SOC L3 Security Analyst Job Summary : We are seeking an experienced SOC L3 Blue Team Analyst to join our security operations team. The ideal candidate will have a strong background in cybersecurity defense, incident detection, and response. As a senior-level analyst, the L3 SOC professional will lead the investigation of complex security incidents, perform root cause analysis, develop strategies for preventing future incidents, and provide guidance to junior team members. Key Responsibilities : Lead investigations of security incidents and events escalated from Level 1 and 2 analysts. Conduct deep-dive analysis and forensic investigations to identify and mitigate potential security threats. Develop and improve detection, incident response, and investigation workflows. Identify attack patterns, threats, and vulnerabilities within enterprise environments. Provide expert guidance and mentoring to junior SOC analysts (L1/L2). Collaborate with IT and other teams to recommend and implement security measures. Develop and manage threat intelligence sources and help enhance threat detection capabilities. Create and update incident response plans and playbooks. Produce detailed reports and documentation for management and compliance purposes. Stay current with emerging security threats, vulnerabilities, and countermeasures. Work on continuous improvements to SIEM (Security Information and Event Management) configurations, threat hunting, and security monitoring practices. Key Skills and Qualifications : Technical Skills : Security Monitoring Tools : Proficient with SIEM platforms (QRadar), IDS/IPS, and endpoint detection & response (EDR) tools (e.g., CrowdStrike, SentinelOne). Incident Response : Strong knowledge in incident response workflows, threat analysis, and mitigation strategies. Forensics : Expertise in digital forensics tools (e.g., FTK, EnCase, Volatility) and techniques for analyzing malware, compromised systems, and network traffic. Networking & Protocols : In-depth understanding of networking protocols (TCP/IP, DNS, HTTP, etc.) and network traffic analysis. Scripting & Automation : Experience with scripting languages (e.g., Python, PowerShell, Bash) for automation of security tasks and incident investigations. Cloud Security : Familiarity with securing cloud environments (e.g., AWS, Azure, Google Cloud) and identifying threats in cloud-based infrastructures. Soft Skills : Strong analytical and problem-solving abilities. Excellent communication skills for reporting incidents and collaborating with teams. Ability to mentor and guide junior analysts in security processes and techniques. Certifications (Highly Desired): Certified Information Systems Security Professional (CISSP) : A globally recognized certification for senior-level security professionals. Certified Ethical Hacker (CEH) : Demonstrates expertise in ethical hacking and penetration testing techniques. Certified Incident Handler (GCIH) : Focused on incident handling and response methodologies. GIAC Security Essentials (GSEC) : Validates knowledge of information security concepts. Certified Cloud Security Professional (CCSP) : Demonstrates knowledge of cloud security principles and practices. CompTIA Security+ : A foundational certification for understanding security best practices. SANS/GIAC Certifications (e.g., GIAC Certified Forensic Analyst - GCFA, GIAC Certified Intrusion Analyst - GCIA): Advanced certifications demonstrating expertise in digital forensics and intrusion analysis. Experience : Minimum of 6-9 years of experience in a SOC environment, with at least 3 years in a Level 3 role. Proven experience handling advanced security incidents, from detection to containment and remediation. In-depth experience in vulnerability management, threat intelligence analysis, and mitigation strategies. Preferred Qualifications : Experience with threat hunting and developing custom detection rules and use cases. Familiarity with modern attack techniques (e.g., APT, ransomware, insider threats). Knowledge of regulatory frameworks such as GDPR, HIPAA, or PCI-DSS. Work Environment : This role may require on-call availability for incident response outside of normal business hours. Strong collaboration with IT, development, and business teams.

Top Selection & Auto Elimination Criteria: Rotational Shift, Only Immediate joiners (0-15 days ), Cab facility : Yes only late night pick or drop(1 side only for Gurgaon Employees) Location : Gurgaon Mode : 5 days work from Office only (NO Work from home) Relevant experience range 9+ Position : L3 SOC Analyst Position Description: The SOC Level 3 Analyst is a senior-level cybersecurity professional responsible for leading advanced threat detection, response, and mitigation activities within the Security Operations Center. This role acts as the final escalation point for complex security incidents and plays a crucial role in enhancing security monitoring, incident response procedures, and overall threat defense capabilities. The L3 Analyst collaborates with security engineers, incident response teams, threat intelligence analysts, and IT stakeholders to identify, investigate, and remediate security threats in real-time. Role and responsibilities: 1. Incident Response and Escalation Lead and coordinate end-to-end response for critical and high-severity security incidents. Perform advanced investigation and forensics on compromised systems, including log correlation, packet analysis, and endpoint review. Serve as a primary escalation point for SOC Tier 1 and Tier 2 analysts. Conduct root cause analysis and provide detailed incident reports with lessons learned and mitigation steps. 2. Threat Detection and Analysis Analyze and triage alerts generated by the SIEM and other security tools. Hunt for threats in the environment using threat intelligence and behavioral indicators (proactive threat hunting). Analyze and reverse-engineer malware, if required, to understand behavior and determine mitigation steps. Correlate threat intelligence feeds with internal data to identify indicators of compromise (IOCs) and advanced persistent threats (APTs). 3. Tooling and Automation Optimize and fine-tune detection rules and SIEM use cases to reduce false positives and enhance detection accuracy. Build automation scripts and workflows to improve efficiency in incident triage, correlation, and response. Collaborate with security engineers to integrate new data sources and tools into the SOC ecosystem. 4. Documentation and Reporting Maintain detailed and accurate documentation of incidents, investigations, and actions taken. Develop and update SOC standard operating procedures (SOPs) and playbooks. Prepare and present technical reports, dashboards, and metrics to senior management and stakeholders. 5. Mentorship and Leadership Mentor and guide SOC L1 and L2 analysts on technical skills and investigative processes. Provide training on new threats, tools, and techniques. Assist in evaluating and improving team workflows, processes, and overall SOC maturity. 6. Collaboration and Stakeholder Engagement Work closely with threat intelligence, vulnerability management, and risk teams to stay ahead of emerging threats. Communicate with IT, DevOps, and business units to coordinate responses and ensure secure configurations. Participate in red/blue team exercises and post-mortem reviews to enhance SOC readiness. Required Experience / Skills: Strong expertise with SIEM platforms (e.g., QRadar, Sentinel, LogRhythm , Splunk,). Proficient in EDR and XDR tools (e.g., CrowdStrike, SentinelOne, Carbon Black). Hands-on knowledge of packet capture analysis tools (e.g., Wireshark, tcpdump), forensic tools, and malware analysis tools. Familiarity with scripting or automation languages such as Python, PowerShell, or Bash. Deep understanding of networking protocols, OS internals (Windows/Linux), and security best practices. Familiar with frameworks such as MITRE ATT&CK, NIST, and the Cyber Kill Chain. Minimum of nine (9) years technical experience 7+ years of experience in SOC, security operations, cyber technical analysis, threat hunting, and threat attribution assessment with increasing responsibilities. 3+ years of rule development and tuning experience 2+ years of Incident response Experience supporting 24x7x365 SOC operations and willing to operate in Shifts including but not limited to Alert and notification activities- analysis/triage/response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported alerts and Incidents. Manage multiple tickets/alerts in parallel, including end-user coordination. Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response. Solid understanding and experience analyzing security events generated from security tools and devices not limited to QRadar, MS Sentinel, FireEye, Elastic, SourceFire, Malware Bytes, CarbonBlack/Bit9, Splunk, Prisma Cloud/Compute, Cisco IronPort, BlueCoat Experience and solid understanding of Malware analysis Demonstrated proficiencies with one or more toolsets such as QRadar, MS Sentinel, Bit9/CarbonBlack, Endgame, FireEye HX / CM / ETP, Elastic Kibana Experience and ability to use, contribute, develop and follow Standard Operating Procedures (SOPs) In-depth experience with processing and triage of Security Alerts from multiple sources but not limited to: Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources Experience with scripting languages applied to SOC operations; for example, automating investigations with tools, automating IOC reviews, support SOAR development. Experience with bash, python, and Windows PowerShell scripting Demonstrated experience with triage and resolution of SOC tasks, including but not limited to vulnerability announcements, phishing email review, Tier 1 IR support, SIEM/Security Tools - alert analysis. Demonstrated experience and understanding of event timeline analysis and correlation of events between logs sources. Demonstrated experience with the underlying logs generated by operating systems (Linux/Windows), Network Security Devices, and other enterprise tools. Demonstrated proficiencies with an enterprise SIEM or security analytics solution, including the Elastic Stack or Splunk. Solid understanding and experience analyzing security events generated from security tools and devices not limited to: QRadar, MS Sentinel, Carbon Black, FireEye, Palo Alto, Cylance, and OSSEC Expert in security incident response processes Required Certifications: Two of the following certifications are preferred: GIAC-GCIH Global Certified Incident Handler GIAC-GCFE - Global Information Assurance Certification Forensic Examiner GIAC-GCFA - Global Information Assurance Certification Forensic Analyst GIAC-GREM - GIAC Reverse Engineering Malware GIAC-GNFA - GIAC Network Forensic Analyst GIAC-GCTI - GIAC Cyber Threat Intelligence GIAC-GPen GIAC Certified Penetration Tester GIAC-GWAPT GIAC Certified Web Application Penetration Tester CEPT - Certified Expert Penetration Tester (CEPT) CASS - Certified Application Security Specialist (CASS) CWAPT - Certified Penetration Tester (CWAPT) CREA - Certified Reverse Engineering Analyst (CREA) Qualifications : Bachelors degree in computer science, Information Technology, or a related field. Experience of 5 years or 3 years relevant experience. Strong troubleshooting and problem-solving skills. Excellent communication and interpersonal skills. Ability to work independently and as part of a team. Strong organizational and time management skills. Willingness to work after hours and provide on-call support.

Position : Cloud Security Engineer - 1. Azure (Pan India) 2. AWS(Only Pune) Top Selection & Auto Elimination Criteria: Only Immediate Joiners need to apply (0-15 days) Joiners 16-30 days might be considered >30 days joiners-Please do not apply US/Rotational Shift Cab facility : Yes only late night pick or drop(1 side only for Gurgaon Employees) Location : Gurgaon, Bangalore, Pune, Indore, Hyderabad Relevant experience range 7-9(AWS) / 9-12 years(Azure) Position : Cloud Security Engineer - Azure or AWS US Shift Must Have SKills: Azure, CCSP/Certified Cloud Security Professional, Encryption, Key Management/Azure key Vault, CSPM/Cloud Security Posture Management, Microsoft Defender for Cloud, WAF, Entra firewall, IDS/IPS, Python/Java/C++/Ruby, networking, linux, Microsoft Azure Security Engineer Associate/AZ-500, AWS JD 1: Job Title: Cloud Security Engineer Microsoft Azure (9-12 Years) We are seeking a Senior Cloud Security Engineer with 9-12 years of experience and deep specialization in Microsoft Azure to drive enterprise cloud security architecture, governance, and automation. This strategic and hands-on role will be responsible for ensuring the security and resilience of Azure environments across the organization, embedding security into CI/CD pipelines, and collaborating with stakeholders to strengthen compliance and risk posture. Key Responsibilities Architect, deploy, and optimize security tools in Azure: Microsoft Defender for Cloud , Azure Key Vault , Entra ID , Azure Firewall , WAF, and IDS/IPS. Perform continuous security assessments , vulnerability management , and misconfiguration detection across hybrid cloud environments. Implement and automate Zero Trust and least-privilege access models using Azure-native capabilities. Embed security controls and policy-as-code into infrastructure-as-code templates and DevOps pipelines (Bicep, ARM, Terraform). Conduct threat modeling , architecture reviews , and provide actionable recommendations for securing workloads. Tune SIEM alerts and conduct root cause analysis for incidents via tools such as Microsoft Sentinel and Splunk . Lead incident response efforts and build standardized runbooks, playbooks, and documentation. Collaborate with engineering, compliance, and leadership to shape Azure security strategy, drive remediation, and enforce policy governance. Mentor and guide junior team members on cloud security best practices and emerging trends. Required Skills & Experience 9-12 years of total experience, with 5+ years in Azure cloud security. Proven expertise in: Microsoft Defender for Cloud , Azure Key Vault , Entra ID , Azure Firewall, WAF, IDS/IPS. Scripting (Python, Java, C++, or Ruby) for automation. Linux/Unix administration , cloud networking, encryption, and IAM. Log management and SIEM (Microsoft Sentinel, Splunk). Integrating security into CI/CD pipelines. Strong grasp of security frameworks: ISO 27001, NIST CSF, SOC 2 . Strong SQL query capability and understanding of database security. Education & Certifications Bachelors degree in Computer Science, Information Security, or related field. Must-Have Certifications : Microsoft Azure Security Engineer Associate (AZ-500) CCSP Certified Cloud Security Professional ___________________________________________________________________________________________ JD 2: Cloud Security Specialist AWS (7-9 Years) We are hiring a Cloud Security Specialist (AWS) with 7-9 years of experience to lead the design and implementation of secure cloud environments and services. This role focuses on embedding robust security across Redaptives AWS infrastructure, integrating security automation into DevOps, and ensuring compliance with leading standards. This is a hands-on and strategic role that will be central to our cloud transformation. Key Responsibilities Cloud Security Architecture & Governance Design and enforce cloud-native security architectures for AWS environments using best practices and frameworks. Implement Zero Trust , least privilege access , and secure-by-design principles across workloads. Maintain and evolve cloud security standards, policies, and guardrails across services and regions. DevSecOps & Automation Integrate security checks and policy enforcement into CI/CD pipelines (Jenkins, GitHub Actions, GitLab CI). Automate compliance validation, secret scanning, and IaC security (Terraform, CloudFormation). Build and maintain security-as-code templates and enforcement pipelines. Monitoring & Threat Response Configure and manage AWS-native services: CloudTrail , GuardDuty , Security Hub , Macie , Inspector . Tune and manage log forwarding to SIEM platforms and build detection playbooks. Conduct proactive threat hunting and coordinate incident response activities. IAM & Identity Governance Design and manage IAM strategies with fine-grained permissions, permission boundaries, and access reviews. Implement SSO integrations and enforce secure service-to-service authentication . Compliance & Risk Ensure compliance with SOC 2 , NIST , ISO 27001 , and internal audit requirements. Conduct security risk assessments and provide mitigation strategies and dashboards. Required Skills & Experience 79 years in cybersecurity with 5+ years focused on AWS cloud security . Strong knowledge of: AWS IAM, KMS, GuardDuty, CloudTrail, Security Hub Infrastructure as code (Terraform, CloudFormation) DevSecOps principles, policy-as-code, automated remediation Scripting (Python, Bash, etc.) for security automation Working experience with container and serverless security (ECS, Lambda, EKS). Knowledge of CSPM, CWPP, and cloud-native compliance controls. Education & Certifications Bachelor’s degree in Cybersecurity, Computer Science, or related discipline. Must-Have Certifications : AWS Certified Security – Specialty CCSP or CISSP Preferred Traits Experience implementing Zero Trust architecture in AWS. Familiarity with secrets management (e.g., AWS Secrets Manager, Vault). Deep knowledge of AWS cost-optimization with security in mind. Strong cross-team collaboration and documentation skills. ____________________________________________________________________