8 Security Analytics Jobs

The SIEM Administrator will be responsible for administering the deployed SIEM service. The candidate is also expected to have hands on experience of deploying a SIEM solution from scratch, where the candidate should have the skills and knowledge to gather all the required information to build the SIEM solution. In-depth knowledge of technical approaches in security analytics, monitoring and alerting. Maintains technical knowledge within areas of expertise. This role is also responsible for identifying, analyzing, developing new or tuning & Refinement of the content or use cases. Strong problem solving and troubleshooting skills including the ability to perform root cause analysis for preventative investigation Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Should have experience in any of the query language i.eAQL ,KQL, SPL, LEQL etc for writing the complex queries & saved search creation. Should have strong knowledge of different cybersecurity frameworks i.e.MITRE, NIST and Cyber kill chain model. Should have understanding of regular expression writing and custom parsing Preferred technical and professional experience Collaborate with key stakeholders within technology, application and cyber security to develop use cases to address specific business needs. Create technical documentation around the content deployed to the SIEM. Creates and develops correlation and detection rules with SIEM solution, reports & dashboards to detect emerging threats

To analyse and update critical and non critical log sources and their health status check for redundant log sources and take necessary steps working with right stake holders daily health check and monitoring of SOC infra Co-relationship, framework management for SOC use cases responsible for analytics and data crunching or data analysis and represenation of outcome for leadeship to make next decisions KPI definition, revision and imprvement for SOC infra, health and use cases Bachelor's/Master's degree in Engineering/Technology or related field Minimum 4-6 years of relevant IT experience Professional industry standard certifications like CISSP, CEH, GIAC, CISM, ISO 27002 etc. will be an added advantage Experience with various IT / Security technologies including, Active Directory, DNS, Messaging, Firewalls/ VPN Gateways, IPS, Proxy, WAF, PKI, IAM,etc. Good understanding of tools like CyberArk, PingIdentity, Sailpoint, Qualys, Veracode Proficient handson experience and understanding of various security tools and technologies. Experience in an operational role working directly with internal and external customers, trouble ticketing systems, and incident management Solid understanding of ITIL process framework Must understand and have worked in an operational environment such as a NOC or SOC for 2 4 years Demonstrated leadership experience in the area of Security Operations Proven planning, prioritization, and organizational skills Demonstrated drive for continuous learning, results orientation, and teamwork Ability to drive change through innovation & process improvement Ability to manage projects and drive action items with customers and crossfunctional peers Proven crisis management skills Professional & concise communication (written & verbal) Ability and flexibility to adapt to change, including shifting and competing priorities Demonstrated ability to be a big picture thinker, strategist, and long term planner Strong analytical skills with demonstrated problem solving ability Project management skills with a proven ability to design workable solutions will be an added advantage Exposure to ISO 27002 and ISO 27005

Scope: We are looking for a dynamic and strategic Vice President of Cyber Defense to lead our global cyber defense and incident response capabilities. This executive leader will own the detection, response, and mitigation of cyber threats, ensuring our organization is resilient in the face of a rapidly evolving threat landscape. The ideal candidate brings deep expertise in threat detection, SOC operations, incident response, and threat intelligence. This leader will partner across the business to build and maintain a world-class cyber defense program that proactively protects the company's assets, data, and reputation. Key Responsibilities: Cyber Defense Strategy & Operations: Develop and execute the company's cyber defense strategy, aligning with enterprise risk, compliance, and business objectives. Work with key stakeholders and business lines to ensure detection and response meet NIST CSF minimum baselines for global security operations and response. Lead 24/7/365 operations based on business need partner with Global Command and Site Reliability Teams to ensure baseline for all customer facing incidents, and internal company wide incidents are coordinated in a centralized operation center follow the sun model. Lead the global Security Operations Center (SOC), including 24/7 monitoring, detection, analysis, and response to cyber threats. Build out capabilities for detection and response for Tier 1, Tier 2, and Tier 3 security incidents and events. Implement and mature threat hunting, security analytics, and detection engineering programs. Ensure and validate Customer Incident Response and capabilities for onboarding mergers & acquisitions, new customers, and new environments as we grow and scale. Security Assessment and Continuous Threat Exposure Management:Identifying and fixing weaknesses in systems and networks including establish MTTD, MTTR, and MTTA for exposures, vulnerabilities, and potential threats. Incident Response:Investigating and responding to security breaches, including analyzing incidents and escalating them when necessary. Threat Detection and Prevention:Monitoring network traffic, system logs, and other data sources to identify potential threats and malicious activity. Security System Administration and Maintenance:Installing, configuring, and maintaining security tools like firewalls, antivirus software, and intrusion detection systems. Security Policy and Procedure Development:Creating and enforcing security policies and procedures to protect sensitive information. Security Training and Awareness:Educating employees about cybersecurity risks and best practices. Staying Up-to-Date:Keeping abreast of the latest security threats, vulnerabilities, and technologies. Threat Intelligence & Response: Build and manage a comprehensive threat intelligence function to anticipate and defend against advanced persistent threats (APTs) and zero-day vulnerabilities. Lead cyber incident response efforts, including containment, eradication, and post-incident reviews. Serve as a key escalation point during major security events and coordinate cross-functional response. Security Engineering & Automation: Oversee the development and deployment of tools and technologies that support threat detection, log aggregation, SIEM, SOAR, EDR, and XDR platforms. Drive automation and orchestration to increase efficiency and reduce time to detection/response. Hold QBRs with key security operations vendors to ensure compliance and SLAs are met with all contracts. Team Leadership & Development: Build, lead, and inspire a high-performing cyber defense team, including SOC analysts, incident responders, threat hunters, and detection engineers. Foster a culture of accountability, continuous learning, and proactive defense. Establish Career Development Plans and Growth for analysts, engineers, managers, and directors as the business grows and scales. Collaboration & Executive Engagement: Partner with IT, Infrastructure, Risk, Compliance, and Legal teams to align cyber defense practices with business needs. Provide executive-level reporting on threat landscape, risk posture, and incident metrics. Act as a thought leader and spokesperson on cyber defense strategy internally and externally. Qualifications: Bachelor's or Master's degree in Cybersecurity, Computer Science, Information Technology, or a related field. 15+ years of experience in cybersecurity, with at least 5 to 8 years in a senior leadership role overseeing SOC, incident response, or threat intelligence. Deep knowledge of security operations, threat detection techniques, MITRE ATT&CK, and NIST/ISO frameworks. Proven track record managing large-scale incident response, threat intelligence operations, and blue team functions. Experience with cloud security (AWS, Azure, GCP) and hybrid infrastructure defense. Strong executive presence and ability to communicate effectively with C-level stakeholders. Relevant certifications such as CISSP, GIAC, GCIA, GCIH, or equivalent are highly desirable. Our Values If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success - and the success of our customers. Does your heart beat like ours Find out here: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

Role 1SOC Engineer (L1 / L2) About The Role Identifying, monitoring and responding to events and incidents that occur in the network Monitoring alerts from SIEM Creating and handling ticket related in security Ensuring SLAs are met; escalate the incident when SLAs are not met Investigating and analyzing network threats, and performing root cause analysis of incidents that occur in the network; Identifying and collecting data associated with initial security investigation finding. Collects data and context necessary to be relayed later to IR team. Hands on experience triaging security alerts, events, logs and artifacts Creates and maintains standard operating procedures and other similar documentation. Work in a team of 24/7 members 2 4 years experience as SOC Analyst At least 1 year hands on experience with SOAR platform, SIEM tools and log management tool In depth knowledge of security concepts such as security operations center (SOC), cyber attacks and techniques, threat vectors Hands on experience triaging security alerts, events, logs and artifacts Excellent analytical and problem solving skills as well as interpersonal skills to interact with team members, vendors and upper management Familiarity in malware and attack techniques Forensics experience is advantage Knowledge in Basic Linux is advantage Qualifications Experience of working within medium to large scale complex IT environments in telecommunication industry Strong oral and written communication skills Forensics experience is advantage Excellent attention to detail Resilient and approachable with the ability to work successfully in a dynamic, fast paced environment Ability to operate as a team player, with a flexible and positive attitude Strong analytical and problem solving skills Ability to work under pressure A self starter able to work independently but comfortable and effective working in a team environment. Commitment to accuracy and precision with all outcomes At least Bachelors degree in Network Engineering, Computer Science, Computer Information System or any equivalent degree/experiences. Ability to communicate written and verbally in English and Japanese (preferred). CertificationsPreferred Splunk, CEH, CompTIA+, Analyst Fundamentals Training, Security Analytics Training Acceptance Criteria for SelectionWith due selection process of Customer

Security Analyst/Engineer Skills/Requirements Experience with security response automation and orchestration implementation (SOAR) Crowdstrike experience fusion automation, endpoint detection, logscale, CSPM, Identity protection Palo Alto Networks experience -- Python and powershell scripting skills Ability to communicate and interact effectively within a team environment Networking security practices experience Microsoft Active Directory, cloud authentication (AWS/AzureAD) knowledge Threat hunting and detection SIEM log aggregation and ingestion within Splunk and Crowdstrike logscale Advanced security incident analyst and incident management capabilities Tasks Manage security event and log aggregation into LogScale Support SEIM development and maintenance Develop and refine security analytics using LogScale and SEIM as well as Crowdstrike Fusion and other SOAR capabilities Support operationalization of Crowdstrike and Palo Alto Networks security platform capabilities

Summary The role requires providing expertise and leadership for Incident Response capabilities including good understanding of cyber incident forensics. It requires providing both subject matter expertise and project management experience to serve as the point person” of client engagement in domain. The candidate shall pertain efficient incident response and remediation skills to minimise the impact of cyber risks. The individual will oversee and support security monitoring operations team and assist them during security incidents and ensure incidents are managed and responded effectively including and reporting to stakeholders. This role primarily consists of leading team of the Incident responders, Incident managers and stakeholders (including client, vendors, etc.) and to conduct thorough response activities on behalf of a wide variety of clients across sectors. Candidate is required to work in complex security environments and alongside SOC team to design, communicate and execute incident response, containment and remediation plans. Candidate is required to have hands-on experience of incident management and investigation tools and shall be comfortable leading teams on challenging engagements, communicating with clients, providing hands-on assistance with incident response activities, and creating and presenting high-quality deliverables. Designation / Role: Role: Incident Response Leader Level: AD Responsibilities Manage client engagements, with a focus on incident response and investigation. Provide both subject matter expertise and project management experience to serve as the “point person” for client engagements Assist with client incident scoping call and participate in the incident from kick-off through full containment and remediation. Security Analytics - Efficiently distill actionable information from large data sets for reporting, hunting, and anomaly detection. Recommend and document specific countermeasures and mitigating controls with post incident analysis findings Develop comprehensive and accurate reports and presentations for both technical and executive audiences Conduct Digital Forensic and Incident Response (DFIR) analysis, network log and network PCAP analysis, malware triage, and other investigation related activities in support of Incident Response investigations Supervise Digital Forensics and Incident Response staff, and assisting with performance reviews and mentorship of cybersecurity professionals Mature the Security Incident Response process to ensure it meets the needs of the Clients Interact with Client’s CSIRT teams to cater continuous and/or ad-hoc client requests for Incident Response services Possess the experience, credibility and integrity to perform as an expert witness. Involve in business development activities and supporting pre-sales teams in Identify, market, and develop new business opportunities Assist with research and distribute cyber threat intelligence developed from Incident Response activities Research, develop and recommend infrastructure (hardware & software) needs for DFIR and evolve existing methodologies to enhance and improve our DFIR practice. Skills required 10-14 years Information Security experience with at least 5 year of Incident Response experience. Solid understanding of MITRE ATT&CK, NIST cyber incident response framework and Cyber kill chain. Understanding of Threat Hunting and threat Intelligence concepts and technologies Experience of leveraging technical security solutions such as SIEM, IDS/IPS, EDR, vulnerability management or assessment, malware analysis, or forensics tools for incident triage and analysis. Deep experience with most common OS (Windows, MacOS, Linux, Android, iOS) and their file systems (ext3.4, NTFS, HFS+, APFS, exFAT etc) Proficiency with industry-standard forensic toolsets (i.e. EnCase, Axiom/IEF, Cellebrite/UFED, Nuix and FTK) Experience of enterprise level cloud infrastructure such as AWS, MS Azure, G Suite, O365 etc.. Experience of malware analysis and understanding attack techniques. CISSP, ECIH v2, GCFA, GCIH, EnCE or equivalent DFIR certification. Ability to work in time-sensitive and complex situations with ease and professionalism, possess an efficient and versatile communication style Good verbal and written communication skill, excellent interpersonal skills Abilities: Strong English verbal, written communication, report writing and presentations skills. Ability to multitask and prioritize work effectively. Responsive to challenging tasking. Highly motivated self-starter giving attention to detail. Strong analytical skills and efficient problem solving. Capable to operate in a challenging and fast-paced environment.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Google Cloud Data Services Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :GCP Security Architect – Solution Design, Compliance, and Security EngineeringWe are hiring GCP Security Architects with 7+ years of experience in designing secure GCP environments and integrating automated security across deployments. This role emphasizes applied engineering, platform security control implementation, and ensuring audit-ready, secure-by-default environments. Roles & Responsibilities: Design and implement secure, scalable GCP architectures. Configure and maintain IAM (roles, policies, IDP integrations, MFA, SSO). Establish secure configurations for VPCs, VPNs, Data Encryption (KMS), and Cloud Armor. Manage Cloud Security Command Center for visibility, governance, and incident response. Implement Cloud Operations Suite for logging, alerting, and security analytics. Conduct threat modeling, vulnerability assessments, and define remediation paths. Automate security checks and controls using Terraform, Cloud Shell, and CI/CD integrations. Collaborate with platform, DevOps, and risk teams to embed security into development lifecycles. Support audit preparation, policy compliance, and security documentation efforts. Review solution designs and assist with enforcing GCP security guardrails. Professional & Technical Skills: Analytical and detail-oriented with a strong problem-solving mindset. Strong communicator with cross-functional collaboration experience. Continuously stays updated with evolving cloud threat landscapes. Excellent communication skills, including the ability to convey complex security concepts to technical and non-technical stakeholders. Strong working knowledge of IAM, VPC SC, Cloud Armor, encryption practices, and security policy enforcement. Experience with Terraform, automated auditing, and log analysis tools. Additional Information:Bachelor's degree in engineering or computer science, Information Security, or a related field.Certifications such as Google Cloud Certified – Professional Cloud Security Engineer is a must; CCSP preferred. 7+ years in security roles, with 3+ years in hands-on GCP security delivery. This position is based at our Bengaluru office A 15 years full time education is required. Qualification 15 years full time education

Dear Professional, We are excited to present a unique opportunity at Cognizant, a leading IT firm renowned for fostering growth and innovation. We are seeking talented professionals with 5 to 10 years of experience in Splunk Administration,Splunk Development,Splunk Enterprise Security,Splunk Dashboard Creation,AlertLogic SIEM ,Threat Detection,Incident Response,Log Management,Security Analytics,Compliance Reporting,Real-time Monitoring,Alert Logic MDR,LogRhythm SIEM,LogRhythm Administration,LogRhythm Threat Detection, LogRhythm Incident Response to join our dynamic team. Your expertise in these areas is highly sought after, and we believe your contributions will be instrumental in driving our projects to new heights. We offer a collaborative environment where your skills will be valued and nurtured. To proceed to the next step of the recruitment process, please provide us with the following details with Updated resume to sathish.kumarmr@cognizant.com Please share below details (Mandatory) : Full Name(As per Pan card): Contact number:Email Current Location: Interested Locations: Total Years of experience: Relevant years of experience: Current company: Notice period: NP negotiable: if yes how many days they can negotiate? : If you are Serving any Notice period Means please mention Last date of Working: Current CTC- Expected CTC- Availability for interview on Weekdays ? Highest Qualification? Additionally, we would like to schedule a virtual interview with you on 2nd August 2024. Kindly confirm your availability for the same. We look forward to the possibility of you bringing your valuable experience to Cognizant. Please respond at your earliest convenience. Thanks & Regards, Sathish Kumar M R HR-Cognizant Sathish.KumarMR@cognizant.com