Senior individual delivery role for complex security functions reducing risk, improving defensive capabilities, and mitigating cyber threats to both Thomson Reuters and its customers. Works with Lead Cyber Defense Individual Contributors and Cyber Defense People Leaders to deliver high-quality and innovative cyber defense security solutions across the enterprise by applying analytic, engineering, or other relevant technical expertise. Employs critical subject matter knowledge to identify, develop, and deploy solutions to key operational cyber defense challenges across a range of functions. About the Role: Delivers high quality solutions across cyber security functions including, but not limited tothreat detection, cyber threat intelligence, network security, incident response, insider threat prevention, defensive platforms and engineering, vulnerability management, and attack surface reduction. Drives continuous improvement in key cyber defense capabilities by streamlining technology acquisition and deployment, engineering solutions, and implementing innovative processes and procedures that increase efficiency, enhance performance, and reduce risk. Executes cyber security plans, activities, and policies that protect Thomson Reuters’ information infrastructure, customer base, and products. Assists in maturing cyber defense capabilities, enforces organizational security principles and industry recognized best practices, and demonstrates responsible resource management. Works independently or as part of functional project teams to implement security controls, monitor and mitigate threats, tune and optimize security appliances, coordinate with enterprise information services teams, interface with product teams, or other tasks associated with cyber defense and cyber fusion centers. About you: Youre a fit for the Senior Cyber Security Platform Engineer if you Have at least 5 years of CyberSecurity experience (Administration and Security Tools and Threat Intelligence Platforms) Knowledge and proven experience with AWS Proven experience with Python and Linux. Proven Experience dealing with the administration of cybersecurity tools. Troubleshooting and support on the integration and automation of process flows. Knowledge in MISP and Confluence. #LI-HS1 What’s in it For You Hybrid Work Model We’ve adopted a flexible hybrid working environment (2-3 days a week in the office depending on the role) for our office-based roles while delivering a seamless experience that is digitally and physically connected. Flexibility & Work-Life Balance: Flex My Way is a set of supportive workplace policies designed to help manage personal and professional responsibilities, whether caring for family, giving back to the community, or finding time to refresh and reset. This builds upon our flexible work arrangements, including work from anywhere for up to 8 weeks per year, empowering employees to achieve a better work-life balance. Career Development and Growth: By fostering a culture of continuous learning and skill development, we prepare our talent to tackle tomorrow’s challenges and deliver real-world solutions. Our Grow My Way programming and skills-first approach ensures you have the tools and knowledge to grow, lead, and thrive in an AI-enabled future. Industry Competitive Benefits We offer comprehensive benefit plans to include flexible vacation, two company-wide Mental Health Days off, access to the Headspace app, retirement savings, tuition reimbursement, employee incentive programs, and resources for mental, physical, and financial wellbeing. Culture: Globally recognized, award-winning reputation for inclusion and belonging, flexibility, work-life balance, and more. We live by our valuesObsess over our Customers, Compete to Win, Challenge (Y)our Thinking, Act Fast / Learn Fast, and Stronger Together. Social Impact Make an impact in your community with our Social Impact Institute. We offer employees two paid volunteer days off annually and opportunities to get involved with pro-bono consulting projects and Environmental, Social, and Governance (ESG) initiatives. Making a Real-World Impact: We are one of the few companies globally that helps its customers pursue justice, truth, and transparency. Together, with the professionals and institutions we serve, we help uphold the rule of law, turn the wheels of commerce, catch bad actors, report the facts, and provide trusted, unbiased information to people all over the world. About Us Thomson Reuters informs the way forward by bringing together the trusted content and technology that people and organizations need to make the right decisions. We serve professionals across legal, tax, accounting, compliance, government, and media. Our products combine highly specialized software and insights to empower professionals with the data, intelligence, and solutions needed to make informed decisions, and to help institutions in their pursuit of justice, truth, and transparency. Reuters, part of Thomson Reuters, is a world leading provider of trusted journalism and news. We are powered by the talents of 26,000 employees across more than 70 countries, where everyone has a chance to contribute and grow professionally in flexible work environments. At a time when objectivity, accuracy, fairness, and transparency are under attack, we consider it our duty to pursue them. Sound excitingJoin us and help shape the industries that move society forward. As a global business, we rely on the unique backgrounds, perspectives, and experiences of all employees to deliver on our business goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under applicable law. Thomson Reuters is proud to be an Equal Employment Opportunity Employer providing a drug-free workplace. We also make reasonable accommodations for qualified individuals with disabilities and for sincerely held religious beliefs in accordance with applicable law. More information on requesting an accommodation here. Learn more on how to protect yourself from fraudulent job postings here. More information about Thomson Reuters can be found on thomsonreuters.com.

Key Responsibilities: Advanced Threat Detection & Incident Response: Serve as the final escalation point for critical incidents and threat investigations. Lead deep-dive analysis on alerts, threats, and indicators across varied environments. Conduct malware analysis, reverse engineering, and threat hunting when needed. Perform forensic analysis using endpoint, network, and cloud telemetry. SOC Operations in MSSP Context: Operate in a multi-tenant SOC supporting enterprise, mid-market, and OT/ICS clients. Customize correlation rules, detection logic, and alert tuning for each client environment. Collaborate with client security teams during incident lifecycle and response activities. Ensure SOC processes, SLAs, and communications are aligned with client expectations. Technical Leadership & Mentoring: Guide and mentor L1 and L2 analysts in investigation techniques, use case analysis, and incident triage. Review escalations, ensure incident quality, and drive analyst capability building. Help design and maintain client-specific runbooks and detection use cases . Tooling & Engineering Support: Work closely with SIEM/SOAR engineers to enhance detection logic and automation. Validate detection efficacy using red team or threat simulation tools. Participate in tuning efforts for SIEM (e.g., Splunk, Sentinel, QRadar, LogRhythm, Seceon, etc.) and EDR tools. Reporting & Documentation: Create detailed incident reports, RCA documents, and threat summaries for clients. Provide technical input during client reviews and executive briefings. Maintain compliance with internal quality standards, frameworks (MITRE ATT&CK, NIST, ISO), and regulatory mandates. Required Skills & Experience: Proven experience in: SIEMs: Splunk, Sentinel, Exabeam, QRadar, or similar. EDR platforms: CrowdStrike, SentinelOne, Carbon Black, etc. SOAR and automation workflows. Scripting (Python, PowerShell, or Bash) for threat hunting or automation. Strong understanding of TCP/IP, threat vectors, and log analysis. Knowledge of frameworks such as MITRE ATT&CK, NIST 800-61, and ISO 27035. Ability to manage high-pressure incidents across multiple clients simultaneously. Preferred Certifications (Nice to Have): GIAC (GCIA, GCIH, GNFA), OSCP, CISSP, or equivalent certifications. Experience with OT/ICS threat detection and asset monitoring is a plus. Knowledge of cloud monitoring (Azure/AWS/GCP) and hybrid threat detection

Monitor network traffic for unusual activity and potential threats Configure and manage security tools such as firewalls, antivirus software, and intrusion detection systems. Required Candidate profile Provide technical advice on network security issues to staff and management. Respond to, investigate, and resolve security incidents and breaches

Responsibilities:  Monitors an organization's network for potential security threats using tools like SIEM systems and intrusion detection systems.  Investigate security incidents, respond to alerts, and escalate critical issues to senior teams for resolution.  Gathering threat intelligence, conducting forensic analysis, and ensuring compliance with security standards.  Collaborate with various teams to improve security posture and enhance incident response capabilities. Required Skills:  3+ years of experience in Information Security. Hands-on Experience on working as SIEM Admin on multiple SIEMs.  Information security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, or firewall administration.  Experience in Security Orchestration, Automation, and Response (SOAR) and Security information and event management (SIEM) Platforms.  Working experience and knowledge of security related technologies such as intrusion prevention and detection systems, web proxies, SIEM (MS Sentinel, IBM Qradar), Endpoint, SOAR, DLP, IDS, EDR, firewalls, web application scanner, vulnerability scanners and forensics tools.  Has practical experience in auditing various applications and infrastructure.  Hands on experience with popular security tools – Nessus, Burpsuite, Netsparker, Metasploit, KALI Linux, Splunk, Tanium.  Mandatory at least one Cyber Security Certifications  Excellent communication, documentation and presentation skills Job Types: Full-time, Fresher, Internship Pay: Up to ₹900,000.00 per year Benefits: Health insurance Internet reimbursement Life insurance Provident Fund Work from home Schedule: Day shift Evening shift Monday to Friday Morning shift Night shift Rotational shift UK shift US shift Supplemental Pay: Performance bonus Yearly bonus Education: Bachelor's (Preferred) Experience: SoC: 3 years (Preferred) Work Location: In person Expected Start Date: 15/06/2025

Location : Mohali Job Type : Full-time Department : Cyber Security / IT Operations CTC : 3 LPA – 5 LPA Experience Required : 0 -2 years We are seeking a motivated and detail-oriented Implementation Engineer with experience in SIEM technologies. As part of the team, you will play a key role in deploying, configuring, and supporting SIEM solutions for our clients, ensuring they are optimally set up to detect, monitor, and respond to security threats. Key Responsibilities: Assist in the deployment, configuration, and maintenance of SIEM solutions (e.g., Splunk, IBM QRadar, ArcSight, etc.) for clients. Collaborate with the project management and technical teams to ensure smooth installation and integration of SIEM tools. Implement and configure log sources, data connectors, and system integrations. Assist in the creation and tuning of security rules and alerts to identify and respond to potential threats. Provide technical support and troubleshooting for SIEM-related issues during implementation and post-deployment phases. Conduct system performance tuning and optimization to ensure the SIEM solution is running efficiently. Document system configurations, processes, and implementation steps. Stay updated on industry best practices and trends in security monitoring. Requirements: Strong understanding of networking concepts and networking components. Proficiency in both Windows and Linux operating systems. In-depth knowledge of firewalls and network security principles is a plus. Hands-on experience with implementing and managing SIEM, SOAR, NDR, XDR tools is highly desirable. Must have the attitude to continuously learn and grow within the cyber security field. Good communication skills, both verbal and written. Ability to work in a fast-paced, collaborative environment Basic knowledge of SIEM platforms (e.g., Splunk, IBM QRadar, ArcSight, etc.). Experience with log sources such as firewalls, intrusion detection/prevention systems, and servers. Familiarity with security monitoring, threat detection, and incident management practices. Knowledge of scripting languages such as Python, Bash, or PowerShell is a plus. Show more Show less

Key Responsibilities JOB DESCRIPTION Leadership and Team Management: Lead and manage the Internal Red Team and SOC Operations teams, ensuring effective collaboration and alignment with organizational security objectives. Provide mentorship and guidance to team members, fostering a culture of continuous learning and professional development. Conduct regular performance reviews and provide ongoing feedback and coaching. Red Team Operations: Plan, execute, and oversee red team exercises to identify and exploit vulnerabilities in systems, networks, and applications. Develop and maintain red team methodologies, tools, and documentation. Work closely with other security teams to remediate identified vulnerabilities and improve security defenses. SOC Operations Management: Oversee the daily operations of the SOC, ensuring efficient and effective monitoring, detection, and response to security incidents. Develop and maintain SOC processes, procedures, and documentation to ensure consistent and high-quality operations. Ensure the SOC is staffed 24/7, including managing schedules, shifts, and on-call rotations. Incident Response and Management: Coordinate and lead the response to major security incidents, including investigation, containment, eradication, and recovery. Develop and maintain an incident response plan and ensure the team is well-trained and prepared to handle incidents. Conduct post-incident reviews and develop lessons learned to improve future response efforts. Threat Intelligence and Analysis: Oversee the collection, analysis, and dissemination of threat intelligence to inform security operations and red team activities. Ensure the SOC team utilizes advanced threat detection tools and techniques to identify and mitigate threats. Collaborate with other teams to enhance threat intelligence capabilities and integrate with existing processes. Security Monitoring and Reporting: Ensure continuous monitoring of network traffic, system logs, and security alerts using SIEM (Security Information and Event Management) solutions. Develop and maintain metrics and dashboards to report on SOC and red team performance and security posture. Present regular reports and briefings to senior management on the state of security operations and key incidents. Policy and Compliance: Develop and enforce security policies, procedures, and standards in alignment with industry best practices and regulatory requirements. Ensure compliance with relevant regulations, such as GDPR, and PCI-DSS. Participate in security audits and assessments, and coordinate with external auditors as needed. Qualifications Bachelor’s degree in Computer Science, Information Security, or a related field. Equivalent work experience may be considered. Minimum of 7 years of experience in cybersecurity, with at least 3 years in a management or leadership role overseeing red team and/or SOC operations. Strong understanding of offensive security practices, including penetration testing and red teaming methodologies. Experience with SOC operations, including incident response, threat detection, and SIEM tools such as Splunk, ArcSight, or QRadar. Knowledge of common attack vectors and techniques, such as phishing, malware, and ransomware. Familiarity with regulatory requirements and frameworks, such as NIST, ISO 27001, and GDPR. Relevant certifications, such as CISSP, CISM, OSCP, CEH, or GIAC, are highly desirable. Excellent leadership, communication, and interpersonal skills. Ability to work effectively under pressure and manage multiple priorities. About The Team eClerx is a global leader in productized services, bringing together people, technology and domain expertise to amplify business results. Our mission is to set the benchmark for client service and success in our industry. Our vision is to be the innovation partner of choice for technology, data analytics and process management services. Since our inception in 2000, we've partnered with top companies across various industries, including financial services, telecommunications, retail, and high-tech. Our innovative solutions and domain expertise help businesses optimize operations, improve efficiency, and drive growth. With over 18,000 employees worldwide, eClerx is dedicated to delivering excellence through smart automation and data-driven insights. At eClerx, we believe in nurturing talent and providing hands-on experience. eClerx is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability or protected veteran status, or any other legally protected basis, per applicable law. Show more Show less

Cybersecurity expert skilled in Microsoft Defender, CrowdStrike, Intune, Entra ID, QRadar, PowerShell, and Python. Experienced in Zero Trust, PAM (CyberArk), and hybrid/cloud environments. Certified in CISSP, CEH, CCFA, and Microsoft SOA.

ECI is the leading global provider of managed services, cybersecurity, and business transformation for mid-market financial services organizations across the globe. From its unmatched range of services, ECI provides stability, security and improved business performance, freeing clients from technology concerns and enabling them to focus on running their businesses. More than 1,000 customers worldwide with over $3 trillion of assets under management put their trust in ECI. At ECI, we believe success is driven by passion and purpose. Our passion for technology is only surpassed by our commitment to empowering our employees around the world . The Opportunity: ECI has an exciting opportunity for a SOC Engineer , who is responsible for analyzing and responding to network security events. The SOC Engineer will work collaboratively to detect and respond to information security incidents, maintain and follow procedures for security event alerting, and participate in security investigations. The SOC Engineer will perform tasks including monitoring, research, classification, and analysis of security events that occur on the network or endpoint. In this role, you will act as a shift lead and review tickets before they are being escalated to clients. You will Investigate intrusion attempts and perform an in-depth analysis of exploits. This is an Onsite role. What you will do: Acts as shift lead by managing the incident queue and assign incidents to available analysts based on priority. Make sure the incident is handled from end to end with defined SLA. Conduct expert analysis of SIEM logs to drive event and incident analysis. Provide expertise in categorizing and deep dive event logs to support timely and effective decision making in handling security breach cases. Launch and track investigations until resolution. Work with client or internal support teams to mitigate security threats and help them in improving the security posture of client environment. Perform threat hunt activities based on latest security vulnerabilities, advisories, and penetration techniques. Mitigate security threats and notify client. Contribute to the creation of SOC policies, procedures, and configuration standards. Manage and Administer security tools such as SIEM, EDR, Email gateway, etc. Advanced working skills with any one of the SIEM tools (ELK, Splunk, Qradar). Rule base Management, SOC Fine tuning. (Administer SIEM tool) Maintain 'On Call' availability for critical incident response scenarios and urgent threats. Demonstrate strong analytical, diagnostic, innovation, and collaboration skills. Exhibit enthusiasm, adaptability, and a passion for continuous learning, growth, and sharing of knowledge. Showcase exceptional presentation and communication abilities. Who you are: 3-5 years’ experience in the IT security industry, preferably working in a SOC environment. Bachelor’s in computer science/IT/Electronics Engineering, M.C.A. or equivalent University degree Certifications: CCNA, CEH, CHFI, GCIH, ITIL Experience with Security Information Event Management (SIEM) tools, creation of correlation rules and fine-tuning rules to administration of SIEM. Administration of Email security gateways, EDR, Antivirus Solutions. Should have expertise on TCP/IP network traffic and event log analysis. Configuration and Troubleshooting experience on Cisco ASA, PaloAlto firewalls would be an added advantage. Ability to work with minimal levels of supervision. Willingness to work in a job that involves 24/7 operations. Shift management and scheduling. Remain vigilant while continuing to maintain and enhance the overall security of ECI and the client’s receiving our services. Maintain awareness about the potential risks based on the environment they are operating in and the clients they are working on Bonus points if you have: Knowledge and hands-on experience of implementation and management of IDS/IPS, Firewall, VPN, and other security products Knowledge and hands-on experience with SIEM tools Knowledge of ITIL disciplines such as Incident, Problem and Change Management Strong verbal and written English communication. Strong interpersonal and presentation skills ECI’s culture is all about connection - connection with our clients, our technology and most importantly with each other. In addition to working with an amazing team around the world, ECI also offers a competitive compensation package and so much more! If you believe you would be a great fit and are ready for your best job ever, we would like to hear from you! Love Your Job, Share Your Technology Passion, Create Your Future Here! Show more Show less

PURPOSE OF THE POSITION: We are looking for a highly skilled Information Security Manager to lead and implement ISO 27001 compliance, cybersecurity strategies, and risk management within our organization. The ideal candidate will establish and maintain security policies, manage information security risks, and ensure compliance with regulatory standards like SOC2, GDPR, and NIST frameworks. ROLES & RESPONSIBILITIES: ISO 27001 Implementation & Compliance: - Develop, implement, and maintain an Information Security Management System (ISMS) aligned with ISO 27001 standards. - Conduct ISO 27001 gap analysis, risk assessments, and audits to ensure compliance. - Define and enforce information security policies, procedures, and controls to safeguard data integrity, confidentiality, and availability. - Drive ISO 27001 certification efforts, ensuring successful audits and continuous improvements. - Lead security awareness training programs for employees to enhance the organization's security posture. Cybersecurity Strategy & Risk Management: - Develop and implement a cybersecurity strategy to protect against threats, vulnerabilities, and attacks. - Conduct regular penetration testing, vulnerability assessments, and security audits to identify and mitigate risks. - Implement Zero Trust architecture, access control mechanisms, and security best practices across IT infrastructure. - Monitor threat intelligence, security incidents, and cyber threats, responding with effective mitigation strategies. - Ensure security of cloud infrastructure (AWS, Azure, GCP) by enforcing IAM policies, encryption, and secure configurations. - Establish and manage a Security Incident Response Plan (SIRP) for rapid threat detection and mitigation. Regulatory Compliance & Governance: - Ensure compliance with ISO 27001, SOC2, GDPR, NIST, PCI-DSS, and other industry security frameworks. - Collaborate with internal teams to align security policies with business operations and regulatory requirements. - Work with external auditors and security consultants to maintain compliance certifications and regulatory audits. - Develop and maintain security metrics, dashboards, and reports for leadership and regulatory bodies. Security Operations & Monitoring: - Oversee SIEM (Security Information and Event Management) solutions for real-time threat detection. - Implement and manage Intrusion Detection & Prevention Systems (IDS/IPS), firewalls, and endpoint security solutions. - Develop and enforce incident response, disaster recovery, and business continuity plans. - Ensure data protection, encryption, and secure backup strategies are in place for all critical systems. EDUCATIONAL QUALIFICATION: Any Technical Degree BTech., B.E. BCA, MCA will be preferred. REQUIRED SKILLS & QUALIFICATIONS: - 5+ years of experience in information security, cybersecurity, or compliance roles. - Strong expertise in ISO 27001 implementation, auditing, and certification. - Hands-on experience with security risk assessments, vulnerability management, and threat modeling. - Deep understanding of cybersecurity frameworks (SOC2, NIST, CIS, GDPR, PCI-DSS). - Experience with SIEM solutions (Splunk, ELK, QRadar, or similar) for security monitoring. - Knowledge of firewalls, IDS/IPS, endpoint protection, and cloud security best practices. - Strong understanding of IAM, network security, encryption, and access control policies. - Certifications like CISM, CISSP, CISA, CEH, ISO 27001 Lead Auditor/Implementer are highly preferred. - Strong problem-solving, communication, and stakeholder management skills. PROFESSIONAL ATTRIBUTES: - Strong interpersonal and communication skills, being an effective team player, being able to work with individuals at all levels within the organization and building remote relationships. - Excellent English skills and experience working within a multi-location team. - Excellent prioritization skills, the ability to work well under pressure, and the ability to multi- task. - Ability to work independently with minimal supervision and to resolve problems on non-routine matters. WHY JOIN US? - Opportunity to be part of a rapidly growing, innovative product-based company. - Collaborate with a talented, driven team focused on building high-quality software solutions. - Competitive compensation and benefits package. Show more Show less

Key Responsibilities Leadership and Team Management: Lead and manage the Internal Red Team and SOC Operations teams, ensuring effective collaboration and alignment with organizational security objectives. Provide mentorship and guidance to team members, fostering a culture of continuous learning and professional development. Conduct regular performance reviews and provide ongoing feedback and coaching. Red Team Operations: Plan, execute, and oversee red team exercises to identify and exploit vulnerabilities in systems, networks, and applications. Develop and maintain red team methodologies, tools, and documentation. Work closely with other security teams to remediate identified vulnerabilities and improve security defenses. SOC Operations Management: Oversee the daily operations of the SOC, ensuring efficient and effective monitoring, detection, and response to security incidents. Develop and maintain SOC processes, procedures, and documentation to ensure consistent and high-quality operations. Ensure the SOC is staffed 24/7, including managing schedules, shifts, and on-call rotations. Incident Response and Management: Coordinate and lead the response to major security incidents, including investigation, containment, eradication, and recovery. Develop and maintain an incident response plan and ensure the team is well-trained and prepared to handle incidents. Conduct post-incident reviews and develop lessons learned to improve future response efforts. Threat Intelligence and Analysis: Oversee the collection, analysis, and dissemination of threat intelligence to inform security operations and red team activities. Ensure the SOC team utilizes advanced threat detection tools and techniques to identify and mitigate threats. Collaborate with other teams to enhance threat intelligence capabilities and integrate with existing processes. Security Monitoring and Reporting: Ensure continuous monitoring of network traffic, system logs, and security alerts using SIEM (Security Information and Event Management) solutions. Develop and maintain metrics and dashboards to report on SOC and red team performance and security posture. Present regular reports and briefings to senior management on the state of security operations and key incidents. Policy and Compliance: Develop and enforce security policies, procedures, and standards in alignment with industry best practices and regulatory requirements. Ensure compliance with relevant regulations, such as GDPR, and PCI-DSS. Participate in security audits and assessments, and coordinate with external auditors as needed. Qualifications Bachelor’s degree in Computer Science, Information Security, or a related field. Equivalent work experience may be considered. Minimum of 7 years of experience in cybersecurity, with at least 3 years in a management or leadership role overseeing red team and/or SOC operations. Strong understanding of offensive security practices, including penetration testing and red teaming methodologies. Experience with SOC operations, including incident response, threat detection, and SIEM tools such as Splunk, ArcSight, or QRadar. Knowledge of common attack vectors and techniques, such as phishing, malware, and ransomware. Familiarity with regulatory requirements and frameworks, such as NIST, ISO 27001, and GDPR. Relevant certifications, such as CISSP, CISM, OSCP, CEH, or GIAC, are highly desirable. Excellent leadership, communication, and interpersonal skills. Ability to work effectively under pressure and manage multiple priorities. Show more Show less

Experience: 3+years Location: Nagpur Notice period: 30days Mandatory skills: SOC, Qradar , Endpoint corwdstrike Job Description: Responsible for conducting information security investigations as a result of security incidents identified by the Level 1 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone), Act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques. Should have experience in Developing new correlation rules & Parser writing Experience in Log source integration Act as the lead coordinator to individual information security incidents. Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Center. Document incidents from initial detection through final resolution. Participate in security incident management and vulnerability management processes. Coordinate with IT teams on escalations, tracking, performance issues, and outages. Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats. Communicate effectively with customers, teammates, and management. Prepare Monthly Executive Summary Reports for managed clients and continuously improve their content and presentation. Provide recommendations in tuning and optimization of security systems, SOC security process, procedures and policies. Define, create and maintain SIEM correlation rules, customer build documents, security process and procedures. Follow ITIL practices regarding incident, problem and change management. Staying up-to-date with emerging security threats including applicable regulatory security requirements. Maintain an inventory of the procedures used by the SOC and regularly evaluate the SOC procedures and add, remove, and update the procedures as appropriate Publish weekly reports to applicable teams Generate monthly reports on SOC activity Secondary skills like AV, HIPS, DCS, VA/ PT desirable Show more Show less

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Security Managed Services Engineer (L2) is a developing engineering role, responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational. Through the proactive monitoring, identifying, investigating, and resolving of technical incidents and problems, this role is able to restore service to clients. The primary objective of this role is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA) and focuses on second-line support for incidents and requests with a medium level of complexity. The Security Managed Services Engineer (L2) may also contribute to / support on project work as and when required. What You'll Be Doing Academic Qualifications and Certifications: BE/BTech in Electronics/EC/EE/CS/IT Engineering or MCA At least one security certification such as CCNA Security, CCSA, CEH, CompTIA, GCIH/GCIA Required Experience: At least one SIEM solution certifications with one or more SIEM/ Security solutions (i.e., RSA NetWitness, Splunk ES, Elastic ELK, HP ArcSight, IBM QRadar Log Rhythm). Minimum overall 5 years of experience in handling security related products & services in a reputed organization out of which 3 years’ experience should be in SIEM solution. Person should have adequate knowledge of security devices like firewalls, IPS, Web Application Firewall, DDOS, EDR, Incident response, SOAR and other security devices Administration of SIEM environment (e.g.: deployment of solution, user management, managing the licenses, upgrades and patch deployment, addition or deletion of log sources, configuration management, change management, report management, manage backup and recovery, etc.) Construction of SIEM content required to produce Content Outputs (e.g., filters, active lists, correlation rules, reports, report templates, queries, trends, variables) Integration of customized threat intelligence content feeds provided by the Threat Intelligence & Analytics service Identifies possible sensor improvements to prevent incidents Collects/updates threat intelligence feeds from various sources Creates situational awareness briefings Co-ordinates with the different departments for incident analysis, containment and remediation Liaise with Security monitoring team to discover repeatable process that lead to new content development Provides engineering analysis and architectural design of technical solutions Knowledge of networking protocols and technologies and network security Sound analytical and troubleshooting skills Key Responsibilities: Monitors client infrastructure and solutions. Identifies problems and errors prior to or when they occur. Routinely identifies common incidents and opportunities for avoidance as well as general opportunities for incident reduction. Investigates first line incidents assigned and identifies the root cause of incidents and problems. Provides telephonic or chat support to clients when required. Schedules maintenance activity windows for patching and configuration changes. Follows the required handover procedures for shift changes to ensure service continuity. Reports and escalates incidents where necessary. Ensures the efficient and comprehensive resolutions of incidents and requests. Updates existing knowledge articles or create new ones. Identifies opportunities for work optimization including opportunities for automation of work, request fulfilment, incident resolution, and other general process improvement opportunities. May also contribute to / support on project work as and when required. May work on implementing and delivering Disaster Recovery functions and tests. Performs any other related task as required. Workplace type: On-site Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today. Show more Show less

Role & responsibilities 1. Ensure optimal operation of MDR solution, including software and applications. 2. Ensure effectiveness of security solutions in scope 3. Develop use cases and playbooks for SIEM and SOAR for effective and automated incident detection and handing. 4. Test SIEM SOAR and other solutions in scope to explore the right technical defense/remedy and provide performance statistics and reports. 5. Ensure adequate controls are in place to protect critical assets against any incidents or threats from the internal or external environment. 6. Co-ordinate with vendors/partners & internal teams to manage the lifecycle of security platforms including deployments, maintenance and operations. Develop plans for maintaining the infrastructure in newly implemented security solutions to operational environment. 7. Lead Cybersecurity incident management and manage related process, tools and resources 8. Work with identified partner and govern them for effective execution of organizational requirements for Security operations and incident handling 9. Conduct periodic threat hunting independently and with partners to ensure effective detection of any threats. 10. Ensure preventive maintenance of critical infrastructure, to increase performance and minimize disruption. 11. Manage SLAs for solutions and processes in scope. 12. Record all incidents/events leading to infrastructure downtime, analyze root cause and suggest workarounds. 13. Monitor performance reviews, corrective action, routine equipment checks and preventative maintenance for security systems to reduce the down time of the systems. 14. Perform integration of all tools and services for access, authentication, authorization, data security, vulnerability management, policy management, auditing, and compliance to ensure company's security policy and procedures are applied. 15.Define, gather and report on metric regarding security systems within ASL environments. Prepare status reports and other management metrics as needed. Preferred candidate profile 1. Demonstrable experience within a Security Operations Center, coordinating responses to security incidents. 2. Experience leading the implementation and development of MDR tooling, infrastructure and processes 3. Experience On popular SIEM, SOAR, and threat hunting platforms is mandatory. 4. Experience in security incident handling is mandatory. 5. Exposure to threat hunting is mandatory. 6. Security related professional certifications preferred. Examples of certifications include but are not limited to CISSP, CIH (ec council), CND, infosec institute, etc. 7. Strong analytical & problem-solving skills with ability to translate ideas into practical implementation. 8. Ability to manage stakeholder relationships including team members, vendors and partners. 9. Excellent leadership and communication skills with ability to present and communicate effectively with both technical and non-technical audience. 10. Ability to provide technical and professional leadership, guidance, and training to others.

Key Responsibilities: Design, implement, and manage Palo Alto Networks solutions, including: Next-Gen Firewall (NGFW) EDR/XDR (Cortex XDR) SIEM/SOAR (Cortex XSIAM) Lead and support migration projects from legacy platforms (e.g., Splunk, Sentinel, QRadar) to Palo Alto Cortex XSIAM Work with clients to understand business requirements and deliver tailored cybersecurity solutions Perform threat hunting, alert tuning, policy configuration, and use case development Collaborate with global teams (onshore/offshore model) for delivery in sectors like Telecom, Finance, Retail, and Public Sector Support security assessments, integrations, and continuous improvement initiatives Required Skills & Qualifications: Strong hands-on experience in Palo Alto technologies (NGFW, Cortex XDR/XSIAM) Proven knowledge of cybersecurity operations, SOC processes, and incident response Experience with SIEM migration and integrations Understanding of threat intelligence, detection engineering, and automation Good knowledge of scripting (Python, PowerShell) and log analysis Excellent communication and client-facing skills Preferred Certifications: Palo Alto Networks Certifications, such as: PCNSE (Network Security Engineer) Cortex XDR/XSIAM certifications (if available) Additional certifications like CEH, CISSP, or relevant SIEM/EDR vendor certifications are a plus Why Join Us? Opportunity to work on cutting-edge XSIAM and XDR deployments Part of a growing global team delivering high-impact security projects Exposure to federal and enterprise-grade environments Flexible work culture with opportunities for on-site (Australia/US) engagements Show more Show less

Overview An Agile Scrum Master is responsible for helping to remove impediments and foster an environment for high-performing team dynamics, continuous flow, and relentless improvement. The role works in an Agile delivery team with other members to develop and enable technical solutions that satisfy the needs of a variety of PepsiCos business processes. The role must be able to deliver work product required by Agile development methodologies for software development delivery as defined by the Delivery Lead which includes helping the assigned agile delivery team meet its goals and coordinate activities with other teams. The ESM team follows an Agile project methodology and requires an individual who has good multi-tasking and organizational skills. The successful candidate must also Lead, coach, and manage more junior solution testers. Review, evaluate and provide test input during business requirements and design specifications gathering sessions. Responsibilities Guides the team in the use of SAFe Agile/Scrum practices to ensure value and customer satisfaction - Leads the team on self-organizing to fulfill the Agile/Scrum framework Ensures Agile/Scrum concepts and principles are adhered to, must be able to be a voice of reason and authority, make the tough calls Assesses the Scrum Maturity of the team/organization and coaches the team to higher levels of maturity at a pace that is sustainable and comfortable for the team/organization Responsible for removing impediments to team progress Facilitates discussion to identify alternatives or different approaches, enable decision-making, and / or resolve conflict. Embraces new tools and techniques to manage oneself and a team. Enables an environment of trust where problems can be raised without fear of blame, retribution, or being judged, with an emphasis on problem-solving. Facilitates delivery without coercion, assigning, or dictating the work. Assists with internal and external communication. Enables disclosure and transparency to the business about development and grows business trust Supports and educates the Agile teams Product Owner, especially with respect to grooming and maintaining the product backlog Provides support to the team using a servant leadership style whenever possible and leading by example Working on concurrent projects Working with a large number of stakeholders Qualifications Minimum 10 years of total work experience Excellent facilitation, situational awareness, and conflict-resolution skills Knowledge of burndown techniques, retrospective formats, bug bashing, Kanban, etc Experience working with Agile-oriented User Stories, ATDD, TDD, continuous integration, and continuous and automated testing. Previous experience as a team lead Excellent communication and mentoring skills Knowledge of ServiceNow a plusDeep knowledge of ITSM, ITOM, DevOps, and SecOps. Good understanding of ITIL processes. Good understanding of agile and hybrid Project Management methodologies. Knowledge of ServiceNow instance design and administration

Provide advanced incident response and threat analysis in a Security Operations Center (SOC). Lead investigations, conduct forensics, and manage escalated security incidents to minimize risks and ensure data protection.

The Cyber Security role involves working with relevant technologies, ensuring smooth operations, and contributing to business objectives. Responsibilities include analysis, development, implementation, and troubleshooting within the Cyber Security domain.

The Cyber Security E2 role involves working with relevant technologies, ensuring smooth operations, and contributing to business objectives. Responsibilities include analysis, development, implementation, and troubleshooting within the Cyber Security E2 domain.

The Firewall,WAF role involves working with relevant technologies, ensuring smooth operations, and contributing to business objectives. Responsibilities include analysis, development, implementation, and troubleshooting within the Firewall,WAF domain.

The Cyber Security role involves working with relevant technologies, ensuring smooth operations, and contributing to business objectives. Responsibilities include analysis, development, implementation, and troubleshooting within the Cyber Security domain.

The ServiceNow SecOps role involves working with relevant technologies, ensuring smooth operations, and contributing to business objectives. Responsibilities include analysis, development, implementation, and troubleshooting within the ServiceNow SecOps domain.

The Cyber Security role involves working with relevant technologies, ensuring smooth operations, and contributing to business objectives. Responsibilities include analysis, development, implementation, and troubleshooting within the Cyber Security domain.

The Splunk role involves working with relevant technologies, ensuring smooth operations, and contributing to business objectives. Responsibilities include analysis, development, implementation, and troubleshooting within the Splunk domain.

The Splunk role involves working with relevant technologies, ensuring smooth operations, and contributing to business objectives. Responsibilities include analysis, development, implementation, and troubleshooting within the Splunk domain.

The Securonix/UEBA/SIEM, Tripwire IP360, Tripwire CCM, AWS Guardduty role involves working with relevant technologies, ensuring smooth operations, and contributing to business objectives. Responsibilities include analysis, development, implementation, and troubleshooting within the Securonix/UEBA/SIEM, Tripwire IP360, Tripwire CCM, AWS Guardduty domain.