408 Qradar Jobs - Page 6

Unilever Bengaluru, Karnataka, India Posted on Jun 5, 2025 Apply now Job Title: Cyber Security Forensics SME Location: UniOps Bangalore About Unilever Be part of the world’s most successful, purpose-led business. Work with brands that are well-loved around the world, that improve the lives of our consumers and the communities around us. We promote innovation, big and small, to make our business win and grow; and we believe in business as a force for good. Unleash your curiosity, challenge ideas and disrupt processes; use your energy to make this happen. Our brilliant business leaders and colleagues provide mentorship and inspiration, so you can be at your best. Every day, nine out of ten Indian households use our products to feel good, look good and get more out of life – giving us a unique opportunity to build a brighter future. Every individual here can bring their purpose to life through their work. Join us and you’ll be surrounded by inspiring leaders and supportive peers. Among them, you’ll channel your purpose, bring fresh ideas to the table, and simply be you. As you work to make a real impact on the business and the world, we’ll work to help you become a better you. About Uniops Unilever Operations (UniOps) is the global technology and operations engine of Unilever offering business services, technology, and enterprise solutions. UniOps serves over 190 locations and through a network of specialized service lines and partners delivers insights and innovations, user experiences and end-to-end seamless delivery making Unilever Purpose Led and Future Fit. Responsibilities The person in this role is expected to generate leads for the Incident Response team (based on forensic evidence) for timely containment and response actions. It is expected that the person leads all in-house investigations and also coordinates with external investigators/specialists in major incidents. Conducts forensics analysis of cyber security incidents to deduce RCA and understand the relevant threat (for example malware behaviour and TTP through static and dynamic analysis) and potential impact. Utilizes latest and advanced knowledge of SOC Technologies and Forensic technologies (such as Memory Forensics, Network Forensics, Filesystem Forensics, Malware analysis and Reverse Engineering, Device Forensics - HDD/SSD/Smart Phone) across various platforms (end-points, servers, AWS/Azure/GCP cloud) and Operating Systems (Windows, Linux, UNIX, Mac, AIX, etc.) for supporting Forensics investigations. Participates in scoping discussions with stakeholders for forensics capability projects and investigations to understand the requirement, identifies and communicates feasibility and approach, undertake and follow-up actions till timely delivery and successful conclusion. Ensures that all investigations are appropriately conducted and documented as per cardinal forensic principles and evidence handling (collection, analysis, sharing and preservation) is compliant to the process. Effectively and timely triage and respond to incident investigation. Key Requirements MANDATORY Strong ethics, communication and team skills Hands-on experience with Enterprise SIEM (like Splunk, QRadar, Sentinel, etc) and EDR tools (like Microsoft Defender, CrowdStrike Falcon, etc) Hands-on experience with Enterprise Forensics tools (like EnCase, FTK, AXIOM, etc) Hands-on experience in memory forensics, network forensics and malware analysis Minimum 10 years of enterprise experience in a global SOC (Security Operations Centre) / DFIR (Digital Forensics or Incident Response) domain. Working knowledge of at least one of the scripting tools: Python/ Perl/ PowerShell EnCase Certified Examiner (EnCE) GIAC Certification GCFE/ GCFA/ GREM/ GNFA At HUL, we believe that every individual irrespective of their race, colour, religion, gender, sexual orientation, gender identity or expression, age, nationality, caste, disability or marital status can bring their purpose to life. So apply to us, to unleash your curiosity, challenge ideas and disrupt processes; use your energy to make the world a better place. As you work to make a real impact on the business and the world, we’ll work to help you become a better you! Apply now See more open positions at Unilever Show more Show less

Information Protection Senior Advisor - HIH - Evernorth ABOUT EVERNORTH: Evernorthexists to elevate health for all, because we believe health is the starting point for human potential and progress. As champions for affordable, predictable and simple health care,we solve the problems others don’t, won’t or can’t. Position Overview In this role, you will provide hands-on software engineering and system architecture leadership for one of our Behavioral Health and Care Solutions Delivery teams. The focus of the work is to continue to enhance our market winning capabilities in the Behavioral Health and Care Solutions space. The Evernorth Technology strategy is fully aligned with our business strategy, resulting in an opportunity for you to influence in various directions – this includes technology\business direction but also recruiting and mentoring employees and influencing selection of and relationships with vendor resources to ultimately build and contribute within a world class Delivery Vertical. This is a hands-on position with visibility to the highest levels of Evernorth management who are motivated to see the successful results of our efforts. The solution focuses on enabling this change using the latest technologies and development techniques Responsibilities Provide expert architecture, engineering, and project support for key Okta CIAM initiatives. Regularly meet with application development teams throughout the enterprise to understand their specific Okta integration requirements and evaluate feasibility. Interface withvarious stakeholders to scope and planengineeringefforts to ensure project and feature launch success. Contribute to developing and executing a multi-year CIAM strategy and roadmap for enterprise stakeholders. Drive proof of concepts to determine solution approach and scope. Assist with Okta configuration and test data setup for applications. Assist application teams with issue resolution. Assist with the promotion of the application configuration to production Okta tenants. Participate in vendor and tool selection in alignment with solution architecture. Maintain a broad and deep technical understanding of the Okta product line and the underlying technologies and protocols. Participate in compliance and security reviews as necessary, including working closely with internal teams to build security, reliability, and scalability practices into the OKTA platform. Educate, evangelize, and share best practices, tool updates, and policy updates. Report key performance metrics to stakeholders. Qualifications Required Skills: Experience with technical large-scale Okta CIAM deployments in an enterprise setting. Working knowledge of Auth0/Okta in a CIAM implementation preferred. Previous experience in designing and architecting CIAM-enabling capabilities that delivered business objectives. Working experience implementing applications with modern authentication and authorization protocols (OAuth, OIDC, SAML). Experience with modern DevOps processes and an in-depth understanding of software engineering principles and practices. Advanced problem-solving skills and the ability to work collaboratively to resolve complex issues with innovative solutions. Experience and expert knowledge of Identity as a Service and Federation technologies (Okta, ISAM, TFIM, etc.). Experience with interpersonal, team building, communication, leadership, negotiation, and motivational skills. Demonstrated skill at creating technical documentation for complex processes and applications. Experience with Splunk, ServiceNow, QRADAR, JIRA Experience building web applications, incorporating both front and backend lang uages/frameworks is a plus. Experience with leading architectural efforts for cloud services. Self-motivated, adaptable, and able to prioritize and motivate others. Required Experience & Education 13-16 years of experience Bachelor’s degree preferred. About Evernorth Health Services Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.

Key Responsibilities: Leadership and Team Management: Lead and manage the Internal Red Team and SOC Operations teams, ensuring effective collaboration and alignment with organizational security objectives. Provide mentorship and guidance to team members, fostering a culture of continuous learning and professional development. Conduct regular performance reviews and provide ongoing feedback and coaching. Red Team Operations: Plan, execute, and oversee red team exercises to identify and exploit vulnerabilities in systems, networks, and applications. Develop and maintain red team methodologies, tools, and documentation. Work closely with other security teams to remediate identified vulnerabilities and improve security defenses. SOC Operations Management: Oversee the daily operations of the SOC, ensuring efficient and effective monitoring, detection, and response to security incidents. Develop and maintain SOC processes, procedures, and documentation to ensure consistent and high-quality operations. Ensure the SOC is staffed 24/7, including managing schedules, shifts, and on-call rotations. Incident Response and Management: Coordinate and lead the response to major security incidents, including investigation, containment, eradication, and recovery. Develop and maintain an incident response plan and ensure the team is well-trained and prepared to handle incidents. Conduct post-incident reviews and develop lessons learned to improve future response efforts. Threat Intelligence and Analysis: Oversee the collection, analysis, and dissemination of threat intelligence to inform security operations and red team activities. Ensure the SOC team utilizes advanced threat detection tools and techniques to identify and mitigate threats. Collaborate with other teams to enhance threat intelligence capabilities and integrate with existing processes. Security Monitoring and Reporting: Ensure continuous monitoring of network traffic, system logs, and security alerts using SIEM (Security Information and Event Management) solutions. Develop and maintain metrics and dashboards to report on SOC and red team performance and security posture. Present regular reports and briefings to senior management on the state of security operations and key incidents. Policy and Compliance: Develop and enforce security policies, procedures, and standards in alignment with industry best practices and regulatory requirements. Ensure compliance with relevant regulations, such as GDPR, and PCI-DSS. Participate in security audits and assessments, and coordinate with external auditors as needed. Qualifications: Bachelors degree in Computer Science, Information Security, or a related field. Equivalent work experience may be considered. Minimum of 7 years of experience in cybersecurity, with at least 3 years in a management or leadership role overseeing red team and/or SOC operations. Strong understanding of offensive security practices, including penetration testing and red teaming methodologies. Experience with SOC operations, including incident response, threat detection, and SIEM tools such as Splunk, ArcSight, or QRadar. Knowledge of common attack vectors and techniques, such as phishing, malware, and ransomware. Familiarity with regulatory requirements and frameworks, such as NIST, ISO 27001, and GDPR. Relevant certifications, such as CISSP, CISM, OSCP, CEH, or GIAC, are highly desirable. Excellent leadership, communication, and interpersonal skills. Ability to work effectively under pressure and manage multiple priorities.

Job Information Job Opening ID ZR_1902_JOB Date Opened 29/04/2023 Industry Technology Job Type Work Experience 5-8 years Job Title SIEM - Splunk Content Developer City Chennai Province Tamil Nadu Country India Postal Code 600089 Number of Positions 5 3+ years of experience working in the field of Content development and experience in delivering and/or building content on any of the SIEM tools like Splunk/Arc sight /QRadar/Nitro ESM/etc. Deep understanding of MITRE ATT&CK Framework. Experience in SOC Incident analysis with an exposure to information security technologies such as Firewall, VPN, Intrusion detection tools, Malware tools, Authentication tools, endpoint technologies, EDR and cloud security tools. Good understanding of networking concepts. Experience interpreting, searching, and manipulating data within enterprise logging solutions (e.g. SIEM, IT Service Management (ITSM) tools, workflow, and automation) In depth knowledge of security data logs and an ability to create new content on advanced security threats on a need basis as per Threat Intelligence. Ability to identify gaps in the existing security controls. Good experience in writing queries/rules/use cases for security analytics (ELK, Splunk or any other SIEM platform) and deployment of content. Experience on EDR tools like Crowd strike and good understanding on TTPs like Process Injection. Excellent communication, listening & facilitation skills Ability to demonstrate an investigative mindset. Excellent problem-solving skills. Understanding of MITRE ATT&CK framework. Location: Pan India check(event) ; career-website-detail-template-2 => apply(record.id,meta)" mousedown="lyte-button => check(event)" final-style="background-color:#2B39C2;border-color:#2B39C2;color:white;" final-class="lyte-button lyteBackgroundColorBtn lyteSuccess" lyte-rendered=""> I'm interested

Join our Team About this opportunity: We are now looking for a Senior Security Engineer professional for our Managed Security team. This job role has accountability for researching, designing, engineering, implementing, and supporting security solutions in partnership with the respective stakeholders within Ericsson and / or customer organization and / or 3rd Party Providers. The professional will work alongside a highly skilled, diverse team, making sure that the information assets, that we are responsible to protect, are secured. What you will do: Design, implement, manage, monitor, and troubleshoot cybersecurity defenses, including configuration management, network security, systems security, and monitoring systems / tools. Participate in planning and audit scope development as well as project execution as a critical team member on complex technology related assessments. Play an active role in the design and execution of infrastructure initiatives to ensure an evolving adherence to industry best practices for information security. Lead the execution of the assessment of specific technical areas of a project, supervising other team members and providing coaching where needed. Perform Security Incident Management, including but not limited to: supporting SIEM tools, integrating logs into the tool, creating and modifying rules, investigating and resolving alerts, automating tasks. Research new and emerging threats to gain insight into the evolving threat landscape, and share knowledge with the team. Promote new ideas and new ways of executing projects and internal infrastructure enhancements. Innovate and automate repetitive activities and corrective actions, including broader automation initiatives. Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets, and monitors for compliance Responds to information security incidents, including investigation of countermeasures to and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement The skills you bring: Strong knowledge of information security Strong knowledge of SIEM tools (such as McAfee ESM, QRadar, ArcSight, Splunk, etc.), scanning tools (Nessus, Qualys, IBM AppScan, etc.) and PAM tools (BeyondTrust, CyberArk, etc.) Strong knowledge of both Linux-based and MS Windows-based system platforms with a strong technical understanding and aptitude for analytical problem-solving Strong understanding of enterprise, network, system and application level security issues Strong understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP/IP networks along with available security controls (technical & process controls) for respective layers Good understanding of the system hardening processes, tools, guidelines and benchmarks Fundamental understanding of encryption technologies Participate in the out-of-hours on call rotation, providing technical support to the business for incidents Strong knowledge sharing and collaboration skills Deliver results and meet customer expectations Excellent communication skills; English is a must Key Qualifications: Education: BE/ B.Tech (Telecommunication/ Computer Science) Minimum years of relevant experience: 8 to 15 years experience with at least 8 years in IT and 7 years in Security ITIL certification, CCSP, OSCP, Security +, CISSP or similar will be an advantage Basic knowledge of telecommunications networks will be an added advantage Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply? Click Here to find all you need to know about what our typical hiring process looks like. Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more. Primary country and city: India (IN) || Noida Req ID: 768174 Show more Show less

Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO) is a leading technology services and consulting company focused on building innovative solutions that address clients’ most complex digital transformation needs. Leveraging our holistic portfolio of capabilities in consulting, design, engineering, and operations, we help clients realize their boldest ambitions and build future-ready, sustainable businesses. With over 230,000 employees and business partners across 65 countries, we deliver on the promise of helping our customers, colleagues, and communities thrive in an ever-changing world. For additional information, visit us at www.wipro.com. Job Description We are looking for an experienced ServiceNow developer to join our ServiceNow Risk and Security Operations practice as a senior consultant to support client implementation projects. The ideal candidate will have a strong background in ServiceNow implementation projects, with at least one project involving ServiceNow Risk solutions (i.e., Integrated Risk Management, Third Party Risk Management, Business Continuity Management). Our team brings technical expertise, real-world experience, strong executive engagement skills, and an inspirational mindset to help our customers understand the opportunities of the “platform of platforms” vision. We act as Trusted Partners for our customers’ most complex solutions, designed to ensure that they can rapidly realize the value they need. We do this by leveraging best practices and industry standards to build customer trust and architect best-in-class solutions. While collaborating with customers, and the wider ServiceNow Risk and Security Operations delivery team, the right candidate will be able to implement ServiceNow solutions based on requirements and architectural designs approved by the client. The candidate will also lead and participate in the delivery of demonstrations, workshops, best practice overviews, and educational sessions for customers. KEY RESPONSIBILITIES: Gather and document client requirements as part of a ServiceNow implementation project. Configure and test ServiceNow Risk solutions. Be a technical delivery resource, ensuring delivery excellence, aligned to ServiceNow Risk practice expectations. Stay current with new developments in the ServiceNow platform and apply that knowledge to client solutions REQUIRED QUALIFICATIONS: Minimum of 2 years of ServiceNow developer experience. Strong understanding of ServiceNow platform, including experience with custom development, integrations, and workflows. Strong problem-solving and analytical skills. ServiceNow Certified System Administrator certification. Experience working in a consulting environment. PREFERRED QUALIFICATIONS: ServiceNow Certified Implementation Specialist certification in one or more of the following: Risk and Compliance. Third-party Risk Management (TPRM) Implementer. Micro-Certification - Business Continuity Management. ServiceNow Certified Application Developer certifications. Experience in working with an integrated global practice. Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and/or Certified Information Security Manager (CISM) Experience working with industry-leading security operations tools (e.g., CyberXM, Rapid7, Qualys, Tenable, Prisma, Snyk, Veracode, Wiz, Orca, Tanium, Splunk, QRadar. Carbon Black, CrowdStrike, ProofPoint, Cisco, etc). Reinvent your world. We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention. Come to Wipro. Realize your ambitions. Applications from people with disabilities are explicitly welcome.

Job Duties (Summary): Senior Security SOC Analyst works in 24/7 team and in shifts which include nights and rotational weekends. The role is a key part of our Security Monitoring Incident Response team, involving in investigating alerts/events that trigger from MS Sentinel / SIEM and EDR Tools and other end point tools. Senior Analyst will be the internal escalation point for the Security analysts within the shift/team and will assist Security Analysts in responding to Security Incidents. This role also needs exceptional communication skills (verbal and written), and an ability quickly understand complex information while recognizing familiar elements within complex situations. Required Skills & Experience: Responsible for 24/7 monitor, triage, analysing security events and alerts. Including Malware analysis. Should have good hands-on in Microsoft Sentinel and should have ability to query using KQL [Mandatory] Familiarity with core concepts of security incident response, e.g., the typical phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IoCs), etc... Strong knowledge of email security threats and security controls, including experience analysing email headers. Analysing Phishing emails and associated Threats and to remediate them by blocking the Url’s analysing the malware(s),link(s),IOC’s. Good understanding of Threat Intel and Hunting. Good hands on experience in investigating EDR alerts (Tanium, CrowdStrike, etc..) Good hands on experience in using XSOAR Platforms (Demisto, Phantom, etc..) Strong technical understanding of network fundamentals and common Internet protocols, specifically DNS, HTTP, HTTPS / TLS, and SMTP. Experience analysing network traffic using tools such as Wireshark, to investigate either security issues or complex operational issues. Experience reviewing system and application logs (e.g., web or mail server logs), either to investigate security issues or complex operational issues. Knowledge in investigating security issues within Cloud infrastructure such as AWS, GCP, Azure (Preferred not mandatory) Good knowledge and hands-on experience with SIEM systems such as SentinelOne/RSA Netwitness/Splunk/AlienVault/QRadar, ArcSight or similar in understanding/creating new detection rules, correlation rules etc... Experience In defining use cases for playbooks and runbooks (Preferred) Experience in understanding log types and log parsing Strong passion in information security, including awareness of current threats and security best practices. Basic Qualifications (Preferred not mandatory ? if Candidate has equivalent knowledge) Bachelor’s Degree in Computer Sciences or equivalent (Preferred not mandatory) Minimum of 3 years of experience in a Security Operations Centre (SOC) or incident response team (CSIRT Team member). Overall 3+ experience in Information Security/IT Security/Network Security. CEH, CISSP, OSCP, CHFI, ECSA, GCIH, GCIA, GSEC, GCFA certification (minimum One certification - Preferred not mandatory) A relevant specialist degree (e.g., information security or digital forensics). Knowledge in NIST CSF, MiTRE & ATTACK Framework. Active involvement in the Information Security community. Certified in Azure Security [SC-200, AZ-500, AZ-900] ? Either one or more [Mandatory]

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Threat Detection & Response Consulting - Security Orchestration, Automation and Response (SOAR) - Senior KEY Capabilities: Excellent teamwork skills, passion and drive to succeed and combat Cyber threats Working with the customer to identify security automation strategies and provide creative integrations and playbooks. Work collaboratively with other team members to find creative and practical solutions to customers’ challenges and needs. Expertise in design and implementation of SOAR solution such as Phantom (Preferable), Demisto or Resilient Responsible for execution and maintenance of SOAR related analytical processes and tasks Manage and administration of SOAR platforms Hands-on experience with Incident Response and Threat Intelligence tools. Creation of reusable and efficient Python-based Playbooks. Use Phantom platform to enable automation and orchestration on various tools and technologies by making use of existing or custom integration Partner with security operations teams, threat intelligence groups and incident responders. Should have worked in a security operations center and gained understanding of SIEM and other log management platforms. Having experience in Splunk content development will be an added advantage Should have solid experience in the design/build, test, implementation, and maintenance of integration with other security tools and platforms Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers. Knowledge in Network monitoring technology platforms such as Fidelis XPS or others Knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others Qualification & experience: Minimum of 6 years’ experience in cyber security with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated SOAR solution in global enterprise environments. Strong oral, written and listening skills are an essential component to effective consulting. Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary. Must have knowledge of Vulnerability Management, basic Windows setup, Windows Domains, trusts, GPOs, server roles, Windows security policies, basic Linux setup, user administration, Linux security and troubleshooting. Should have strong hands-on experience with scripting technologies like Python, REST, JSON, SOAP, ODBC, XML etc. Must have honours degree in a technical field such as computer science, mathematics, engineering or similar field Minimum 3 years of working in SOAR Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix and Splunk will be an added advantage Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

Join our Team About this opportunity: We are now looking for a Senior Security Engineer professional for our Managed Security team. This job role has accountability for researching, designing, engineering, implementing, and supporting security solutions in partnership with the respective stakeholders within Ericsson and / or customer organization and / or 3rd Party Providers. The professional will work alongside a highly skilled, diverse team, making sure that the information assets, that we are responsible to protect, are secured. What you will do: Design, implement, manage, monitor, and troubleshoot cybersecurity defenses, including configuration management, network security, systems security, and monitoring systems / tools. Participate in planning and audit scope development as well as project execution as a critical team member on complex technology related assessments. Play an active role in the design and execution of infrastructure initiatives to ensure an evolving adherence to industry best practices for information security. Lead the execution of the assessment of specific technical areas of a project, supervising other team members and providing coaching where needed. Perform Security Incident Management, including but not limited to: supporting SIEM tools, integrating logs into the tool, creating and modifying rules, investigating and resolving alerts, automating tasks. Research new and emerging threats to gain insight into the evolving threat landscape, and share knowledge with the team. Promote new ideas and new ways of executing projects and internal infrastructure enhancements. Innovate and automate repetitive activities and corrective actions, including broader automation initiatives. Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets, and monitors for compliance Responds to information security incidents, including investigation of countermeasures to and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement The skills you bring: Strong knowledge of information security Strong knowledge of SIEM tools (such as McAfee ESM, QRadar, ArcSight, Splunk, etc.), scanning tools (Nessus, Qualys, IBM AppScan, etc.) and PAM tools (BeyondTrust, CyberArk, etc.) Strong knowledge of both Linux-based and MS Windows-based system platforms with a strong technical understanding and aptitude for analytical problem-solving Strong understanding of enterprise, network, system and application level security issues Strong understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP/IP networks along with available security controls (technical & process controls) for respective layers Good understanding of the system hardening processes, tools, guidelines and benchmarks Fundamental understanding of encryption technologies Participate in the out-of-hours on call rotation, providing technical support to the business for incidents Strong knowledge sharing and collaboration skills Deliver results and meet customer expectations Excellent communication skills; English is a must Key Qualifications: Education: BE/ B.Tech (Telecommunication/ Computer Science) Minimum years of relevant experience: 8 to 15 years experience with at least 8 years in IT and 7 years in Security ITIL certification, CCSP, OSCP, Security +, CISSP or similar will be an advantage Basic knowledge of telecommunications networks will be an added advantage Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply? Click Here to find all you need to know about what our typical hiring process looks like. Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more. Primary country and city: India (IN) || Noida Req ID: 768174

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Threat Detection & Response Consulting - Security Orchestration, Automation and Response (SOAR) - Senior KEY Capabilities: Excellent teamwork skills, passion and drive to succeed and combat Cyber threats Working with the customer to identify security automation strategies and provide creative integrations and playbooks. Work collaboratively with other team members to find creative and practical solutions to customers’ challenges and needs. Expertise in design and implementation of SOAR solution such as Phantom (Preferable), Demisto or Resilient Responsible for execution and maintenance of SOAR related analytical processes and tasks Manage and administration of SOAR platforms Hands-on experience with Incident Response and Threat Intelligence tools. Creation of reusable and efficient Python-based Playbooks. Use Phantom platform to enable automation and orchestration on various tools and technologies by making use of existing or custom integration Partner with security operations teams, threat intelligence groups and incident responders. Should have worked in a security operations center and gained understanding of SIEM and other log management platforms. Having experience in Splunk content development will be an added advantage Should have solid experience in the design/build, test, implementation, and maintenance of integration with other security tools and platforms Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers. Knowledge in Network monitoring technology platforms such as Fidelis XPS or others Knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others Qualification & experience: Minimum of 6 years’ experience in cyber security with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated SOAR solution in global enterprise environments. Strong oral, written and listening skills are an essential component to effective consulting. Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary. Must have knowledge of Vulnerability Management, basic Windows setup, Windows Domains, trusts, GPOs, server roles, Windows security policies, basic Linux setup, user administration, Linux security and troubleshooting. Should have strong hands-on experience with scripting technologies like Python, REST, JSON, SOAP, ODBC, XML etc. Must have honours degree in a technical field such as computer science, mathematics, engineering or similar field Minimum 3 years of working in SOAR Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix and Splunk will be an added advantage Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Threat Detection & Response Consulting - Security Orchestration, Automation and Response (SOAR) - Senior KEY Capabilities: Excellent teamwork skills, passion and drive to succeed and combat Cyber threats Working with the customer to identify security automation strategies and provide creative integrations and playbooks. Work collaboratively with other team members to find creative and practical solutions to customers’ challenges and needs. Expertise in design and implementation of SOAR solution such as Phantom (Preferable), Demisto or Resilient Responsible for execution and maintenance of SOAR related analytical processes and tasks Manage and administration of SOAR platforms Hands-on experience with Incident Response and Threat Intelligence tools. Creation of reusable and efficient Python-based Playbooks. Use Phantom platform to enable automation and orchestration on various tools and technologies by making use of existing or custom integration Partner with security operations teams, threat intelligence groups and incident responders. Should have worked in a security operations center and gained understanding of SIEM and other log management platforms. Having experience in Splunk content development will be an added advantage Should have solid experience in the design/build, test, implementation, and maintenance of integration with other security tools and platforms Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers. Knowledge in Network monitoring technology platforms such as Fidelis XPS or others Knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others Qualification & experience: Minimum of 6 years’ experience in cyber security with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated SOAR solution in global enterprise environments. Strong oral, written and listening skills are an essential component to effective consulting. Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary. Must have knowledge of Vulnerability Management, basic Windows setup, Windows Domains, trusts, GPOs, server roles, Windows security policies, basic Linux setup, user administration, Linux security and troubleshooting. Should have strong hands-on experience with scripting technologies like Python, REST, JSON, SOAP, ODBC, XML etc. Must have honours degree in a technical field such as computer science, mathematics, engineering or similar field Minimum 3 years of working in SOAR Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix and Splunk will be an added advantage Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

As an L1 Threat Hunter, you will work closely with SOC analysts and incident responders to identify, analyze, and escalate suspicious activity using a variety of tools and threat intelligence sources.

Position: SOC Analyst 100% Remote Working Hours: US/UK hours Job description: We are seeking a highly motivated and skilled SOC Analyst to join our Security Operations Center. Key Responsibilities Monitor security events and alerts using tools such as Splunk, IBM QRadar, Microsoft Sentinel, and Palo Alto XSIAM. Perform initial triage and categorization of security events to determine severity and potential impact. Escalate confirmed incidents to appropriate teams or stakeholders with accurate and detailed information. Correlate logs and alerts across various platforms to detect anomalous behavior or indicators of compromise (IoCs). Utilize the MITRE ATT&CK framework to enrich detection and response processes. Collaborate with Incident Response and Threat Intelligence teams for deeper investigations. Generate reports and dashboards for incident trends, KPIs, and SOC performance. Maintain documentation of SOC procedures, playbooks, and workflows. Participate in regular threat-hunting and detection engineering activities. Continuously evaluate and tune detection rules and alerts for improved accuracy. Required Qualifications Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience) Certifications: CompTIA Security+ CySA+ Certified SOC Analyst (CSA) or equivalent Required Skills and Experience 3+ years of experience in a SOC environment or cybersecurity operations Proficient with SIEM platforms: Splunk, IBM QRadar, Microsoft Sentinel Experience with EDR/XDR platforms like Palo Alto XSIAM and CrowdStrike Falcon Familiarity with MITRE ATT&CK and threat detection mapping Preferred Qualifications Understanding of cloud security monitoring (Azure, AWS, GCP) Exposure to SOAR tools and incident response automation Knowledge of NIST, ISO 27001, and other security compliance frameworks Interested candidate can apply: dsingh15@fcsltd.com

• Strong expertise with SIEM platforms (e.g., QRadar, Sentinel, LogRhythm , Splunk,). • Proficient in EDR and XDR tools (e.g., CrowdStrike, SentinelOne, Carbon Black).

Job Statement: NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360° platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a client’s needs and budget, and external threat analysis, which provides critical intelligence, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service. We are looking for a proven, high energy, results oriented Cybersecurity Leader, where you will be a key advisor for our clients, analyzing business requirements to design and implement ideal security solutions for their needs. As an established SecOps Leader, you will span operational, tactical, and strategic levels as well as tasks that tackle difficult problems that businesses are facing when building out and improving their security posture. This is an opportunity for you to showcase your strong communication skills and experience in SOC operations, security governance & advisory, security risk management, security architecture, and cyber incident response programs. Job responsibilities: · Driving of Cybersecurity services business from a pre-sales consultancy capacity in order to support our prospects/clients from proposal to delivery · Serves as a Subject Matter Expert (SME) for SOC/SIEM/GRC/Infra-Application Security Assessment Services · Able to articulate the business benefits of Cybersecurity services to business/technical customers as appropriate, helping them to identify potential future opportunities and bringing them to the attention of people who can commit the required resources to realize those benefits. · Ability to prepare Cybersecurity documents and presentations in such a way that they are easily understood by the appropriate audience · Demonstrate personal flexibility and focused delivery to ensure the delivery of quality cybersecurity solutions and increase customer satisfaction · Shares knowledge within the ISO (SIEM/SOC) community · Documents feedback and lessons learned from customer engagements so that the colleagues can benefit from this knowledge and be alerted to potential new opportunities Job specifications: 1. Qualification: · Bachelor’s degree in Computer Science, Engineering, or related field or equivalent work experience. May hold Master's or advanced degree in related field 2. Skills: · Proven experience of a Consultative Cybersecurity Selling approach in a customer facing role · Able to conduct cybersecurity presentations, demos, POCs · 7+ years of professional experience in writing cybersecurity proposals/responding to RFPs/Presentations/SOWs on cybersecurity services · Experience in architectural design and project led implementation of Cybersecurity solutions · Demonstrate ability to coach others in the gathering of requirements, designs, plans and estimates · Expert knowledge of Splunk, IBM QRadar and LogRhythm is required (configuration, troubleshooting and design and their relative merits); comparable knowledge with products of other leading SIEM vendors helpful · Contemporary base operating systems and major database platforms architectural knowledge for enterprise environments · Demonstrates broad knowledge in other technical areas to properly manage complex integration efforts · Appreciation of the business drivers demanding Cybersecurity Services · Understanding of legislative demands and compliance requirements mitigated through Cybersecurity services · Understanding of the additional enabling features achieved from an effective Cybersecurity service/solution · Experience of the supporting policy, procedures and practices required to deliver and maintain an effective operational Cybersecurity solution - at the customer or through a service · Ability to adapt a consulting style appropriate to the situation and can identify up-sell opportunities · Ability to demonstrate a broad understanding of market dynamics, an industry area, commercial issues, and technical concerns whilst maintaining depth in Cybersecurity services focus area Show more Show less

Exp : 4yrs to 13yrs Location : Noida, Bangalore & Hyderabad Role Overview As a CyberArk Consultant, you will lead the design, implementation, and management of Privileged Access Management (PAM) solutions for enterprise clients. You will work with a range of CyberArk components, including Vault, CPM, PSM, PSMP, PVWA, and AIM, to enhance security posture and ensure compliance. 🔧 Key Responsibilities Deploy and configure CyberArk components such as Vault, CPM, PSM, PSMP, PVWA, and AIM. Integrate CyberArk with Active Directory, LDAP, SIEM tools (e.g., QRadar), and multi-factor authentication systems (e.g., RADIUS, Azure MFA). Onboard privileged accounts from various platforms (Windows, Linux, UNIX, databases) using tools like Password Upload Utility (PUU) and REST APIs. Implement Disaster Recovery Vaults with replication and failover capabilities. Develop and enforce password management policies based on CyberArk’s Master Policy. Utilize CyberArk DNA Scanner for automated discovery and auditing of privileged and non-privileged accounts. Troubleshoot and resolve issues related to CPM, PSM, and other CyberArk components. Provide training and knowledge transfer to L1 support teams. Prepare documentation, including runbooks, configuration guides, and health check reports. 📚 Required Skills & Qualifications Bachelor’s degree in Engineering or related field. 5–7 years of experience in deploying and managing CyberArk PAM solutions. Strong knowledge of CyberArk components and their integration with various platforms. Experience with scripting languages like PowerShell or AutoIT for automation tasks. Familiarity with identity and access management (IAM) concepts and best practices. Excellent communication and client-facing skills. Ability to work independently and as part of a team in a fast-paced environment. 💼 Preferred Skills Certifications such as CyberArk CDE, CISSP, or related IAM certifications. Experience with cloud platforms (AWS, Azure, GCP) and containerized environments (e.g., Kubernetes). Knowledge of security frameworks and compliance standards (e.g., PCI-DSS, HIPAA, GDPR). Role Overview As a CyberArk Consultant, you will lead the design, implementation, and management of Privileged Access Management (PAM) solutions for enterprise clients. You will work with a range of CyberArk components, including Vault, CPM, PSM, PSMP, PVWA, and AIM, to enhance security posture and ensure compliance. 🔧 Key Responsibilities Deploy and configure CyberArk components such as Vault, CPM, PSM, PSMP, PVWA, and AIM. Integrate CyberArk with Active Directory, LDAP, SIEM tools (e.g., QRadar), and multi-factor authentication systems (e.g., RADIUS, Azure MFA). Onboard privileged accounts from various platforms (Windows, Linux, UNIX, databases) using tools like Password Upload Utility (PUU) and REST APIs. Implement Disaster Recovery Vaults with replication and failover capabilities. Develop and enforce password management policies based on CyberArk’s Master Policy. Utilize CyberArk DNA Scanner for automated discovery and auditing of privileged and non-privileged accounts. Troubleshoot and resolve issues related to CPM, PSM, and other CyberArk components. Provide training and knowledge transfer to L1 support teams. Prepare documentation, including runbooks, configuration guides, and health check reports. 📚 Required Skills & Qualifications Bachelor’s degree in Engineering or related field. 5–7 years of experience in deploying and managing CyberArk PAM solutions. Strong knowledge of CyberArk components and their integration with various platforms. Experience with scripting languages like PowerShell or AutoIT for automation tasks. Familiarity with identity and access management (IAM) concepts and best practices. Excellent communication and client-facing skills. Ability to work independently and as part of a team in a fast-paced environment. 💼 Preferred Skills Certifications such as CyberArk CDE, CISSP, or related IAM certifications. Experience with cloud platforms (AWS, Azure, GCP) and containerized environments (e.g., Kubernetes). Knowledge of security frameworks and compliance standards (e.g., PCI-DSS, HIPAA, GDPR). Show more Show less

Investigate, hunt, and lead escalated incident response using advanced threat detection from SIEM, EDR, NDR platforms. Develop and manage custom detection use cases aligned to threat frameworks and customer environments. Key Responsibilities: Monitoring, Investigation & Triage Triage and correlate alerts from SIEM (QRadar/Sentinel), EDR, and NDR Identify lateral movement, C2 activity, and data exfiltration Lead incident investigations and initiate containment measures Threat Hunting & Detection Engineering Proactive hunting using logs, flow data, and behavior analytics Apply MITRE ATT&CK for hypothesis-driven hunts Develop, test, and optimize custom detection rules Maintain a backlog aligned with emerging threats Tool Proficienc y SIEM: Advanced KQL/AQL queries, rule tuning, alert optimization EDR: Defender for Endpoint binary/process analysis, endpoint containment NDR: Darktrace/LinkShadow behavioral baselining, detection logic SOAR: Sentinel Playbooks / Cortex XSOAR for automated workflows Cloud Security: Azure AD alerts, MCAS, Defender for Cloud, M365 Defender Threat Intelligence Integration IOC/TTP enrichment Threat intel feed integration Contextual alert correlation Reporting & RCA Draft technical incident reports and RCAs Executive-level summaries for major incidents Cloud Security (Optional): Investigate alerts like impossible travel, app consent abuse Respond to cloud-native security incidents using Defender for Cloud, MCAS Create advanced SOAR workflows and playbook Tool Familiarity QRadar Microsoft Sentinel Microsoft Defender for Endpoint LinkShadow or Darktrace EOP/Exchange protection Antivirus platforms Defender for Identity / Defender for Cloud Advanced SOAR workflows (Sentinel playbooks / Cortex XSOAR) Network forensic tools like Wireshark / Zeek Certifications (Preferred): GCIH / GCIA / CEH Microsoft SC-200 / SC-100 QRadar Admin or equivalent Shift Readiness: 24x7 rotational shifts, including on-call support for escalations and major incidents Soft Skills: Strong analytical and documentation skills Proactive communicator Independent problem-solver and critical thinker

As an L1 SOC Analyst, you will be responsible for monitoring alerts and triaging basic security events from SIEM, EDR, and NDR platforms. Your role includes identifying suspicious activities, escalating incidents as per defined SOPs, and supporting the security operations team in daily monitoring tasks. Key Responsibilities: Monitor alerts from SIEM (QRadar, Microsoft Sentinel), EDR (Microsoft Defender for Endpoint), and NDR (LinkShadow/Darktrace) platforms Triage basic security events and validate incidents using established playbooks Escalate potential threats to L2 analysts based on severity and context Review and respond to AV/EDR alerts and execute predefined security queries Log incidents, document actions, and maintain ticketing system with accurate updates Enrich alerts with known threat intelligence and IOCs (IP, domain, file hashes) Support incident response efforts for phishing, malware, brute-force attacks, etc. Collaborate with team members and shift leads to ensure 24x7 monitoring coverage Tool Experience (Preferred): SIEM Tools: Basic use of QRadar and Microsoft Sentinel EDR/XDR: Microsoft Defender for Endpoint, Antivirus consoles NDR: LinkShadow or Darktrace (basic familiarity) Other Tools: Microsoft Exchange Online Protection (EOP), Azure AD Sign-In Logs (optional) Certifications (Preferred): CompTIA Security+ Microsoft SC-900 Shift Readiness: This role requires flexibility to work in 24x7 rotational shifts , including nights, weekends, and holidays. Required Skills: Understanding of basic cybersecurity concepts Familiarity with security alert triage and incident logging Basic knowledge of Indicators of Compromise (IOCs) Fast learner with strong attention to detail Effective communicator and team player

Project Role : Security Delivery Lead Project Role Description : Leads the implementation and delivery of Security Services projects, leveraging our global delivery capability (method, tools, training, assets). Must have skills : Security Delivery Governance Good to have skills : Identity Access Management (IAM), Security Information and Event Management (SIEM) Minimum 15 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Delivery Lead, you will lead the implementation and delivery of Security Services projects, leveraging our global delivery capability (method, tools, training, assets). Roles & Responsibilities: Expected to be a SME with deep knowledge and experience. Should have Influencing and Advisory skills. Responsible for team decisions. Engage with multiple teams and contribute on key decisions. Expected to provide solutions to problems that apply across multiple teams. Lead and manage the Security Delivery team effectively. Develop and implement Security Delivery Governance strategies. Collaborate with cross-functional teams to ensure successful project delivery. Professional & Technical Skills: Must To Have Skills: Proficiency in Security Delivery Governance. Good To Have Skills: Experience with Identity Access Management (IAM), Security Information and Event Management (SIEM). Strong understanding of security principles and best practices. Experience in developing and implementing security policies and procedures. Knowledge of regulatory compliance requirements related to security. Excellent communication and leadership skills. Additional Information: The candidate should have a minimum of 15 years of experience in Security Delivery Governance. This position is based at our Bengaluru office. A 15 years full time education is required. Qualification 15 years full time education

Rackspace Security (Public Cloud) Security Engineer L3 (Endpoint Security) About Rackspace Cyber Defence Rackspace Cyber Defence is our next generation cyber defence and security operations capability that builds on 20+ years of securing customer environments to deliver proactive, risk-based, threat-informed and intelligence driven security services. Our purpose is to enable our customers to defend against the evolving threat landscape across on-premises, private cloud, public cloud and multi-cloud workloads. Our goal is to go beyond traditional security controls to deliver cloud-native, DevOps-centric and fully integrated 24x7x365 cyber defence capabilities that deliver a proactive , threat-informed , risk-based , intelligence-driven approach to detecting and responding to threats. Our mission is to help our customers: Defend against new and emerging risks that impact their business Reduce their attack surface across private cloud, hybrid cloud, public cloud, and multi-cloud environments Reduce their exposure to risks that impact their identity and brand Develop operational resilience Maintain compliance with legal, regulatory and compliance obligations What we’re looking for To support our continued success and deliver a Fanatical Experience™ to our customers, Rackspace Cyber Defence is looking for an Indian based Security Engineer, with a specialism in Endpoint Security to support Rackspace’s strategic customers. This role is particularly well-suited to a self-starting, experienced and motivated Sr. Security Engineer, who has a proven record of accomplishment in the design, delivery, management, operation and continuous improvement of enterprise-level Endpoint Security platforms or delivering Managed Endpoint Detection & Response (EDR) services to customers. The primary focus will be on the design, implementation, management, operation and continuous improvement of cloud-native Endpoint Detection & Response (EDR) platforms such as Crowdstrike Falcon or Microsoft Defender for Endpoint; used by the Rackspace Cyber Defence Center to deliver managed security services to our customers. You will also be required to liaise closely with the customer’s key stakeholders, which may include incident response and disaster recovery teams as well as information security. Key Accountabilities Ensure the Customer’s operational and production environment remains healthy and secure at all the times Assist with customer onboarding – customer/device onboarding, policy configuration, platform configuration and service transition to security operations team(s). Advance platform administration. Critical platform incident handling & closure. As an SME, act as an L3 escalation and point of contact for SecOps Analysts during an incident response process As an SME, act as a champion and centre of enablement by delivering training, coaching and thought leadership across Endpoint Security and Endpoint Detection & Response. Develop and document runbooks, playbooks and knowledgebase articles that drive best practice across teams. Drive continuous improvement of Rackspace Managed EDR services through custom development, automation and integration; in collaboration with SecOps Engineering and other Security Engineering team(s) Maintain close working relationships with relevant teams and individual key stakeholders, such as incident response and disaster recovery teams as well as information security etc. Co-ordinate with vendor for issue resolution. Required to work flexible timings Skills & Experience Should have 8+ years experience in Security Engineering Experience working in either large, enterprise environments or managed security services environments with a focus on Endpoint Detection & Response Experience of working with cloud native Endpoint Security and Endpoint Detection & Response (EDR) tools such as Crowdstrike, Microsoft Defender for Endpoint and/or Microsoft Defender for Cloud Experience of working in two (or more) of the following additional security domains: o SIEM platforms such as Microsoft Sentinel (preferred), Google Chronicle, Splunk, QRadar, LogRhythm, Securonix etc. o AWS (Amazon Web Services) Security Hub including AWS Guard Duty, AWS Macie, AWS Config and AWS CloudTrail . Experience of analysing malware and email headers, and has skills in network security, intrusion detection and prevention systems; operating systems; risk identification and analysis; threat identification and analysis and log analysis Experience of security controls, such as network access controls; identity, authentication, and access management controls (IAAM); and intrusion detection and prevention controls Knowledge of security standards (good practice) such as NIST, ISO27001, CIS (Center for Internet Security), OWASP and Cloud Controls Matrix (CCM) etc Knowledge of scripting and coding with languages such as Terraform, python, javascript, golang, bash and/or powershell Knowledge of Malware reverse engineering, threat detection and threat hunting. Computer science, engineering, or information technology related degree (although not a strict requirement) Holds one, or more, of the following certificates (or equivalent): - o Microsoft Certified: Azure Security Engineer Associate (AZ500) o Microsoft Certified: Security Operations Analyst Associate (SC-200) o Systems Security Certified Practitioner (SSCP) o Certified Cloud Security Professional (CCSP) o GIAC Certified Incident Handler (GCIH) o GIAC Security Operations Certified (GSOC) o CrowdStrike admin Certified A highly self-motivated and proactive individual who wants to learn and grow and has an attention to detail A great analyser, trouble-shooter and problem solver who understands security operations, programming languages and security architecture Highly organised and detail oriented. Ability to prioritise, multitask and work under pressure An individual who shows a willingness to go above and beyond in delighting the customer A good communicator who can explain security concepts to both technical and non-technical audiences About Rackspace Technology We are the multicloud solutions experts. We combine our expertise with the world’s leading technologies — across applications, data, and security — to deliver end-to-end solutions. We have a proven record of advising customers based on their business challenges, designing solutions that scale, building and managing those solutions, and optimizing returns into the future. Named a best place to work, year after year according to Fortune, Forbes, and Glassdoor, we attract and develop world-class talent. Join us on our mission to embrace technology, empower customers and deliver the future. More about Rackspace Technology Though we are all different, Rackers thrive through our connection to a central goal: to be a valued member of a winning team on an inspiring mission. We bring our whole selves to work every day. And we embrace the notion that unique perspectives fuel innovation and enable us to best serve our customers and communities around the globe. We welcome you to apply today and want you to know that we are committed to offering equal employment opportunity without regard to age, colour, disability, gender reassignment or identity or expression, genetic information, marital or civil partner status, pregnancy or maternity status, military or veteran status, nationality, ethnic or national origin, race, religion or belief, sexual orientation, or any legally protected characteristic. If you have a disability or special need that requires accommodation, please let us know. Show more Show less

Strong expertise with SIEM platforms (e.g., QRadar, Sentinel, LogRhythm , Splunk,). Proficient in EDR and XDR tools (e.g., CrowdStrike, SentinelOne, Carbon Black). Hands-on knowledge of packet capture analysis tools (e.g., Wireshark, tcpdump), forensic tools, and malware analysis tools. Familiarity with scripting or automation languages such as Python, PowerShell, or Bash. Deep understanding of networking protocols, OS internals (Windows/Linux), and security best practices. Familiar with frameworks such as MITRE ATT&CK, NIST, and the Cyber Kill Chain. Minimum of nine (9) years technical experience 7+ years of experience in SOC, security operations, cyber technical analysis, threat hunting, and threat attribution assessment with increasing responsibilities. 3+ years of rule development and tuning experience 2+ years of Incident response Experience supporting 24x7x365 SOC operations and willing to operate in Shifts including but not limited to Alert and notification activities- analysis/triage/response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported alerts and Incidents. Manage multiple tickets/alerts in parallel, including end-user coordination. Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response. Solid understanding and experience analyzing security events generated from security tools and devices not limited to QRadar, MS Sentinel, FireEye, Elastic, SourceFire, Malware Bytes, CarbonBlack/Bit9, Splunk, Prisma Cloud/Compute, Cisco IronPort, BlueCoat Experience and solid understanding of Malware analysis Demonstrated proficiencies with one or more toolsets such as QRadar, MS Sentinel, Bit9/CarbonBlack, Endgame, FireEye HX / CM / ETP, Elastic Kibana Experience and ability to use, contribute, develop and follow Standard Operating Procedures (SOPs) In-depth experience with processing and triage of Security Alerts from multiple sources but not limited to: Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources Experience with scripting languages applied to SOC operations; for example, automating investigations with tools, automating IOC reviews, support SOAR development. Experience with bash, python, and Windows PowerShell scripting Demonstrated experience with triage and resolution of SOC tasks, including but not limited to vulnerability announcements, phishing email review, Tier 1 IR support, SIEM/Security Tools - alert analysis. Demonstrated experience and understanding of event timeline analysis and correlation of events between logs sources. Demonstrated experience with the underlying logs generated by operating systems (Linux/Windows), Network Security Devices, and other enterprise tools. Demonstrated proficiencies with an enterprise SIEM or security analytics solution, including the Elastic Stack or Splunk. Solid understanding and experience analyzing security events generated from security tools and devices not limited to: QRadar, MS Sentinel, Carbon Black, FireEye, Palo Alto, Cylance, and OSSEC Expert in security incident response processes

Hiring for SOC Analyst in one of our Top Banking company @ Chennai & Hyderabad location Job Title: SOC Analyst Experience : 6 - 9 Years Department: Cybersecurity / Information Security Location: Chennai & Hyderabad Employment Type: Hybrid Mode - 3 days WFO and 2 days WFH . Job Summary: We are seeking a skilled and detail-oriented Security Operations Center (SOC) Analyst to join our cybersecurity team. The SOC Analyst will be responsible for monitoring, detecting, analyzing, and responding to cybersecurity incidents using a variety of tools and techniques. This role is critical to maintaining and improving our organization's security posture by ensuring real-time threat detection and incident response. Key Responsibilities: Monitor security alerts and events from SIEM tools (e.g., Splunk, QRadar, Microsoft Sentinel). Analyze and triage events to determine impact and severity. Investigate security incidents and provide incident reports with detailed analysis. Escalate validated threats and vulnerabilities to the appropriate teams and assist in mitigation efforts. Coordinate with IT teams to ensure containment, eradication, and recovery actions are taken for confirmed incidents. Perform threat intelligence analysis to support proactive detection and defense. Document incident handling procedures and maintain an incident knowledge base. Participate in continuous improvement of SOC operations, including playbooks and automation. Stay current on the latest cybersecurity trends, threats, and tools. Required Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field; or equivalent work experience. 13 years of experience in a SOC or information security role. Experience with SIEM platforms, IDS/IPS, firewalls, and endpoint protection tools. Understanding of TCP/IP, DNS, HTTP, VPN, and network protocols. Knowledge of common threat vectors, MITRE ATT&CK framework, and kill chain. Strong analytical and problem-solving skills. Excellent communication skills and ability to work under pressure. Preferred Qualifications: Certifications such as CompTIA Security+, CEH, GCIA, GCIH, or Splunk Certified Analyst. Experience with scripting (e.g., Python, PowerShell) for automation. Familiarity with cloud security monitoring (e.g., AWS GuardDuty, Azure Defender). Exposure to incident response frameworks and forensic tools. Work Schedule: [24x7 shift-based / Regular business hours / On-call rotation as applicable]

Roles & Responsibilities Reviews alerts generated by SentinelOne and implements appropriate containment and mitigation measures Proficient in SIEM, with a focus on QRadar SIEM, as well as threat monitoring and hunting within SIEM environments. Analyzes payloads using JoeSandbox and escalates to the appropriate team as necessary Collaborates with the Forensics team to conduct threat hunting using identified Indicators of Compromise (IoCs) and Tactics, Techniques, and Procedures (TTPs) Assists the Tiger Team in targeted collections of systems based on identified malicious activities in the client's environment Conducts historical log reviews to support threat hunting efforts and ensures all malicious artifacts are mitigated in the SentinelOne console Examines client-provided documents and files to supplement the SOC investigation and mitigation strategy Conducts perimeter scans of client infrastructure and reports any identified vulnerabilities to the Tiger Team for appropriate escalation Manages client-related tasks within the ConnectWise Manage ticketing system as part of the Client Handling Lifecycle Creates user accounts in SentinelOne console for the client Generates Threat Reports showcasing activity observed within the SentinelOne product Executes passphrase exports as needed for client offboarding Submits legacy installer requests to ensure the team is properly equipped for deployment Provides timely alert notifications to the IR team of any malicious activity impacting our clients Assists with uninstalling/migrating SentinelOne Generates Ranger reports to provide needed visibility into client environments Manages and organizes client assets (multi-site and multi-group accounts) Applies appropriate interoperability exclusions relating to SentinelOne and client applications Performs SentinelOne installation / interoperability troubleshooting as needed Contributes to the overall documentation of SOC processes and procedures Participates in “Handler on Duty (HOD) shifts as assigned to support the TT client matters Internally escalates support ticket / alerts to Tier II-IV Analysts as needed May perform other duties as assigned by management Skills And Knowledge Demonstrated knowledge of Windows and Unix operating systems Thorough understanding of Digital Forensics and Incident Response practices Proficiency in advanced analysis techniques for processing and reviewing large datasets in various formats Familiarity with TCP/IP and OSI Model concepts at a basic level Expertise in the Incident Response Life Cycle stages (Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned) Working knowledge of the MITRE ATT&CK framework at an intermediate level Proven ability to work independently and solve complex problems with little direction from management Highly detail-oriented and committed to producing quality work Job Requirements Associate’s degree and 6+ years of IT related experience or Bachelor’s Degree and 2-5 years related experience Current or previous knowledge of, or previous experience with, Endpoint Detection and Response (EDR) toolsets General knowledge of the Incident Handling Lifecycle Ability to communicate in both technical and non-technical terms both oral and written DISCLAIMER The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties and skills required personnel so classified. WORK ENVIRONMENT While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodation may be made to enable people with disabilities to perform the essential functions of this job. PHYSICAL DEMANDS No physical exertion required Travel within or outside of the state Light work: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force as frequently as needed to move objects TERMS OF EMPLOYMENT Salary and benefits shall be paid consistent with Arete salary and benefit policy. FLSA OVERTIME CATEGORY Job is exempt from the overtime provisions of the Fair Labor Standards Act. DECLARATION The Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description. EQUAL EMPLOYMENT OPPORTUNITY We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better. Arete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry. When you join Arete… You’ll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we’re about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters. Equal Employment Opportunity We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better. Show more Show less

So, what’s t he r ole all about? As a member of the Cloud Security team, a successful Cloud Security Analyst will need to be self-sufficient to collaborate effectively with multiple teams, such as Application Support, Infrastructure Operations, DevOps, Product R&D, Security teams, customers and 3 rd party auditors. This role will hold the responsibility of understanding the Cloud security policies, procedures, practices and technologies and documenting them appropriately as well as demonstrating to auditors and customers the excellent Cloud Security at NICE. A successful candidate in this role will be able to work in production cloud environments to collect and curate evidence and explain it to anyone who asks for it. Experience with Governance, Risk and Compliance (GRC) is a big plus! How will you make an impact? You will directly impact the success of the NICE cloud business by ensuring all customer and auditory security requirements are met and demonstrated. A diverse, merit-driven work environment which rewards a growth mindset and encourages innovation and continued professional development; The opportunity to work in a global, highly skilled, passionate workforce to deliver world-class service and products to market. Competitive pay and excellent benefits. Generous PTO policies. A highly focused security & compliance team which is collaborative, supportive, experienced, and driven to help everyone from the individual to enterprise to our customers realize the success for which they aim. Have you got what it takes? 1-2 years of experience with Information Security & Compliance or GRC University-level degree in InfoSec, Computer Science or other related field. knowledge with major compliance frameworks such as PCI, ISO 27001/17, SOC 2, HITRUST, GDPR. A burning curiosity to learn as much as you can about the NICE cloud environment and the services and products we offer our customers as well as the existing security infrastructure we have in place today; Excellent communications skills along to work collaboratively with security team members and operations and development teams or independently to achieve tactical and strategic security goals; Strong organization and prioritization skills; Education, training or experience with security and compliance fundamentals; Experience working with work tracking tools such as JIRA, Service Now or others. What’s in it for you? Join an ever-growing, market disrupting, global company where the teams – comprised of the best of the best – work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr! Enjoy NICE-FLEX! At NICE, we work according to the NICE-FLEX hybrid model, which enables maximum flexibility: 2 days working from the office and 3 days of remote work, each week. Naturally, office days focus on face-to-face meetings, where teamwork and collaborative thinking generate innovation, new ideas, and a vibrant, interactive atmosphere. Requisition ID: 7117 Reporting into: Technical Manager Role Type: Individual Contributor

JOB DESCRIPTION About KPMG in India KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. QUALIFICATIONS Strong hands-on experience with one or more EDR platforms (e.g., CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint, Sophos Intercept X, Trend Micro Apex One). Knowledge of MITRE ATT&CK framework and threat detection techniques. Familiarity with malware analysis, endpoint forensics, and log analysis. Experience with SIEM platforms (e.g., Splunk, QRadar, LogRhythm) for correlation and alerting. Scripting knowledge (PowerShell, Python, Bash) for automation and custom detection. Understanding of endpoint operating systems (Windows, macOS, Linux) and their security internals. Familiarity with enterprise IT infrastructure, Active Directory, and networking basics. Experience with ticketing and incident management tools (e.g., ServiceNow, JIRA). Understanding of compliance standards Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.