891 Qradar Jobs - Page 34

Job Title: Security Operations Center (SOC) Analyst (Positios-02) Experience: 5 to 8 Years Location: Hyderabad Department: Cybersecurity / Security Operations Industry: IT Services / MSSP / Software / FinTech / Healthcare IT Job Summary: We are seeking an experienced and detail-oriented SOC Analyst (58 years) to join our cybersecurity team. The ideal candidate will be responsible for monitoring, detecting, investigating, and responding to cyber threats across the organization. The SOC Analyst will play a critical role in defending systems, applications, and data from security breaches and supporting incident response efforts, threat hunting, and continuous improvement of SOC processes. Key Responsibilities: Security Monitoring & Incident Response: Continuously monitor SIEM dashboards, threat intelligence feeds, and security alerts. Investigate and respond to security incidents, phishing attacks, malware infections, and anomalous activities. Triage alerts based on severity, business impact, and threat intelligence context. Perform root cause analysis and prepare incident reports with actionable recommendations. Escalate critical incidents to Tier 3/IR teams and collaborate during major security events. Threat Detection & Hunting: Conduct proactive threat hunting based on IOCs, TTPs, and threat intelligence reports. Analyse logs from endpoints, firewalls, IDS/IPS, cloud workloads, and third-party security solutions. Develop and fine-tune detection rules and correlation logic in SIEM (e.g., Splunk, Sumo Logic, Sentinel). Tool & Infrastructure Management: Work with EDR, NDR, DLP, SIEM, SOAR, and vulnerability management platforms. Support integration of new log sources and ensure completeness of logging for critical systems. Maintain threat detection playbooks and contribute to process automation via SOAR tools. Compliance & Reporting: Ensure security operations align with frameworks like NIST, ISO 27001, SOC 2, or HIPAA. Support security audit requirements by providing incident logs and response documentation. Generate periodic reports on incident trends, SOC performance, and threat landscape. Required Skills & Experience: 5–8 years of experience in a SOC environment or cybersecurity operations role. Strong knowledge of attack vectors, MITRE ATT&CK framework, and incident response lifecycle. Hands-on experience with SIEM (e.g., Splunk, Microsoft Sentinel, QRadar, LogRhythm). Familiarity with endpoint protection (CrowdStrike, SentinelOne, Defender ATP, etc.). Knowledge of Windows/Linux log analysis, firewall rules, and cloud security controls (Azure/AWS). Strong analytical thinking, attention to detail, and ability to work under pressure. Preferred Qualifications: Bachelor’s degree in Cybersecurity, Computer Science, or related field. Certifications such as CEH, GCIA, GCIH, CySA+, AZ-500, or Security+ are highly desirable. Experience working in a 24x7 SOC or with MSSP environments is a plus. Exposure to compliance-driven industries (finance, healthcare, SaaS) preferred. Soft Skills: Strong communication and documentation skills. Ability to collaborate across IT, DevOps, and security teams. Risk-aware mindset with a proactive approach to security operations. Work Mode: On-site / Hybrid / 24x7 Rotational Shifts if applicable Reporting To: SOC Manager / Head of Security Operations

Diverse Lynx is looking for SOC Analyst to join our dynamic team and embark on a rewarding career journey. Monitor and analyze security events and incidents, identifying and investigating potential threats Maintain the security of our network and systems by implementing security controls and best practices Work closely with the rest of the security team to ensure that our systems and networks are secure and compliant with industry standards Maintain accurate documentation and reports on security events and incidents Communicate effectively with team members and other stakeholders to ensure that security issues are addressed in a timely and effective manner Stay up to date with the latest security technologies and threats

Diverse Lynx is looking for SOC Lead to join our dynamic team and embark on a rewarding career journey. Lead the SOC team and manage the organization's security operations Ensure that the SOC is staffed with skilled analysts and that the SOC team is executing their tasks efficiently and effectively Monitor and respond to security events and alerts to detect potential security incidents Manage security incidents and provide guidance on remediation Develop and maintain incident response plans and playbooks Collaborate with cross-functional teams to ensure security technologies, policies, and procedures align with business needs Develop and maintain security policies, standards, and procedures Conduct security awareness training for employees and contractors Experience with security information and event management (SIEM) tools such as Splunk or QRadar Excellent problem-solving and analytical skills Strong communication and interpersonal skills

About the Role We are seeking a skilled Senior Security Analyst to join our SOC team. The ideal candidate will have a strong background in SOC operation and ensure that the SOC team is performing its functions as required and to trouble shoot incidents and events. As a Senior Security Analyst shall also act as the technical SME, and handle critical SOC task, Incident, guiding Level 1 and Level 2, customer communications. Key Roles & Responsibilities: Incident Response and Management Lead the investigation of high-severity security incidents and breaches. Provide expert analysis for complex incidents that L1 and L2 analysts cannot resolve. Develop and execute incident response procedures, including containment, eradication, and recovery. Ensure proper escalation processes are followed for incidents requiring higher expertise. Communicate with stakeholders, such as management and IT teams, to ensure appropriate handling of incidents. Threat Hunting and Analysis Perform proactive threat hunting activities to identify potential vulnerabilities, threats, and attacks before they happen using Splunk / QRadar SIEM. Use threat intelligence feeds to enrich SOC operations and identify emerging threats. Analyze large volumes of security data to detect patterns and anomalies. Security Tool Management Oversee and optimize the usage of security monitoring tools such as Splunk/ QRadar SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), and endpoint protection systems. Configure, update, and fine-tune security tools to improve detection capabilities and reduce false positives. Recommend new security tools and technologies to improve SOC operations. Log and Event Analysis Review logs from various sources (network, endpoints, servers, etc.) to identify security incidents. Ensure accurate log data collection and retention practices are followed. Provide in-depth analysis of security alerts and generate reports. Vulnerability Management Conduct vulnerability assessments and prioritize remediation activities for critical vulnerabilities. Collaborate with the IT and development teams to address security flaws and implement patches. Collaboration and Escalation Serve as the point of escalation for L1 and L2 SOC analysts when complex issues arise. Collaborate with other security teams, such as network security, application security, and IT operations, to ensure a comprehensive defense strategy. Work with external partners, including Managed Security Service Providers (MSSPs), to coordinate incident management and threat intelligence sharing. Security Policies and Best Practices Review and recommend improvements to security policies, procedures, and best practices. Ensure that the organization's security policies are being followed and advise on improvements. Conduct regular security awareness training for SOC staff and the broader organization. Reporting and Documentation Generate detailed reports on incidents, security posture, and threats for senior management and relevant stakeholders. Maintain incident logs and documentation to comply with regulatory and internal policies. Ensure all incidents are well-documented with root cause analysis, remediation efforts, and lessons learned. Continuous Improvement Analyze the effectiveness of the SOC's operations and suggest improvements to processes, workflows, and technologies. Stay updated on the latest cyber threats, tools, and techniques. Assist with the development and execution of simulations, exercises, and training to improve SOC capabilities. Compliance and Regulatory Requirements Ensure compliance with SLAs for all projects. Ensure SOC operations meet industry compliance requirements (e.g., GDPR, HIPAA, PCI DSS). Help in audits and compliance assessments related to security operations. Mentoring and Training Provide mentorship and training to junior SOC analysts (L1 and L2). Share knowledge on advanced attack techniques, response strategies, and threat detection methods. Report deviations and concerns to the SOC Manager Basic Qualifications: B.E/B.Tech in Computer Science, Information Technology, Cybersecurity, or a related field. 5+ year of experience and strong foundational knowledge in security operations, SIEM, or IT security. Basic understanding of cybersecurity concepts, networking fundamentals, and security monitoring. Knowledge of IT infrastructure, networking, and cybersecurity principles. Communicate effectively with customers, teammates, and management Excellent problem-solving skills and attention to detail. Strong communication and interpersonal skills. Preferred Qualifications: Certifications in ECIH/GCIH/CISM/CISSP etc. Splunk Certified candidate Exposure to SIEM solutions, specifically Splunk, Qradar ,DNIF or similar platforms. Familiarity with security tools such as EDR, XDR, WAF, DLP, email security gateways, and proxy solutions. Enthusiasm for learning and a strong interest in cybersecurity as a career. Ability to work in a team and adjust to rotational shifts in a high-stakes environment. Knowledge of cloud security and platforms (e.g., AWS, Azure, GCP)

Job Summary We are seeking a dynamic and experienced Cybersecurity SOC Group Head to lead and oversee the operations, strategy, and continuous improvement of our 24/7 Security Operations Center. This role is critical to managing cyber threats, detecting and responding to incidents, and ensuring the overall security posture of the organization. The ideal candidate will bring a strategic vision, deep technical expertise, and strong leadership to transform and evolve SOC capabilities. Qualifications Bachelor's or Master’s degree in Computer Science, Information Security, or related field. Minimum 12+ years of cybersecurity experience, with at least 5+ years in SOC leadership roles. Proven experience managing large SOC teams in enterprise environments or MSSP settings. Strong knowledge of SIEM (e.g., Splunk, Qradar, MS Sentinel ), SOAR, EDR (e.g., CrowdStrike,Microsoft Defender for Endponts), and cloud security. Deep understanding of attack vectors, threat landscapes, and incident response lifecycle. Relevant certifications such as CISSP, CISM, GIAC, or SANS GCIH/GSOC preferred. Soft Skills Excellent leadership, people management, and conflict resolution skills. Strong communication and reporting abilities for executive-level stakeholders. Ability to work under pressure during high-stress cyber incidents. Preferred Experience Experience in multi-tenant SOC environments or MSSPs. Familiarity with OT/ICS security (for industrial environments) is a plus. Global experience across multiple geographies and regulatory landscapes. Show more Show less

You will contribute as a Managed Security Services (MSS) expert responsible for one of the key functions like Security Governance, Risk & Compliance Management, OMS security infrastructure management, or Security Monitoring & Response Management. You will be part of a team that works independently within a global environment & solve complex problems, and contribute to process improvements. You have: 4-6 years of relevant experience and/or a graduate / postgraduate equivalent degree. Management Experience / Achieved well-advanced skills in a specific professional discipline combining deep knowledge of theory and organizational practice or expertise. Recognized expert in their field (depth & breadth). It would be nice if you also had: Familiarity in security system design, implementation, and performance management. Knowledge to make strategic decisions and mentor senior engineers. Familiarity with complex improvement projects with moderate risk and resources. You will address and resolve highly complex Managed Security Services (MSS) operations performance issues or challenges including through technical leadership of highly skilled teams. You will interpret internal and external Managed Security Services (MSS) and technology challenges and recommend solutions. You will lead the development of innovative practices to improve MSS operations. You will contribute to the design, building, testing, and implementation of security systems within an organizations IT and telecom network. You will be the owner of Performance & Quality Management of Security Operations & Administration and also approve new and/or changes to guidelines and procedures for the function. You will contribute to strategic decisions for not only Managed Services operations, but also MSS business & act as a professional leader for Managed Services operations, mentoring senior Service Operations Engineers. You will contribute to developing the concepts to determine the professional direction of Managed Services delivery operations personnel.

Domain Certifications CISSP, CISA, CRISC, ISO 27001 Responsibilities Own and lead the governance program at account level for a large Financial services account with 700 + head count and multi country locations having high security Offshore Delivery Centres & Work from home teams Develop, implement and monitor Account level Information security governance program; meeting client compliance requirements proactively Perform contract reviews, cyber security risk assessments and drive compliance programs to meet contractual and organizational cyber security requirements within the client offshore delivery centres. Experience in Application security and code reviews which can be leveraged to guide and work with delivery teams on covering the cyber security risks associated with Application security, development and maintenance projects. Work closely with different teams internally like IT, business, HR, facilities, cyber security which operate at Organization level to translate client requirements and assess residual risk if required Give directions and monitor the compliance and operations activities within the account through dedicated team and work closely with account team on ensuring the compliance within account team Develop account level procedures, metrics and review programs to maintain and enhance the governance model within the account Be a single point of contact for client interactions during third party audits and liaise within the organization Prepare the account for certification and internal audit requirements based on industry standards like PCI DSS and ISO 27001 requirements Focus and objective driven to demonstrate ongoing improvements; identify early indicators of non compliance and able to draw mitigation actions Hold technical skills to participate in technical discussions for delivery centre setup, connectivity models Excellent communication skills and have demonstrated effective CXO level reviews

Position Summary: This position will support Mphasis Cyber Defense Center/SOC. It requires to continuously monitor cyber security events, perform triages and provide response/remediation activities. Responsibilities:  Continuously monitor security alerts generated by SIEM and other security tools.  Perform initial triage to distinguish genuine security incidents from false positives and promptly escalate complex or confirmed threats to senior analysts or incident response teams.  Conduct in-depth analysis of potential security incidents by gathering and correlating data from various sources.  Identify indicators of compromise to determine the scope, impact, and root cause of incidents.  Develop and execute effective containment and remediation strategies in close coordination with incident response teams.  Engage in proactive threat hunting to uncover stealthy or sophisticated attacks that bypass standard monitoring mechanisms.  Maintain accurate and detailed incident logs and reports that capture the analysis, response actions, and lessons learned.  Communicate technical findings clearly to both technical and non-technical stakeholders.  Collaborate with fellow SOC analysts, incident responders, and IT teams to optimize detection rules and continuously improve the organization’s security posture.  Evaluate and implement new security technologies while contributing to the development of SOC playbooks, standard operating procedures, and best practices.  Continuously learn and keep abreast on latest trends in attack patterns and tools Desired Skills/Experience:  3-6 years of overall experience in area of Systems/Network/Information Security and minimum 2 years in SOC/MSS services  Experience SIEM Monitoring solutions [Qradar, ArcSight, Splunk, etc.,] and a variety of other security devices found in a SOC environment  Good understanding in Log formats of various security devices like Proxy, Firewall, IDS/IPS DNS,  Solid foundational understanding of networking concepts (TCP/IP, LAN/WAN, Internet, network topologies)  Experience in major operating systems (Windows, Linux)  Understanding of current trends in attacker and threat actor tools, techniques, and procedures (TTP) and mitigation steps  Strong analytical and problem-solving skills  Excellent communication and interpersonal skills  Professional/Technical Certifications (Security+, CCSE, CCSP, TICSA, MCSE, CISSP, etc.) desirable Show more Show less

About Gruve Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks. About The Role We are seeking a skilled Senior Security Analyst to join our SOC team. The ideal candidate will have a strong background in SOC operation and ensure that the SOC team is performing its functions as required and to trouble shoot incidents and events. As a Senior Security Analyst shall also act as the technical SME, and handle critical SOC task, Incident, guiding Level 1 and Level 2, customer communications. Key Roles & Responsibilities Incident Response and Management Lead the investigation of high-severity security incidents and breaches. Provide expert analysis for complex incidents that L1 and L2 analysts cannot resolve. Develop and execute incident response procedures, including containment, eradication, and recovery. Ensure proper escalation processes are followed for incidents requiring higher expertise. Communicate with stakeholders, such as management and IT teams, to ensure appropriate handling of incidents. Threat Hunting and Analysis Perform proactive threat hunting activities to identify potential vulnerabilities, threats, and attacks before they happen using Splunk / QRadar SIEM. Use threat intelligence feeds to enrich SOC operations and identify emerging threats. Analyze large volumes of security data to detect patterns and anomalies. Security Tool Management Oversee and optimize the usage of security monitoring tools such as Splunk/ QRadar SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), and endpoint protection systems. Configure, update, and fine-tune security tools to improve detection capabilities and reduce false positives. Recommend new security tools and technologies to improve SOC operations. Log and Event Analysis Review logs from various sources (network, endpoints, servers, etc.) to identify security incidents. Ensure accurate log data collection and retention practices are followed. Provide in-depth analysis of security alerts and generate reports. Vulnerability Management Conduct vulnerability assessments and prioritize remediation activities for critical vulnerabilities. Collaborate with the IT and development teams to address security flaws and implement patches. Collaboration and Escalation Serve as the point of escalation for L1 and L2 SOC analysts when complex issues arise. Collaborate with other security teams, such as network security, application security, and IT operations, to ensure a comprehensive defense strategy. Work with external partners, including Managed Security Service Providers (MSSPs), to coordinate incident management and threat intelligence sharing. Security Policies and Best Practices Review and recommend improvements to security policies, procedures, and best practices. Ensure that the organization's security policies are being followed and advise on improvements. Conduct regular security awareness training for SOC staff and the broader organization. Reporting and Documentation Generate detailed reports on incidents, security posture, and threats for senior management and relevant stakeholders. Maintain incident logs and documentation to comply with regulatory and internal policies. Ensure all incidents are well-documented with root cause analysis, remediation efforts, and lessons learned. Continuous Improvement Analyze the effectiveness of the SOC's operations and suggest improvements to processes, workflows, and technologies. Stay updated on the latest cyber threats, tools, and techniques. Assist with the development and execution of simulations, exercises, and training to improve SOC capabilities. Compliance and Regulatory Requirements Ensure compliance with SLAs for all projects. Ensure SOC operations meet industry compliance requirements (e.g., GDPR, HIPAA, PCI DSS). Help in audits and compliance assessments related to security operations. Mentoring and Training Provide mentorship and training to junior SOC analysts (L1 and L2). Share knowledge on advanced attack techniques, response strategies, and threat detection methods. Report deviations and concerns to the SOC Manager Basic Qualifications B.E/B.Tech in Computer Science, Information Technology, Cybersecurity, or a related field. 5+ year of experience and strong foundational knowledge in security operations, SIEM, or IT security. Basic understanding of cybersecurity concepts, networking fundamentals, and security monitoring. Knowledge of IT infrastructure, networking, and cybersecurity principles. Communicate effectively with customers, teammates, and management Excellent problem-solving skills and attention to detail. Strong communication and interpersonal skills. Preferred Qualifications Certifications in ECIH/GCIH/CISM/CISSP etc. Splunk Certified candidate Exposure to SIEM solutions, specifically Splunk, Qradar ,DNIF or similar platforms. Familiarity with security tools such as EDR, XDR, WAF, DLP, email security gateways, and proxy solutions. Enthusiasm for learning and a strong interest in cybersecurity as a career. Ability to work in a team and adjust to rotational shifts in a high-stakes environment. Knowledge of cloud security and platforms (e.g., AWS, Azure, GCP) Why Gruve At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you’re passionate about technology and eager to make an impact, we’d love to hear from you. Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted. Show more Show less

SOC Analyst Location: Pune(Aundh/Baner),India (On-site, In-House SOC) Department: Security Operations Center Experience: 1–3 Years Work Type: Full-time| Hybrid Model | 24x7 Rotational Shifts Role Overview: As a SOC Analyst, you will be part of our in-house 24x7 Security Operations Centre based in Pune. You will be responsible for monitoring, analyzing, and responding to security incidents and alerts using cutting-edge security technologies and platforms. This role is a great opportunity to grow in a fast-paced FinTech environment leveraging tools like QRadar SIEM, CrowdStrike XDR, Netskope DLP, AWS Cloud Security, Sysdig, Falco, Canary Tokens, and G-Suite Security and other security solutions. Key Responsibilities: Continuously monitor security alerts and events using QRadar SIEM , CrowdStrike , Falco , and other integrated tools. Perform initial triage and analysis to assess the nature and severity of potential security incidents. Escalate incidents in line with established procedures and severity levels. Create, update, and manage incident tickets throughout their lifecycle using ticketing systems. Analyze logs and security data from various sources, including AWS Cloud , G-Suite , and endpoint solutions. Assist in proactive threat hunting and detection of malicious activity across systems and applications. Technical experience working in a SOC and cybersecurity incident response. Generate daily, weekly, and ad-hoc reports detailing SOC operations and incident statistics. Support 24x7 operations by participating in rotational shifts, including nights and weekends. Understanding of AWS Services for security detection and mitigation. Follow standard operating procedures (SOPs), incident response runbooks, and recommend improvements where necessary. Understanding of network protocols (TCP/IP stack, SSL/TLS, IPSEC SMTP/IMAP, FTP, HTTP, etc.). Hands-on experience in security monitoring, Incident Response (IR), security tools configuration, and security remediation. Creation of reports, dashboards, metrics for SOC operations and presentation to Sr. Management. Understanding of Operating System, Web Server, database, and Security devices (firewall/NIDS/NIPS) logs and log formats. Ensure all actions are compliant with internal policies, security standards, and regulatory requirements. Required Skills & Experience: 1–3 years of hands-on experience in SOC operations or cyber security monitoring. Exposure to SIEM tools, preferably IBM QRadar . Experience with Endpoint Detection & Response (EDR) solutions such as CrowdStrike . Familiarity with DLP (preferably Netskope) and cloud-native security tools. Working knowledge of Linux/Unix command line and scripting basics. Understanding of AWS Cloud Security concepts . Knowledge of TCP/IP, DNS, HTTP, and other networking protocols. Familiarity with common attack vectors and threat landscape (MITRE ATT&CK framework is a plus). Good to Have: Experience with Falco , Sysdig , or other container security tools. Exposure to Canary tokens or deception technologies. Basic certifications such as CompTIA Security+, CEH, AWS Security Specialty, or CrowdStrike CCFA . What We Offer: Opportunity to work with modern cloud-native security stack. Learn and grow in an innovative FinTech environment. Mentorship and training on advanced threat detection and response practices. Strong team culture focused on collaboration and technical excellence. Competitive salary and shift allowances. Show more Show less

Archer and GRC SOC L3 DM L1 Soc/Soar(knowhow) Consultant SOC+VAPT, min 5 yrs exp overall AM/DM SOC, Qradar/Ueba monitoring SOC+CDR,Antivirus ,Trendmicro, Consultant/AM L1 Soc/Soar(knowhow) Consultant/AM SOC+DAM, 3+ yrs overall Consultant/AM IR, L2 DLP AM DLP IBM+IAM verify Consultant DLP DLP IBM+IAM verify L1/L2 SOC SOC+CDR,Antivirus ,Trendmicro, Qradar SOC, Qradar/Ueba monitoring Show more Show less

The primary responsibility of this role is to provide advanced incident analysis and management within our SOC environment, while also leading the development and training of the L1 SOC team in incident analysis, parsers creation, rule views, and report management. The ideal candidate will have a strong background in cybersecurity, incident response, and leadership skills. Responsibilities Advanced Incident Analysis: Utilize advanced tools and techniques to analyze and investigate security incidents detected within the organization's networks and systems. Incident Response: Lead incident response efforts, coordinating with internal and external stakeholders to mitigate and remediate security incidents promptly. Team Leadership: Provide mentorship and guidance to the L1 SOC team, assisting in the development of their skills in incident analysis, parser creation, rule views, and report management. Parser Creation: Develop and maintain parsers to enhance the capability of the SOC's security information and event management (SIEM) system in detecting and correlating security events. Rule View Management: Manage and optimize rule views within the SIEM platform to ensure accurate and timely detection of security threats. Report Management: Oversee the generation and distribution of security reports, including incident reports, trend analysis, and recommendations for improvement. Collaboration: Work closely with other teams within the organization, including IT operations, network engineering, and application development, to improve overall security posture and incident response capabilities. Qualifications Bachelor's degree in Computer Science, Information Security, or a related field. Equivalent work experience may be considered. Minimum of 3 years of experience in a SOC environment, with a focus on incident analysis and response. Strong understanding of cybersecurity principles, including threat detection, malware analysis, and vulnerability management. Experience with SIEM platforms (e.g., Securonix, QRadar) and familiarity with creating and managing parsers and rule views. Leadership experience, with the ability to mentor and motivate team members effectively. Excellent communication skills, both written and verbal, with the ability to convey complex technical concepts to non-technical stakeholders. Show more Show less

Position: Senior Analyst - IBM QRadar Work Location: Remote Work Schedule: 24/7 availability (flexible shifts) Experience Required: 10+ years Contract Duration: 12 months Job Summary: The Sr. Security Analyst provides advanced technical support for cybersecurity issues, system troubleshooting, and incident resolution. This role specializes in areas like Network Security, Information Security, or Endpoint Security. The analyst ensures SLA adherence and delivers excellent client support while continuously developing their technical expertise. Key Responsibilities: Support & Troubleshooting (60%) Provide 24x7 support for cyber incidents, system crashes, and network issues. Perform root cause analysis, OS-level diagnostics, and packet captures. Troubleshoot appliances, configurations, backups, and infrastructure problems. Escalate unresolved issues and collaborate with clients and vendors. Improve workflows and reduce false positives. Service Improvement (20%) Mentor junior team members and share technical knowledge. Create SOPs and knowledge base articles to enhance service delivery. Professional Development (20%) Participate in training, certifications, and continuous skill development. Required Qualifications: Bachelor’s degree or 6+ years of IT experience, including 1+ year in security or SOC. Two intermediate-level security certifications (e.g., CCSA, CCNP Security, PCNSE, SC-200, etc.). Experience supporting enterprise-level IT/security environments. Strong troubleshooting, collaboration, and client service skills. Willingness to work in a 24x7 environment, including weekends and holidays. Show more Show less

Role Description Job Title: L3 SOC Analyst Experience : 5 to 7 years Location: Trivandrum, Kochi, Chennai, Bangalore, Hyderabad Company: CyberProof, A UST Company About CyberProof CyberProof is a leading cyber security services and platform company dedicated to helping customers react faster and smarter to security threats. We enable enterprises to create and maintain secure digital ecosystems through automation, threat detection, and rapid incident response. As part of the UST family, we are trusted by some of the world’s largest enterprises. Our Security Operations Group is composed of a global team of highly skilled cyber security professionals, with our tier 3-4 expertise rooted in Israeli Intelligence. Must-Have Skills Experience with SIEM vendors such as QRadar, Sentinel, Splunk Incident response and threat hunting expertise Strong knowledge of attack patterns, Tools, Techniques, and Procedures (TTPs) Experience in writing procedures, runbooks, and playbooks Strong analytical and problem-solving skills Hands-on experience with system logs, network traffic analysis, and security tools Proficiency in identifying Indicators of Compromise (IOCs) and Advanced Persistent Threats (APTs) Good-to-Have Skills Experience setting up SIEM solutions and troubleshooting connectivity issues Familiarity with security frameworks and best practices Ability to collaborate with IT and security teams effectively Responsibilities Act as an escalation point for high and critical severity security incidents Conduct in-depth investigations to assess impact and understand the extent of compromise Analyze attack patterns and provide recommendations for security improvements Perform proactive threat hunting and log analysis to detect potential threats Provide guidance on mitigating risks and improving security hygiene Identify gaps in security processes and propose enhancements Ensure end-to-end management of security incidents Document and update incident response processes and define future outcomes Participate in war room discussions, team meetings, and executive briefings Train team members on security tools and incident resolution procedures Show more Show less

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Security Platform Engineer is a seasoned subject matter expert, responsible for facilitating problem resolution and mentoring for the overall Global Data Centers Office of Information Security (GDC-OIS) team. This role performs important tasks specialized at threat hunting, Crowdstrike, Network Security and other operational security tasks such as performance and availability monitoring, log monitoring, security incident detection and response, security event reporting, and content maintenance (tuning). The Security Platform Engineer is responsible for detecting and monitoring escalated threats and suspicious activity affecting the organization's technology domain (servers, networks, appliances and all infrastructure supporting production applications for the enterprise, as well as development environments). Key Responsibilities What you'll be doing Works as part of a 24/7 global team in IT/OT environment. ICS and SCADA knowledge preferred. Administers the organization's security tools to gather security logs from the environment and performs lifecycle management, including break-fix, patching, and live updates. Performs security incident handling and response from various vectors, including endpoint protection, enterprise detection and response tools, attack analysis, malware analysis, network forensics, and computer forensics. Conducts vulnerability assessments using automated scanning tools and manual techniques to identify security vulnerabilities in systems, networks, applications, and infrastructure components. Analyzes scan results, prioritizes vulnerabilities based on severity, impact, and exploitability, and provides detailed remediation recommendations to system owners, administrators, and IT teams. Monitors security alerts and maintains awareness of new threats and vulnerabilities to identify potential risks. Reads reports, makes risk assessments, works to detect the source of attacks, and tests current defenses against threats. Collaborates to develop practical mitigation strategies, configuration changes, and patch management processes to address identified vulnerabilities. Identifies opportunities to make automations that will help the incident response team. Ensures usage of knowledge articles in incident diagnosis and resolution and assists with updating as required. Investigates causes of incidents, seeks resolution, and escalates unresolved incidents, following up until resolved. Provides service recovery following the resolution of incidents and documents and closes resolved incidents according to agreed procedures. Maintains knowledge of specific , provides detailed advice regarding their application, and ensures efficient and comprehensive resolution of incidents. Logs all incidents in a timely manner with the required level of detail and cooperates with all stakeholders, including client IT environments, vendors, and carriers, to expedite diagnosis of errors and problems and identify a resolution. Analyzes data from various sources, including network traffic, email logs, malware files, web server logs, and DNS records, to identify potential risks and improve security measures Leads projects, self-starter, and performs any other related task as required. KNOWLEDGE & ATTRIBUTES Seasoned working knowledge on implementation and monitoring of any SIEM or security tools/technologies. ICS and SCADA knowledge preferred Seasoned knowledge on security architecture, worked across different security technologies. Customer service orientated and pro-active thinking. Problem solver who is highly driven and self-organized. Great attention to detail. Good analytical and logical thinking. Excellent spoken and written communication skills. Team leader with the ability to work well with others and in group with colleagues and stakeholders. Academic Qualifications & Certifications Bachelor's degree or equivalent in Information Technology or related field. Relevant level of Security certifications such as CySA+, PenTest+, CCSP, GCIH, OSCP, etc. preferred. Relevant level of IT certifications such as GRID, GICSP, AZ-500, SC-200, etc. will be added advantage. Required Experience Seasoned experience in Security technologies like (SIEM, PAM, IAM, PenTest, Threat Hunting, Firewall, Proxy etc.) preferably within a global IT services organization. Prior experience of working into Security Operation centers of a Data Center will be an added advantage. ICS and SCADA knowledge preferred. Seasoned experience in technical support to clients. Seasoned experience in diagnosis and troubleshooting. Seasoned experience providing remote support in Security Technologies. Seasoned experience in SOC/CSIRT Operations. Seasoned experience in handling security incidents end to end. Seasoned experience in Security Engineering. Knowledge on networking, Windows, Linux and security concepts. Seasoned experience in configuring/managing security controls such as RBAC, IAM, Zero Trust, UTM, Proxy, SOAR, etc.. Knowledge on log collection mechanism such as Syslog, Log file, DB API. Knowledge in security architecture. Prior experience of working on platforms like Crowd strike, Qualys, Palo Alto, Splunk, QRADAR, Cisco, VMWare and Ubuntu Physical Requirements Primarily sitting with some walking, standing, and bending. Able to hear and speak into a telephone. Close visual work on a computer terminal. Dexterity of hands and fingers to operate any required to operate computer keyboard, mouse, and other technical instruments. Work Conditions & Other Requirements This position is expected to be Hybrid for the foreseeable future with an occasional need to be onsite in a shared work environment. Must be comfortable with flexible working schedules across regions and their standard Time zones other than the base location. (US, EMEA & APAC) Extensive daily usage of workstation or computer. Must be comfortable working in a highly critical, fast paced environment with shifting priorities. Some domestic and/or international travel required, up to 25% of time. Perform work from a remote location with stable internet connection. Workplace type: Hybrid Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today. Show more Show less

Job Title:DLP Lead Experience8-14 Years Location:Bangalore /Pune : Technical Skills: Experience in configuring s and creating workflows on Email DLP - Proofpoint Prior experience with CASB Netskope or similar solution Knowledge of security principles including cloud , standards and techniques Understanding of cloud principles ,cloud applications and key cloud service providers Prior experience with Data loss prevention tools, SIEM, network devices and other infrastructure Reviews violations of data security procedures to eliminate violations Strong experience on Mimecast email Security solution for threat Protection, Spoofing, Encryption, Archive, URL Defense Strong understanding of email delivery architecture, email gateway and DNS technologies Strong understanding of networking, SMTP, DNS Experience of compliance requirements for database security (e.g. SOX, HIPAA, PCI etc.) Strong verbal and written communications skills; must be able to effectively communicate technical details and thoughts in non-technical/general terminology to various levels of the organization. Work well in team environments with internal and external resources as well as work independently on tasks Strong organizational, and time management skills Process Skills: Overall management of Email DLP solution - Proofpoint Analyze blocked emails Manage CASB operations ,maintain implemented Netskope CASB solution,respond and resolve incidentsinvestigate and conduct analysis Work on email release/drop as per requests Tune/Amend email DLP policies Perform Daily DLP System Health check and publish health report Update/Add - roles modification, response rules, complex and new policies modifications Email DLP – Microsoft E4 licenses CASB –Netskope Behavioral Skills: Effective interpersonal, team building and communication skills Ability to collaborate; be able to communicate clearly and concisely both to laypeople and peers, be able to follow instructions, make a team stronger for your presence and not weaker. Ability to see the bigger picture and differing perspectives; to compromise, to balance competing priorities, and to prioritize the user. Desire for continuous improvement, of the worthy sort; always be learning and seeking improvement, avoid change aversion and excessive conservatism, equally avoid harmful perfectionism, 'not-invented-here' syndrome and damaging pursuit of the bleeding edge for its own sake. Learn things quickly, while working outside the area of expertise. Analyze a problem and realize exactly what all will be affected by even the smallest of change you make in your design Ability to communicate complex technology to no tech audience in simple and precise manner. Ownership skills. Qualification: Must have 4 Year degree (Computer Science, Information Systems or equivalent) 4+ years overall IT experience.

Senior SOC Analyst works within the 24/7 Cyber Fusion Center (CFC). The role is responsible for monitoring, triaging, analyzing and escalating incidents and events in the technology environment. This Senior SOC Analyst will evaluate data collected from a variety of cyber operations tools (e.g., SIEM, IDS/IPS, Firewalls, network traffic logs, cloud platforms, and SOAR solutions to analyze events that occur within the environments for the purposes of detecting and mitigating threats in both structured and unstructured situations. Individuals in this role are proactive and well-versed in log, identity, cloud, network, and root cause analysis Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Senior SOC Analyst must have skills in email security, system event, network event, log analysis. Knowledge of common IT and security technology concepts with emphasis on TCP/IP network security, operating system security, modern attack and exploitation techniques is important. Experience conducting event analysis in AWS and Azure environments. Characterize and analyse alerts to understand potential and active threats. Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the nature and characteristics of events that could be an observed attack Preferred technical and professional experience Document and escalate events/incidents that may cause adverse impact to the environment. Provide daily summary reports of events and activity relevant to cyber operations. Perform Cyber Operations trend analysis and reporting. Perform high-quality triage and thorough analysis for all alerts. Demonstrate effective communication skills both written and verbal. Actively engage in team chats, calls, and face to face settings. Constantly contribute to SOC runbooks/playbooks Recommend improvements to automations, alert fidelity, and security controls. Preferred ExperienceExperience / Knowledge in CyberArk, Azure SSO. Knowledge of enterprise web technologies, security, and cutting-edge infrastructures

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The Role Are you ready to embark on a technical adventure and become a hero to our external and internal users? As Technical Support at Kyndryl, you'll be part of an elite team that provides exceptional technical assistance, enabling our clients to achieve their desired business outcomes. You'll be a troubleshooter extraordinaire, diagnosing and repairing complex equipment, software, and systems with ease. Nothing will be too challenging for you to solve as you respond to escalated issues, report critical design flaws, reliability and maintenance problems, and bugs. You'll be the go-to person for our customers who require assistance with highly technical or sophisticated products, as well as for customer installations and training. With your passion for technology, you'll provide world-class support that exceeds customer expectations. As Technical Support, you'll perform varying degrees of problem determination and resolution of desktop hardware and software issues using your technical expertise and available resources to ensure that our customers' issues are resolved efficiently and effectively. You'll also have the opportunity to perform installs, moves, adds, and changes (IMAC) activities, as well as data backup and restore on certain accounts for clients, ensuring that all related administrative duties are completed within Service Level Agreement objectives. You will develop a deep understanding of the local and regional infrastructure, as well as key contacts in other competencies, which will enable you to ensure that the proper team is aware of – and taking action on the problem. If you're a technical wizard, a customer service superstar, and have an unquenchable thirst for knowledge, we want you to join our team. Your Future at Kyndryl Imagine being part of a dynamic team that values your growth and development. As Technical Support at Kyndryl, you'll receive an extensive and diverse set of technical trainings, including cloud technology, and free certifications to enhance your skills and expertise. You'll have the opportunity to pursue a career in advanced technical roles and beyond – taking your future to the next level. With Kyndryl, the sky's the limit. Who You Are You’re good at what you do and possess the required experience to prove it. However, equally as important – you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused – someone who prioritizes customer success in their work. And finally, you’re open and borderless – naturally inclusive in how you work with others. Required Technical and Professional Expertise 7+ Years of experience in Manage, maintain, and optimize the Elastic-based log management infrastructure to ensure stability, performance, and scalability. Perform routine maintenance such as cluster health checks, node management, and index lifecycle management. Ensure high availability and fault tolerance of the Elastic Stack components.Assist cus tomers with onboarding new data sources and configuring ingestion pipelines Create and manage basic dashboards tailored to customer needs Provide technical support for log ingestion, dashboard visualization, and performance troubleshooting. Design, configure, and maintain log ingestion pipelines using Logstash and Beats. Ensure seamless integration of custom log formats and various data sources into the Elastic Stack. Optimize ingestion pipelines for performance and reliability. Monitor the health and performance of the Elastic Stack components (Elasticsearch, Kibana, Logstash, Beats). Proactively detect and resolve performance bottlenecks and failures. Maintain platform security, including access control and data protection policies. Develop and maintain index templates and mappings for efficient data structuring. Implement strategies for index rollover and lifecycle management. Leverage automation tools (Terraform, Puppet, Shell) for deployment and configuration management. Develop scripts for automation of log ingestion, system monitoring, and dashboard provisioning. Advise internal stakeholders on log analytics strategies, visualizations, and best practices. Provide input for system improvement and log analysis frameworks using SIEM and machine learning. Ensure Admin On Duty (AOD) coverage for uninterrupted service and SLA compliance. Document Standard Operating Procedures (SOPs) and adhere to organization-wide rules and standards. Provide RCA documentation for P1/P2 incidents and actively contribute to problem management. Preferred Technical And Professional Experience Familiarity with Agile practices (e.g., Scrum) Knowledge of CI/CD pipelines for log platform deployment and updates Elastic Stack certification (Elastic Certified Engineer or Analyst) Certifications in automation tools (Terraform, Puppet SIEM tool certification (Splunk, QRadar, Elastic SIEM) – preferred Cloud platform certifications (AWS, Azure) – optional Strong communication and interpersonal skills Ability to multitask and perform under pressure in a 24/7 operational environment Customer-centric attitude and problem-solving mindset Being You Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way. What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. Get Referred! If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Senior Manager_TDR (threat detection and response) Job Summary As a Senior Manager with EY’s Global Delivery Services (GDS) Cybersecurity Team, you will contribute technically to client engagement and services development activities. You will be focused on helping client’s grow and turn their Cyber security strategy into reality. You’ll work in high-performing teams that drive growth and deliver exceptional client service, making certain you play your part in building a better working world. You will be responsible for overall client service quality delivery in accordance with EY’s quality guidelines & methodologies. You will need to manage accounts and relationships on a day-to-day basis and explore new business opportunities for EY. Establishing, strengthening and nurturing relationships with clients (functional heads & key influencers) and internally across service lines. You will assist in developing new methodologies and internal initiatives and help in creating a positive learning culture by coaching, counselling and developing junior team members. Client responsibilities: Technical leadership and knowledge of cybersecurity concepts and methods including, but not limited to, SOC transformation, CTI, cloud, privacy, incident response, governance, risk and compliance, enterprise security strategies, and architecture. Excellent teamwork skills, passion and drive to succeed and combat Cyber threats Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel. Stay abreast of current business and economic developments and new pronouncements/standards relevant to the client's business. Generate new business opportunities by participating in market facing activities, executive briefings and developing thought leadership materials Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers. Should have worked in a security operations center and gained understanding of SIEM and other log management platforms. Having experience in best in breed SIEM (Splunk, Sentinel and Qradar etc) content development / architecting will be an added advantage. Should have good hands-on experience and skills on advanced and integrated key Threat Detection Technology like SIEM, SOAR, EPP, EDR solutions, Firewalls, IDPS, Web Proxy, Enterprise Forensics tools. Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure. Good knowledge in threat modelling. Knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others Work with the team and the client to create plans for accomplishing engagement objectives and a strategy that complies with professional standards and addresses the risks inherent in the engagement. Brief the engagement team on the client's environment and industry trends. Maintain relationships with client to manage expectations of service including work products, timing, fees and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations Create and demonstrate innovative insights for clients, adapts methods and practices to fit operational team needs & contributes to thought leadership documents Apply extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business. Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services Drive discussions / knowledge sharing with key client personnel and contribute to EY’s thought leadership Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services. Strong collaboration with EY senior executives, other key stakeholders and importantly other EY SOC leaders to co-establish, promote and drive a Cyber SOC ecosystem Key responsibilities: Provide industry insights (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices) that energize growth Demonstrate deep understanding of the client’s industry and marketplace Lead consulting engagements that solve complex Cyber security issues Help mentor, coach and counsel their team members and help us build an inclusive culture and high-performing teams Maximize operational efficiency through standardization and process automation on client engagements and internal initiatives Monitor delivery progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes Successfully manage engagement time and budgets Convey complex technical security concepts to technical and non-technical audiences including executives. Provide strategic and relevant insight, connectedness and responsiveness to all clients to anticipate their needs Support and drive the overall growth strategy for the Cybersecurity practice as part of the leadership team. Identify and drive development of market differentiators including new products, solutions, automation etc. Define, develop and implement strategic go-to-market plans in collaboration with local EY member firms in Americas, EMEIA and APAC. Drive new business opportunities by developing ideas, proposals and solutions Strongly represent EY and its service lines and actively assess what the firm can deliver to serve clients. Assist Consulting Partners in driving the business development process on existing client engagements by gathering appropriate esources, gaining access to key contacts & supervising proposal preparation Develop long-term relationships with networks both internally and externally Enhance the EY brand through strong external relationships across a network of existing and future clients and alliance partners Driving the quality culture agenda within the team Manage and contribute in performance management for the direct reportees and team members, as per the organization policies Able to examine and act on people related issues both strategically and analytically. Participating in the EY-wide people initiatives including recruiting, retaining and training Cybersecurity professionals Use technology to continually learn, share knowledge and enhance client service delivery Support the EY inclusiveness culture To qualify, candidates must have: At least 15 years of industry experience and serving as Manager for minimum of 10 years or 5 years as Senior Manager, of recent relevant work experience in information security or information technology discipline, preferably in a business onsulting role with a leading technology consultancy organization Strong technical experience in not limited to, attack and penetration testing, vulnerability management, cloud, privacy, incident response, governance, risk and compliance, enterprise security strategies, and architecture. Any one of the following technical certifications: CISSP, CISM, GSOC Graduates / BE / BTech / MSc / MTech / MBA in the fields of Computer Science, Information Systems, Engineering, Business or related major Any one of the following project management experience - Prince2 / PMI / MSP / CSM Experience with data analysis and visualization technologies Fluency in English, other language skills are considered an asset EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Senior Manager_TDR (threat detection and response) Job Summary As a Senior Manager with EY’s Global Delivery Services (GDS) Cybersecurity Team, you will contribute technically to client engagement and services development activities. You will be focused on helping client’s grow and turn their Cyber security strategy into reality. You’ll work in high-performing teams that drive growth and deliver exceptional client service, making certain you play your part in building a better working world. You will be responsible for overall client service quality delivery in accordance with EY’s quality guidelines & methodologies. You will need to manage accounts and relationships on a day-to-day basis and explore new business opportunities for EY. Establishing, strengthening and nurturing relationships with clients (functional heads & key influencers) and internally across service lines. You will assist in developing new methodologies and internal initiatives and help in creating a positive learning culture by coaching, counselling and developing junior team members. Client responsibilities: Technical leadership and knowledge of cybersecurity concepts and methods including, but not limited to, SOC transformation, CTI, cloud, privacy, incident response, governance, risk and compliance, enterprise security strategies, and architecture. Excellent teamwork skills, passion and drive to succeed and combat Cyber threats Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel. Stay abreast of current business and economic developments and new pronouncements/standards relevant to the client's business. Generate new business opportunities by participating in market facing activities, executive briefings and developing thought leadership materials Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers. Should have worked in a security operations center and gained understanding of SIEM and other log management platforms. Having experience in best in breed SIEM (Splunk, Sentinel and Qradar etc) content development / architecting will be an added advantage. Should have good hands-on experience and skills on advanced and integrated key Threat Detection Technology like SIEM, SOAR, EPP, EDR solutions, Firewalls, IDPS, Web Proxy, Enterprise Forensics tools. Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure. Good knowledge in threat modelling. Knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others Work with the team and the client to create plans for accomplishing engagement objectives and a strategy that complies with professional standards and addresses the risks inherent in the engagement. Brief the engagement team on the client's environment and industry trends. Maintain relationships with client to manage expectations of service including work products, timing, fees and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations Create and demonstrate innovative insights for clients, adapts methods and practices to fit operational team needs & contributes to thought leadership documents Apply extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business. Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services Drive discussions / knowledge sharing with key client personnel and contribute to EY’s thought leadership Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services. Strong collaboration with EY senior executives, other key stakeholders and importantly other EY SOC leaders to co-establish, promote and drive a Cyber SOC ecosystem Key responsibilities: Provide industry insights (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices) that energize growth Demonstrate deep understanding of the client’s industry and marketplace Lead consulting engagements that solve complex Cyber security issues Help mentor, coach and counsel their team members and help us build an inclusive culture and high-performing teams Maximize operational efficiency through standardization and process automation on client engagements and internal initiatives Monitor delivery progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes Successfully manage engagement time and budgets Convey complex technical security concepts to technical and non-technical audiences including executives. Provide strategic and relevant insight, connectedness and responsiveness to all clients to anticipate their needs Support and drive the overall growth strategy for the Cybersecurity practice as part of the leadership team. Identify and drive development of market differentiators including new products, solutions, automation etc. Define, develop and implement strategic go-to-market plans in collaboration with local EY member firms in Americas, EMEIA and APAC. Drive new business opportunities by developing ideas, proposals and solutions Strongly represent EY and its service lines and actively assess what the firm can deliver to serve clients. Assist Consulting Partners in driving the business development process on existing client engagements by gathering appropriate esources, gaining access to key contacts & supervising proposal preparation Develop long-term relationships with networks both internally and externally Enhance the EY brand through strong external relationships across a network of existing and future clients and alliance partners Driving the quality culture agenda within the team Manage and contribute in performance management for the direct reportees and team members, as per the organization policies Able to examine and act on people related issues both strategically and analytically. Participating in the EY-wide people initiatives including recruiting, retaining and training Cybersecurity professionals Use technology to continually learn, share knowledge and enhance client service delivery Support the EY inclusiveness culture To qualify, candidates must have: At least 15 years of industry experience and serving as Manager for minimum of 10 years or 5 years as Senior Manager, of recent relevant work experience in information security or information technology discipline, preferably in a business onsulting role with a leading technology consultancy organization Strong technical experience in not limited to, attack and penetration testing, vulnerability management, cloud, privacy, incident response, governance, risk and compliance, enterprise security strategies, and architecture. Any one of the following technical certifications: CISSP, CISM, GSOC Graduates / BE / BTech / MSc / MTech / MBA in the fields of Computer Science, Information Systems, Engineering, Business or related major Any one of the following project management experience - Prince2 / PMI / MSP / CSM Experience with data analysis and visualization technologies Fluency in English, other language skills are considered an asset EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Senior Manager_TDR (threat detection and response) Job Summary As a Senior Manager with EY’s Global Delivery Services (GDS) Cybersecurity Team, you will contribute technically to client engagement and services development activities. You will be focused on helping client’s grow and turn their Cyber security strategy into reality. You’ll work in high-performing teams that drive growth and deliver exceptional client service, making certain you play your part in building a better working world. You will be responsible for overall client service quality delivery in accordance with EY’s quality guidelines & methodologies. You will need to manage accounts and relationships on a day-to-day basis and explore new business opportunities for EY. Establishing, strengthening and nurturing relationships with clients (functional heads & key influencers) and internally across service lines. You will assist in developing new methodologies and internal initiatives and help in creating a positive learning culture by coaching, counselling and developing junior team members. Client responsibilities: Technical leadership and knowledge of cybersecurity concepts and methods including, but not limited to, SOC transformation, CTI, cloud, privacy, incident response, governance, risk and compliance, enterprise security strategies, and architecture. Excellent teamwork skills, passion and drive to succeed and combat Cyber threats Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel. Stay abreast of current business and economic developments and new pronouncements/standards relevant to the client's business. Generate new business opportunities by participating in market facing activities, executive briefings and developing thought leadership materials Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers. Should have worked in a security operations center and gained understanding of SIEM and other log management platforms. Having experience in best in breed SIEM (Splunk, Sentinel and Qradar etc) content development / architecting will be an added advantage. Should have good hands-on experience and skills on advanced and integrated key Threat Detection Technology like SIEM, SOAR, EPP, EDR solutions, Firewalls, IDPS, Web Proxy, Enterprise Forensics tools. Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure. Good knowledge in threat modelling. Knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others Work with the team and the client to create plans for accomplishing engagement objectives and a strategy that complies with professional standards and addresses the risks inherent in the engagement. Brief the engagement team on the client's environment and industry trends. Maintain relationships with client to manage expectations of service including work products, timing, fees and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations Create and demonstrate innovative insights for clients, adapts methods and practices to fit operational team needs & contributes to thought leadership documents Apply extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business. Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services Drive discussions / knowledge sharing with key client personnel and contribute to EY’s thought leadership Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services. Strong collaboration with EY senior executives, other key stakeholders and importantly other EY SOC leaders to co-establish, promote and drive a Cyber SOC ecosystem Key responsibilities: Provide industry insights (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices) that energize growth Demonstrate deep understanding of the client’s industry and marketplace Lead consulting engagements that solve complex Cyber security issues Help mentor, coach and counsel their team members and help us build an inclusive culture and high-performing teams Maximize operational efficiency through standardization and process automation on client engagements and internal initiatives Monitor delivery progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes Successfully manage engagement time and budgets Convey complex technical security concepts to technical and non-technical audiences including executives. Provide strategic and relevant insight, connectedness and responsiveness to all clients to anticipate their needs Support and drive the overall growth strategy for the Cybersecurity practice as part of the leadership team. Identify and drive development of market differentiators including new products, solutions, automation etc. Define, develop and implement strategic go-to-market plans in collaboration with local EY member firms in Americas, EMEIA and APAC. Drive new business opportunities by developing ideas, proposals and solutions Strongly represent EY and its service lines and actively assess what the firm can deliver to serve clients. Assist Consulting Partners in driving the business development process on existing client engagements by gathering appropriate esources, gaining access to key contacts & supervising proposal preparation Develop long-term relationships with networks both internally and externally Enhance the EY brand through strong external relationships across a network of existing and future clients and alliance partners Driving the quality culture agenda within the team Manage and contribute in performance management for the direct reportees and team members, as per the organization policies Able to examine and act on people related issues both strategically and analytically. Participating in the EY-wide people initiatives including recruiting, retaining and training Cybersecurity professionals Use technology to continually learn, share knowledge and enhance client service delivery Support the EY inclusiveness culture To qualify, candidates must have: At least 15 years of industry experience and serving as Manager for minimum of 10 years or 5 years as Senior Manager, of recent relevant work experience in information security or information technology discipline, preferably in a business onsulting role with a leading technology consultancy organization Strong technical experience in not limited to, attack and penetration testing, vulnerability management, cloud, privacy, incident response, governance, risk and compliance, enterprise security strategies, and architecture. Any one of the following technical certifications: CISSP, CISM, GSOC Graduates / BE / BTech / MSc / MTech / MBA in the fields of Computer Science, Information Systems, Engineering, Business or related major Any one of the following project management experience - Prince2 / PMI / MSP / CSM Experience with data analysis and visualization technologies Fluency in English, other language skills are considered an asset EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Senior Manager_TDR (threat detection and response) Job Summary As a Senior Manager with EY’s Global Delivery Services (GDS) Cybersecurity Team, you will contribute technically to client engagement and services development activities. You will be focused on helping client’s grow and turn their Cyber security strategy into reality. You’ll work in high-performing teams that drive growth and deliver exceptional client service, making certain you play your part in building a better working world. You will be responsible for overall client service quality delivery in accordance with EY’s quality guidelines & methodologies. You will need to manage accounts and relationships on a day-to-day basis and explore new business opportunities for EY. Establishing, strengthening and nurturing relationships with clients (functional heads & key influencers) and internally across service lines. You will assist in developing new methodologies and internal initiatives and help in creating a positive learning culture by coaching, counselling and developing junior team members. Client responsibilities: Technical leadership and knowledge of cybersecurity concepts and methods including, but not limited to, SOC transformation, CTI, cloud, privacy, incident response, governance, risk and compliance, enterprise security strategies, and architecture. Excellent teamwork skills, passion and drive to succeed and combat Cyber threats Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel. Stay abreast of current business and economic developments and new pronouncements/standards relevant to the client's business. Generate new business opportunities by participating in market facing activities, executive briefings and developing thought leadership materials Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers. Should have worked in a security operations center and gained understanding of SIEM and other log management platforms. Having experience in best in breed SIEM (Splunk, Sentinel and Qradar etc) content development / architecting will be an added advantage. Should have good hands-on experience and skills on advanced and integrated key Threat Detection Technology like SIEM, SOAR, EPP, EDR solutions, Firewalls, IDPS, Web Proxy, Enterprise Forensics tools. Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure. Good knowledge in threat modelling. Knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others Work with the team and the client to create plans for accomplishing engagement objectives and a strategy that complies with professional standards and addresses the risks inherent in the engagement. Brief the engagement team on the client's environment and industry trends. Maintain relationships with client to manage expectations of service including work products, timing, fees and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations Create and demonstrate innovative insights for clients, adapts methods and practices to fit operational team needs & contributes to thought leadership documents Apply extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business. Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services Drive discussions / knowledge sharing with key client personnel and contribute to EY’s thought leadership Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services. Strong collaboration with EY senior executives, other key stakeholders and importantly other EY SOC leaders to co-establish, promote and drive a Cyber SOC ecosystem Key responsibilities: Provide industry insights (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices) that energize growth Demonstrate deep understanding of the client’s industry and marketplace Lead consulting engagements that solve complex Cyber security issues Help mentor, coach and counsel their team members and help us build an inclusive culture and high-performing teams Maximize operational efficiency through standardization and process automation on client engagements and internal initiatives Monitor delivery progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes Successfully manage engagement time and budgets Convey complex technical security concepts to technical and non-technical audiences including executives. Provide strategic and relevant insight, connectedness and responsiveness to all clients to anticipate their needs Support and drive the overall growth strategy for the Cybersecurity practice as part of the leadership team. Identify and drive development of market differentiators including new products, solutions, automation etc. Define, develop and implement strategic go-to-market plans in collaboration with local EY member firms in Americas, EMEIA and APAC. Drive new business opportunities by developing ideas, proposals and solutions Strongly represent EY and its service lines and actively assess what the firm can deliver to serve clients. Assist Consulting Partners in driving the business development process on existing client engagements by gathering appropriate esources, gaining access to key contacts & supervising proposal preparation Develop long-term relationships with networks both internally and externally Enhance the EY brand through strong external relationships across a network of existing and future clients and alliance partners Driving the quality culture agenda within the team Manage and contribute in performance management for the direct reportees and team members, as per the organization policies Able to examine and act on people related issues both strategically and analytically. Participating in the EY-wide people initiatives including recruiting, retaining and training Cybersecurity professionals Use technology to continually learn, share knowledge and enhance client service delivery Support the EY inclusiveness culture To qualify, candidates must have: At least 15 years of industry experience and serving as Manager for minimum of 10 years or 5 years as Senior Manager, of recent relevant work experience in information security or information technology discipline, preferably in a business onsulting role with a leading technology consultancy organization Strong technical experience in not limited to, attack and penetration testing, vulnerability management, cloud, privacy, incident response, governance, risk and compliance, enterprise security strategies, and architecture. Any one of the following technical certifications: CISSP, CISM, GSOC Graduates / BE / BTech / MSc / MTech / MBA in the fields of Computer Science, Information Systems, Engineering, Business or related major Any one of the following project management experience - Prince2 / PMI / MSP / CSM Experience with data analysis and visualization technologies Fluency in English, other language skills are considered an asset EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

Overview 170+ Years Strong. Industry Leader. Global Impact. At Pinkerton, the mission is to protect our clients. To do this, we provide enterprise risk management services and programs specifically designed for each client. Pinkerton employees are one of our most important assets and critical to the delivery of world-class solutions. Bonded together, we share a commitment to integrity, vigilance, and excellence. Pinkerton is an inclusive employer who seeks candidates with diverse backgrounds, experiences, and perspectives to join our family of industry subject matter experts. The Assistant Site Security Manager, assigned to one of Pinkerton's largest global clients, will provide operational support in the application of physical security operations at the client's campus to ensure a safe working environment and support the organization's core business objectives. Responsibilities Represent Pinkerton’s core values of integrity, vigilance, and excellence. Provide operational support in the application of physical security operations to ensure a safe working environment. Assist in the evaluation, development, and implementation of regional security strategies. Implement site security plans, security assessments, site specific risk/threat analysis and training awareness programs with the assistance of law enforcement agencies. Support the regional internal communication program. Liaise with government, consular and private sector agencies to enhance security operations. Provide support to Security Manager regarding contingency planning, risk/threat assessments, and the maintenance of effective networks across all business groups. Assist with the intelligence gathering process regarding the protection against high security threats, emergencies, and contingencies. Assist with the Building Emergency Reaction Readiness Program through the collaboration with key stakeholders. Support the creation and review of regional level strategic relocation planning. Preserve the business infrastructure at local and region level through the implementation of strategic business objectives. Provide multi-level communication between the business units in cooperation with individuals, teams, and vendors. Conduct periodic review sessions with vendors to achieve quality service delivery provision by suppliers and vendors. Manage and direct all security staff and daily on-site security operations and ensure correct and continuous business operations. Assist in the development of internal and external service optimization. Respond immediately to all security incidents and emergencies, as dictated by policy. Provide operational support to the Regional Security Manager during incidents and emergencies. Act as the global security representative during initial stages, as dictated by policy. Support established systems including but not limited to; access control, system trouble shooting, and access card management. Coordinate security support for both internal/external events. All other duties, as assigned. Qualifications Bachelor's degree preferred with at least Three years of corporate security operations experience. Able to carry out responsibilities with little or no supervision. Effective written, verbal, and presentation skills. Able to multi-task and organize workload for effective implementation. Client orientated and results driven. Able to interact effectively at all levels and across diverse cultures. Able to prioritize duties and responsibilities in accordance with level of importance. Able to adapt as the external environment and organization evolves. Computer skills; Microsoft Office. Working Conditions: With or without reasonable accommodation, requires the physical and mental capacity to effectively perform all essential functions; Regular computer usage. Occasional reaching and lifting of small objects and operating office equipment. Frequent sitting, standing, and/or walking. Travel, as required. Pinkerton is an equal opportunity employer to all applicants and positions without regard to race/ethnicity, color, national origin, ancestry, sex/gender, gender identity/expression, sexual orientation, marital/prenatal status, pregnancy/childbirth or related conditions, religion, creed, age, disability, genetic information, veteran status, or any protected status by local, state, federal or country-specific law.

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you. About The Role As a Senior Technical Account Manager (TAM) at CrowdStrike, you will be a trusted advisor and technical partner to our most strategic customers. This role is all about building strong relationships, delivering expert guidance, and ensuring the long-term success and security of our customers' environments. You’ll work closely with Security, Product and IT teams to proactively resolve complex technical challenges, and help customers maximise the value of our platform. In this role, you’ll combine deep technical knowledge with strong communication and customer management skills to provide tailored support and strategic planning. You will serve as a bridge between customers and our internal teams, helping to prioritize issues, share product feedback, and advocate for customer needs. Success in this role requires a proactive mindset, a passion for cybersecurity, and the ability to navigate complex technical environments with confidence and care. What You’ll Do Serve as primary technical contact and augment our customer support teams Onboard new Elite Enterprise customers to the CrowdStrike platform. Ensure customer success through proactive periodic health checks, product training, and developing and sharing best practices focusing on Executive level interaction\ Lead efforts with internal CrowdStrike stakeholders to ensure needed customer feedback is adequately documented and assessed by internal parties. Leads meetings with Product Leadership to ensure customer must-have features and impacting issues are addressed Be the solution expert from the front lines of the SOC to the C-suite. Research complex technical issues in a timely manner and follow up with recommendations and action plans. Drive escalations with executive management and stakeholders Lead cross-functional groups to achieve resolution for any escalated issues. Contribute and utilize internal technical expertise, including development engineers, knowledge base, and other internal tools to provide the most effective solutions to customer issues Create knowledge content and systems to capture new learning for reuse throughout the company and user base. Lead technical communications within the team to share best practices and learn about new technologies and complimentary security applications. Manage renewal risk and collaborate with sales executive teams to remediate and ensure a successful renewal and upsell of product across assigned territory Conduct and lead quarterly onsite briefings with customers and executive staff. Participate in a corporate mentorship program. What You’ll Need Bachelor’s Degree or equivalent experience Industry recognized security certification Experience working with all supported operating systems Knowledge of enterprise web technologies, security and cutting-edge infrastructures Network infrastructure experience Security Operations Center working knowledge and experience Excellent customer service skills and ability to quickly establish technical credibility with customers Excellent communication skills, written and verbal with the ability to effectively communicate at all levels. Experience working independently to determine methods and procedures on new assignments Demonstrable problem-solving skills Collaborative attitude Commitment to customer success Bonus Points Experience with cloud platforms (e.g., AWS, Azure, GCP) Familiarity with SIEM tools and log analysis (e.g., Splunk, QRadar) Industry-recognized security certifications (e.g., CISSP, CISM, GIAC) Scripting knowledge (e.g., Python, PowerShell, Bash) Experience working with APIs for integration and automation Deep expertise in Windows, Linux and Mac platforms Benefits Of Working At CrowdStrike Remote-friendly and flexible work culture Market leader in compensation and equity awards Comprehensive physical and mental wellness programs Competitive vacation and holidays for recharge Paid parental and adoption leaves Professional development opportunities for all employees regardless of level or role Employee Resource Groups, geographic neighbourhood groups and volunteer opportunities to build connections Vibrant office culture with world class amenities Great Place to Work Certified™ across the globe CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program. CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements. If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at recruiting@crowdstrike.com for further assistance. Show more Show less

Job Summary: The SOC Monitoring and Incident Response Specialist is responsible for monitoring security events, identifying potential threats, investigating incidents, and initiating incident response actions. This role requires extensive experience in cybersecurity, threat intelligence, and incident response processes to support our security operations and safeguard our organization's IT environment. Key Responsibilities: Security Monitoring & Analysis · - Monitor and analyze security alerts from various sources (SIEM, IDS/IPS, firewalls, endpoint protection, etc.). · - Identify suspicious activity and investigate to understand the threat level and scope. · - Perform triage of alerts to assess whether they represent legitimate threats or false positives. · Act as the first responder to security incidents, containing and mitigating threats. · - Document and track incidents, performing root-cause analysis to prevent recurrence. · - Coordinate incident response efforts, collaborating with internal teams and external partners if needed. · - Utilize threat intelligence to stay updated on emerging threats and attack vectors. · - Correlate threat intelligence data with real-time monitoring to detect indicators of compromise (IOCs). · - Proactively hunt for threats and vulnerabilities within the organization’s network. · - Conduct forensic investigations of compromised endpoints, servers, and networks to determine the nature and extent of attacks. · - Collect, preserve, and analyze evidence for potential use in legal or disciplinary actions. · - Provide detailed reports on findings and recommendations for improvements in security posture. Process Improvement & Documentation · - Contribute to the development and improvement of SOC processes, playbooks, and runbooks. · - Document security incidents and response activities in detail, ensuring accurate record-keeping. · - Provide post-incident reports, insights, and recommendations to improve defenses and incident handling procedures. · - Work with IT and cybersecurity teams to improve overall network and endpoint security. · - Communicate with stakeholders, translating technical findings into business impacts. · - Participate in cross-functional meetings and contribute to the overall risk management strategy. · - Mentor junior SOC analysts and assist in their professional development. · - Conduct training sessions and awareness programs to improve cybersecurity knowledge within the organization. Requirements: Education: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent experience). Experience: 6-8 years of experience in a SOC, incident response, or similar cybersecurity role. Certifications: Preferred certifications include CISSP, CISM, GIAC (GCIA, GCIH), or CEH. Technical Skills: · - Proficiency with SIEM tools (e.g., Splunk, QRadar, ArcSight, Logrhythm), IDS/IPS systems, firewalls, and EDR and WAF solutions. · - Familiarity with common operating systems (Windows, Linux) and networking protocols (TCP/IP, DNS, HTTP, etc.). · - Strong understanding of cyber threats, vulnerabilities, malware, and attack methods. · - Experience with scripting languages (Python, PowerShell) is an asset. · - Knowledge of forensic tools and processes for data recovery and analysis. Soft Skills: · - Strong analytical and problem-solving abilities. · - Ability to work effectively under pressure and manage multiple tasks. · - Excellent communication and interpersonal skills, with the ability to explain technical issues to non-technical audiences. · - Team-oriented with a proactive and collaborative attitude. Show more Show less