work environment allows you to balance your priorities, because we know you will bring your best every day. We will champion your wins and shout them from the rooftops. Your peers will inspire, drive, support you, and make you laugh out loud! We help our customers free up time and space to become an Autonomous Digital Enterprise that conquers the opportunities ahead - and are relentless in the pursuit of innovation! Our IS&T (Information Services and Technology) department provides all the required technology and operational support services to run our business here in BMC! We have over 200 servers on premises to support production, disaster recovery, databases, applications and over 1000 servers in Lab environment. IS&T is transformational not only for BMC but also for the customer experience, because we give a 360 degrees view to the customer about the products they should know, opportunities in the pipeline, and any service issues outstanding with the customer. We use cutting-edge technologies to manage BMC's infrastructure and showcase it to the customers – program is called BMC on BMC! We are seeking a proactive and technically capable Cyber Threat Management Engineer to join our cybersecurity threat management team. This early-career role is ideal for individuals with foundational experience in cybersecurity who are ready to grow their technical skills and contribute to BMC’s threat detection and response capabilities. You will play an integral part in identifying, analyzing, and mitigating cyber threats across BMC’s global environment. Here is how, through this exciting role, YOU will contribute to BMC's and your own success: Monitor and analyze data from security systems including open source and enterprise solutions. Effectively communicate identified threats and track remediations until completion. Participate in the investigation and technical analysis of security incidents and provide remediation guidance. Integrate threat intelligence feeds and use frameworks like MITRE ATT&CK to assess and defend against current adversary tactics. Contribute to automation initiatives to streamline threat detection, alerting, and response workflows. Support threat hunting and red team exercises. Document findings, techniques, and outcomes in knowledge bases and reports. To ensure you’re set up for success, you will bring the following skillset & experience: Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field—or equivalent hands-on experience. Foundational experience (e.g., 1–2 years) in cybersecurity operations, threat analysis, or incident response. Proficiency with at least one SIEM platform (e.g., Splunk, QRadar, Sentinel). Proficiency with enterprise solutions providing dark web monitoring, attack surface management, threat intelligence, and risk rating. Understanding of network protocols, operating systems, and cybersecurity fundamentals. Strong scripting or automation skills (e.g., Python, PowerShell, Bash) Excellent communication and documentation abilities. Whilst these are nice to have, our team can help you develop in the following skills: Familiarity with threat intelligence tools and frameworks (e.g., MISP, STIX/TAXII). Knowledge of cloud security practices (AWS, Azure, or GCP). Relevant certifications such as CompTIA Security+, CySA+, SC-200, or GIAC (GCIH, GCIA, GCTI). Curiosity for cybersecurity and continuous learning. BMC Software maintains a strict policy of not requesting any form of payment in exchange for employment opportunities, upholding a fair and ethical hiring process. At BMC we believe in pay transparency and have set the midpoint of the salary band for this role at 1,725,800 INR. Actual salaries depend on a wide range of factors that are considered in making compensation decisions, including but not limited to skill sets; experience and training, licensure, and certifications; and other business and organizational needs. The salary listed is just one component of BMC's employee compensation package. Other rewards may include a variable plan and country specific benefits. We are committed to ensuring that our employees are paid fairly and equitably, and that we are transparent about our compensation practices. ( Returnship@BMC ) Had a break in your career? No worries. This role is eligible for candidates who have taken a break in their career and want to re-enter the workforce. If your expertise matches the above job, visit to https://bmcrecruit.avature.net/returnship know more and how to apply. Show more Show less

We are looking for a highly skilled Information Security Manager to lead and implement ISO 27001 compliance, cybersecurity strategies, and risk management within our organization. The ideal candidate will establish and maintain security policies, manage information security risks, and ensure compliance with regulatory standards like SOC2, GDPR, and NIST frameworks. Key Responsibilities ISO 27001 Implementation & Compliance : Develop, implement, and maintain an Information Security Management System (ISMS) aligned with ISO 27001 standards. Conduct ISO 27001 gap analysis, risk assessments, and audits to ensure compliance. Define and enforce information security policies, procedures, and controls to safeguard data integrity, confidentiality, and availability. Drive ISO 27001 certification efforts, ensuring successful audits and continuous improvements. Lead security awareness training programs for employees to enhance the organization's security posture. Cybersecurity Strategy & Risk Management Develop and implement a cybersecurity strategy to protect against threats, vulnerabilities, and attacks. Conduct regular penetration testing, vulnerability assessments, and security audits to identify and mitigate risks. Implement Zero Trust architecture, access control mechanisms, and security best practices across IT infrastructure. Monitor threat intelligence, security incidents, and cyber threats, responding with effective mitigation strategies. Ensure security of cloud infrastructure (AWS, Azure, GCP) by enforcing IAM policies, encryption, and secure configurations. Establish and manage a Security Incident Response Plan (SIRP) for rapid threat detection and mitigation. Regulatory Compliance & Governance Ensure compliance with ISO 27001, SOC2, GDPR, NIST, PCI-DSS, and other industry security frameworks. Collaborate with internal teams to align security policies with business operations and regulatory requirements. Work with external auditors and security consultants to maintain compliance certifications and regulatory audits. Develop and maintain security metrics, dashboards, and reports for leadership and regulatory bodies. Security Operations & Monitoring Oversee SIEM (Security Information and Event Management) solutions for real-time threat detection. Implement and manage Intrusion Detection & Prevention Systems (IDS/IPS), firewalls, and endpoint security solutions. Develop and enforce incident response, disaster recovery, and business continuity plans. Ensure data protection, encryption, and secure backup strategies are in place for all critical systems. Preferred Experience & Qualifications 5+ years of experience in information security, cybersecurity, or compliance roles. Strong expertise in ISO 27001 implementation, auditing, and certification. Hands-on experience with security risk assessments, vulnerability management, and threat modeling. Deep understanding of cybersecurity frameworks (SOC2, NIST, CIS, GDPR, PCI-DSS). Experience with SIEM solutions (Splunk, ELK, QRadar, or similar) for security monitoring. Knowledge of firewalls, IDS/IPS, endpoint protection, and cloud security best practices. Strong understanding of IAM, network security, encryption, and access control policies. Certifications like CISM, CISSP, CISA, CEH, ISO 27001 Lead Auditor/Implementer are highly preferred. Strong problem-solving, communication, and stakeholder management skills. (ref:hirist.tech) Show more Show less

Description What We Are Looking For: Meltwater’s collaborative Security Team needs a passionate Security Engineer to continue to advance Meltwater’s security. Working with a group of fun loving people who are genuinely excited and passionate about security, there will be more laughs than facepalms! If you believe that improving security is about constantly moving technology forward to be more secure, and shifting security tools and checks earlier in the development lifecycle, then you’ll feel at home on Meltwater’s Security Team! At Meltwater we want to ensure that we can have autonomous, empowered and highly efficient teams. Our Security Team charges head on into the challenge of ensuring our teams can maintain their autonomy without compromising the security of our systems, services and data. Through enablement and collaboration with teams, Security Engineers ensure that our development and infrastructure practices have security defined, integrated and implemented in a common-sense manner that reduces risk for our business. Security Engineers define best practices, build tools, implement security checks and controls together with the broader Engineering and IT teams to ensure that our employees and our customers' data stays safe. As part of this, we leverage AWS as a key component of our cloud infrastructure. Security Engineers play a critical role in securing and optimizing AWS environments by implementing best practices, automating security controls, and collaborating with teams to ensure scalability, resilience, and compliance with industry standards. What You’ll do: In this role, you will be designing and implementing security functions ranging from checks on IaC (Infrastructure as Code) to SAST/DAST scanners in our CI/CD pipelines. You will be collaborating closely with almost every part of the Meltwater organization and help create security impact across all teams with strong support from the business. Collaborate closely with teams to help identify and implement frictionless security controls throughout the software development lifecycle Propose and implement solutions to enhance the overall cloud infrastructure and toolset. Perform ongoing security testing, including static (SAST), dynamic (DAST), and penetration testing, along with code reviews, vulnerability assessments, and regular security audits to identify risks, improve security, and develop mitigation strategies. Educate and share knowledge around secure coding practices Identify applicable industry best practices and consult with development teams on methods to continuously improve the risk posture. Build applications that improve our security posture and monitoring/alerting capabilities Implement and manage security technologies including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, and security information and event management (SIEM) tools. Conduct vulnerability assessments, penetration testing, and regular security audits to identify risks and develop mitigation strategies. Monitor and respond to security incidents and alerts, performing root cause analysis and incident handling. Participate in incident response and disaster recovery planning, testing, and documentation. Manage identity and access management (IAM) solutions to enforce least privilege and role-based access controls (RBAC). Assist in the development of automated security workflows using scripting (Python, Bash, or similar). What You'll Bring: Strong collaboration skills with experience working cross functionally with a diverse group of stakeholders Strong communication skills with the ability to provide technical guidance to both technical and non-technical audiences Experience in implementing security controls early in the software development life cycle Knowledge of industry accepted security best practices/standards/policies such as NIST, OWASP, CIS, MITRE&ATT@CK Software developer experience in one or more of the following languages: JavaScript, Java, Kotlin or Python Experience in at least one public cloud provider, preferably AWS, with experience in security, infrastructure, and automation. Hands-on experience with SIEM platforms such as Splunk, QRadar, or similar. Proficiency in Linux operating system, network security, including firewalls, VPNs, IDS/IPS, and monitoring tools. Experience with vulnerability management tools (Snyk, Nessus, Dependabot) and penetration testing tools (Kali Linux, Metasploit). Experience in forensics and malware analysis. Self-motivated learner that continuously wants to share knowledge to improve others The ideal candidate is someone from a Software Development background with a passion for security. If you’re someone who understands the value of introducing security early in the software development lifecycle, and want to do so by enabling and empowering teams by building tools they WANT to use, we want to hear from you! What We Offer: Enjoy flexible paid time off options for enhanced work-life balance. Comprehensive health insurance tailored for you. Employee assistance programs cover mental health, legal, financial, wellness, and behaviour areas to ensure your overall well-being. Complimentary CalmApp subscription for you and your loved ones, because mental wellness matters. Energetic work environment with a hybrid work style, providing the balance you need. Benefit from our family leave program, which grows with your tenure at Meltwater. Thrive within our inclusive community and seize ongoing professional development opportunities to elevate your career. Where You'll Work: Hitec city, Hyderabad. When You'll Join: As per the offer letter Our Story At Meltwater, we believe that when you have the right people in the right environment, great things happen. Our best-in-class technology empowers our 27,000 customers around the world to make better business decisions through data. But we can’t do that without our global team of developers, innovators, problem-solvers, and high-performers who embrace challenges and find new solutions for our customers. Our award-winning global culture drives everything we do and creates an environment where our employees can make an impact, learn every day, feel a sense of belonging, and celebrate each other’s successes along the way. We are innovators at the core who see the potential in people, ideas and technologies. Together, we challenge ourselves to go big, be bold, and build best-in-class solutions for our customers. We’re proud of our diverse team of 2,200+ employees in 50 locations across 25 countries around the world. No matter where you are, you’ll work with people who care about your success and get the support you need to unlock new heights in your career. We are Meltwater. We love working here, and we think you will too. "Inspired by innovation, powered by people." Equal Employment Opportunity Statement Meltwater is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: At Meltwater, we are dedicated to fostering an inclusive and diverse workplace where every employee feels valued, respected, and empowered. We are committed to the principle of equal employment opportunity and strive to provide a work environment that is free from discrimination and harassment. All employment decisions at Meltwater are made based on business needs, job requirements, and individual qualifications, without regard to race, color, religion or belief, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, marital status, veteran status, or any other status protected by the applicable laws and regulations. Meltwater does not tolerate discrimination or harassment of any kind, and we actively promote a culture of respect, fairness, and inclusivity. We encourage applicants of all backgrounds, experiences, and abilities to apply and join us in our mission to drive innovation and make a positive impact in the world. Show more Show less

https://zrec.in/jXrSD?source=CareerSite

About The Role We are seeking a proactive and detail-oriented Cybersecurity Analyst with 1–3 years of experience to help safeguard our digital assets and protect our IT infrastructure from security threats. The ideal candidate will have hands-on experience in monitoring security systems, analyzing threats, and contributing to the organization's overall cyber defense strategy. Key Responsibilities Monitor security systems (SIEM, firewalls, IDS/IPS) for unusual activity or potential threats. Analyze and respond to security alerts, incidents, and breaches. Conduct regular vulnerability assessments and assist in remediation efforts. Support incident response processes, including investigation, documentation, and root cause analysis. Help implement and maintain cybersecurity policies, procedures, and best practices. Conduct user access reviews and manage security configurations across systems. Research and recommend security enhancements, tools, and techniques. Collaborate with IT and DevOps teams to ensure secure system deployments. Required Qualifications Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field. 1–3 years of hands-on experience in a cybersecurity or IT security role. Working knowledge of cybersecurity principles, tools, and frameworks (e.g., NIST, ISO 27001). Experience with SIEM tools (e.g., Splunk, IBM QRadar, ELK), firewalls, and endpoint protection. Familiarity with networking concepts, system administration (Windows/Linux), and cloud environments (AWS/Azure/GCP). Strong analytical, investigative, and problem-solving skills. Ability to work independently and in cross-functional teams. Preferred Qualifications Industry certifications such as CompTIA Security+, CEH, SSCP, or similar. Experience with scripting or automation (e.g., Python, Bash, PowerShell). Familiarity with DevSecOps practices or CI/CD pipelines. Understanding of regulatory standards (e.g., GDPR, HIPAA, PCI-DSS). What We Offer Competitive salary. Professional development opportunities and training support. Flexible work environment (including hybrid). Insurance Opportunity to work with modern security technologies in a dynamic team. Show more Show less

Your day at NTT DATA The Security Platform Engineer is a seasoned subject matter expert, responsible for facilitating problem resolution and mentoring for the overall Global Data Centers Office of Information Security (GDC-OIS) team. This role performs important tasks specialized at threat hunting, Crowdstrike, Network Security and other operational security tasks such as performance and availability monitoring, log monitoring, security incident detection and response, security event reporting, and content maintenance (tuning). The Security Platform Engineer is responsible for detecting and monitoring escalated threats and suspicious activity affecting the organization's technology domain (servers, networks, appliances and all infrastructure supporting production applications for the enterprise, as well as development environments). What you'll be doing KEY RESPONSIBILITIES Works as part of a 24/7 global team in IT/OT environment. ICS and SCADA knowledge preferred. Administers the organization's security tools to gather security logs from the environment and performs lifecycle management, including break-fix, patching, and live updates. Performs security incident handling and response from various vectors, including endpoint protection, enterprise detection and response tools, attack analysis, malware analysis, network forensics, and computer forensics. Conducts vulnerability assessments using automated scanning tools and manual techniques to identify security vulnerabilities in systems, networks, applications, and infrastructure components. Analyzes scan results, prioritizes vulnerabilities based on severity, impact, and exploitability, and provides detailed remediation recommendations to system owners, administrators, and IT teams. Monitors security alerts and maintains awareness of new threats and vulnerabilities to identify potential risks. Reads reports, makes risk assessments, works to detect the source of attacks, and tests current defenses against threats. Collaborates to develop practical mitigation strategies, configuration changes, and patch management processes to address identified vulnerabilities. Identifies opportunities to make automations that will help the incident response team. Ensures usage of knowledge articles in incident diagnosis and resolution and assists with updating as required. Investigates causes of incidents, seeks resolution, and escalates unresolved incidents, following up until resolved. Provides service recovery following the resolution of incidents and documents and closes resolved incidents according to agreed procedures. Maintains knowledge of specific , provides detailed advice regarding their application, and ensures efficient and comprehensive resolution of incidents. Logs all incidents in a timely manner with the required level of detail and cooperates with all stakeholders, including client IT environments, vendors, and carriers, to expedite diagnosis of errors and problems and identify a resolution. Analyzes data from various sources, including network traffic, email logs, malware files, web server logs, and DNS records, to identify potential risks and improve security measures Leads projects, self-starter, and performs any other related task as required. KNOWLEDGE & ATTRIBUTES Seasoned working knowledge on implementation and monitoring of any SIEM or security tools/technologies. ICS and SCADA knowledge preferred Seasoned knowledge on security architecture, worked across different security technologies. Customer service orientated and pro-active thinking. Problem solver who is highly driven and self-organized. Great attention to detail. Good analytical and logical thinking. Excellent spoken and written communication skills. Team leader with the ability to work well with others and in group with colleagues and stakeholders. ACADEMIC QUALIFICATIONS & CERTIFICATIONS Bachelor's degree or equivalent in Information Technology or related field. Relevant level of Security certifications such as CySA+, PenTest+, CCSP, GCIH, OSCP, etc. preferred. Relevant level of IT certifications such as GRID, GICSP, AZ-500, SC-200, etc. will be added advantage. REQUIRED EXPERIENCE Seasoned experience in Security technologies like (SIEM, PAM, IAM, PenTest, Threat Hunting, Firewall, Proxy etc.) preferably within a global IT services organization. Prior experience of working into Security Operation centers of a Data Center will be an added advantage. ICS and SCADA knowledge preferred. Seasoned experience in technical support to clients. Seasoned experience in diagnosis and troubleshooting. Seasoned experience providing remote support in Security Technologies. Seasoned experience in SOC/CSIRT Operations. Seasoned experience in handling security incidents end to end. Seasoned experience in Security Engineering. Knowledge on networking, Windows, Linux and security concepts. Seasoned experience in configuring/managing security controls such as RBAC, IAM, Zero Trust, UTM, Proxy, SOAR, etc.. Knowledge on log collection mechanism such as Syslog, Log file, DB API. Knowledge in security architecture. Prior experience of working on platforms like Crowd strike, Qualys, Palo Alto, Splunk, QRADAR, Cisco, VMWare and Ubuntu PHYSICAL REQUIREMENTS Primarily sitting with some walking, standing, and bending. Able to hear and speak into a telephone. Close visual work on a computer terminal. Dexterity of hands and fingers to operate any required to operate computer keyboard, mouse, and other technical instruments. WORK CONDITIONS & OTHER REQUIREMENTS This position is expected to be Hybrid for the foreseeable future with an occasional need to be onsite in a shared work environment. Must be comfortable with flexible working schedules across regions and their standard Time zones other than the base location. (US, EMEA & APAC) Extensive daily usage of workstation or computer. Must be comfortable working in a highly critical, fast paced environment with shifting priorities. Some domestic and/or international travel required, up to 25% of time. Perform work from a remote location with stable internet connection.

Role Description Job Title: L1 SOC Analyst Experience : 2 to 3 years Location: Trivandrum, Kochi, Chennai, Bangalore, Hyderabad Company: CyberProof, A UST Company About CyberProof CyberProof is a leading cyber security services and platform company dedicated to helping customers react faster and smarter to security threats. We enable enterprises to create and maintain secure digital ecosystems through automation, threat detection, and rapid incident response. As part of the UST family, we are trusted by some of the world’s largest enterprises. Our Security Operations Group is composed of a global team of highly skilled cyber security professionals, with our tier 3-4 expertise rooted in Israeli Intelligence. The primary role of a SOC Level 1 Analyst is to serve as the frontline defense, managing first triage and ranking of security cases, and initiating the threat detection and response processes for client-related security events. The Analyst is integral to the MDR, working collaboratively with other teams to ensure high quality of service, and will be given opportunities for professional growth in cybersecurity. The position entails conducting inquiry procedures as dictated by CyberProof methodology and contributing insights on the case investigation and detection quality. Principal Duties Quickly respond to and classify all incoming security cases, ensuring that incidents are appropriately escalated to the right analyst within the predefined SLA period during the Analyst's shift. Conduct the first triage investigations into the assigned cases using a blended approach based on tools integrated into the SOAR platform and document all collected evidence and conclusions. At the shift's commencement, diligently review all new information in the SOAR, through the Teams channel, shared mailbox, and any other designated communication mediums to ensure readiness to continue or start case the investigation and address client queries. Facilitate a smooth handoff to the next team at the end of the shift, ensuring continuous and seamless security monitoring. Remain to any procedural inconsistencies or issues and proactively report these to the team leader or upper analytical layer (L2) for resolution or consultation. Should uncertainty or complex issues arise, elevate the matter promptly to a senior L1 Analyst or Shift and Technical Leads before resorting to the L2 team. Support the Lead Analysts and the L2 team in the extraction and compilation of data needed for the preparation of Weekly, Monthly, and Quarterly Business Review (QBR) documentation. Skills And Qualifications At least 1 year of experience as a security analyst Proficient in investigating s related to phishing, malware, and similar threats. Solid understanding of computer security and networking concepts Experience with SIEM or similar security tools (Splunk or Qradar or Sentinel). Knowledgeable about endpoint protection tools Skilled in analyzing network traffic, interpreting logs, and examining packet capture. Strong critical thinking and analytical abilities Excellent written and verbal communication skills Experience managing and analyzing s from security tools is a plus. Familiarity with cloud solutions is advantageous. Relevant certifications are a plus. Show more Show less

Must-Have Skills: Experience in SIEM Management tool (QRadar) / ITIL Certification / CCNA Certification / CEH Certification / VA (Product) Certification / CISM Certification Process and Procedure adherence General network knowledge and TCP/IP Troubleshooting Ability to trace down an endpoint on the network based on ticket information Familiarity with system log information Understanding of common network services (web, mail, DNS, authentication) Knowledge of host based firewalls, Anti-Malware, HIDS General Desktop OS and Server OS knowledge TCP/IP, Internet Routing, UNIX / LINUX & Windows NT knowledge Good-to-Have Skills: Strong analytical and problem-solving abilities Excellent project management capabilities Academic Qualifications: B.E. / B. Tech / MCA degree Requirements: Location: Mumbai Notice Period: 30 days Salary Range: 7-9 LPA Job Type: Full-time Shift Timings: Not specified Key Performance Indicators: Investigate and respond to security incidents Lead incident handling and coordinate with internal teams Develop SIEM rules and maintain correlation logic Integrate and monitor log sources for threat detection Mentor L1 analysts on incident response and best practices Document and report security incidents and SOC activity Kumari Nanhi 7505229019 kumari@zyvka.com Show more Show less

Introduction At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk. Your Role And Responsibilities Your Role and Responsibilities Responsibilities A SOC Analyst plays a crucial role in cybersecurity, focusing on incident response, threat analysis, and security monitoring. Here’s a general job description: Monitor and analyze security alerts from various sources. Investigate suspicious activities and security incidents. Coordinate and escalate incidents to appropriate teams. Perform root cause analysis and recommend solutions to mitigate risks. Collaborate with Level 1 analysts to enhance detection capabilities. Maintain and update incident response playbooks. Prepare reports and documentation of security incidents. Stay updated with the latest cybersecurity trends and threats. Assist in threat hunting to identify vulnerabilities. Preferred Education Master's Degree Required Technical And Professional Expertise Required Professional and Technical Expertise* Bachelor’s degree in IT, Cybersecurity, or a related field. 2-3 years of experience in a Security Operations Center (SOC). Certifications like CISSP, CEH, or CompTIA Security+ (preferred). Strong analytical and problem-solving skills. Excellent communication and teamwork abilities. Experience with incident detection and response. SIEM tools (e.g., Splunk, QRadar). Intrusion Detection Systems (IDS) & Intrusion Prevention Systems (IPS). Firewall & VPN technologies. Threat intelligence platforms. Endpoint detection & response tools. Network security protocols. Incident response techniques. Preferred Technical And Professional Experience Preferred Professional and Technical Expertise Scripting languages (e.g., Python, Bash). Understanding of malware analysis & forensics. Show more Show less

Hi Everyone, We are looking Sr. SOC Analyst for one of our MNC client Role: Sr. SOC Analyst (Cybersecurity) Experience: 4-8 Years Location: Navi Mumbai Notice Period: Immediate to 15 Days JD : Reporting Structure Program Lead – Cyber Defence center Education • University degree in the field of computer Science or IT or EXTC Experience/ Qualifications 1. 4 to 8 years’ experience in SOC with good Admin and SOC analysis knowledge • Ready to work in 24X7 shift Industry • Hands on experience in SIEM (ArcSight, IBM QRADAR) admin activity • Perform troubleshooting part in SIEM • Analyst would be part of 24x7 Cyber Security Operations function to perform security monitoring and incident response, data loss prevention, vulnerability management, threat intelligence and threat hunting. • Perform monitoring, research, assessment, and analysis on alerts from various security tools, including IDPS tools, SIEM, Anomaly detection systems, firewalls, antivirus systems, user behaviour analytics tools, endpoint inspection, and proxy devices. • Follow pre-defined actions to investigate possible security incidents or perform incident response actions, including escalating to other support groups. • Maintains standard operating procedures (SOP), processes and guidelines. • Manage threat intelligence function encompassing threat intelligence feeds data collection, adversary analysis, cyber attribution capabilities and disseminating threat intelligence. • Ensure proper functioning of systems in the Security Operations Centre. • Enhance and Build Cyber threat detection use cases and assist in analysing & reducing false positive. • Work with internal experts/external vendors to - resolve technical issues. • Prepare Incident Reports on high severity incidents. • Support the development and enhancement of SOC incident response capabilities. • Execute daily ad hoc tasks or lead projects as needed. Preferred Certifications (Added Advantage) • Preferred Cyber Security certifications (CTIA CISM, CEH, CCNA) or • Certified Network Defender from EC Council. Show more Show less

Hi Everyone, We are looking Security Operations Centre for one of our MNC client Role: Security Operations Centre (Cybersecurity) Experience: 5+ Years Location: Navi Mumbai Notice Period: Immediate to 15 Days JD: Education : Bachelor’s degree in information technology, or a related field, Cybersecurity (preferred). Experience/ Qualifications • 5 years of technology or other relevant industry experience. Emphasis on security operations, incident management, intrusion detection, and security event analysis. • 3+ years of working experience with UEBA security technologies/vendors (such as Qradar, and Gurucul) • Ability to isolate problems between hardware and software and provide information to appropriate support team(s) • Excellent communication and collaboration skills • Ability to handle pressure and work effectively in a fast paced environment Industry • IT, ITES, Banking (Preferred) Responsibilities Incident Detection and Triage: • Experience with security tools and technologies (e.g., UEBA, SOAR, TIP) • Responsible for lifecycle support in the areas of UEBA strategy, UEBA service delivery, and UEBA infrastructure support. • Responsible for tuning out false positives and creating actionable reports. • Monitor the impact of deploying new content on the health and performance of the UEBA, SOAR & TIP solutions. • Knowledge of legal and regulatory requirements related to data breaches a plus. • Good understanding of Incident life cycle and Triage process. • Good experience in OS logs, WAF, IPS, firewall etc. log analysis. • Knowledge of Threat Intelligence and Security Advisories research and analysis would be added advantage. Communication and Collaboration: • Communicate effectively with internal stakeholders, including system administrators, IT operations, and business units • Collaborate with external vendors and law enforcement as needed • Prepare and deliver incident reports and updates to senior management Threat Intelligence: • Stay up to date on the latest cyber threats and vulnerabilities • Share threat intelligence with other security professionals within the organization • Contribute to the development and improvement of the organization's security posture Industry Certifications • Technical certifications: CompTIA security+ \ CEH or relevant • Security Standard frameworks: ISO/NIST/PCI-DSS • Incident Handling and relevant certification Show more Show less

? Identify gaps and weaknesses on current alerting platforms and recommend improvements to ensure evolving capabilities. Identify gaps and weaknesses on Data Loss Prevention platforms. Continually review existing risk scoring models and adjust accordingly to ensure proper focus on significant security events and business needs. Administrate of DLP solution and liaising with GRC & CISO function to configure policies and work on reporting, monitor and respond to different alerts generated from the DLP solution. Demonstrate a good understanding of incident response process and event escalations, repone to DLPs escalations reported by incident response team. Share recommendations to further identify sensitive data and strengthen security controls. Collaborate & partner with legal, compliance team to support customer privacy initiative and continue compliance with different regulations, to mature company data life cycle management with focus on data security. Ability to independently research and solve technical issues and Demonstrated integrity in a professional environment.

Job Duties (Summary): Senior Security SOC Analyst works in 24/7 team and in shifts which include nights and rotational weekends. The role is a key part of our Security Monitoring Incident Response team, involving in investigating alerts/events that trigger from MS Sentinel / SIEM and EDR Tools and other end point tools. Senior Analyst will be the internal escalation point for the Security analysts within the shift/team and will assist Security Analysts in responding to Security Incidents. This role also needs exceptional communication skills (verbal and written), and an ability quickly understand complex information while recognizing familiar elements within complex situations. Required Skills & Experience: Responsible for 24/7 monitor, triage, analysing security events and alerts. Including Malware analysis. Should have good hands-on in Microsoft Sentinel and should have ability to query using KQL [Mandatory] Familiarity with core concepts of security incident response, e.g., the typical phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IoCs), etc... Strong knowledge of email security threats and security controls, including experience analysing email headers. Analysing Phishing emails and associated Threats and to remediate them by blocking the Urls analysing the malware(s),link(s),IOCs. Good understanding of Threat Intel and Hunting. Good hands on experience in investigating EDR alerts (Tanium, CrowdStrike, etc..) Good hands on experience in using XSOAR Platforms (Demisto, Phantom, etc..) Strong technical understanding of network fundamentals and common Internet protocols, specifically DNS, HTTP, HTTPS / TLS, and SMTP. Experience analysing network traffic using tools such as Wireshark, to investigate either security issues or complex operational issues. Experience reviewing system and application logs (e.g., web or mail server logs), either to investigate security issues or complex operational issues. Knowledge in investigating security issues within Cloud infrastructure such as AWS, GCP, Azure (Preferred not mandatory) Good knowledge and hands-on experience with SIEM systems such as SentinelOne/RSA Netwitness/Splunk/AlienVault/QRadar, ArcSight or similar in understanding/creating new detection rules, correlation rules etc... Experience In defining use cases for playbooks and runbooks (Preferred) Experience in understanding log types and log parsing Strong passion in information security, including awareness of current threats and security best practices. Basic Qualifications (Preferred not mandatory ? if Candidate has equivalent knowledge) Bachelors Degree in Computer Sciences or equivalent (Preferred not mandatory) Minimum of 3 years of experience in a Security Operations Centre (SOC) or incident response team (CSIRT Team member). Overall 3+ experience in Information Security/IT Security/Network Security. CEH, CISSP, OSCP, CHFI, ECSA, GCIH, GCIA, GSEC, GCFA certification (minimum One certification - Preferred not mandatory) A relevant specialist degree (e.g., information security or digital forensics). Knowledge in NIST CSF, MiTRE & ATTACK Framework. Active involvement in the Information Security community. Certified in Azure Security [SC-200, AZ-500, AZ-900] ? Either one or more [Mandatory]

We are looking for a content development engineer or L2 level SOC SIEM engineer with hands-on experience in developing new rules, use cases based on various log sources including Cloud Security log sources and integrating various log sources with SIEM Platform. Roles and Responsibilities: Creating and implementing new threat detection content, rules and use cases to deploy in SIEM platform with different data sets like Proxy, VPN, Firewall, DLP, etc. Assisting with process development and process improvement for Security Operations to include creation/modification of SOPs, Playbooks, and Work instructions. Developing custom content based on threat intelligence and threat hunting results. Identifying gaps in the existing security controls and develop/propose new security controls. SIEM Engineering and knowledge of integrating various log sources with any SIEM platform. Custom parsing of logs being ingested into the SIEM Platform 3+ years of experience working in the field of Content development and experience in delivering and/or building content on any of the SIEM tools like Splunk/Arc-sight /QRadar/Nitro ESM/etc. Deep understanding of MITRE ATT&CK Framework. Experience in SOC Incident analysis with an exposure to information security technologies such as Firewall, VPN, Intrusion detection tools, Malware tools, Authentication tools, endpoint technologies, EDR and cloud security tools. Good understanding of networking concepts. Experience interpreting, searching, and manipulating data within enterprise logging solutions (e.g. SIEM, IT Service Management (ITSM) tools, workflow, and automation) In depth knowledge of security data logs and an ability to create new content on advanced security threats on a need basis as per Threat Intelligence. Ability to identify gaps in the existing security controls. Good experience in writing queries/rules/use cases for security analytics (ELK, Splunk or any other SIEM platform) and deployment of content. Experience on EDR tools like Crowd-strike and good understanding on TTPs like Process Injection. Excellent communication, listening & facilitation skills Ability to demonstrate an investigative mindset. Excellent problem-solving skills. Preferred : Understanding of MITRE ATT&CK framework. Demonstrable experience in Use case /rule creation on any SIEM Platform. Chronicle Backstory/ YARA / Crowds trike rules is a plus. Location: Pan India

The Group Security (GS) Cybersecurity Defense Center (CDC) team is looking for a Security Operations Center (SOC) Analyst, responsible for execution of incident response, investigative analysis of security incidents, reporting, continuous improvement, and post-incident activities. Will work closely with the CDC Engineering Team, internal Nokia teams, external Security Suppliers, and various technology vendors. Group Security (GS) is part of Strategy & Technology and Nokias central knowledge center for Nokias cybersecurity policies and standards, the cybersecurity architecture and roadmap, and the monitoring and alerting of security incidents. You have: 5+ years of experience in a Security Operations Center (SOC) or similar role 2+ years of experience working with one or more of following systemsMicrosoft Sentinel, Microsoft Defender for Endpoint (MDE), Microsoft Defender for Identity (MDI), SentinelOne or Rapid7 Deep knowledge of incident response methodologies and forensic analysis techniques Strong understanding of cloud security principles and experience with major cloud platforms (AWS, Azure, GCP) Expertise in leveraging automation tools for enhancing security operations It would be nice if you also had: Certifications such as CompTIA Cybersecurity Analyst (CySA+), GIAC Certified Incident Handler (GCIH), or Certified SOC Analyst (CSA) Mentoring experience with junior analysts Execute complex security investigations using log analysis and threat intelligence across all Nokia assets Collaborate with SOC Engineers to drive automation and implement AI-powered security solutions Apply cloud security best practices and zero-trust architecture principles in security operations Engage with senior stakeholders to communicate security risks and improve incident response efforts Lead advanced threat hunting initiatives leveraging expertise in security tools and techniques Contribute to the continuous development of SOC processes, technologies, and techniques for enhanced security Mentor and guide junior analysts to foster a culture of learning and professional growth Facilitate post-incident activities, ensuring comprehensive reporting and continuous improvement of security measures

Job Title: SIEM Engineer Experience: 5 - 15 Years Location: Bengaluru / Noida Employment Type: Full-time About the Role: We are seeking a skilled SIEM Engineer to join our Managed Security Services team. You will be responsible for designing, implementing, managing, and supporting cybersecurity solutions, with a focus on SIEM tools and incident response. This is a hands-on technical role working with internal teams, customers, and third-party vendors to ensure robust security practices. Key Responsibilities: Design, deploy, and manage SIEM tools (e.g., QRadar, ArcSight, Splunk, McAfee ESM) and log integrations Create, tune, and maintain detection rules and dashboards Investigate and respond to security incidents and alerts Participate in security audits, threat hunting, and compliance checks Research emerging threats and enhance detection capabilities Support configuration management, system hardening, and network defense strategies Collaborate across teams to improve security operations and automation Required Skills: Strong hands-on experience with SIEM platforms & SIEM tools (e.g., QRadar, ArcSight, Splunk, McAfee ESM) and log integrations Deep understanding of security operations , incident response , and network/system security Experience with scanning tools (e.g., Nessus, Qualys ) and PAM solutions (e.g., CyberArk, BeyondTrust ) Solid knowledge of Linux/Windows environments and enterprise networks Familiar with encryption, security controls, and system hardening best practices Excellent analytical, troubleshooting, and communication skills Preferred: Security certifications (e.g., CEH, CISSP, GCIA, GCIH) Experience in automation and scripting for SOC workflows Willingness to participate in on-call support rotation

3+ years of experience working in the field of Content development and experience in delivering and/or building content on any of the SIEM tools like Splunk/Arc sight /QRadar/Nitro ESM/etc. Deep understanding of MITRE ATT&CK Framework. Experience in SOC Incident analysis with an exposure to information security technologies such as Firewall, VPN, Intrusion detection tools, Malware tools, Authentication tools, endpoint technologies, EDR and cloud security tools. Good understanding of networking concepts. Experience interpreting, searching, and manipulating data within enterprise logging solutions (e.g. SIEM, IT Service Management (ITSM) tools, workflow, and automation) In depth knowledge of security data logs and an ability to create new content on advanced security threats on a need basis as per Threat Intelligence. Ability to identify gaps in the existing security controls. Good experience in writing queries/rules/use cases for security analytics (ELK, Splunk or any other SIEM platform) and deployment of content. Experience on EDR tools like Crowd strike and good understanding on TTPs like Process Injection. Excellent communication, listening & facilitation skills Ability to demonstrate an investigative mindset. Excellent problem-solving skills. Understanding of MITRE ATT&CK framework. Location: Pan India

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Accenture MxDR Ops Security Threat Analysis Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your security skills to design, build, and protect enterprise systems, applications, data, assets, and people. A typical day involves collaborating with various teams to implement security measures, conducting assessments to identify vulnerabilities, and ensuring that all systems are fortified against potential cyber threats. You will also engage in continuous learning to stay updated on the latest security trends and technologies, contributing to a safer digital environment for the organization. Roles & Responsibilities:Perform security monitoring by analyzing logs, traffic and alerts generated by variety of device technologiesTimely response to customer requests like detection capabilities, tuning.Research new threats and provide recommendations to enhance detection capabilitiesStrong desire for continuous learning on vulnerabilities, attacks and countermeasures Identify opportunities for process improvement Professional & Technical Skills: Experience in SOC operations with customer-facing responsibilitiesDeep understanding on cyber security fundamentals, security devices, network defense concepts and threat landscapeHands-on experience in SIEM and threat hunting tools Added advantage in working with any SOAR platformDesirable knowledge in any scripting language and EDR productsPreferable GCIA, GCFA, CISSPStrong customer service and interpersonal skillsStrong problem-solving skillsAbility to communicate clearly at all levels, demonstrating strong verbal and written communication skills. Additional Information:Work as part of analysis team that works 24x7 on a rotational shift The candidate should have minimum 2 years of experience This position is based at our Chennai office.Minimum a bachelors or a masters degree in addition to regular 15- year full time educationAdaptability to accept change Qualification 15 years full time education

Should have done SIEM Engineeringactivities for more than 2 years. Hands on Experience to Configure,manage, and maintain the Microsoft Sentinel SIEM platform including logmanagement, retention configurations, maintenance of logs at low cost. Monitor, analyze, investigate andrespond to security incidents in MS Sentinel by collaborating with the SOC teamand Customers. Should be able to Integrate/onboarddevices (Linux, Palo Alto, Fortinet, windows and other devices etc.) to Azuresentinel Should have expertise in integratingdata sources which are not supported by Sentinel tool OOB. Custom parserdevelopment and ability to solve technical issues in Sentinel. Troubleshoot and resolve issuesrelated to SIEM (Sentinel) infrastructure and integrations like logs notreporting to Sentinel. Creation of integration documentsand sending them to customers as per requirement. Strong Knowledge of different MicrosoftDefender products Generate and reviewWeekly/Monthly reports to provide insights on security posture and SIEMeffectiveness to Customers Regularly review use caseperformance and keep track of any fine tuning done to use cases includingidentifying scenarios where fine tuning can be done and effectively communicateto customer/internal for fine tuning. Act as single point of contact forthe client during any issues of Integration or Incidents. What you ll do: Creation and Fine Tuning inCustom KQL queries and functions for complex detection and monitoring Requirements. Knowledge of Workbooks creation, Building Playbooks (Enrichment andResponse) in Sentinel automation through logic apps. Preference should be given to candidateswho have completed expert training and certifications in Sentinel and Defender productsof Microsoft. Strong communication, collaborationand multi-tasking skills to work effectively with cross-functional teams andstakeholders. Relevant professionalcertifications such as: AZ-900, SC-900, SC-200, Certified Ethical Hacker (CEH)or any other SIEM Engineering certification. Stay updated with the latesttrends and developments in SIEM technologies and cybersecurity threats andutilize it in System if required. What we offer: Insurance Group Medical Coverage, Group Personal Accident, Group Term Life Insurance Rewards and Recognition Program,Employee Referral Program, Wellness Program and CSR Initiatives Maternity and Paternity Leaves Company Sponsored CertificationProgram

The primary responsibility of this role is to provide advanced incident analysis and management within our SOC environment, while also leading the development and training of the L1 SOC team in incident analysis, parsers creation, rule views, and report management. The ideal candidate will have a strong background in cybersecurity, incident response, and leadership skills. Responsibilities: Advanced Incident Analysis: Utilize advanced tools and techniques to analyze and investigate security incidents detected within the organization's networks and systems. Incident Response: Lead incident response efforts, coordinating with internal and external stakeholders to mitigate and remediate security incidents promptly. Team Leadership: Provide mentorship and guidance to the L1 SOC team, assisting in the development of their skills in incident analysis, parser creation, rule views, and report management. Parser Creation: Develop and maintain parsers to enhance the capability of the SOC's security information and event management (SIEM) system in detecting and correlating security events. Rule View Management: Manage and optimize rule views within the SIEM platform to ensure accurate and timely detection of security threats. Report Management: Oversee the generation and distribution of security reports, including incident reports, trend analysis, and recommendations for improvement. Collaboration: Work closely with other teams within the organization, including IT operations, network engineering, and application development, to improve overall security posture and incident response capabilities. Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field. Equivalent work experience may be considered. Minimum of 3 years of experience in a SOC environment, with a focus on incident analysis and response. Strong understanding of cybersecurity principles, including threat detection, malware analysis, and vulnerability management. Experience with SIEM platforms (e.g., Securonix, QRadar) and familiarity with creating and managing parsers and rule views. Leadership experience, with the ability to mentor and motivate team members effectively. Excellent communication skills, both written and verbal, with the ability to convey complex technical concepts to non-technical stakeholders.

Advanced Incident Analysis: Utilize advanced tools and techniques to analyze and investigate security incidents detected within the organization's networks and systems. Incident Response: Lead incident response efforts, coordinating with internal and external stakeholders to mitigate and remediate security incidents promptly. Team Leadership: Provide mentorship and guidance to the L1 SOC team, assisting in the development of their skills in incident analysis, parser creation, rule views, and report management. Parser Creation: Develop and maintain parsers to enhance the capability of the SOC's security information and event management (SIEM) system in detecting and correlating security events. Rule View Management: Manage and optimize rule views within the SIEM platform to ensure accurate and timely detection of security threats. Report Management: Oversee the generation and distribution of security reports, including incident reports, trend analysis, and recommendations for improvement. Collaboration: Work closely with other teams within the organization, including IT operations, network engineering, and application development, to improve overall security posture and incident response capabilities.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Senior (CTM – Threat Detection & Response) KEY Capabilities: Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA Minimum of Splunk Power User Certification Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc. Perform remote and on-site gap assessment of the SIEM solution. Define evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations Conduct interview with stakeholders, review documents (SOPs, Architecture diagrams etc.) Evaluate SIEM based on the defined criteria and prepare audit reports Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment. Understand customer requirements and recommend best practices for SIEM solutions. Offer consultative advice in security principles and best practices related to SIEM operations Design and document a SIEM solution to meet the customer needs Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers Verification of data of log sources in the SIEM, following the Common Information Model (CIM) Experience in parsing and masking of data prior to ingestion in SIEM Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources Assist client with technical guidance to configure end log sources (in-scope) to be integrated to the SIEM Experience in handling big data integration via Splunk Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Hands-on experience in development and customization of Splunk Apps & Add-Ons Builds advanced visualizations (Interactive Drilldown, Glass tables etc.) Build and integrate contextual data into notable events Experience in creating use cases under Cyber kill chain and MITRE attack framework Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications. Experience in installation, configuration and usage of premium Splunk Apps and Add-ons such as ES App, UEBA, ITSI etc Sound knowledge in configuration of Alerts and Reports. Good exposure in automatic lookup, data models and creating complex SPL queries. Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations Experience in creating custom commands, custom alert action, adaptive response actions etc. Qualification & experience: Minimum of 3 to 6 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments. Strong oral, written and listening skills are an essential component to effective consulting. Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary. Must have knowledge of Vulnerability Management, Windows and Linux basics including installations, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting. Good to have below mentioned experience with designing and implementation of Splunk with a focus on IT Operations, Application Analytics, User Experience, Application Performance and Security Management Multiple cluster deployments & management experience as per Vendor guidelines and industry best practices Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

7 - 9 Years 1 Opening Kochi, Trivandrum Role description L2 SOC Lead Experience : 7 to 9 years Location : Bangalore/Trivandrum/Kochi Company: CyberProof, A UST Company About CyberProof CyberProof is a leading cyber security services and platform company dedicated to helping customers react faster and smarter to security threats. We enable enterprises to create and maintain secure digital ecosystems through automation, threat detection, and rapid incident response. As part of the UST family, we are trusted by some of the world’s largest enterprises. Our Security Operations Group is composed of a global team of highly skilled cyber security professionals, with our tier 3-4 expertise rooted in Israeli Intelligence Cyberproof is looking to hire a L2 team Lead for managing the existing shared services team. Role Proficiency: SOC Analyst L2 is an operational role, focusing on ticket quality and security incident deeper investigation and will be responsible to handle the escalated incidents from Level 1 team within SLA. The lead will be responsible for quality and ensuring processes are defined globally across all customers in Cyberproof. Responsibilities: SOC Analyst L2 would work closely with SOC L1 team, L3 team & customer and responsible for performing deeper analysis and need to interact with client in daily calls and need to take the responsibility of handling the True Positive incidents on time. When L1 escalates an incident to L2, need to conduct more analysis and, if needed, escalate to the customer/L3 team, or L2 analyst must advise L1 team members until the incident is resolved. Perform deep analysis to security incidents to identify the full kill chain Handle L2 and above level technical escalations from L1 Operations team and resolve within SLA. Identify the security gaps and need to recommend new rules/solution to L3/Customer Need to suggest finetuning for existing rules based on the high count/wherever required Create and manage the Incident handling playbook, process runbooks and ad-hoc documents whenever needed Respond to clients’ requests, concerns, and suggestions Proactively support L1 team during an incident. Performs and reviews tasks as identified in a daily task list. Ready to work in 24x7 rotational shift model including night shift Incident detection, triage, analysis and response. Coordinating with customers for their security related problems and providing solutions. Share knowledge to other analysts in their role and responsibilities Provide knowledge transfer to L1 such as advance hunting techniques, guides, cheat sheets etc Knowledge Experience: Experience of Managing L2 resources in a multi-location basis. Minimum of 3 years of experience in Cyber security, SOC At least 2 years of working in the SOC Proficient in Incident Management and Response Experience in leading a team of more than 9 analysts Experience in searching and log analysis in at least 2 of the below SIEM tools or more than 3 SIEM in total: Sentinel, QRadar, Splunk, LogRhythm, Google Chronicle Experience in analysis and response in at least 2 of the below EDR tools or more than 3 EDR in total:Crowd strike, MS Defender, Carbon Black, Cybereason, Sentinel One In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc. Up to date in cyber security and incidents; intermediate understanding of enterprise IT Infrastructure including Networks Firewalls OS Databases Web Applications etc. Understanding of ISMS principles and guidelines; relevant frameworks (e.g. ISO27001) Desirable – Training / Certification in Ethical Hacking/SIEM Tool etc. Additional Desired Skills: Strong verbal and written English communication Strong interpersonal and presentation skills Ability to work with minimal levels of supervision Responsible for working in a 24x7 Security Operation centre (SOC) environment. Essential Skills: Knowledge and hands-on experience with Azure Sentinel, Microsoft 365 Defender, Microsoft Defender for Cloud Apps & Identity Protection. Continuous Learning innovation and optimization: Ensure completion of learning programs as suggested by Managers Suggest ideas that will help innovation and optimization of processes. Help develop the ideas into proposals. Provide suggestions to reduce the manual work Teamwork Assist L1 team members where possible. About UST UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world’s best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients’ organizations. With over 30,000 employees in 30 countries, UST builds for boundless impact—touching billions of lives in the process.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Senior Manager_TDR (threat detection and response) Job Summary As a Senior Manager with EY’s Global Delivery Services (GDS) Cybersecurity Team, you will contribute technically to client engagement and services development activities. You will be focused on helping client’s grow and turn their Cyber security strategy into reality. You’ll work in high-performing teams that drive growth and deliver exceptional client service, making certain you play your part in building a better working world. You will be responsible for overall client service quality delivery in accordance with EY’s quality guidelines & methodologies. You will need to manage accounts and relationships on a day-to-day basis and explore new business opportunities for EY. Establishing, strengthening and nurturing relationships with clients (functional heads & key influencers) and internally across service lines. You will assist in developing new methodologies and internal initiatives and help in creating a positive learning culture by coaching, counselling and developing junior team members. Client responsibilities: Technical leadership and knowledge of cybersecurity concepts and methods including, but not limited to, SOC transformation, CTI, cloud, privacy, incident response, governance, risk and compliance, enterprise security strategies, and architecture. Excellent teamwork skills, passion and drive to succeed and combat Cyber threats Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel. Stay abreast of current business and economic developments and new pronouncements/standards relevant to the client's business. Generate new business opportunities by participating in market facing activities, executive briefings and developing thought leadership materials Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers. Should have worked in a security operations center and gained understanding of SIEM and other log management platforms. Having experience in best in breed SIEM (Splunk, Sentinel and Qradar etc) content development / architecting will be an added advantage. Should have good hands-on experience and skills on advanced and integrated key Threat Detection Technology like SIEM, SOAR, EPP, EDR solutions, Firewalls, IDPS, Web Proxy, Enterprise Forensics tools. Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure. Good knowledge in threat modelling. Knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others Work with the team and the client to create plans for accomplishing engagement objectives and a strategy that complies with professional standards and addresses the risks inherent in the engagement. Brief the engagement team on the client's environment and industry trends. Maintain relationships with client to manage expectations of service including work products, timing, fees and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations Create and demonstrate innovative insights for clients, adapts methods and practices to fit operational team needs & contributes to thought leadership documents Apply extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business. Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services Drive discussions / knowledge sharing with key client personnel and contribute to EY’s thought leadership Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services. Strong collaboration with EY senior executives, other key stakeholders and importantly other EY SOC leaders to co-establish, promote and drive a Cyber SOC ecosystem Key responsibilities: Provide industry insights (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices) that energize growth Demonstrate deep understanding of the client’s industry and marketplace Lead consulting engagements that solve complex Cyber security issues Help mentor, coach and counsel their team members and help us build an inclusive culture and high-performing teams Maximize operational efficiency through standardization and process automation on client engagements and internal initiatives Monitor delivery progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes Successfully manage engagement time and budgets Convey complex technical security concepts to technical and non-technical audiences including executives. Provide strategic and relevant insight, connectedness and responsiveness to all clients to anticipate their needs Support and drive the overall growth strategy for the Cybersecurity practice as part of the leadership team. Identify and drive development of market differentiators including new products, solutions, automation etc. Define, develop and implement strategic go-to-market plans in collaboration with local EY member firms in Americas, EMEIA and APAC. Drive new business opportunities by developing ideas, proposals and solutions Strongly represent EY and its service lines and actively assess what the firm can deliver to serve clients. Assist Consulting Partners in driving the business development process on existing client engagements by gathering appropriate resources, gaining access to key contacts & supervising proposal preparation Develop long-term relationships with networks both internally and externally Enhance the EY brand through strong external relationships across a network of existing and future clients and alliance partners Driving the quality culture agenda within the team Manage and contribute in performance management for the direct reportees and team members, as per the organization policies Able to examine and act on people related issues both strategically and analytically. Participating in the EY-wide people initiatives including recruiting, retaining and training Cybersecurity professionals Use technology to continually learn, share knowledge and enhance client service delivery Support the EY inclusiveness culture To qualify, candidates must have: At least 15 years of industry experience and serving as Manager for minimum of 10 years or 5 years as Senior Manager, of recent relevant work experience in information security or information technology discipline, preferably in a business consulting role with a leading technology consultancy organization Strong technical experience in not limited to, attack and penetration testing, vulnerability management, cloud, privacy, incident response, governance, risk and compliance, enterprise security strategies, and architecture. Any one of the following technical certifications: CISSP, CISM, GSOC Graduates / BE / BTech / MSc / MTech / MBA in the fields of Computer Science, Information Systems, Engineering, Business or related major Any one of the following project management experience - Prince2 / PMI / MSP / CSM Experience with data analysis and visualization technologies Fluency in English, other language skills are considered an asset EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. CMS-TDR Senior As part of our EY-cyber security team, who shall work as SME for Microsoft Sentinel solutions in TDR team The opportunity We’re looking for Senior Consultant with expertise in Cloud Security solutions. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your key responsibilities Architecting and implementation of cloud security monitoring platforms MS Sentinel Provide consulting to customers during the testing, evaluation, pilot, production, and training phases to ensure a successful deployment. Perform as the subject matter expert on Cloud Security solutions for the customer, use the capabilities of the solution in the daily operational work for the end customer. Securing overall cloud environments by applying cybersecurity tools and best practices Advise customers on best practices and use cases on how to use this solution to achieve customer end state requirements. Content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Skills and attributes for success Customer Service oriented - Meets commitments to customers; Seeks feedback from customers to identify improvement opportunities. Expertise in content management in MS Sentinel Good knowledge in threat modelling. Experience in creating use cases under Cyber kill chain and Mitre attack framework Expertise in integrating critical devices/applications including unsupported (in-house built) by creating custom parsers Below mentioned experiences/expertise on Sentinel Develop a migration plan from Splunk/QRadar/LogRhythm to MS Sentinel Deep understanding of how to implement best practices for designing and securing Azure platform Experiencing advising on Microsoft Cloud Security capabilities across Azure platform Configure data digestion types and connectors Analytic design and configuration of the events and logs being digested Develop, automate, and orchestrate tasks(playbooks) with logic apps based on certain events Configure Sentinel Incidents, Workbooks, Hunt queries, Notebooks Experience in other cloud native security platforms like AWS and GCP is a plus Scripting knowledge (Python, Bash, PowerShell) Extensive knowledge of different security threats Good knowledge and experience in Security Monitoring Good knowledge and experience in Cyber Incident Response To qualify for the role, you must have B. Tech./ B.E. with sound technical skills Strong command on verbal and written English language. Demonstrate both technical acumen and critical thinking abilities. Strong interpersonal and presentation skills. Certification in Azure (any other cloud vendor certification is a plus) Ideally, you’ll also have People/Project management skills. What working at EY offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.