888 Qradar Jobs - Page 9

About Gruve Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks. Position Summary We are looking for a skilled Software Engineer with 3-5 years of experience in Java development, SaaS architectures, and cybersecurity solutions. You will play a key role in designing and implementing scalable security applications while following best practices in secure coding and cloud-native development. Key Responsibilities Develop and maintain scalable, secure software solutions using Java. Build and optimize SaaS-based cybersecurity applications, ensuring high performance and reliability. Collaborate with cross-functional teams including Product Management, Security, and DevOps to deliver high-quality security solutions. Design and implement security analytics, automation workflows and ITSM integrations. Basic Qualifications A bachelor’s or master’s degree in computer science, electronics engineering or a related field 3-5 years of experience in software development using Java. Experience with cloud platforms (AWS, GCP, or Azure) and microservices architectures. Proficiency in containerization and orchestration tools (Docker, Kubernetes). Knowledge of DevSecOps principles, CI/CD, and infrastructure-as-code tools (Terraform, Ansible). Preferred Qualifications Exposure to cybersecurity solutions, including SIEM (Splunk, ELK, QRadar) and SOAR (XSOAR, Swimlane). Familiarity with machine learning or AI-driven security analytics. Strong problem-solving skills and ability to work in an agile, fast-paced environment. Why Gruve At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you’re passionate about technology and eager to make an impact, we’d love to hear from you. Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.

At Securonix, we’re on a mission to secure the world by staying ahead of cyber threats, reinforcing all layers of our platform with AI capabilities. Our Securonix Unified Defense SIEM provides organizations with the first and only AI-Reinforced solution built with a cybersecurity mesh architecture on a highly scalable data cloud. Enhanced by Securonix EON’s AI capabilities, our innovative cloud-native solution delivers a seamless CyberOps experience, empowering organizations to scale their security operations and keep up with evolving threats. Recognized as a five-time leader in the Gartner Magic Quadrant for SIEM and highly rated on Gartner Peer Insights, our award-winning Unified Defense SIEM provides organizations with 365 days of ‘hot’ data for rapid search and investigation, threat content-as-a-service, proactive defense through continuous peer and partner collaboration, and a fully integrated Threat Detection, Investigation, and Response (TDIR) experience—all within a single platform. Built on a cloud-native architecture, the platform leverages the Snowflake Data Cloud for unparalleled scalability and performance. Securonix is proud to be a cybersecurity unicorn and featured in CRN's 2024 Security 100 list. Backed by Vista Equity Partners, one of the largest private equity firms with over $100 billion in assets under management, we have a unique advantage in driving innovation and growth. With a global footprint, we serve more than 1,000 customers worldwide, including 10% of the Fortune 100. Our network of 150+ partners and Managed Security Service Providers (MSSPs) enables us to deliver unmatched security solutions on a global scale. At Securonix, we are driven by our core values and place our people at the heart of everything we do: Winning as One Team: We work together with universal respect to achieve aligned outcomes Customer Driven Innovation: We innovate to stay ahead of the market and create value for our customers Agility in Action: We embrace change and are unified in our purpose and objectives amidst change Join us as we redefine cybersecurity, innovate fearlessly, and grow together as one team. Role Summary: The SIEM Engineer III position is an integral part of our Professional Services team. In this role, you will work with our customers , supporting our mission to help them quickly and completely adopt our Security Operating Platform, leaving them more secure. This is a highly technical, hands-on role that will focus on architecting, planning, implementing, and operationalizing the SIEM platform. The ideal candidate will have a demonstrated understanding of information security and networking and extensive experience interacting with customers. Securonix Next-Gen SIEM and UEBA experience, although desired, is not required, but the candidate must have SIEM and SOAR software expertise and be willing to train on the Securonix platform and products. Primary Responsibility: Lead end-to-end SIEM implementation or integrations in a customer environment. Understand customer business requirements and the threat landscape applicable to their industry’s vertical sector to develop tailored use cases for security and Incident monitoring. Coordinate with customers to deploy collectors and agents in the on-premises network for data collection and forwarding. Work with customers to design and implement secure data flow into the Securonix cloud, following industry-standard best practices. Coordinate with service delivery managers, management, engineering, maintenance, and operational support teams to ensure timely delivery. Develop content, use cases, data models, dashboards, and connectors to support custom user requirements. Troubleshooting end-to-end network and infrastructure issues during data onboarding. Deploy and integrate the Securonix SOAR solution with the customer infrastructure for response orchestration. Engage with customers and internal product development teams to gather user requirements, suggest new product features, and help improve existing ones. Training and enabling customers and partners for successful adoption. Minimum Requirements: 5+ years of experience in information security and SIEM field. Strong understanding of SIEM solutions such as Splunk, Qradar, ArcSight, Logrhythm and Exabeam. Experience deploying SIEM across multiple customers. Good understanding of MITRE ATT&CK matrices, kill chains and other attack models. Strong communication skills and customer facing experience. Strong knowledge of scripting languages such as Python, Powershell. Industry certifications such as CISSP, CISM Preferred: BS in Computer Science, Information Systems, CyberSecurity 3-4+ years of experience in UEBA deployment Working knowledge of Machine learning in cybersecurity Working knowledge of cloud technologies such as Amazon, Azure and Google Good understanding of log collection methodologies and aggregation techniques such as Syslog-NG, syslog, Nxlog, Windows Event Forwarding Good understanding of Hadoop ecosystem and Apache technologies. Experience integrating endpoint security and host-based intrusion detection solutions Experience with network forensics and toolsets such as Wireshark, PCAP, tcpdump Benefits: As a full-time employee with Securonix, you will be eligible for the following employee benefits: Health Insurance with a total sum insured is INR 7,50,000 Coverage: Self, Spouse, 2 kids, Dependent parents, or parents-in-law Personal Accident with total sum insured is INR 10,00,000 Term Life Insurance with a sum assured for employees is 5 times fixed base pay is covered. Securonix provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state and local laws. Securonix complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including hiring, placement, promotion, termination, layoff, recall, and transfer, leaves of absence, compensation and training. Securonix expressly prohibits any form of unlawful employee harassment based on race, color, religion, gender, sexual orientation, national origin, age, genetic information, disability or veteran status. Improper interference with the ability of Securonix employees to perform their expected job duties is absolutely not tolerated. Headhunters and recruitment agencies may not submit candidates through this application. Securonix does not accept unsolicited headhunter and agency submissions for candidates and will not pay fees to any third-party agency without a prior agreement with Securonix.

At Securonix, we’re on a mission to secure the world by staying ahead of cyber threats, reinforcing all layers of our platform with AI capabilities. Our Securonix Unified Defense SIEM provides organizations with the first and only AI-Reinforced solution built with a cybersecurity mesh architecture on a highly scalable data cloud. Enhanced by Securonix EON’s AI capabilities, our innovative cloud-native solution delivers a seamless CyberOps experience, empowering organizations to scale their security operations and keep up with evolving threats. Recognized as a five-time leader in the Gartner Magic Quadrant for SIEM and highly rated on Gartner Peer Insights, our award-winning Unified Defense SIEM provides organizations with 365 days of ‘hot’ data for rapid search and investigation, threat content-as-a-service, proactive defense through continuous peer and partner collaboration, and a fully integrated Threat Detection, Investigation, and Response (TDIR) experience—all within a single platform. Built on a cloud-native architecture, the platform leverages the Snowflake Data Cloud for unparalleled scalability and performance. Securonix is proud to be a cybersecurity unicorn and featured in CRN's 2024 Security 100 list. Backed by Vista Equity Partners, one of the largest private equity firms with over $100 billion in assets under management, we have a unique advantage in driving innovation and growth. With a global footprint, we serve more than 1,000 customers worldwide, including 10% of the Fortune 100. Our network of 150+ partners and Managed Security Service Providers (MSSPs) enables us to deliver unmatched security solutions on a global scale. At Securonix, we are driven by our core values and place our people at the heart of everything we do: Winning as One Team: We work together with universal respect to achieve aligned outcomes Customer Driven Innovation: We innovate to stay ahead of the market and create value for our customers Agility in Action: We embrace change and are unified in our purpose and objectives amidst change Join us as we redefine cybersecurity, innovate fearlessly, and grow together as one team. Role Summary: The SIEM Engineer III position is an integral part of our Professional Services team. In this role, you will work with our customers , supporting our mission to help them quickly and completely adopt our Security Operating Platform, leaving them more secure. This is a highly technical, hands-on role that will focus on architecting, planning, implementing, and operationalizing the SIEM platform. The ideal candidate will have a demonstrated understanding of information security and networking and extensive experience interacting with customers. Securonix Next-Gen SIEM and UEBA experience, although desired, is not required, but the candidate must have SIEM and SOAR software expertise and be willing to train on the Securonix platform and products. Primary Responsibility: Lead end-to-end SIEM implementation or integrations in a customer environment. Understand customer business requirements and the threat landscape applicable to their industry’s vertical sector to develop tailored use cases for security and Incident monitoring. Coordinate with customers to deploy collectors and agents in the on-premises network for data collection and forwarding. Work with customers to design and implement secure data flow into the Securonix cloud, following industry-standard best practices. Coordinate with service delivery managers, management, engineering, maintenance, and operational support teams to ensure timely delivery. Develop content, use cases, data models, dashboards, and connectors to support custom user requirements. Troubleshooting end-to-end network and infrastructure issues during data onboarding. Deploy and integrate the Securonix SOAR solution with the customer infrastructure for response orchestration. Engage with customers and internal product development teams to gather user requirements, suggest new product features, and help improve existing ones. Training and enabling customers and partners for successful adoption. Minimum Requirements: 5+ years of experience in information security and SIEM field. Strong understanding of SIEM solutions such as Splunk, Qradar, ArcSight, Logrhythm and Exabeam. Experience deploying SIEM across multiple customers. Good understanding of MITRE ATT&CK matrices, kill chains and other attack models. Strong communication skills and customer facing experience. Strong knowledge of scripting languages such as Python, Powershell. Industry certifications such as CISSP, CISM Preferred: BS in Computer Science, Information Systems, CyberSecurity 3-4+ years of experience in UEBA deployment Working knowledge of Machine learning in cybersecurity Working knowledge of cloud technologies such as Amazon, Azure and Google Good understanding of log collection methodologies and aggregation techniques such as Syslog-NG, syslog, Nxlog, Windows Event Forwarding Good understanding of Hadoop ecosystem and Apache technologies. Experience integrating endpoint security and host-based intrusion detection solutions Experience with network forensics and toolsets such as Wireshark, PCAP, tcpdump Benefits: As a full-time employee with Securonix, you will be eligible for the following employee benefits: Health Insurance with a total sum insured is INR 7,50,000 Coverage: Self, Spouse, 2 kids, Dependent parents, or parents-in-law Personal Accident with total sum insured is INR 10,00,000 Term Life Insurance with a sum assured for employees is 5 times fixed base pay is covered. Securonix provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state and local laws. Securonix complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including hiring, placement, promotion, termination, layoff, recall, and transfer, leaves of absence, compensation and training. Securonix expressly prohibits any form of unlawful employee harassment based on race, color, religion, gender, sexual orientation, national origin, age, genetic information, disability or veteran status. Improper interference with the ability of Securonix employees to perform their expected job duties is absolutely not tolerated. Headhunters and recruitment agencies may not submit candidates through this application. Securonix does not accept unsolicited headhunter and agency submissions for candidates and will not pay fees to any third-party agency without a prior agreement with Securonix.

Position: Cybersecurity Enterprise Sales – SIEM Engineering Focus Experience : 8+ Location: Hyderabad/Bangalore/Mumbai Role Overview: We are seeking a dynamic and results-driven Cybersecurity Enterprise Sales professional to join our team. This role is focused on selling advanced cybersecurity solutions, including SIEM, SOAR, and Adaptive MDR offerings, to mid-to-large enterprises. The ideal candidate will have a strong foundation in cybersecurity operations, particularly SIEM engineering, and a proven track record in enterprise technology sales Key Responsibilities: • Develop and execute a strategic sales plan to meet and exceed quarterly and annual sales targets. • Identify, qualify, and pursue new business opportunities in enterprise accounts. • Conduct engaging product presentations and solution demonstrations to prospective clients. • Understand customer security needs and map solutions accordingly, with a focus on SIEM, SOAR, and MDR. • Lead contract negotiations and close deals. • Build and maintain long-term relationships with key stakeholders and channel partners. • Stay current on the latest cybersecurity trends and emerging technologies. • Collaborate with internal technical and product teams to align solutions with customer needs. Required Qualifications: • Bachelor's degree in Business, Computer Science, Information Security, or a related field. • 8+ years of experience in cybersecurity sales, with a focus on enterprise customers. • Hands-on understanding of SIEM tools (e.g., Splunk, IBM QRadar, Securonix) and security operations workflows. • Proven ability to meet or exceed sales targets in a complex, solution-oriented environment. • Excellent communication, presentation, and negotiation skills. • Self-starter with the ability to work independently and cross-functionally Preferred Skills: • Experience selling MDR, SIEM, SOAR, or AI-driven security solutions. • Familiarity with SaaS security platforms and cloud security posture management. • Background in threat detection, incident response, or SIEM engineering is a strong plus

Job Title : Cybersecurity Analyst Fortinet, SIEM, and SOAR Expert Location : Chennai Experience : 5 to 8 Years Employment Type : Contract Job Summary : We are looking for an experienced Cybersecurity Analyst with a strong background in Fortinet firewall configuration , SIEM tools (like Splunk, QRadar, or SentinelOne), and SOAR platforms . The ideal candidate will be highly skilled in threat detection, incident response automation, and log analysis. A basic understanding of OT/IoT security concepts is desirable. Key Responsibilities : Configure and audit firewall rules in Fortinet environments Work with SIEM tools (e.g., Splunk, QRadar, SentinelOne) to: Monitor and analyze logs and security events Create and tune correlation rules and alerts Manage incident detection workflows Develop and manage automated playbooks in SOAR/XSOAR platforms Integrate security tools and enable automation for incident response Understand OT/IoT security threats and risk areas (hands-on experience not mandatory) Required Skills : Hands-on experience with Fortinet firewall configuration and policy audits Strong knowledge of at least one SIEM tool (Splunk, QRadar, or SentinelOne) Practical experience in log analysis , threat detection, and workflow creation Familiarity with SOAR tools and playbook development Basic understanding of OT/IoT security environments Good analytical and troubleshooting skills Ability to work in a fast-paced environment Preferred Qualifications : Certifications such as Fortinet NSE , Splunk Certified , etc. Experience in scripting/automation using Python , PowerShell , or similar tools Exposure to MITRE ATT&CK framework and incident response procedures

Our purpose is to enable our customers to defend against the evolving threat landscape across on-premises, private cloud, public cloud and multi-cloud workloads. Our goal is to go beyond traditional security controls to deliver cloud-native, DevOps-centric and fully integrated 24x7x365 cyber defence capabilities that deliver a proactive , threat-informed , risk-based , intelligence-driven approach to detecting and responding to threats. Our mission is to help our customers: Defend against new and emerging risks that impact their business. Reduce their attack surface across private cloud, hybrid cloud, public cloud, and multi-cloud environments. Reduce their exposure to risks that impact their identity and brand. Develop operational resilience. Maintain compliance with legal, regulatory and compliance obligations. What were looking for To support our continued success and deliver a Fanatical Experience to our customers, Rackspace Cyber Defence is looking for an Indian based Security Engineer, with a specialism in Endpoint Security to support Rackspaces strategic customers. This role is particularly well-suited to a self-starting, experienced and motivated Sr. Security Engineer, who has a proven record of accomplishment in the design, delivery, management, operation and continuous improvement of enterprise-level Endpoint Security platforms or delivering Managed Endpoint Detection & Response (EDR) services to customers. The primary focus will be on the design, implementation, management, operation and continuous improvement of cloud-native Endpoint Detection & Response (EDR) platforms such as Crowdstrike Falcon or Microsoft Defender for Endpoint; used by the Rackspace Cyber Defence Center to deliver managed security services to our customers. You will also be required to liaise closely with the customers key stakeholders, which may include incident response and disaster recovery teams as well as information security. Skills & Experience Should have 8+ years experience in Security Engineering. Experience working in either large, enterprise environments or managed security services environments with a focus on Endpoint Detection & Response. Experience of working with cloud native Endpoint Security and Endpoint Detection & Response (EDR) tools such as Crowdstrike, Microsoft Defender for Endpoint and/or Microsoft Defender for Cloud. Experience of working in two (or more) of the following additional security domains: SIEM platforms such as Microsoft Sentinel (preferred), Google Chronicle, Splunk, QRadar, LogRhythm, Securonix etc. AWS (Amazon Web Services) Security Hub including AWS Guard Duty, AWS Macie, AWS Config and AWS CloudTrail . Experience of analysing malware and email headers, and has skills in network security, intrusion detection and prevention systems; operating systems; risk identification and analysis; threat identification and analysis and log analysis. Experience of security controls, such as network access controls; identity, authentication, and access management controls (IAAM); and intrusion detection and prevention controls. Knowledge of security standards (good practice) such as NIST, ISO27001, CIS (Center for Internet Security), OWASP and Cloud Controls Matrix (CCM) etc. Knowledge of scripting and coding with languages such as Terraform, python, javascript, golang, bash and/or powershell. Knowledge of Malware reverse engineering, threat detection and threat hunting. Computer science, engineering, or information technology related degree (although not a strict requirement) Holds one, or more, of the following certificates (or equivalent): - Microsoft Certified: Azure Security Engineer Associate (AZ500) Microsoft Certified: Security Operations Analyst Associate (SC-200) Systems Security Certified Practitioner (SSCP) Certified Cloud Security Professional (CCSP) GIAC Certified Incident Handler (GCIH) GIAC Security Operations Certified (GSOC) CrowdStrike admin Certified A highly self-motivated and proactive individual who wants to learn and grow and has an attention to detail. A great analyser, trouble-shooter and problem solver who understands security operations, programming languages and security architecture. Highly organised and detail oriented. Ability to prioritise, multitask and work under pressure. An individual who shows a willingness to go above and beyond in delighting the customer. A good communicator who can explain security concepts to both technical and non-technical audiences. Key Accountabilities Ensure the Customers operational and production environment remains healthy and secure at all the times. Assist with customer onboarding customer/device onboarding, policy configuration, platform configuration and service transition to security operations team(s). Advance platform administration. Critical platform incident handling & closure. As an SME, act as an L3 escalation and point of contact for SecOps Analysts during an incident response process As an SME, act as a champion and centre of enablement by delivering training, coaching and thought leadership across Endpoint Security and Endpoint Detection & Response. Develop and document runbooks, playbooks and knowledgebase articles that drive best practice across teams. Drive continuous improvement of Rackspace Managed EDR services through custom development, automation and integration; in collaboration with SecOps Engineering and other Security Engineering team(s) Maintain close working relationships with relevant teams and individual key stakeholders, such as incident response and disaster recovery teams as well as information security etc. Co-ordinate with vendor for issue resolution. Required to work flexible timings.

Role Overview The OT Security Analyst – Level 2 (L2) plays a pivotal role in defending operational technology (OT) environments against evolving cyber threats. This role requires a deep understanding of security incident analysis, threat detection, and incident response, specifically tailored to Industrial Control Systems (ICS) and OT networks. The analyst will investigate complex security incidents within the OT infrastructure, collaborate with IT/OT teams, and enhance security posture through actionable insights. ________________________________________ Key Responsibilities Conduct in-depth analysis of security events and incidents within OT environments, leveraging SIEM and OT-specific monitoring tools. Perform root cause analysis and develop incident timelines to support forensics and remediation efforts. Apply standard incident response frameworks (e.g., NIST, MITRE ATT&CK for ICS, Cyber Kill Chain) for threat classification and response. Use threat intelligence platforms and sandbox environments to investigate malware and suspicious artifacts in OT networks. Analyze access logs, network traffic, and protocol behaviours across OT systems (e.g., SCADA, DCS, PLCs). Support investigations related to unauthorized device communications, anomalous behaviours, or compromised industrial assets. Collaborate with OT security engineers and external vendors to escalate and remediate incidents. Refine alert rules and detection logic to reduce false positives and improve signal-to-noise ratio in OT SOC operations. Document incident findings and support continuous improvement of the OT SOC playbooks and knowledgebase. Liaise with the IT SOC and CIR (Cyber Incident Response) teams to align incident handling and cross-domain investigations. Participate in threat hunting activities tailored for OT environments using behavioural analysis and attack-path simulation. ________________________________________ Technical Skills & Knowledge Strong understanding of OT/ICS protocols (Modbus, DNP3, OPC, etc.) and industrial network topologies. Hands-on experience with OT cybersecurity tools and platforms (e.g., Nozomi Networks, Claroty, Dragos). Familiar with ISA/IEC 62443, NIST SP 800-82, NIST CSF, and ISO 27001 compliance requirements for OT. Proficiency in using SIEM systems (e.g., Microsoft Sentinel, Splunk, QRadar) for log correlation and event triage. Understanding of firewalls, WAFs, proxies, and network segmentation principles in OT. Working knowledge of tools such as THOR Scanner, VMRay, or Recorded Future is a plus. Experience in vulnerability management and patch advisory for OT assets with limited patch cycles. ________________________________________ Nice To Have Exposure to Red Team/Blue Team exercises focused on OT/ICS. Familiarity with GRC platforms and risk assessment tools tailored to OT.

Overview: We are looking for a skilled SIEM Administrator to manage and maintain Security Information and Event Management (SIEM) solutions such as Innspark , LogRhythm , or similar tools. This role is critical to ensuring effective security monitoring, log management, and event analysis across our systems. Key Responsibilities: Design, deploy, and manage SIEM tools (e.g., Innspark, LogRhythm, Splunk). Develop and maintain correlation rules, s, dashboards, and reports. Integrate logs from servers, network devices, cloud services, and applications. Troubleshoot log collection, parsing, normalization, and event correlation issues. Work with security teams to improve detection and response capabilities. Ensure SIEM configurations align with compliance and audit requirements. Perform routine SIEM maintenance (e.g., patching, upgrades, health checks). Create and maintain documentation for implementation, architecture, and operations. Participate in evaluating and testing new SIEM tools and features. Support incident response by providing relevant event data and insights. Required Qualifications: Bachelor's degree in Computer Science, Information Security, or related field. 3+ years of hands-on experience with SIEM tools. Experience with Innspark, LogRhythm, or other SIEM platforms (e.g., Splunk, QRadar, ArcSight). Strong knowledge of log management and event normalization. Good understanding of cybersecurity concepts and incident response. Familiarity with Windows/Linux OS and network protocols. Scripting knowledge (e.g., Python, PowerShell) is a plus. Strong troubleshooting, analytical, and communication skills. Industry certifications (CEH, Security+, SSCP, or vendor-specific) are a plus. Key Skills: SIEM Tools (Innspark, LogRhythm, Splunk) Troubleshooting Log Management & Analysis Scripting (optional) Security Monitoring Skills Siem,Splunk,Troubleshooting Required Skills Siem,Splunk,Troubleshooting

Overview: We are looking for a skilled SIEM Administrator to manage and maintain Security Information and Event Management (SIEM) solutions such as Innspark , LogRhythm , or similar tools. This role is critical to ensuring effective security monitoring, log management, and event analysis across our systems. Key Responsibilities: Design, deploy, and manage SIEM tools (e.g., Innspark, LogRhythm, Splunk). Develop and maintain correlation rules, s, dashboards, and reports. Integrate logs from servers, network devices, cloud services, and applications. Troubleshoot log collection, parsing, normalization, and event correlation issues. Work with security teams to improve detection and response capabilities. Ensure SIEM configurations align with compliance and audit requirements. Perform routine SIEM maintenance (e.g., patching, upgrades, health checks). Create and maintain documentation for implementation, architecture, and operations. Participate in evaluating and testing new SIEM tools and features. Support incident response by providing relevant event data and insights. Required Qualifications: Bachelor's degree in Computer Science, Information Security, or related field. 3+ years of hands-on experience with SIEM tools. Experience with Innspark, LogRhythm, or other SIEM platforms (e.g., Splunk, QRadar, ArcSight). Strong knowledge of log management and event normalization. Good understanding of cybersecurity concepts and incident response. Familiarity with Windows/Linux OS and network protocols. Scripting knowledge (e.g., Python, PowerShell) is a plus. Strong troubleshooting, analytical, and communication skills. Industry certifications (CEH, Security+, SSCP, or vendor-specific) are a plus. Key Skills: SIEM Tools (Innspark, LogRhythm, Splunk) Troubleshooting Log Management & Analysis Scripting (optional) Security Monitoring Skills Siem,Splunk,Troubleshooting Required Skills Siem,Splunk,Troubleshooting

Introduction At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk. Your Role And Responsibilities The Security Analyst monitors security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity, escalate to managed service support teams, tier2 information security specialists, and/or customer as appropriate to perform further investigation and resolution. Good knowledge of SIEM, SIEM Architecture, SIEM health check. Audit the SIEM in the customer environment. Troubleshoot issues regarding SIEM and other SOC tools. Good verbal/written communication skills. Build of use case for the customer. Data archiving and backup and data purging configuration as per need and compliance. Raising change management tickets for SOC Administration activities like Patch upgrade for SIEM, onboarding log sources etc. Helping L3 and L1 with required knowledge base details and basic documentations. Co-ordination SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation. High ethics, ability to protect confidential information. Troubleshooting at device and connector/agent end to fix the anomaly reported by other team and observed on day to day basis. Building of incident reports, advisories and review if SLA has been met for Incident alerting and Incident closure. Update and maintain SOC knowledge base for new security incidents and docs. Creation of daily status report sheet and submit to SOC manager for review. Review advisories and make necessary detection measures. Provide analysis and trending of security log data from a large number of security devices. Troubleshooting non-reporting devices fix and maintain device status. Working with OEM (Tool support) in a way to resolve the issue or incident raised. Administration of Windows and Unix servers. Ready to work on 24/7 shifts to support client requirement. Preferred Education Bachelor's Degree Required Technical And Professional Expertise 2 Years of Experience in SOC monitoring and investigation. Audit the SIEM in the customer environment. Troubleshoot issues regarding SIEM and other SOC tools. Build of use case for the customer. Data archiving and backup and data purging configuration as per need and compliance. Helping L3 and L1’s with required knowledge base details and basic documentations. Co-ordination with SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation. Troubleshooting at device and connector/agent end to fix the anomaly reported by other team and observed on day to day basis. Building of incident reports, advisories and review if SLA has been met for Incident alerting and Incident closure. Update and maintain SOC knowledge base for new security incidents and docs. Creation of daily status report sheet and submit to SOC manager for review. Review advisories and make necessary detection measures.\ Provide analysis and trending of security log data from a large number of security devices. Troubleshooting non-reporting devices fix and maintain device status. Working with OEM (Tool support) in a way to resolve the issue or incident raised. Administration of Windows and Unix servers. Building Parser for the SIEM using regex. Preferred Technical And Professional Experience Escalation point for L1’s and SOC Monitor team. Ability to drive call and summarizing it post discussion. Good Understanding of Firewall, IDP/IPS, SIEM functioning (Generalize HLD as well as LLD). Deep understanding on Windows, DB, Mail cluster, VM and Linux commands. Knowledge of network protocols TCP/IP and ports. Team Spirit and working ideas heading to resolution of issues. Qualifications like CISA, CISM, CISSP, CEH, SANS or any other recognized qualification in Cybersecurity (SIEM/Qradar certification) will be preferred. Thorough knowledge in SIEM tool and experience in networking, Cloud security experience will be preferred. SOC Senior Analyst experience with multiple customers.

Job Title: SOC Consultant Location: Gurgaon / Bangalore Experience: 3+ Years Position Type: Full-time Immediate Joiners Preferred Job Description: We are seeking a skilled SOC (Security Operations Center) Consultant with 3+ years of experience in security operations, threat analysis, and incident response. The ideal candidate should have hands-on experience with SIEM tools and a strong understanding of cybersecurity principles and frameworks. Key Responsibilities: Monitor, analyze, and respond to security events and incidents Operate and manage SIEM platforms (e.g., Splunk, QRadar, ArcSight, etc.) Perform real-time threat analysis, detection, and triage of security incidents Support vulnerability management and threat intelligence integration Work closely with clients and internal teams to implement security best practices Document security incidents and contribute to knowledge base development Assist in the development of security playbooks and incident response plans Required Skills: 3+ years of experience in SOC operations or a similar cybersecurity role Proficiency in SIEM tools and log analysis Good understanding of TCP/IP, IDS/IPS, firewalls, and malware analysis Familiarity with threat hunting techniques and cybersecurity frameworks (NIST, MITRE ATT&CK) Strong analytical and problem-solving skills Excellent communication and documentation skills Certifications (Preferred): CEH / CompTIA Security+ / SSCP / Splunk Certified / Microsoft SC-200 or equivalent

Job Description & Summary: We are looking for an experienced Cloud Security Lead with deep technical expertise in Zscaler (ZIA/ZPA) and Fortinet security solutions. The ideal candidate will play a key role in architecting, implementing, and managing secure cloud on-prem and internet access strategies, supporting enterprise-wide digital transformation and security posture enhancement. Mandatory skill sets: Zscaler ZIA / ZPA / SIPA • Fortinet FortiGate / FortiManager / FortiAnalyzer • SIEM platforms (Splunk, QRadar, etc.) • Firewall platforms: Fortinet, Palo Alto, Check Point, Juniper • Security Frameworks: ISO 27001, NIST, CIS Controls, HIPAA, GDPR Years of experience required: 5-10 Years of experience Location: Pan India Responsibilities: Zscaler Security Operations • Design, implement, and manage Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) solutions. • Configure SIPA (Secure Internet & Private Access) policies for optimized secure remote and internet access. • Perform regular reviews, audits, and optimization of Zscaler configurations to align with industry best practices. • Provide technical support and guidance to L1 and L2 teams for Zscaler-related issues. • Stay up to date on Zscaler enhancements, threat intelligence, and security features to ensure proactive defense. Fortinet and Network Security • Implement and manage Fortinet firewall and security solutions for perimeter and cloud-based infrastructure. • Configure Fortinet firewalls to support SD-WAN, secure edge, and hybrid cloud environments. • Work closely with networking teams to design secure network topologies integrating Fortinet technologies. Cloud Security and Compliance • Design and assess cloud-native security architectures for AWS, Azure, or GCP environments. • Conduct cloud security assessments, vulnerability scans, and risk remediation. • Align security strategies with industry standards like ISO 27001:2022, SOC 2, HIPAA, GDPR, and CIS v3.0.0. • Assist in external security audits and privacy assessments related to cloud workloads. Collaboration and Strategy • Collaborate with cross-functional teams (Security, IT, DevOps, Engineering) to embed security into cloud and network initiatives. • Act as a Subject Matter Expert (SME) for Zscaler and Fortinet technologies in solution design and customer engagements. • Maintain documentation on security controls, configurations, SOPs, and incident response playbooks. Required Skills and Qualifications: Experience in network and cloud security domains. • Proven hands-on experience with Zscaler ZIA/ZPA design, implementation, and operations. • Strong working knowledge of Fortinet firewalls and FortiManager, FortiAnalyzer. • Experience with SD-WAN, SDN, VPNs, and secure web gateway technologies. • Strong understanding of network security principles, SIEM, threat intelligence, and incident response. Knowledge of cloud compliance standards and risk frameworks (NIST, CIS, ISO). • Excellent communication skills and ability to work in cross-functional environments. • Strong documentation, presentation, and stakeholder management skills. • Experience in SOC environment will be a plus

Role: Senior Presales - Cyber Security Location: Mumbai, Maharashtra, India Experience: 6 - 12 years Budget: 15-25 LPA Job Type: Non-Tech Working Days - Monday - Friday Note: Only Local Candidates Notice Period: 30 Days Academic Qualifications: Bachelor’s degree Must-Have Skills 6+ Years of presales experience with customer facing Should meet the customers and understand the requirements and should be able to articulate the business challenges well internally as well as back to customers to arrive at suitable solution Hands-on experience to showcase product Demo / POV at customer sites Should have experience in good documentation – POV scope of work, prerequisites, deliverables etc. Experience in any 2 of the key skills mentioned in the JD is acceptable with meeting any of 2 OEM in listed areas. Technology DomainOEMProxyZscaler, Netskope, ForcepointDLPZscaler, Netskope, ForcepointWAFCloudflare, F5IdentityOkta, BeyondTrust, CyberArkSIEMIBM Qradar, Splunk, Firtinet Good-to-Have Skills Excellent Oral Communication skills and Written skills, Excellent presentation skills Good analytical skills who can understand customer’s business challenges and arrive at right solution. Key Performance Indicators Conduct pre-engagement meetings Create end-user knowledge transfer Function as a requirements analyst Serve as a conduit between sales and Delivery team Conduct Cybersecurity solution & service research Make contributions to the Cybersecurity technical portfolio About company: It one of the leading Digital Systems & Services Integrator company in South Asia. We accelerate Customer’s Business Transformation Journey through our competence in Consulting, Integration and Security, delivering Next-Gen Digital Infrastructure Technologies, Solutions and Services. Roles and Responsibilities: Senior Presales – Cyber Security As a Senior Presales Consultant – Cyber Security, you will be responsible for engaging with clients to understand their cybersecurity challenges and propose appropriate solutions leveraging leading OEM technologies. You will act as a trusted advisor to customers and a key liaison between the sales and delivery teams. Key Responsibilities Understand customer requirements, identify pain points, and map them to appropriate cybersecurity solutions. Conduct product demos and Proof of Value (POV) presentations at client locations. Draft technical documents including scope of work, prerequisites, and deliverables. Collaborate with sales and delivery teams to build customized solution proposals. Serve as a key liaison between customers, internal teams, and OEMs. Conduct technical workshops, pre-engagement meetings, and knowledge transfer sessions. Contribute to research and development of the cybersecurity solutions portfolio. Skills: product demonstration,oem technologies,product demonstrations,proof of value (pov),technical documentation,presales experience,customer engagement,cybersecurity,customer facing,presentation skills,communication,presales- cybersecurity,communication skills,oems,cybersecurity solutions,documentation,senior presales - cyber security,presales,product demo,presentation,analytical skills,requirements analysis

Job Summary: We are looking for an experienced Cyber Security Analyst to join our team and help protect our organization’s systems, networks, and data from cyber threats. The ideal candidate will have 4–5 years of hands-on experience in threat detection, incident response, vulnerability assessment, and security monitoring. Key Responsibilities: Monitor and analyze security events using SIEM tools (e.g., Splunk, QRadar, or ArcSight). Perform threat hunting and investigate security incidents across endpoints, networks, and cloud environments. Conduct vulnerability assessments and coordinate remediation efforts. Develop and implement security policies, procedures, and best practices. Analyze malware, phishing attempts, and other suspicious activities. Respond to and contain cyber incidents and conduct root cause analysis. Generate reports on security trends, incidents, and risk assessments. Collaborate with IT and DevOps teams to ensure secure system configurations. Support security awareness training and ensure compliance with regulatory standards (e.g., ISO 27001, GDPR, HIPAA). Required Skills & Qualifications: Bachelor's degree in Computer Science, Information Security, or related field. 4 to 5 years of proven experience in a cyber security analyst or similar role. Proficiency in SIEM, IDS/IPS, endpoint protection, and vulnerability scanning tools. Knowledge of cybersecurity frameworks (NIST, MITRE ATT&CK, OWASP). Strong understanding of TCP/IP, DNS, HTTP/S, VPNs, and firewalls. Experience with cloud platforms (AWS, Azure, GCP) and their security controls. Familiarity with scripting (Python, PowerShell) is a plus. Relevant certifications preferred: CEH, CompTIA Security+, CISSP, CISM , or equivalent. Preferred Qualities: Analytical mindset with attention to detail. Ability to work independently and in a team. Strong communication and documentation skills. Quick learner with a passion for cybersecurity and ongoing professional development.

Job Title: SOC Analyst Experience: 4 to 5 Years Location: Office Job Type: Full-Time Job Summary: We are seeking a skilled and experienced SOC Analyst to join our Security Operations Center. The ideal candidate will have 4–5 years of hands-on experience in security monitoring, threat detection, and incident response. You will play a critical role in identifying and mitigating cyber threats to safeguard our IT infrastructure. Key Responsibilities: Monitor security events and alerts using SIEM tools (e.g., Splunk, QRadar, LogRhythm). Perform real-time analysis and triage of security incidents and escalate as needed. Conduct initial investigations on potential security threats and anomalies. Manage incident response activities including containment, eradication, and recovery. Document and maintain incident reports, security logs, and response actions. Collaborate with IT, network, and infrastructure teams to ensure secure operations. Participate in threat hunting activities to proactively identify risks and vulnerabilities. Develop and maintain standard operating procedures (SOPs) for SOC activities. Stay updated with the latest cybersecurity trends, vulnerabilities, and threat actors. Support compliance audits and risk assessments as needed. Required Skills & Qualifications: Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field. 4 to 5 years of experience working in a SOC environment. Proficiency with SIEM, EDR, IDS/IPS, and log analysis tools. Strong understanding of network protocols, firewalls, and endpoint security. Familiarity with MITRE ATT&CK framework and threat intelligence platforms. Experience with incident response and digital forensics processes. Knowledge of cloud security monitoring (AWS, Azure, or GCP). Strong analytical and problem-solving skills. Certifications preferred: CEH, CompTIA Security+, CySA+, GCIA, or SSCP . Scripting skills (Python, PowerShell) for automation and analysis. Experience with SOAR platforms and playbook development. Knowledge of regulatory standards (e.g., GDPR, HIPAA, ISO 27001, PCI-DSS). Soft Skills: Strong communication skills (written and verbal). Ability to work under pressure and handle multiple incidents simultaneously. Detail-oriented with a proactive security mindset. Collaborative and team-oriented approach.

As a seasoned Technology Leader specializing in cybersecurity solutions, you will be responsible for developing and executing a comprehensive technology roadmap that aligns with business objectives and industry standards. Your role will involve designing and managing enterprise-grade cybersecurity platforms such as Splunk and QRadar to ensure seamless integration across diverse OT and IT environments. Innovation will be a key aspect of your responsibilities, as you lead the design and development of advanced cybersecurity tools including SIEM, XDR, next-gen firewalls, and secure networking solutions. Your focus will be on driving innovation to address the unique challenges of OT/IT environments, emphasizing threat detection, incident response, and compliance while ensuring scalability, efficiency, and future-readiness of the technology strategy. Building partnerships and fostering collaborations with technology providers, OEMs, and stakeholders will be essential to enhance the company's offerings and ensure interoperability and seamless integration of solutions across different platforms and ecosystems. You will play a vital role in establishing and maintaining technology standards and best practices for OT/IT cybersecurity, monitoring the adoption of emerging technologies to maintain a competitive advantage and address evolving threats. Additionally, your expertise will be crucial in providing technical oversight for cybersecurity frameworks to protect critical infrastructure and collaborating with delivery and operations teams to implement cutting-edge security measures. To excel in this role, you should hold a Bachelors or Masters degree in Engineering, Technology, or a related field, coupled with over 15 years of experience in technology leadership roles with a strong focus on cybersecurity solutions. Your proficiency in platform development, particularly with systems like Splunk and QRadar, as well as industrial control systems, will be highly valued. Strong leadership, innovation, and strategic thinking abilities are key qualifications that will contribute to your success in this dynamic and challenging position.,

As an L3 SOC Analyst at CyberProof, a UST Company, you will be a key member of our Security Operations Group, dedicated to helping enterprises react faster and smarter to security threats. With 5 to 7 years of experience under your belt, you will play a crucial role in maintaining secure digital ecosystems through automation, threat detection, and rapid incident response. Your must-have skills include expertise with SIEM vendors such as QRadar, Sentinel, and Splunk, incident response capabilities, and a strong understanding of attack patterns, Tools, Techniques, and Procedures (TTPs). You are experienced in writing procedures, runbooks, and playbooks, possess strong analytical and problem-solving skills, and have hands-on experience with system logs, network traffic analysis, and security tools. Proficiency in identifying Indicators of Compromise (IOCs) and Advanced Persistent Threats (APTs) is essential for this role. Additionally, good-to-have skills involve experience in setting up SIEM solutions, troubleshooting connectivity issues, familiarity with security frameworks and best practices, and the ability to collaborate effectively with IT and security teams. Your responsibilities will include acting as an escalation point for high and critical severity security incidents, conducting in-depth investigations to assess impact and understand the extent of compromise, analyzing attack patterns, and providing recommendations for security improvements. You will be responsible for proactive threat hunting, log analysis, providing guidance on risk mitigation, improving security hygiene, identifying gaps in security processes, and suggesting enhancements. Ensuring end-to-end management of security incidents, documenting incident response processes, defining future outcomes, participating in discussions, meetings, and briefings, as well as training team members on security tools and incident resolution procedures are also part of your role.,

Job Summary: We are seeking a proactive and technically skilled information security (SOC) Engineer/Analyst to monitor, detect, and respond to cybersecurity threats in real-time. The ideal candidate will have strong analytical skills, be detail-oriented, and possess a sound understanding of threat landscapes, SIEM tools, and incident response. The ideal candidate will possess a strong foundational understanding of cybersecurity governance, robust technical skills in security operations, and a commitment to staying abreast of the evolving threat landscape and internal security requirements. Key Responsibilities Monitor security events and alerts from SIEM and other security tools. Perform initial triage and investigation of potential threats or anomalous behavior. Escalate incidents according to severity and defined procedures. Document incidents, provide root cause analysis, and maintain detailed logs. Analyze threat intelligence feeds and correlate with internal data. Assist in threat hunting and vulnerability management activities. Support continuous improvement of SOC processes and playbooks. Collaborate with other IT and Security teams for incident resolution. Assist in developing and tuning SIEM rules, queries, and dashboards for threat detection. Contribute to vulnerability management and secure configuration of internal systems and cloud environments. Support the testing and execution of recovery plans for security systems and data. Document incident findings, remediation steps, and contribute to post-incident reviews. Required Skills & Qualifications: Bachelors degree in Computer Science, Cybersecurity, or related field. 13 years of experience in a SOC environment or similar security operations role. Familiarity with SIEM tools (e.g., Splunk, QRadar, Sentinel). Understanding of TCP/IP, firewalls, IDS/IPS, and common attack vectors. Knowledge of malware, phishing, ransomware, and social engineering tactics. Hands-on experience with endpoint protection, network monitoring, and forensic tools. Excellent communication and documentation skills. Preferred Certifications: CompTIA Security+ or CySA+ Vendor-specific SIEM certifications.

Job Responsibilities - Investigate, document, and report on information security issues and emerging trends - Notify clients of incidents and required mitigation works - Understand logs from various sources like firewalls, IDS, Windows DC, Cisco appliances, AV and antimalware software, and email security - Fine-tune SIEM rules to reduce false positives and remove false negatives - Perform threat intel research and vulnerability analysis Required Skills and Experience - Experience: 5-7 years in roles related to information security or similar fields - Skills: Expertise in Cloudstrike, Proofpoint, LogRhythm, and Rapid 7 - Knowledge of ITIL disciplines like Incident, Problem, and Change Management

Role Overview: The OT Security Analyst – Level 2 (L2) plays a pivotal role in defending operational technology (OT) environments against evolving cyber threats. This role requires a deep understanding of security incident analysis, threat detection, and incident response, specifically tailored to Industrial Control Systems (ICS) and OT networks. The analyst will investigate complex security incidents within the OT infrastructure, collaborate with IT/OT teams, and enhance security posture through actionable insights. ________________________________________ Key Responsibilities: • Conduct in-depth analysis of security events and incidents within OT environments, leveraging SIEM and OT-specific monitoring tools. • Perform root cause analysis and develop incident timelines to support forensics and remediation efforts. • Apply standard incident response frameworks (e.g., NIST, MITRE ATT&CK for ICS, Cyber Kill Chain) for threat classification and response. • Use threat intelligence platforms and sandbox environments to investigate malware and suspicious artifacts in OT networks. • Analyze access logs, network traffic, and protocol behaviours across OT systems (e.g., SCADA, DCS, PLCs). • Support investigations related to unauthorized device communications, anomalous behaviours, or compromised industrial assets. • Collaborate with OT security engineers and external vendors to escalate and remediate incidents. • Refine alert rules and detection logic to reduce false positives and improve signal-to-noise ratio in OT SOC operations. • Document incident findings and support continuous improvement of the OT SOC playbooks and knowledgebase. • Liaise with the IT SOC and CIR (Cyber Incident Response) teams to align incident handling and cross-domain investigations. • Participate in threat hunting activities tailored for OT environments using behavioural analysis and attack-path simulation. ________________________________________ Technical Skills & Knowledge: • Strong understanding of OT/ICS protocols (Modbus, DNP3, OPC, etc.) and industrial network topologies. • Hands-on experience with OT cybersecurity tools and platforms (e.g., Nozomi Networks, Claroty, Dragos). • Familiar with ISA/IEC 62443, NIST SP 800-82, NIST CSF, and ISO 27001 compliance requirements for OT. • Proficiency in using SIEM systems (e.g., Microsoft Sentinel, Splunk, QRadar) for log correlation and event triage. • Understanding of firewalls, WAFs, proxies, and network segmentation principles in OT. • Working knowledge of tools such as THOR Scanner, VMRay, or Recorded Future is a plus. • Experience in vulnerability management and patch advisory for OT assets with limited patch cycles. ________________________________________ Nice to Have: • Exposure to Red Team/Blue Team exercises focused on OT/ICS. • Familiarity with GRC platforms and risk assessment tools tailored to OT.

Support Risk Management and Supervision team [RMS] in charge of assessing the risk profile and the effectiveness of the information security risk systems of the Groups Business and Service Units. Review IT risk self-assessments and follow -up the implementation of agreed risk remediation plan. Proactively understanding existing/upcoming regulations. Facilitating local compliance with information security policy as well as appropriate regulations/laws Assisting in the development / changes to the ICT risk frameworks, a strong risk management culture and to be recognized for providing expert operational risk advice. Partner with sr. stakeholders to proactively identify ICT risks and assess the adequacy of controls to manage such risks, including recommending enhanced or additional controls. Proactive in identifying and following up on ICT anomalies / areas of concern. Independently review, challenge and support information security activities. - Review the analyses conducted by the LOD1 (ORMs/CISO/BU-SU Program Managers etc.) on their information security risk profile and the related remediation actions In response to material information security incidents, whether internal or external, conduct independent deep dive review of the preliminary, interim, and final incident investigation report and act as a challenge function to such reports. Support information security reporting and monitoring of metrics and Key Risk Indicators (KRI) at the product line and divisional levels; continuously review existing body of KRI and related reporting. Consult with internal groups such as CISO, Infrastructure, Compliance, Legal, and other Operations teams on matters related to information risk controls, self-assessments, security incidents and infrastructure projects security aspects. Participate in the validation of the information security standards and standards applied by the BUs/SUs and the requested exceptions. Profile required Support Risk Management and Supervision team [RMS] in charge of assessing the risk profile and the effectiveness of the information security risk systems of the Groups Business and Service Units. Review IT risk self-assessments and follow -up the implementation of agreed risk remediation plan. Proactively understanding existing/upcoming regulations. Facilitating local compliance with information security policy as well as appropriate regulations/laws Assisting in the development / changes to the ICT risk frameworks, a strong risk management culture and to be recognized for providing expert operational risk advice. Partner with sr. stakeholders to proactively identify ICT risks and assess the adequacy of controls to manage such risks, including recommending enhanced or additional controls. Proactive in identifying and following up on ICT anomalies / areas of concern. Independently review, challenge and support information security activities. - Review the analyses conducted by the LOD1 (ORMs/CISO/BU-SU Program Managers etc.) on their information security risk profile and the related remediation actions In response to material information security incidents, whether internal or external, conduct independent deep dive review of the preliminary, interim, and final incident investigation report and act as a challenge function to such reports. Support information security reporting and monitoring of metrics and Key Risk Indicators (KRI) at the product line and divisional levels; continuously review existing body of KRI and related reporting. Consult with internal groups such as CISO, Infrastructure, Compliance, Legal, and other Operations teams on matters related to information risk controls, self-assessments, security incidents and infrastructure projects security aspects. Participate in the validation of the information security standards and standards applied by the BUs/SUs and the requested exceptions\

RESG/GTS is the entity in charge of the entire IT infrastructure of Socit Gnrale. The RESG/GTS/SEC/SOC department, which corresponds to the Socit Gnrale SOC (SOC SG), is in charge of operational detection, incident response and prevention activities within the scope of GTS across the businesses. The mission of the SOC is to identify, protect, detect, respond and using the security platforms for the detection/reaction and prevention and resolution of security incidents. The SG SOC consists of Cyber Defense (incident management) Cyber Tools (management of SOC tools including the SIEM), Cyber Control (Prevention and Compliance) and Governance. This role is for a SOC L3(Lead Cyber Security Analyst) will be part of the GTS Security SOC team. In this role, you will involved in supporting India and global regional needs. The objectives of the Security Department (RESG/GTS/SEC) are to manage the strategy for all RESG/GTS in terms of security, technical standards, processes and tools, and thus to cover many cross-functional functions within the company and subsidiaries across all regions. Accountabilities Major Activities SOC Lead/L3 Lead and manage all high priority Critical Security Incidents including end to end incident mgmt. Support/help and guide the L1/L2 in managing complex issues/incidents Lead and engage in Study/POC of Tools and technologies aligning to the security roadmap Will be an expert in 1 or 2 key security technologies/tools globally and be part of the global SOC L3/Experts Example Areas: Threat Hunting, Forensic Analysis, IPS, EDR, DLP, etc. Contribution to the risk detection management approach, consistent with the SG MITRE Matrix approach and other industry standard relevant approaches Analysis support for complex investigations and improve reaction procedures/run book definitions/ enhancements Support for analyses on cybersecurity technical plans, analysis approach and incident management Identify different security tools and technologies to make security operations more effective. Identification of security gaps, mitigation strategy, implementation tracking till closure Work with various regional SOC and CERT teams on the security aspects an incidents where required Reporting to Function Head GTS SEC SOC

Hi Everyone, I am on lookout for Sr Information Security Analyst -GSOC for leading product based MNC in Pune, Yerwada. Kindly refer below JD & share your resume on alisha.sh@peoplefy.com Job description: ● 7 to 10 years of overall experience ● Experience with Security Information and Event Management (SIEM) systems (e.g., Splunk, ArcSight, Qradar) and GSOC ● Experience with vulnerability assessment tools and techniques. ● Experience with incident response frameworks and procedures. ● Knowledge of security standards and regulations (e.g., PCI DSS, GDPR) ● Looking for candidates who can join within 30 days

The Security Operations & Incident Response professional will be responsible for orchestrating enterprise-wide incident response strategies across both OT and IT environments. The role demands deep operational expertise, the ability to coordinate with threat intelligence, forensics, red/blue teams, and the vision to continuously evolve detection and response capabilities in line with emerging threats. The role demands leadership in defending critical infrastructure, industrial networks, and enterprise systems. Qualifications & Certifications: Bachelor’s or Master’s in Cybersecurity, Computer Science, or Engineering Preferred certifications: CISSP, CISM, GCIA, GCIH, or SOC-related credentials 12 + years of cybersecurity experience, with at least 6 years in SOC/IR leadership roles Experience managing global SOC operations or OT-specific cyber operations is a strong plus Key Responsibilities: Oversee real-time incident handling, escalation management, and response coordination for cyber threats, breaches, and anomalies Act as the primary escalation point during high-severity incidents, ensuring containment and rapid resolution Design and maintain incident response runbooks, playbooks, SLA matrices, and crisis communication protocols Lead and manage triage activities Ensure tight integration between SOC operations, threat intelligence, DFIR, and red/blue teams Drive detection engineering efforts to improve alert quality, correlation logic, and MITRE ATT&CK mapping Implement continuous improvement programs in MTTR, false positive reduction, and analyst productivity Lead post-incident RCA reviews, reporting, and feedback loops to enhance readiness Manage relationships with OEMs, MSSPs, and security product vendors for technology alignment Mentor SOC managers, team leads, and analysts to build a resilient and responsive operations team Ensure compliance with security and privacy standards (e.g., NIST, IEC 62443, ISO 27001, DPDP Act) Key Skills & Technologies: Deep expertise in SIEM (e.g., Splunk, QRadar, LogRhythm, SentinelOne), SOAR platforms, EDR/XDR tools, threat intelligence platforms Strong knowledge of network security, log analysis, endpoint telemetry, and OT-specific telemetry correlation Familiarity with MITRE ATT&CK, cyber kill chain, and threat hunting techniques Knowledge of OT security architectures including SCADA, PLCs, DCS, and OT network segmentation Scripting and automation exposure (Python, PowerShell, Bash) preferred Familiarity with OT SOC environments, ICS protocol detection (Modbus, DNP3), and industrial anomaly detection tools (e.g., Nozomi, Claroty) Leadership & Personality Traits: Strategic thinker with an operations-first mindset and execution rigor Calm, decisive, and clear-headed in crisis and high-pressure scenarios Strong stakeholder engagement and communication skills across technical and executive levels Proven ability to lead multi-location teams with cultural sensitivity and high performance Continuous learner with a growth mindset and passion for cybersecurity excellence Preferred Industry Background: Large industrial conglomerates (Power, Ports, Renewables, Mining, Airports) OT and IT OEMs MSSPs, SOC service providers Consulting firms with cyber defence practices (e.g., Big 4) please email your resume at joy.saha@adani.com

Job Title: Cyber Security Forensics SME Location: UniOps Bangalore About Unilever Be part of the world’s most successful, purpose-led business. Work with brands that are well-loved around the world, that improve the lives of our consumers and the communities around us. We promote innovation, big and small, to make our business win and grow; and we believe in business as a force for good. Unleash your curiosity, challenge ideas and disrupt processes; use your energy to make this happen. Our brilliant business leaders and colleagues provide mentorship and inspiration, so you can be at your best. Every day, nine out of ten Indian households use our products to feel good, look good and get more out of life – giving us a unique opportunity to build a brighter future. Every individual here can bring their purpose to life through their work. Join us and you’ll be surrounded by inspiring leaders and supportive peers. Among them, you’ll channel your purpose, bring fresh ideas to the table, and simply be you. As you work to make a real impact on the business and the world, we’ll work to help you become a better you. About Uniops Unilever Operations (UniOps) is the global technology and operations engine of Unilever offering business services, technology, and enterprise solutions. UniOps serves over 190 locations and through a network of specialized service lines and partners delivers insights and innovations, user experiences and end-to-end seamless delivery making Unilever Purpose Led and Future Fit. Responsibilities The person in this role is expected to generate leads for the Incident Response team (based on forensic evidence) for timely containment and response actions. It is expected that the person leads all in-house investigations and also coordinates with external investigators/specialists in major incidents. Conducts forensics analysis of cyber security incidents to deduce RCA and understand the relevant threat (for example malware behaviour and TTP through static and dynamic analysis) and potential impact. Utilizes latest and advanced knowledge of SOC Technologies and Forensic technologies (such as Memory Forensics, Network Forensics, Filesystem Forensics, Malware analysis and Reverse Engineering, Device Forensics - HDD/SSD/Smart Phone) across various platforms (end-points, servers, AWS/Azure/GCP cloud) and Operating Systems (Windows, Linux, UNIX, Mac, AIX, etc.) for supporting Forensics investigations. Participates in scoping discussions with stakeholders for forensics capability projects and investigations to understand the requirement, identifies and communicates feasibility and approach, undertake and follow-up actions till timely delivery and successful conclusion. Ensures that all investigations are appropriately conducted and documented as per cardinal forensic principles and evidence handling (collection, analysis, sharing and preservation) is compliant to the process. Effectively and timely triage and respond to incident investigation. Key Requirements MANDATORY Strong ethics, communication and team skills Hands-on experience with Enterprise SIEM (like Splunk, QRadar, Sentinel, etc) and EDR tools (like Microsoft Defender, CrowdStrike Falcon, etc) Hands-on experience with Enterprise Forensics tools (like EnCase, FTK, AXIOM, etc) Hands-on experience in memory forensics, network forensics and malware analysis Minimum 10 years of enterprise experience in a global SOC (Security Operations Centre) / DFIR (Digital Forensics or Incident Response) domain. Working knowledge of at least one of the scripting tools: Python/ Perl/ PowerShell EnCase Certified Examiner (EnCE) GIAC Certification GCFE/ GCFA/ GREM/ GNFA At HUL, we believe that every individual irrespective of their race, colour, religion, gender, sexual orientation, gender identity or expression, age, nationality, caste, disability or marital status can bring their purpose to life. So apply to us, to unleash your curiosity, challenge ideas and disrupt processes; use your energy to make the world a better place. As you work to make a real impact on the business and the world, we’ll work to help you become a better you!