11 Security Analytics Jobs

Provide inputs to the delivery roadmap , ensuring timely delivery in alignment with security and business objectives. Implement consistent Data Loss Prevention (DLP) solutions across channels (Email, Web, USB, etc.). Drive data discovery, classification, and labelling initiatives using tools like BigID , Microsoft Information Protection (MIP) , and others. Develop automated workflows and processes for protecting data across both structured and unstructured sources. Implement data security technologies such as key management , encryption , masking , and tokenization . Design and manage PKI infrastructure , including certificate authorities (CAs) and certificate lifecycle management . Implement encryption for data-at-rest and data-in-transit , covering symmetric/asymmetric encryption , digital signatures , and hashing . Follow industry-standard practices for source code management , including versioning , branching , and centralized documentation . Align development efforts with Nomura's SDLC processes . Act as a Subject Matter Expert (SME) on data security, advising leadership and technical teams. Required Knowledge, Skills & Experience 5+ years in IT Security , with at least 3 years focused on data security engineering . Hands-on experience setting up SDLC engineering activities , including CI/CD pipeline integration . Strong knowledge of coding best practices , version control, and documentation standards. Proficient with data security tools such as: BigID Microsoft Information Protection (MIP) Symantec DLP IBM Guardium (or similar) Expertise in: DLP , DRM , data classification , encryption , masking , tokenization Proficient in Python , PowerShell , Java , or C# for automation and development tasks. Experience with secrets management tools such as: HashiCorp Vault Conjur AWS Secrets Manager (or similar) Solid understanding of cloud security for AWS , Azure , and GCP . Good understanding of Japanese language both reading and writing . Beneficial Skills & Certifications Security certifications : CISSP, CISM, CCSP, or equivalent. Experience managing data security programs and strategic initiatives . Familiarity with security frameworks : NIST , ISO 27001 , CSA , SCF Awareness of emerging technologies: AI and ML for security analytics Familiarity with SIEM platforms and incident management tools . Personal Characteristics Strong interpersonal and influencing skills ; self-starter. Committed to continuous improvement and professional development. Skilled at managing multiple concurrent tasks and setting expectations . High degree of integrity , professionalism , and attention to detail

Company Overview Incedo is a US-based consulting, data science and technology services firm with over 3000 people helping clients from our six offices across US, Mexico and India. We help our clients achieve competitive advantage through end-to-end digital transformation. Our uniqueness lies in bringing together strong engineering, data science, and design capabilities coupled with deep domain understanding. We combine services and products to maximize business impact for our clients in telecom, Banking, Wealth Management, product engineering and life science & healthcare industries. Working at Incedo will provide you an opportunity to work with industry leading client organizations, deep technology and domain experts, and global teams. Incedo University, our learning platform, provides ample learning opportunities starting with a structured onboarding program and carrying throughout various stages of your career. A variety of fun activities is also an integral part of our friendly work environment. Our flexible career paths allow you to grow into a program manager, a technical architect or a domain expert based on your skills and interests. Our Mission is to enable our clients to maximize business impact from technology by Harnessing the transformational impact of emerging technologies Bridging the gap between business and technology Role Description Position Description: Incedo is seeking a SOC Analyst (L3/Tier 3/Threat Hunter) to join our rapidly growing cybersecurity team! Role and responsibilities: Participate in a rotating SOC on-call; rotation is based on the number of team members. Provide first-line SOC support with timely triage, routing and analysis of SOC tasks. Researches, develops, and monitors custom visualizations. Researches, analyzes, and writes documents such as cybersecurity briefings for all levels of stakeholders from Tier 1-3 SOC, security engineering, and executives. Tunes and develops SIEM correlation logic for threat detection. Ensures documentation is accurate and complete, meets editorial and government specifications, and adheres to standards for quality, graphics, coverage, format, and style. Develop scripts using Python to automate IR functions, including (but not limited to) IOC ingestion and SIEM integration via REST APIs to minimize repetition of duties and automate tasks. Produce and review aggregated performance metrics. Perform Cyber Threat Assessment and Remediation Analysis Processing, organizing, and analyzing incident indicators retrieved from the client environment and correlating said indicators to various intelligence data. Assisting in the coordination with internal teams as well as in the creation of engagement deliverables for a multitude of activities, including but not limited to Insider Threats, Rule of Engagement (ROE), Threat Hunting, After Action Reports, and other artifacts to support testing, monitoring and protecting the enterprise. Investigate network and host detection and monitoring systems to advise engagement processes.Develop and Execute bash and python scripts to process discrete log files and extract specific incident indicators; develop tools to aid in Tier 1 and Tier 2 functions. Participate in on-call rotation for after-hours security and/or engineering issues. Participate in the increase of effectiveness and efficiency of the SOC, through improvements to each function as well as coordination and communication between support and business functions. Think critically and creatively while analyzing security events, network traffic, and logs to engineer new detection methods. Work directly with Security and SOC leadership on cyber threat intelligence reports to convert intelligence into useful detection. Technical Skills Required Experience / Skills: Minimum of nine (9) years technical experience 7+ years of experience in SOC, security operations, cyber technical analysis, threat hunting, and threat attribution assessment with increasing responsibilities. 3+ years of rule development and tuning experience 1+ years of Incident response Deep understanding of Cyber Threat TTPs, Threat Hunt, and the application of the MITRE Attack Framework Knowledge of security operations and attacker tactics Ability to identify cyber-attacks and develop monitoring logic Experience supporting 24x7x365 SOC operations including but not limited to Alert and notification activities- analysis/triage/response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported alerts and Incidents. Support alert and notification triage, review/analysis through resolution / close Manage multiple tickets/alerts in parallel, including end-user coordination. Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response. Solid understanding and experience analyzing security events generated from security tools and devices not limited to QRadar, MS Sentinel, FireEye, Elastic, SourceFire, Malware Bytes, CarbonBlack/Bit9, Splunk, Prisma Cloud/Compute, Cisco IronPort, BlueCoat Experience and solid understanding of Malware analysis Demonstrated proficiencies with one or more toolsets such as QRadar, MS Sentinel, Bit9/CarbonBlack, Endgame, FireEye HX / CM / ETP, Elastic Kibana Experience and ability to use, contribute, develop and follow Standard Operating Procedures (SOPs) Nice-to-have skills In-depth experience with processing and triage of Security Alerts from multiple sources but not limited to: Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources Experience with scripting languages applied to SOC operations; for example, automating investigations with tools, automating IOC reviews, support SOAR development. Experience with bash, python, and Windows PowerShell scripting Demonstrated experience with triage and resolution of SOC tasks, including but not limited to vulnerability announcements, phishing email review, Tier 1 IR support, SIEM/Security Tools - alert analysis. Demonstrated experience and understanding of event timeline analysis and correlation of events between logs sources. Demonstrated experience with the underlying logs generated by operating systems (Linux/Windows), Network Security Devices, and other enterprise tools. Demonstrated proficiencies with an enterprise SIEM or security analytics solution, including the Elastic Stack or Splunk. Solid understanding and experience analyzing security events generated from security tools and devices not limited to: QRadar, MS Sentinel, Carbon Black, FireEye, Palo Alto, Cylance, and OSSEC Experience and solid understanding of Malware analysis Understanding of security incident response processes Qualifications Qualifications : Bachelors degree in computer science, Information Technology, or a related field. Experience of 5 years or 3 years relevant experience. Strong troubleshooting and problem-solving skills. Excellent communication and interpersonal skills. Ability to work independently and as part of a team. Strong organizational and time management skills. Willingness to work after hours and provide on-call support. Company Value

As a Grade 13 Security Technology expert at FedEx, you will act as a technical expert on complex and specialist subjects. Your role will involve supporting management in analyzing, interpreting, and applying complex information to contribute to the achievement of divisional and corporate goals. You will also support or lead projects by applying your expertise in Security standards policy & compliance, as well as Security Analytics. Your key skills in this role will include Accuracy & Attention to Detail, Analytical Skills, Judgement & Decision Making Skills, Problem Solving Skills, and Written & Verbal Communication Skills. These skills will be essential for effectively carrying out your responsibilities and contributing to the success of projects within the organization. At FedEx, we are committed to a diverse, equitable, and inclusive workforce where fair treatment is enforced, and growth opportunities are provided for everyone. We are an equal opportunity/affirmative action employer, and we value the contributions of all our team members. Regardless of age, race, color, national origin, genetics, religion, gender, marital status, pregnancy, physical or mental disability, or any other characteristic protected by applicable laws, regulations, and ordinances, all qualified applicants will be considered for employment. FedEx, as one of the world's largest express transportation companies, delivers for its customers with transportation and business solutions to more than 220 countries and territories globally. Our outstanding team of FedEx members plays a crucial role in serving this global network and ensuring an exceptional FedEx experience for our customers. The People-Service-Profit (P-S-P) philosophy guides every decision, policy, and activity at FedEx. Taking care of our people enables them to deliver the impeccable service demanded by our customers, leading to profitability that secures our future. By reinvesting these profits back into the business and our people, we create a positive work environment that encourages innovation and high-quality service delivery. Our success is attributed to the dedication and contributions of our team members, who are valued and supported through the P-S-P philosophy. FedEx's culture and values have been fundamental to our success and growth since our establishment in the early 1970s. Our culture sets us apart in the global marketplace, making us unique and providing a competitive edge in the industry. Through our behaviors, actions, and activities worldwide, we bring our culture to life and uphold our values to drive continued success and growth.,

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: SPLUNK Security Analytics. Experience:3-5 Years.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: SPLUNK Security Analytics. Experience: 8-10 Years.

The SIEM Administrator will be responsible for administering the deployed SIEM service. The candidate is also expected to have hands on experience of deploying a SIEM solution from scratch, where the candidate should have the skills and knowledge to gather all the required information to build the SIEM solution. In-depth knowledge of technical approaches in security analytics, monitoring and alerting. Maintains technical knowledge within areas of expertise. This role is also responsible for identifying, analyzing, developing new or tuning & Refinement of the content or use cases. Strong problem solving and troubleshooting skills including the ability to perform root cause analysis for preventative investigation Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Should have experience in any of the query language i.e AQL ,KQL, SPL, LEQL etc for writing the complex queries & saved search creation. Should have strong knowledge of different cybersecurity frameworks i.e.MITRE, NIST and Cyber kill chain model. Should have understanding of regular expression writing and custom parsing Preferred technical and professional experience Collaborate with key stakeholders within technology, application and cyber security to develop use cases to address specific business needs. Create technical documentation around the content deployed to the SIEM. Creates and develops correlation and detection rules with SIEM solution, reports & dashboards to detect emerging threats

The SIEM Administrator will be responsible for administering the deployed SIEM service. The candidate is also expected to have hands on experience of deploying a SIEM solution from scratch, where the candidate should have the skills and knowledge to gather all the required information to build the SIEM solution. In-depth knowledge of technical approaches in security analytics, monitoring and alerting. Maintains technical knowledge within areas of expertise. This role is also responsible for identifying, analyzing, developing new or tuning & Refinement of the content or use cases. Strong problem solving and troubleshooting skills including the ability to perform root cause analysis for preventative investigation Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Should have experience in any of the query language i.eAQL ,KQL, SPL, LEQL etc for writing the complex queries & saved search creation. Should have strong knowledge of different cybersecurity frameworks i.e.MITRE, NIST and Cyber kill chain model. Should have understanding of regular expression writing and custom parsing Preferred technical and professional experience Collaborate with key stakeholders within technology, application and cyber security to develop use cases to address specific business needs. Create technical documentation around the content deployed to the SIEM. Creates and develops correlation and detection rules with SIEM solution, reports & dashboards to detect emerging threats

To analyse and update critical and non critical log sources and their health status check for redundant log sources and take necessary steps working with right stake holders daily health check and monitoring of SOC infra Co-relationship, framework management for SOC use cases responsible for analytics and data crunching or data analysis and represenation of outcome for leadeship to make next decisions KPI definition, revision and imprvement for SOC infra, health and use cases Bachelor's/Master's degree in Engineering/Technology or related field Minimum 4-6 years of relevant IT experience Professional industry standard certifications like CISSP, CEH, GIAC, CISM, ISO 27002 etc. will be an added advantage Experience with various IT / Security technologies including, Active Directory, DNS, Messaging, Firewalls/ VPN Gateways, IPS, Proxy, WAF, PKI, IAM,etc. Good understanding of tools like CyberArk, PingIdentity, Sailpoint, Qualys, Veracode Proficient handson experience and understanding of various security tools and technologies. Experience in an operational role working directly with internal and external customers, trouble ticketing systems, and incident management Solid understanding of ITIL process framework Must understand and have worked in an operational environment such as a NOC or SOC for 2 4 years Demonstrated leadership experience in the area of Security Operations Proven planning, prioritization, and organizational skills Demonstrated drive for continuous learning, results orientation, and teamwork Ability to drive change through innovation & process improvement Ability to manage projects and drive action items with customers and crossfunctional peers Proven crisis management skills Professional & concise communication (written & verbal) Ability and flexibility to adapt to change, including shifting and competing priorities Demonstrated ability to be a big picture thinker, strategist, and long term planner Strong analytical skills with demonstrated problem solving ability Project management skills with a proven ability to design workable solutions will be an added advantage Exposure to ISO 27002 and ISO 27005

Scope: We are looking for a dynamic and strategic Vice President of Cyber Defense to lead our global cyber defense and incident response capabilities. This executive leader will own the detection, response, and mitigation of cyber threats, ensuring our organization is resilient in the face of a rapidly evolving threat landscape. The ideal candidate brings deep expertise in threat detection, SOC operations, incident response, and threat intelligence. This leader will partner across the business to build and maintain a world-class cyber defense program that proactively protects the company's assets, data, and reputation. Key Responsibilities: Cyber Defense Strategy & Operations: Develop and execute the company's cyber defense strategy, aligning with enterprise risk, compliance, and business objectives. Work with key stakeholders and business lines to ensure detection and response meet NIST CSF minimum baselines for global security operations and response. Lead 24/7/365 operations based on business need partner with Global Command and Site Reliability Teams to ensure baseline for all customer facing incidents, and internal company wide incidents are coordinated in a centralized operation center follow the sun model. Lead the global Security Operations Center (SOC), including 24/7 monitoring, detection, analysis, and response to cyber threats. Build out capabilities for detection and response for Tier 1, Tier 2, and Tier 3 security incidents and events. Implement and mature threat hunting, security analytics, and detection engineering programs. Ensure and validate Customer Incident Response and capabilities for onboarding mergers & acquisitions, new customers, and new environments as we grow and scale. Security Assessment and Continuous Threat Exposure Management:Identifying and fixing weaknesses in systems and networks including establish MTTD, MTTR, and MTTA for exposures, vulnerabilities, and potential threats. Incident Response:Investigating and responding to security breaches, including analyzing incidents and escalating them when necessary. Threat Detection and Prevention:Monitoring network traffic, system logs, and other data sources to identify potential threats and malicious activity. Security System Administration and Maintenance:Installing, configuring, and maintaining security tools like firewalls, antivirus software, and intrusion detection systems. Security Policy and Procedure Development:Creating and enforcing security policies and procedures to protect sensitive information. Security Training and Awareness:Educating employees about cybersecurity risks and best practices. Staying Up-to-Date:Keeping abreast of the latest security threats, vulnerabilities, and technologies. Threat Intelligence & Response: Build and manage a comprehensive threat intelligence function to anticipate and defend against advanced persistent threats (APTs) and zero-day vulnerabilities. Lead cyber incident response efforts, including containment, eradication, and post-incident reviews. Serve as a key escalation point during major security events and coordinate cross-functional response. Security Engineering & Automation: Oversee the development and deployment of tools and technologies that support threat detection, log aggregation, SIEM, SOAR, EDR, and XDR platforms. Drive automation and orchestration to increase efficiency and reduce time to detection/response. Hold QBRs with key security operations vendors to ensure compliance and SLAs are met with all contracts. Team Leadership & Development: Build, lead, and inspire a high-performing cyber defense team, including SOC analysts, incident responders, threat hunters, and detection engineers. Foster a culture of accountability, continuous learning, and proactive defense. Establish Career Development Plans and Growth for analysts, engineers, managers, and directors as the business grows and scales. Collaboration & Executive Engagement: Partner with IT, Infrastructure, Risk, Compliance, and Legal teams to align cyber defense practices with business needs. Provide executive-level reporting on threat landscape, risk posture, and incident metrics. Act as a thought leader and spokesperson on cyber defense strategy internally and externally. Qualifications: Bachelor's or Master's degree in Cybersecurity, Computer Science, Information Technology, or a related field. 15+ years of experience in cybersecurity, with at least 5 to 8 years in a senior leadership role overseeing SOC, incident response, or threat intelligence. Deep knowledge of security operations, threat detection techniques, MITRE ATT&CK, and NIST/ISO frameworks. Proven track record managing large-scale incident response, threat intelligence operations, and blue team functions. Experience with cloud security (AWS, Azure, GCP) and hybrid infrastructure defense. Strong executive presence and ability to communicate effectively with C-level stakeholders. Relevant certifications such as CISSP, GIAC, GCIA, GCIH, or equivalent are highly desirable. Our Values If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success - and the success of our customers. Does your heart beat like ours Find out here: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Google Cloud Data Services Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :GCP Security Architect – Solution Design, Compliance, and Security EngineeringWe are hiring GCP Security Architects with 7+ years of experience in designing secure GCP environments and integrating automated security across deployments. This role emphasizes applied engineering, platform security control implementation, and ensuring audit-ready, secure-by-default environments. Roles & Responsibilities: Design and implement secure, scalable GCP architectures. Configure and maintain IAM (roles, policies, IDP integrations, MFA, SSO). Establish secure configurations for VPCs, VPNs, Data Encryption (KMS), and Cloud Armor. Manage Cloud Security Command Center for visibility, governance, and incident response. Implement Cloud Operations Suite for logging, alerting, and security analytics. Conduct threat modeling, vulnerability assessments, and define remediation paths. Automate security checks and controls using Terraform, Cloud Shell, and CI/CD integrations. Collaborate with platform, DevOps, and risk teams to embed security into development lifecycles. Support audit preparation, policy compliance, and security documentation efforts. Review solution designs and assist with enforcing GCP security guardrails. Professional & Technical Skills: Analytical and detail-oriented with a strong problem-solving mindset. Strong communicator with cross-functional collaboration experience. Continuously stays updated with evolving cloud threat landscapes. Excellent communication skills, including the ability to convey complex security concepts to technical and non-technical stakeholders. Strong working knowledge of IAM, VPC SC, Cloud Armor, encryption practices, and security policy enforcement. Experience with Terraform, automated auditing, and log analysis tools. Additional Information:Bachelor's degree in engineering or computer science, Information Security, or a related field.Certifications such as Google Cloud Certified – Professional Cloud Security Engineer is a must; CCSP preferred. 7+ years in security roles, with 3+ years in hands-on GCP security delivery. This position is based at our Bengaluru office A 15 years full time education is required. Qualification 15 years full time education

Dear Professional, We are excited to present a unique opportunity at Cognizant, a leading IT firm renowned for fostering growth and innovation. We are seeking talented professionals with 5 to 10 years of experience in Splunk Administration,Splunk Development,Splunk Enterprise Security,Splunk Dashboard Creation,AlertLogic SIEM ,Threat Detection,Incident Response,Log Management,Security Analytics,Compliance Reporting,Real-time Monitoring,Alert Logic MDR,LogRhythm SIEM,LogRhythm Administration,LogRhythm Threat Detection, LogRhythm Incident Response to join our dynamic team. Your expertise in these areas is highly sought after, and we believe your contributions will be instrumental in driving our projects to new heights. We offer a collaborative environment where your skills will be valued and nurtured. To proceed to the next step of the recruitment process, please provide us with the following details with Updated resume to sathish.kumarmr@cognizant.com Please share below details (Mandatory) : Full Name(As per Pan card): Contact number:Email Current Location: Interested Locations: Total Years of experience: Relevant years of experience: Current company: Notice period: NP negotiable: if yes how many days they can negotiate? : If you are Serving any Notice period Means please mention Last date of Working: Current CTC- Expected CTC- Availability for interview on Weekdays ? Highest Qualification? Additionally, we would like to schedule a virtual interview with you on 2nd August 2024. Kindly confirm your availability for the same. We look forward to the possibility of you bringing your valuable experience to Cognizant. Please respond at your earliest convenience. Thanks & Regards, Sathish Kumar M R HR-Cognizant Sathish.KumarMR@cognizant.com