2293 Siem Jobs - Page 27

Key Responsibilities: Min 3 Years exo in EDR and Trend Micro. The vendor should assess the existing endpoint security infrastructure and identify any gaps or vulnerabilities. The vendor should deploy EDR agents on endpoints, servers, and critical systems within the organization's network. The vendor should configure EDR agents to collect and analyze security events and activities on endpoints. The solution should monitor endpoints for suspicious activities, such as malware infections, unauthorized access attempts, and unusual user behavior. The solution should use behavioral analysis and machine learning to detect advanced threats and zero-day attacks. The solution should generate real-time alerts for potential security incidents and provide guidance for incident response and remediation. The vendor should enable endpoint forensics capabilities to investigate security incidents and identify the root cause of attacks. The solution should capture and store detailed endpoint activity logs and artifacts for further analysis. The vendor should integrate the tool with vulnerability management systems to assess the endpoint's security posture. The EDR solution should be able to rollout patches or upgrades from the EDR management console for agents onboarded on the platforms. The solution should alert and remediate endpoints with outdated or vulnerable software configurations. The solution should provide real-time alerts for anomalies that could indicate potential threats. The vendor should ensure the compatibility with other security systems, such as (but not limited to) SIEM, incident response tools, etc. The solution should correlate network anomalies with potential threats, aiding in early threat detection. The vendor is expected to deliver reports at periodic intervals as per Clients requirements. The vendor should re-deploy the agent as and when there is a change in the infrastructure or the operating systems. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). CEH certification is must. Required Experience: Entry-level experience with troubleshooting and providing the support required in security network/ data center/ systems/ storage administration and monitoring Services within a medium to large ICT organization. Basic knowledge of management agents, redundancy concepts, and products within the supported technical domain (such as Security, Network, Data Centre, Telephony, etc.). Working knowledge of EDR processes.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Cyber Security (Strategy, Risk, Compliance and Resilience) – Technology Consulting – Senior As part of our EY Strategy, Risk, Compliance and Resilience (SRCR) Technology Consulting team, you would work on various SRCR projects for our customers across the globe. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY and GDS within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for Senior Security Consultant with expertise in cyber / information security, risk and controls concepts. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Engage in Cyber Strategy & Governance, Cyber Risk & Compliance, Cyber Resilience, Cyber Transformation and Co-Sourcing, Application & Network Security engagements Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress. Execute the engagement requirements, along with review of work by junior team members. Help prepare reports and schedules that will be delivered to clients and other parties. Develop and maintain productive working relationships with client personnel. Build strong internal relationships within EY Consulting Services and with other services across the organization Contribute to people related initiatives including recruiting and retaining Cyber Transformation professionals Maintain an educational program to continually develop personal skills of staff Understand and follow workplace policies and procedures Building a quality culture at GDS Help senior team members in performance reviews and contribute to performance feedback for staff/junior level team members Manage the performance management for the direct reportees, as per the organization policies. Foster teamwork and lead by example; training and mentoring of project resources Participating in the organization-wide people initiatives Skills And Attributes For Success Hands-on experience of more than 5 years with key components of cybersecurity including (but not limited to): Vendor/3rd Party Risk Management & Assessment Cyber Strategy & Governance, Cyber Transformation, Cyber Dashboarding Regulations/standards such as ISO 27001, PCI DSS, HIPAA, HITRUST, GDPR, CCPA, FISMA/FEDRAMP, COBIT, OWASP Top 10, NIST 800-53 Business Continuity & Disaster Recovery Must have experience in working in client facing roles, interacting with the third parties, assessing different kinds of environments (IT and non-IT) and ability to apply cyber security concepts in all these sectors. Experienced in creation and review of security policy/procedures, and in performing risk assessments. Good to have experience in assessing ITGC requirements across various industries including both Cybersecurity and resilience requirements. Should have a good understanding of VAPT process, common application security vulnerabilities, exploitation techniques and remediation measures. Basic understanding of Network Security and network architecture diagram reviews, access and perimeter control, vulnerability management and intrusion detection, firewall rule-based reviews. Good understanding of logging and monitoring tools (SIEM). Knowledge in any one of the SIEM tools is a plus. To qualify for the role, you must have: BE - B. Tech / MCA / M. Tech/ MBA with background in computer science and programming. More than 5 Years of relevant experience. Strong Excel and PowerPoint skills. Should be proficient in leading medium to large engagements and coach junior staff. Ideally, you’ll also have CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor and Lead Implementer. Project management skills. What We Look For A team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 1400 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Cyber Security (Strategy, Risk, Compliance and Resilience) – Technology Consulting – Senior As part of our EY Strategy, Risk, Compliance and Resilience (SRCR) Technology Consulting team, you would work on various SRCR projects for our customers across the globe. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY and GDS within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for Senior Security Consultant with expertise in cyber / information security, risk and controls concepts. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Engage in Cyber Strategy & Governance, Cyber Risk & Compliance, Cyber Resilience, Cyber Transformation and Co-Sourcing, Application & Network Security engagements Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress. Execute the engagement requirements, along with review of work by junior team members. Help prepare reports and schedules that will be delivered to clients and other parties. Develop and maintain productive working relationships with client personnel. Build strong internal relationships within EY Consulting Services and with other services across the organization Contribute to people related initiatives including recruiting and retaining Cyber Transformation professionals Maintain an educational program to continually develop personal skills of staff Understand and follow workplace policies and procedures Building a quality culture at GDS Help senior team members in performance reviews and contribute to performance feedback for staff/junior level team members Manage the performance management for the direct reportees, as per the organization policies. Foster teamwork and lead by example; training and mentoring of project resources Participating in the organization-wide people initiatives Skills And Attributes For Success Hands-on experience of more than 5 years with key components of cybersecurity including (but not limited to): Vendor/3rd Party Risk Management & Assessment Cyber Strategy & Governance, Cyber Transformation, Cyber Dashboarding Regulations/standards such as ISO 27001, PCI DSS, HIPAA, HITRUST, GDPR, CCPA, FISMA/FEDRAMP, COBIT, OWASP Top 10, NIST 800-53 Business Continuity & Disaster Recovery Must have experience in working in client facing roles, interacting with the third parties, assessing different kinds of environments (IT and non-IT) and ability to apply cyber security concepts in all these sectors. Experienced in creation and review of security policy/procedures, and in performing risk assessments. Good to have experience in assessing ITGC requirements across various industries including both Cybersecurity and resilience requirements. Should have a good understanding of VAPT process, common application security vulnerabilities, exploitation techniques and remediation measures. Basic understanding of Network Security and network architecture diagram reviews, access and perimeter control, vulnerability management and intrusion detection, firewall rule-based reviews. Good understanding of logging and monitoring tools (SIEM). Knowledge in any one of the SIEM tools is a plus. To qualify for the role, you must have: BE - B. Tech / MCA / M. Tech/ MBA with background in computer science and programming. More than 5 Years of relevant experience. Strong Excel and PowerPoint skills. Should be proficient in leading medium to large engagements and coach junior staff. Ideally, you’ll also have CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor and Lead Implementer. Project management skills. What We Look For A team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 1400 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

Your day at NTT DATA The Manager, Information Security Incident Response is a management role, responsible for managing the Information Security Incident Response Management team. This role ensures their team is equipped and enabled to detect and monitor threats and suspicious activity affecting the organization's technology domain. This role serves as the escalation point for incidents workflows and participates in the delivery of security measures through analytics and threat hunting processes. The Senior Manager, Information Security Incident Response manages a team of security professionals whilst fostering a collaborative and innovative team culture focused on operational excellence. What youll be doing Key Responsibilities: 10+ Years of experience in SOC. 4+ Years of experience as a SOC Manager. 4+ Years of experience in SIEM (Splunk) CISM/CISSP Certification is must. Good understanding about SOAR/UEBA/NBAD/XDR. Strong Exp in EDR and email fishing, Ransomware alerts. Troubleshooting technical issues to ensure project success. End-end integration of all soc solutions health check as per the signoff Implementing changes to align with Client demands and specifications. Providing guidance, direction, and instructions to the team to achieve specific objectives. Developing and executing a timeline for the team to achieve its goals. Monitoring incident detection and closure. Presenting regular metrics and reports. Identifying new alert requirements. Ensuring services meet SLA parameters. Conducting periodic DR drills. Following up with departments to close various reports/incidents and escalating long outstanding issues. Designing SIEM solutions to enhance security value, service management, and scalability. Identify, resolve, and conduct root-cause analysis for security incidents which is essential for maintaining a proactive and responsive security posture. Develop and document incident response procedures. Ensuring the SIEM system is optimized for efficient performance is vital. This includes handling data volume effectively and maintaining responsiveness for timely threat detection and response. Align reports SIEM rules and alerts with security policies and compliance reports requirements ensures that the system contributes to overall security and regulatory adherence. Developing customized and dashboards provides meaningful insights into the LICs security posture, aiding in decision-making and monitoring. Integration with other solutions/devices (including security solutions) to enhance overall security monitoring and incident response capabilities, creating a more comprehensive security infrastructure. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the systems reliability and effectiveness. Academic Qualifications and Certifications: Bachelors degree or equivalent in Information Technology, Computer Science or related field. Industry Certifications such as CISSP, CISM preferred. Required Experience: Advanced experience in a Technology Information Security Industry. Advanced prior experience working in a SOC/CSIR. Comprehension and practical knowledge of the Cyber Threat Kill Chains. Advanced knowledge of Tools, Techniques and Processes (TTP) used by threat actors. Advanced practical knowledge of indicators of compromise (IOCs). Advanced experience with End Point Protection and Enterprise Detention and Response Software. Advanced experience or knowledge of SIEM and IPS technologies. Advanced experience with Wireshark, tcpdump, Remnux, decoders for conducting payload analysis. Knowledge of malware analysis, hacking techniques, latest vulnerabilities, and security trends. Preferably an interest, or knowledge of, or experience with SIEM and IPS technologies. Advanced knowledge of network technologies including routers, switches, firewalls Advanced prior demonstrated experience managing and leading a team in a related field. Workplace type On-site Working

Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion its a place where you can grow, belong and thrive. Your day at NTT DATA The Security Managed Services Engineer (L1) is an entry level engineering role, responsible for providing a managed service to clients to ensure that their Firewall infrastructure remain operational through proactively identifying, investigating, and routing the incidents to correct resolver group. The primary objective of this role is to ensure zero missed service level agreement (SLA) conditions and focuses on first-line support for standard and low complexity incidents and service requests. The Security Managed Services Engineer (L1) may also contribute to / support on project work as and when required. What youll be doing Key Responsibilities: Min 3 Years exo in EDR and Trend Micro. The vendor should assess the existing endpoint security infrastructure and identify any gaps or vulnerabilities. The vendor should deploy EDR agents on endpoints, servers, and critical systems within the organizations network. The vendor should configure EDR agents to collect and analyze security events and activities on endpoints. The solution should monitor endpoints for suspicious activities, such as malware infections, unauthorized access attempts, and unusual user behavior. The solution should use behavioral analysis and machine learning to detect advanced threats and zero-day attacks. The solution should generate real-time alerts for potential security incidents and provide guidance for incident response and remediation. The vendor should enable endpoint forensics capabilities to investigate security incidents and identify the root cause of attacks. The solution should capture and store detailed endpoint activity logs and artifacts for further analysis. The vendor should integrate the tool with vulnerability management systems to assess the endpoints security posture. The EDR solution should be able to rollout patches or upgrades from the EDR management console for agents onboarded on the platforms. The solution should alert and remediate endpoints with outdated or vulnerable software configurations. The solution should provide real-time alerts for anomalies that could indicate potential threats. The vendor should ensure the compatibility with other security systems, such as (but not limited to) SIEM, incident response tools, etc. The solution should correlate network anomalies with potential threats, aiding in early threat detection. The vendor is expected to deliver reports at periodic intervals as per Clients requirements. The vendor should re-deploy the agent as and when there is a change in the infrastructure or the operating systems. Academic Qualifications and Certifications: Bachelors degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). CEH certification is Must

Key Responsibilities: Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources.Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD,PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis.Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities.Identify log sources and examine system logs to reconstruct event histories using forensic techniques.Align SIEM rules and alerts with the LICs security policies and compliance requirements.Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging.Maintain and support the operational integrity of SOC toolsets.Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness.Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans.Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner.Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively.Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits.Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive.Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency.

Key Responsibilities: Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD, PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities. Identify log sources and examine system logs to reconstruct event histories using forensic techniques. Align SIEM rules and alerts with the LICs security policies and compliance requirements. Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans. Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively. Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits. Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive. Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). CEH certification is Must.

Knowledge and application: Seasoned, experienced professional; has complete knowledge and understanding of area of specialization. Uses evaluation, judgment, and interpretation to select right course of action. Problem solving: Works on problems of diverse scope where analysis of information requires evaluation of identifiable factors. Resolves and assesses a wide range of issues in creative ways and suggests variations in approach. Interaction: Enhances relationships and networks with senior internal/external partners who are not familiar with the subject matter often requiring persuasion. Works with others outside of own area of expertise, with the ability to adapt style to differing audiences and often advises others on difficult matters. Impact: Impacts short to medium term goals through personal effort or influence over team members. Accountability: Accountable for own targets with work reviewed at critical points. Work is done independently and is reviewed at critical points. Workplace type : Hybrid Working

Key Responsibilities: Min 3 Years exp in EDR and Trend Micro. The vendor should assess the existing endpoint security infrastructure and identify any gaps or vulnerabilities. The vendor should deploy EDR agents on endpoints, servers, and critical systems within the organization's network. The vendor should configure EDR agents to collect and analyze security events and activities on endpoints. The solution should monitor endpoints for suspicious activities, such as malware infections, unauthorized access attempts, and unusual user behavior. The solution should use behavioral analysis and machine learning to detect advanced threats and zero-day attacks. The solution should generate real-time alerts for potential security incidents and provide guidance for incident response and remediation. The vendor should enable endpoint forensics capabilities to investigate security incidents and identify the root cause of attacks. The solution should capture and store detailed endpoint activity logs and artifacts for further analysis. The vendor should integrate the tool with vulnerability management systems to assess the endpoint's security posture. The EDR solution should be able to rollout patches or upgrades from the EDR management console for agents onboarded on the platforms. The solution should alert and remediate endpoints with outdated or vulnerable software configurations. The solution should provide real-time alerts for anomalies that could indicate potential threats. The vendor should ensure the compatibility with other security systems, such as (but not limited to) SIEM, incident response tools, etc. The solution should correlate network anomalies with potential threats, aiding in early threat detection. The vendor is expected to deliver reports at periodic intervals as per Clients requirements. The vendor should re-deploy the agent as and when there is a change in the infrastructure or the operating systems. Knowledge and Attributes: Ability to communicate and work across different cultures and social groups. Ability to plan activities and projects well in advance, and takes into account possible changing circumstances. Ability to maintain a positive outlook at work. Ability to work well in a pressurized environment. Ability to work hard and put in longer hours when it is necessary. Ability to apply active listening techniques such as paraphrasing the message to confirm understanding, probing for further relevant information, and refraining from interrupting. Ability to adapt to changing circumstances. Ability to place clients at the forefront of all interactions, understanding their requirements, and creating a positive client experience throughout the total client journey. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). CEH certification is must. Required Experience: Entry-level experience with troubleshooting and providing the support required in security network/ data center/ systems/ storage administration and monitoring Services within a medium to large ICT organization. Basic knowledge of management agents, redundancy concepts, and products within the supported technical domain (such as Security, Network, Data Centre, Telephony, etc.). Working knowledge of ITIL processes.

Key Responsibilities: Min 4+ Years exp in Soc along with SIEM (Splunk). Min 2 years Hands on exp in Splunk. Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD, PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities. Identify log sources and examine system logs to reconstruct event histories using forensic techniques. Align SIEM rules and alerts with the LICs security policies and compliance requirements. Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans. Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively. Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits. Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive. Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Knowledge and Attributes: Ability to communicate and work across different cultures and social groups. Ability to plan activities and projects well in advance, and takes into account possible changing circumstances. Ability to maintain a positive outlook at work. Ability to work well in a pressurized environment. Ability to work hard and put in longer hours when it is necessary. Ability to apply active listening techniques such as paraphrasing the message to confirm understanding, probing for further relevant information, and refraining from interrupting. Ability to adapt to changing circumstances. Ability to place clients at the forefront of all interactions, understanding their requirements, and creating a positive client experience throughout the total client journey. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). Active CEH certification is Must. Required Experience: Moderate level of relevant managed services experience handling Security Infrastructure. Moderate level of knowledge in ticketing tools preferably Service Now. Moderate level of working knowledge of ITIL processes. Moderate level of experience working with vendors and/or 3rd parties.

Key Responsibilities: Review daily operational activities and timely mentor Jr. AnalystsFurther detailed analysis on the escalated events and handover the call to Incident Response team along with appropriate evidence.100 % incidents validation and closure. Manage shifts and knowledge transfer within shift (shift handover) Study Attack types & methods while monitoring HDFC environment for threatsPerforms deep-dive incident analysis by correlating data from various sources. Documentation and archiving artefacts for future reference Defining criticality of the behaviour alert events with respect to experience and information security understandingLead operations with example and manage operate as a security consultant for incidents and alerts observedLead Jr. Analysts in investigations, analysis, and alert categorizationMonitoring various technology dashboards and identify any suspicious anomalies Ensuring quality check for all alerts, incidents raised by L1sInvestigating closing on Testing incidents and defining the steps and processPreparation of Daily summary report Raise control related concerns e.g., SOAR & SIEM. Define operations related activitiesIRC Review, SOP Review and managing all other process documents. Audit Data SubmissionEscalation to seniors before the TAT breachTAT responsibilitiesValidation of SOC incidents by Bank L2 team. Knowledge and Attributes: Ability to communicate and work across different cultures and social groups. Ability to plan activities and projects well in advance, and takes into account possible changing circumstances. Ability to maintain a positive outlook at work. Ability to work well in a pressurized environment. Ability to work hard and put in longer hours when it is necessary. Ability to apply active listening techniques such as paraphrasing the message to confirm understanding, probing for further relevant information, and refraining from interrupting. Ability to adapt to changing circumstances. Ability to place clients at the forefront of all interactions, understanding their requirements, and creating a positive client experience throughout the total client journey. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). Certifications relevant to services supported. Certifications carry additional weightage on the candidates qualification for the role. Required Experience: Moderate level of relevant managed services experience handling Security Infrastructure. Moderate level of knowledge in ticketing tools preferably Service Now. Moderate level of working knowledge of ITIL processes. Moderate level of experience working with vendors and/or 3rd parties.

The Associate Managed Services Information Security Analyst is an entry level subject matter expert, responsible for monitoring, analyzing, interpreting and reporting on the incoming client data for the purpose of delivering security information and recommendations to the clients, enabling the organization to deliver the contracted security services. This role includes performing tasks such as security incident detection and response, security event reporting, threat hunting, content maintenance (tuning) and interacting with clients to ensure their understanding of the information generated, recommending client system changes as well as answering security related queries from the clients. This is an entry level role within the Managed Services Information Security Analyst team and works under guidance of more experienced analysts within the team. What you'll be doing Key Responsibilities: Works as part of a global Cyber Defense Centre (CDC) team that works 24/7 on rotational shifts. Works with client stakeholders and relevant internal teams to tune the MSSP platform and client SIEM to enable more efficient detection, analysis and reporting. Under guidance, generates continuous improvement ideas for supported security tools/technologies, to enable improvements to the company services, employee experience and client experience. Adheres to SOPs, customer Run Books and standard processes to ensure a globally consistent delivery whilst also proposing changes and improvements to these standards. Utilizes and document best practices and amend existing documentation as required. Support with security incident handling and response from several vectors including End Point Protection and Enterprise Detection and response tools, attack analysis, malware analysis, network forensics, computer forensics. Learns and utilizes a broad range of skills in LAN technologies, Windows and Linux O/Ss, and general security infrastructure. Ensures usage of knowledge articles in incident diagnosis and resolution. Under guidance, perform defined tasks to inform and monitor service delivery against service level agreements and maintain records of relevant information. Cooperates closely with colleagues to share knowledge and build a cohesive and effective team environment, benefiting the individual, the business and the client. Performs any other related task as required. Knowledge and Attributes: Knowledge on implementation and monitoring of a company supported SIEM or security tools/technologies/concepts. Knowledge on security architecture, worked across different security technologies. Knowledge and understanding of the operation of modern computer systems and networks and how they can be compromised. Displays excellent customer service orientation and pro-active thinking. Displays problem solving abilities and is highly driven and self-organized. Good attention to detail. Displays analytical and logical thinking. Well spoken and written communication abilities. Ability to remain calm in pressurized situations. Ability to keep current on emerging trends and new technologies in area of specialization. Academic Qualifications and Certifications: Bachelor's degree or relevant qualification in Information Technology or Computing or a related field. Security certifications such as (but not limited to) AZ-500, SC-200, Security+, CEH, CISSP, CISM or similar Certification in different networking technologies such as CCNA, JNCIA, ACCA, PCNSA, CCSA is advantageous. Required Experience: Entry level experience in SOC Analysis Operations. Entry level experience in SIEM usage for investigations. Entry level experience in Security technologies such as (but not limited to) Firewall, IPS, IDS, Proxy. Entry level experience in dealing with technical support to clients. Entry level experience in handling security incidents end to end. Entry level experience in configuring/managing security controls, such as SIEM, Firewall, IDS/IPS, EDR, NDR, UTM, Proxy, SOAR, Honeypots and other security tools. Entry level experience in Security Analysis or Engineering preferably gained within a global services organization.

Additional Career Level Description: Knowledge and application: Seasoned, experienced professional; has complete knowledge and understanding of area of specialization. Uses evaluation, judgment, and interpretation to select right course of action. Problem solving: Works on problems of diverse scope where analysis of information requires evaluation of identifiable factors. Resolves and assesses a wide range of issues in creative ways and suggests variations in approach. Interaction: Enhances relationships and networks with senior internal/external partners who are not familiar with the subject matter often requiring persuasion. Works with others outside of own area of expertise, with the ability to adapt style to differing audiences and often advises others on difficult matters. Impact: Impacts short to medium term goals through personal effort or influence over team members. Accountability: Accountable for own targets with work reviewed at critical points. Work is done independently and is reviewed at critical points.

Gist about our company: A leading venture capitalist (VC) in Silicon Valley commented that “ Evergent is a diamond in the rough ”. Evergent today manages over 560M+ user accounts in over 180+ countries on behalf of our customers. Globally Evergent is working with 5 of the top 10 carriers (AT&T, Etisalat, SingTel, Telkomsel, and AirTel) and 4 of the top 10 media companies (HBO, FOX, SONY and BBC). We are not surprised by the VC comment. We have done this with an amazing global team of 600+ professionals. Evergent is recognized as the global leader for Customer Lifecycle Management for launching new revenue streams without disturbing the inflexible legacy systems. The need for digital transformation in this subscription economy and our ability to launch services in weeks is what sets Evergent apart. We welcome you to come and meet with us. Job Title: Cloud & IT Security Analyst Location: Hyderabad Job duties include planning and implementing security measures to protect Evergent SaaS systems, Internal networks, and data Platform. Must have experience and be up-to-date on the latest Information Security intelligence, including hackers’ methodologies, to anticipate security breaches. You will be responsible for preventing data loss and service interruptions by researching new technologies that will effectively protect a network. Roles and Responsibilities: • Monitor and protect organizational cloud infrastructure and IT systems • Conduct security assessments and vulnerability scans Conduct Pen Testing, DAST and SAST • Analyze security logs and investigate potential threats • Implement and maintain security controls and policies • Manage cloud security configurations • Respond to and mitigate security incidents • Assist with annual Security Audits for PCI-DSS, SSAE18, GDPR and more • Respond to Client RFP/RFI as it relates to Evergent Security • Protect system by defining access privileges, control structures, and resources • Recognize problems by identifying abnormalities; reporting violations • Implement security improvements by assessing current situation; evaluating trends anticipating requirements Copyright © 2024 Evergent, Inc., All Rights Reserved Required Skills: - Cloud platform knowledge (AWS, Azure, Google Cloud) - Cybersecurity principles - Network security - Risk management - Compliance frameworks (NIST, ISO 27001) - Security tools (SIEM, IDS/IPS) Typical Certifications: - CompTIA Security+ - AWS Certified Security - Specialty - (ISC)² CCSP - CISSP Qualifications and Education Requirements: BE, B.Tech, M.Tech, MCA, or any Bachelor computer degree Preferred Skills: • 4 to 8 years of experience in information technology or security • Strong communications skills, both written and oral • Organized, responsive and highly thorough problem solver • Minimum Certification of Associate’s degree in Computers, Technology or related field • Technical Knowledge: UNIX, AIX, Linux, Cisco Network IDS, Cisco Host-based IDS, eTrust Access Control, ESM, and IDS. DES encryption, Digital Certificates, SSL, VPN, IPSec, TCP/IP, DNS and web security architecture, mySQL, subversion, AntiVirus,.. Experience: 4-8 Years Show more Show less

Your day at NTT DATA The Senior Team Lead, Information Security is a developing management role, responsible for managing the Information Security Incident Response Management team. This role ensures their team is equipped and enabled to detect and monitor threats and suspicious activity affecting the organization's technology domain. This role serves as the escalation point for incidents workflows and participates in the delivery of security measures through analytics and threat hunting processes. The Senior Team Lead, Information Security Incident Response manages a team of security professionals whilst fostering a collaborative and innovative team culture focused on operational excellence. What you'll be doing Key Responsibilities: Provides coaching and mentoring to a team whilst establishing and monitoring individual and team KPIs ensuring that the team achieve business objectives and goals. Oversees the performance of weekly threat hunting activities. Oversees the review of current configurations of company production information systems and networks against compliance standards. Manages the team who provides technical support by ensuring that security alerts, events, and notifications are processed. For example, via email, ticketing, virus warning, intelligence feeds, workflow, etc. Engages with internal and/or external teams according to agreed alert priority levels, and escalation trees. Ensures the monitoring of events for suspicious events, investigation, and escalates where applicable. Ensures the prioritization of threat analysis based on risks associated with each threat and working with the appropriate teams to ensure related communications are in line with company best practice and recommendations. Works on strategic custom software projects which analyses the vast amount of log, audit trail, and other recorded activity information that modern systems record. Fine-tunes the existing security monitoring systems so that false positives and false negatives are minimized. Manages the prevention and resolution of security breaches and ensures that the required incident and problem management processes are initiated to ensure compliance to policy. Conducts presentations of the security breaches findings to the business and advise on new measures required to prevent reoccurrence of similar breaches. Reviews incident and problem management reports to identify potential security weaknesses and perform an impact and risk analysis, developing recommendations for highlighted risks, ensuring that these risks and solutions are presented to the relevant stakeholders. Ensures that security service audit schedules are implemented and agreed with the business. Reviews access authorization for compliance with policy, administration security controls for effectiveness, security on the operational systems and verify that security monitoring is working. Knowledge, Skills and Attributes: Ability to remain calm and focused during stressful situations. Ability to listen and adapt to changing situations. Ability to lead effectively by motivating their team(s) to perform better. Ability to recognize potential problems and take steps to fix the issues. Solid understanding of complex inter-relationships in an overall system or process. Solid knowledge of technological advances within the information security arena. Demonstrates analytical thinking and a proactive approach. Displays consistent client focus and orientation. Solid knowledge of information security management and policies. Solid understanding of current and emerging threats, vulnerabilities, and trends. Solid understanding of malware forensics, network forensics, and computer forensics also highly desirable. Ability to statically and dynamically analyze malware to determine target and intention. Ability to uncover and document tools, techniques, procedures used by cyber adversaries in attacking managed infrastructure. Sound decision making abilities with demonstrate teamwork and collaboration skills. Displays good planning and organizing ability. Academic Qualifications and Certifications: Bachelors degree or equivalent in Information Technology, Computer Science or related field. SANS GIAC Security Essentials (GSEC) or equivalent preferred. SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent preferred. SANS GIAC Certified Incident Handler (GCIH) or equivalent preferred. Industry Certifications such as CISSP, CISM, CISA, CEH, CHFI preferred. Information Technology ITILSM ICT Security ITIL v3 preferred. Required Experience: Solid experience in a Technology Information Security Industry. Solid experience working in a SOC/CSIR. Comprehension and practical knowledge of the Cyber Threat Kill Chains. Knowledge of Tools, Techniques and Processes (TTP) used by threat actors. Solid practical knowledge of indicators of compromise (IOCs). Solid experience with End Point Protection and Enterprise Detention and Response Software. Solid experience or knowledge of SIEM and IPS technologies. Solid experience with Wireshark, tcpdump, Remnux, decoders for conducting payload analysis. Knowledge of malware analysis, hacking techniques, latest vulnerabilities, and security trends. Preferably an interest, or knowledge of, or experience with SIEM and IPS technologies. Moderate level of knowledge of network technologies including routers, switches, firewalls. Solid prior demonstrated experience managing and leading a team in a related field.

Your day at NTT DATA The Security Managed Services Engineer (L3) is a seasoned engineering role, responsible for providing a service to clients by proactively identifying and resolving technical incidents and problems. Through pre-emptive service incident and resolution activities, as well as product reviews, operational improvements, operational practices, and quality assurance this role will maintain a high level of service to clients. The primary objective of this role is to ensure zero missed service level agreement (SLA) conditions and is responsible for managing tickets of high complexity, conducts advanced and complicated tasks, aware of client's high level and low-level security architecture and provides resolution to a diverse range of complex problems. This position uses considerable judgment and independent analysis within defined policies and practices and applies analytical thinking and deep technical expertise in achieving client outcomes, while coaching and mentoring junior team members across functions. The Security Managed Services Engineer (L3) may also contribute to support on project work as and when required. What you'll be doing Key Responsibilities: Device management experience with Imperva DAM Monitoring of the Databases and Instances, Analyze any DAM related incidents and Escalate the incidents with relevant Stakeholders. Define security and audit policies for data at rest and data in motion for the structured data Co-ordinate closely with the SOC team for any integration of Databases and Instances Work closely with database administrators and educate them about DAM tool and implement security controls inherit in the platform for identified databases Worke efficiently and closely with risk assessment teams and compliance teams to understand the external compliance requirements Perform risk assessment using Imperva risk assessment policies and inform the stakeholders and database administrators about the vulnerabilities captured for the database servers Create different set of audit and security policies to adhere to PCI and other compliances Identify the points which can be implemented to improve the functionality of DAM solution Oversight existing deployment and how it can be improved Generate reports and highlight compromises Work with our security operations center (SOC) and take the lead role in threat detection and incident response activities. Required Experience: Experience on various security technologies Experience of current threats, vulnerabilities, and attack trends Critical thinking and problem solving skills Experience with DAM solutions (Imperva/ IBM) Familiarity with various database structures

Role Description Job Title: Senior Network Engineer Experience: 18–23 Years Job Summary We are looking for a highly experienced Senior Network Engineer with 18–23 years of expertise in cloud networking , routing & switching , firewalls , and security compliance . The ideal candidate will possess deep technical knowledge in technologies such as Cisco, Palo Alto, ForeScout, Infoblox, Check Point, and F5 , and have hands-on experience in patching, firmware upgrades, vulnerability management, and regulatory compliance . You will be responsible for designing, implementing, optimizing, and securing enterprise and cloud network infrastructures to ensure maximum performance, security, and compliance. Key Responsibilities Network & Cloud Infrastructure Management Design, deploy, and maintain enterprise and cloud networking solutions (AWS, Azure, GCP). Manage routing and switching (Cisco or equivalent) with expertise in BGP, OSPF, EIGRP, VLANs, STP, QoS, and multicast. Implement and optimize load balancing using F5 (LTM, GTM, iRules). Administer Infoblox DNS, DHCP, and IPAM. Firewall, Security & Compliance Configure and manage firewall rules and security policies (Cisco ASA, Palo Alto, Check Point, ForeScout). Implement secure access using VPNs, zero-trust architecture, and micro-segmentation. Conduct regular patching, firmware updates, and vulnerability assessments. Align practices with compliance standards: ISO 27001, NIST, CIS, PCI-DSS, etc. Partner with security teams to analyze threats and improve posture. Performance Optimization & Troubleshooting Proactively monitor and troubleshoot network, cloud, and firewall performance issues. Ensure high availability and minimal downtime across LAN/WAN/cloud environments. Collaborate with vendors and cross-functional teams to ensure network reliability. Automation & Documentation Use automation tools (Ansible, Python, PowerShell, Terraform) for deployments and maintenance. Maintain up-to-date documentation (network diagrams, security policies, change logs). Provide mentorship and knowledge sharing to junior engineers and IT stakeholders. Qualifications & Experience 18–23 years of hands-on experience in network engineering and security. Expertise in routing & switching (Cisco, Juniper) and firewalls (Palo Alto, Check Point, Cisco ASA, ForeScout). Strong cloud networking experience (AWS, Azure, GCP) – VPCs, VPNs, NSGs, load balancers. Proficient in F5 load balancing technologies (LTM, GTM, ASM). Hands-on with patching, firmware upgrades, vulnerability remediation, and compliance. Skilled in automation (Python, Ansible, Terraform) and Infrastructure-as-Code (IaC). Strong troubleshooting skills in complex enterprise/cloud environments. Excellent documentation and stakeholder communication abilities. Preferred Certifications CCNP / CCIE PCNSE (Palo Alto) CCSA/CCSE (Check Point) F5-CA (F5 Certified Administrator) AWS / Azure Networking Specialty CISSP (preferred for security-focused profiles) Preferred Skills Experience with SIEM, IDS/IPS, and endpoint integration. Familiarity with Zero Trust Architecture, SD-WAN, and micro-segmentation. Exposure to monitoring tools: SolarWinds, Splunk, Wireshark, Logic Monitor, Big Panda. Knowledge of container networking: Kubernetes, Docker, CNI. Key Skills Routing & Switching | Network Security | Check Point | Palo Alto | Cisco ASA | ForeScout | F5 Load Balancers | Infoblox | AWS/Azure/GCP Networking | Ansible | Python | Compliance | Firewall Management Skills Routing And Switching,Checkpoint Firewall,palo alto,Network Security Show more Show less

Role Description Job Title: L1 SOC Analyst Experience : 2 to 3 years Location: Trivandrum, Kochi, Chennai, Bangalore, Hyderabad Company: CyberProof, A UST Company About CyberProof CyberProof is a leading cyber security services and platform company dedicated to helping customers react faster and smarter to security threats. We enable enterprises to create and maintain secure digital ecosystems through automation, threat detection, and rapid incident response. As part of the UST family, we are trusted by some of the world’s largest enterprises. Our Security Operations Group is composed of a global team of highly skilled cyber security professionals, with our tier 3-4 expertise rooted in Israeli Intelligence. The primary role of a SOC Level 1 Analyst is to serve as the frontline defense, managing first triage and ranking of security cases, and initiating the threat detection and response processes for client-related security events. The Analyst is integral to the MDR, working collaboratively with other teams to ensure high quality of service, and will be given opportunities for professional growth in cybersecurity. The position entails conducting inquiry procedures as dictated by CyberProof methodology and contributing insights on the case investigation and detection quality. Principal Duties Quickly respond to and classify all incoming security cases, ensuring that incidents are appropriately escalated to the right analyst within the predefined SLA period during the Analyst's shift. Conduct the first triage investigations into the assigned cases using a blended approach based on tools integrated into the SOAR platform and document all collected evidence and conclusions. At the shift's commencement, diligently review all new information in the SOAR, through the Teams channel, shared mailbox, and any other designated communication mediums to ensure readiness to continue or start case the investigation and address client queries. Facilitate a smooth handoff to the next team at the end of the shift, ensuring continuous and seamless security monitoring. Remain to any procedural inconsistencies or issues and proactively report these to the team leader or upper analytical layer (L2) for resolution or consultation. Should uncertainty or complex issues arise, elevate the matter promptly to a senior L1 Analyst or Shift and Technical Leads before resorting to the L2 team. Support the Lead Analysts and the L2 team in the extraction and compilation of data needed for the preparation of Weekly, Monthly, and Quarterly Business Review (QBR) documentation. Skills And Qualifications At least 1 year of experience as a security analyst Proficient in investigating s related to phishing, malware, and similar threats. Solid understanding of computer security and networking concepts Experience with SIEM or similar security tools (Splunk or Qradar or Sentinel). Knowledgeable about endpoint protection tools Skilled in analyzing network traffic, interpreting logs, and examining packet capture. Strong critical thinking and analytical abilities Excellent written and verbal communication skills Experience managing and analyzing s from security tools is a plus. Familiarity with cloud solutions is advantageous. Relevant certifications are a plus. Show more Show less

Outreach is the first and only AI Sales Execution Platform built for intelligent revenue workflows. Built on the world’s largest foundation of customer interactions and go-to-market team data, Outreach’s leading revenue AI technology helps go-to-market professionals and their companies win by intelligently accelerating decision making and elevating sellers to do their best work. Our powerful platform gives revenue teams the tools they need to design, measure, and improve a revenue strategy for every stage of the customer journey, improving efficiency and effectiveness across the entire revenue cycle. Over 6,000 customers, including Zoom, McKesson, Snowflake, SAP, and Okta use Outreach to power workflows, put customers at the center of their business, improve revenue results, and win in the market. Outreach is a privately held company based in Seattle, Washington, with offices worldwide. To learn more, please visit www.outreach.io. The Role Bridging Intelligence and Action The Cyber Intel Fusion Analyst is a pivotal role within our security program. This position serves as a critical bridge, linking strategic threat intelligence with tactical security operations. The analyst will be instrumental in evolving our security practices beyond traditional, siloed functions while ensuring that intelligence capabilities are not merely insightful but are directly integrated and operationalized within our security framework. This proactive operationalization of intelligence is key to anticipating emerging threats and developing innovative countermeasures to counter sophisticated cyber threats before they can impact our services or compromise sensitive information. The ability to quickly fuse intelligence into operational defense mechanisms provides a distinct security advantage, crucial for maintaining service reliability and customer trust. Your Daily Adventures Will Include Core Responsibilities: Shaping Our Defenses The responsibilities of the Cyber Intel Fusion Analyst are multifaceted, demanding a blend of analytical acumen, technical expertise, and collaborative skill. Intelligence Cycle Management & Requirements Definition: The analyst will manage the intelligence analysis cycle as it pertains to team operations. This includes working closely with team operators and other stakeholders to identify and refine intelligence requirements that drive threat emulation assessments and inform defensive strategies. A key function involves identifying intelligence requirements for diverse areas such as security operations, cloud security, enterprise security, and application security, including those related to artificial intelligence. This broad scope necessitates an understanding of the unique intelligence needs of various teams, positioning the analyst as a strategic partner who can tailor and deliver relevant intelligence to enhance the effectiveness of multiple security functions. Tactical Intelligence Analysis & Adversary Understanding: A core function is providing tactical cyber intelligence analysis, meticulously identifying specific adversary tactics, techniques, and procedures (TTPs). This analysis will be consistently tied back to established frameworks like the MITRE ATT&CK® Framework, leveraging intelligence provided by relevant organizations. The role involves recognizing and researching attacks and attack patterns based onpublished open-source intelligence (OSINT) and other intelligence sources. The analyst will be adept at handling and organizing disparate data concerning detections, attacks, and attackers to accurately identify adversary groups and their modus operandi, thereby driving assessments pertinent to the company. This process transforms general threat data into a refined understanding of adversaries specifically targeting our environment, such as those focusing on SaaS platforms if applicable. Developing Actionable Intelligence & Driving Threat Emulation: The analyst is tasked with developing, producing, and managing Adversary Response Playbooks. These playbooks are crucial for supporting and driving threat emulation assessments, ensuring our defenses are tested against realistic adversary behaviors.1 This involves translating analyzed intelligence on adversary TTPs and campaign indicators into actionable detection strategies, such as developing custom SIEM correlation rules or contributing to Security Orchestration, Automation, and Response (SOAR) playbooks. This operationalization of intelligence is fundamental, turning analytical findings into tangible, proactive defensive measures that strengthen our security posture. Collaboration, Liaison & Stakeholder Management: Effective relationship management is paramount. The analyst will manage relationships with organizations, both internal and external, that provide requested intelligence to the team or receive information from it. A significant part of the role includes representing the team in cyber threat intelligence-related meetings and matters, acting as a crucial liaison. This collaboration extends across multiple organizational functions, potentially including cloud engineering teams, DevSecOps personnel, SOC analysts, incident responders, and even executive leadership. By effectively sharing tailored intelligence, the analyst acts as a force multiplier, enhancing the capabilities and preparedness of various teams across the organization. Our Vision of You Core Competencies: Mastery of the Intelligence Cycle: Expertise in managing the intelligence analysis cycle, encompassing planning, collection (including OSINT and multi-source intelligence), processing, in-depth analysis of adversary TTPs, and the production and dissemination of timely, accurate, and actionable intelligence products tailored to diverse internal audiences. Strategic Requirements Identification: Proven ability to identify and refine intelligence requirements for a wide array of security functions, includingsecurity operations, cloud security, enterprise security, and application security (potentially including AI), ensuring intelligence efforts align with business and operational needs. Tactical Intelligence & TTP Expertise: Strong skills in tactical cyber intelligence analysis, identifying specific adversary TTPs and mapping them to frameworks like MITRE ATT&CK®. This includes researching current attacks, attack patterns, and understanding threats specific to modern environments (e.g., SaaS-specific attack patterns). Actionable Output Development: Demonstrable experience in developing, producing, and managing resources like Adversary Response Playbooks to support and drive threat emulation assessments, effectively translating intelligence into practical defensive measures. Data Synthesis & Adversary Profiling: Capability in handling and organizing disparate data about detections, attacks, and attackers to properly identify adversary groups and develop comprehensive threat actor profiles, particularly those relevant to the company’s operational landscape. Exceptional Collaboration & Liaison Skills: Excellent relationship management abilities with internal and external intelligence providers and consumers, and proven experience acting as an effective liaison and team representative in intelligence matters. Education and Experience: A minimum of 5 years of progressive, hands-on experience in the cybersecurity domain, with a demonstrable track record in roles that combine cyber threat intelligence analysis with security operations or incident response functions. Experience in environments with a significant cloud and SaaS focus is highly advantageous. This emphasis on combined experience highlights the need for individuals who have practically applied the "fusion"concept. Technical Prowess: The analyst must possess a robust set of technical skills to effectively investigate security incidents, analyze threat data, and implement defensive measures, especially within cloud environments. Essential Technical Competencies Are Outlined Below An in-depth understanding of core networking protocols (TCP/IP, UDP,HTTP/S, DNS, SMTP, etc.), network traffic analysis methodologies, and the function of common networking ports and protocols. Proficiency with cloud security architectures (IaaS, PaaS, SaaS) and hands-onexperience with security tools native to major cloud platforms (e.g., AWS,Azure, GCP). Expertise with Security Information and Event Management (SIEM) platforms for log correlation, advanced analysis, and the development of custom detection rules. Hands-on experience with Endpoint Detection and Response (EDR/XDR) solutions for endpoint threat detection, investigation, and response. Strong skills in comprehensive log analysis from diverse cloud and on-premises sources, including operating systems (Windows, Linux, macOS), applications, network devices, and cloud service logs (e.g., CloudTrail, Azure Monitor). A solid understanding of Windows and Linux operating systems (including distributions such as RHEL, Ubuntu, CentOS) and macOS, encompassing system administration fundamentals, security configurations, logging mechanisms, and common attack vectors. Scripting skills for automation of analytical tasks, data manipulation, tool integration, or the development of custom detection scripts using languages such as Python, PowerShell, or Bash. Deep understanding and practical application of threat intelligence frameworks such as the MITRE ATT&CK® Framework, the Cyber Kill Chain®, and the Diamond Model of Intrusion Analysis. The following outlines core technical competencies and representative toolsets relevant to this role: Category Examples/Specific Tools (Tailored for SaaS) Cloud Platform Security: AWS (GuardDuty, Security Hub, Macie, Inspector), Azure (Sentinel, Defender for Cloud), GCP (Security Command Center) SIEM: Google SecOps, CrowdStrike NG SIEM, Sumologic CloudSiem EDR/XDR: CrowdStrike Falcon, JAMF Protect Network Analysis: Wireshark, Zeek (formerly Bro), Suricata, Cloud-native traffic mirroring/analysis tools Vulnerability Management: CrowdStrike Exposure Management, Wiz, Cloud-native vulnerability scanners Scripting Languages: Python, PowerShell, Bash Operating Systems: Windows (Client/Server), Linux (various distributions such as RHEL, Ubuntu, CentOS), macOS Threat Intelligence Platforms: (TIPs) MISP, ThreatConnect, Anomali ThreatStream,Recorded Future. Analytical and Communication Skills: Exceptional analytical and problem-solving skills, with a demonstrated ability to correlate disparate datasets, identify subtle patterns of malicious activity, and make sound, evidence-based judgments, often under pressure. Excellent written and verbal communication skills, with the proven ability to articulate complex technical information, security concepts, and intelligence findings clearly and concisely to diverse audiences, including technical peers and management. Work Requirements This position requires participation in an on-call rotation to provide expert support during critical security incidents. This role does not involve regular shift work. Bonus Points: Preferred Qualifications While not mandatory, the following qualifications will significantly differentiate strong candidates and indicate a deeper specialization. Advanced Industry-recognized Cybersecurity Certifications. Examples Include GIAC Cyber Threat, SANS/GIAC Cyber Threat Intelligence, Intelligence (GCTI), GIAC Certified Intrusion, SANS/GIAC Network Security Monitoring, Analyst (GCIA), Intrusion Detection, GIAC Certified Incident, SANS/GIAC Incident Response, Handler (GCIH), CISSP (ISC)² Broad Cybersecurity, Management & Operations, AWS Certified Security – Amazon Web Services AWS Cloud Security Specialty, Azure Security Engineer, Microsoft Azure Cloud Security, Associate (AZ-500), CompTIA Cybersecurity, CompTIA Cybersecurity Analysis, Analyst (CySA+), Intrusion Detection, Offensive Security Certified, Offensive Security Penetration Testing, Professional (OSCP), (Understanding Attacker Methods) Practical experience utilizing Threat Intelligence Platforms (TIPs) such as MISP, ThreatConnect, Anomali ThreatStream, or Recorded Future. Experience with Security Orchestration, Automation, and Response (SOAR) platforms and playbook development. Knowledge of malware analysis (static and dynamic) and reverse engineering techniques, and familiarity with associated tools. Familiarity with DevSecOps principles and experience securing CI/CD pipelines. Understanding of compliance frameworks relevant to SaaS environments (e.g.,SOC 2, ISO 27001/27701/42001, GDPR, HIPAA). Why You’ll Love It Here Highly competitive salary 25 days annual vacation time + sick time and casual leave Group medical policy coverage available to employees and up to 5 eligible family members OPD benefit covered up to INR 10,000 Life insurance and personal accident insurance at 3x annual CTC 26 weeks of maternity leave pay, and 15 days of paternity leave pay Opportunity to be part of company success via the RSU program Diversity and inclusion programs that promote employee resource groups like OWN+ (Outreach Women's Network), Adelante (Latinx community), OBX (Outreach Black Connection), Mosaic (AAPI community), Pride (LGBTQIA+), Gender+, Disability Community, and Veterans/Military Employee referral bonuses to encourage the addition of great new people to the team Fun company and team outings because we play just as hard as we work Our success is reliant on building teams that include people from different backgrounds and experiences who can elevate assumptions and ideas with fresh perspectives. We're dedicated to hiring the whole human, not just a resume. To that end, we look for a diverse pool of applicants-including those from historically marginalized groups. We would like to invite you to apply even if you don't think you meet all of the requirements listed below. We don't want a few lines in a job description to get between us and the opportunity to meet you. Show more Show less

Summary Job description Job Title: ServiceNow Architect – ITSM, CSM & SecOps Position Overview: We are seeking an accomplished ServiceNow Architect with extensive hands-on experience across IT Service Management (ITSM), Customer Service Management (CSM), and Security Operations (SecOps). This role requires deep technical expertise, a strategic mindset, and the ability to lead and deliver end-to-end ServiceNow solutions in alignment with enterprise objectives. Key Responsibilities: Architect and lead the implementation of ServiceNow solutions across ITSM, CSM, and SecOps modules Define and enforce platform governance, development standards, and best practices Drive automation initiatives using Flow Designer, Orchestration, and IntegrationHub Design and execute integrations with third-party platforms (e.g., CRM, SIEM tools) via REST, SOAP, and MID Server Conduct performance tuning, system upgrades, and code reviews to ensure platform stability and scalability Collaborate with stakeholders, developers, and business leaders to align solutions with business requirements Mentor and guide developers and administrators on platform capabilities and best practices Required Qualifications: 10+ years of overall IT experience, with 7+ years in ServiceNow architecture and implementation Proven hands-on expertise in ITSM, CSM, and preferably SecOps modules Proficient in JavaScript, Glide API, Business Rules, Script Includes, and Flow Designer Strong understanding of ServiceNow database architecture, ACLs, and security models Demonstrated experience in integrating ServiceNow with external systems and tools In-depth knowledge of ITIL and NIST frameworks Strong communication, leadership, and stakeholder management skills Preferred Certifications: ServiceNow Certified System Administrator (CSA) Certified Implementation Specialist – ITSM, CSM, and SecOps ServiceNow Certified Application Developer (CAD) ITIL v4 Foundation CISSP (preferred for SecOps expertise) Show more Show less

Job Title: SOC L1 Analyst Experience: 1+ Years Location: Ahmedabad – Gujarat Employment Type: Full-Time [Rotational Shift, Exclusive Morning Shift] Department: SOC Department No of Position: 4 Key Job Responsibilities: · Work in a 24x7 rotational shift environment to ensure uninterrupted security monitoring. · Maintain continuous situational awareness ("eyes on glass") by actively monitoring all logs and alerts. · Detect incidents by monitoring SIEM console activities, including rules, reports, and dashboards. · Monitor SIEM resources to identify anomalies or unusual behavior. · Escalate incidents in accordance with defined SLAs when resolution thresholds are not met. · Monitor and ensure the operational health of the SIEM platform. · Support the SOC team in incident detection, analysis, and resolution processes. · Continuously monitor and analyze security alerts and events from multiple sources to identify and assess potential security incidents. · Lead in-depth investigations of security incidents, including determining root causes, assessing impact, and recommending appropriate response measures. · Coordinate and execute incident response activities to contain, eradicate, and recover from high-severity security incidents. · Collaborate with L2 SOC teams to prioritize, escalate, and manage security events effectively. · Maintain thorough documentation of incidents, including findings, actions taken, timelines, and strategic recommendations for future improvements. · Administer and optimize security tools and technologies within the SOC environment to ensure their effective performance. · Work closely with cross-functional teams (IT, network operations, system administrators) to coordinate and streamline incident response efforts. · Communicate incident status, remediation actions, and post-incident insights to both internal and external stakeholders. · Actively contribute to the development and continuous improvement of SOC procedures, workflows, and incident response strategies. · Stay updated on emerging cyber threats, industry trends, and advancements in security tools to enhance SOC capabilities. Qualifications: Bachelor’s or Master’s degree in Computer Science, Information Security, Cybersecurity, or a related field (or equivalent work experience), with a specialization in Cybersecurity preferred. Proven experience in a SOC environment, with a strong focus on incident response and advanced analysis. In-depth knowledge of cybersecurity principles, threat landscapes, and complex attack vectors. Proficiency with security technologies, including SIEM, IDS/IPS, firewalls, antivirus, and endpoint detection tools. Exceptional analytical and problem-solving skills, with a keen attention to detail. Strong communication skills, both written and verbal, with the ability to convey complex information clearly. Proven ability to thrive in a fast-paced environment and adapt to evolving priorities. Additional Certifications Required SIEM Certifications Other Cybersecurity Certifications Job Type: Full-time Pay: ₹200,000.00 - ₹350,000.00 per year Benefits: Cell phone reimbursement Paid time off Shift: Night shift Rotational shift Work Days: Monday to Friday Work Location: In person

Summary Job description Job Title: ServiceNow Architect – ITSM, CSM & SecOps Position Overview: We are seeking an accomplished ServiceNow Architect with extensive hands-on experience across IT Service Management (ITSM), Customer Service Management (CSM), and Security Operations (SecOps). This role requires deep technical expertise, a strategic mindset, and the ability to lead and deliver end-to-end ServiceNow solutions in alignment with enterprise objectives. Key Responsibilities: Architect and lead the implementation of ServiceNow solutions across ITSM, CSM, and SecOps modules Define and enforce platform governance, development standards, and best practices Drive automation initiatives using Flow Designer, Orchestration, and IntegrationHub Design and execute integrations with third-party platforms (e.g., CRM, SIEM tools) via REST, SOAP, and MID Server Conduct performance tuning, system upgrades, and code reviews to ensure platform stability and scalability Collaborate with stakeholders, developers, and business leaders to align solutions with business requirements Mentor and guide developers and administrators on platform capabilities and best practices Required Qualifications: 10+ years of overall IT experience, with 7+ years in ServiceNow architecture and implementation Proven hands-on expertise in ITSM, CSM, and preferably SecOps modules Proficient in JavaScript, Glide API, Business Rules, Script Includes, and Flow Designer Strong understanding of ServiceNow database architecture, ACLs, and security models Demonstrated experience in integrating ServiceNow with external systems and tools In-depth knowledge of ITIL and NIST frameworks Strong communication, leadership, and stakeholder management skills Preferred Certifications: ServiceNow Certified System Administrator (CSA) Certified Implementation Specialist – ITSM, CSM, and SecOps ServiceNow Certified Application Developer (CAD) ITIL v4 Foundation CISSP (preferred for SecOps expertise) Show more Show less

Summary Job description Job Title: ServiceNow Architect – ITSM, CSM & SecOps Position Overview: We are seeking an accomplished ServiceNow Architect with extensive hands-on experience across IT Service Management (ITSM), Customer Service Management (CSM), and Security Operations (SecOps). This role requires deep technical expertise, a strategic mindset, and the ability to lead and deliver end-to-end ServiceNow solutions in alignment with enterprise objectives. Key Responsibilities: Architect and lead the implementation of ServiceNow solutions across ITSM, CSM, and SecOps modules Define and enforce platform governance, development standards, and best practices Drive automation initiatives using Flow Designer, Orchestration, and IntegrationHub Design and execute integrations with third-party platforms (e.g., CRM, SIEM tools) via REST, SOAP, and MID Server Conduct performance tuning, system upgrades, and code reviews to ensure platform stability and scalability Collaborate with stakeholders, developers, and business leaders to align solutions with business requirements Mentor and guide developers and administrators on platform capabilities and best practices Required Qualifications: 10+ years of overall IT experience, with 7+ years in ServiceNow architecture and implementation Proven hands-on expertise in ITSM, CSM, and preferably SecOps modules Proficient in JavaScript, Glide API, Business Rules, Script Includes, and Flow Designer Strong understanding of ServiceNow database architecture, ACLs, and security models Demonstrated experience in integrating ServiceNow with external systems and tools In-depth knowledge of ITIL and NIST frameworks Strong communication, leadership, and stakeholder management skills Preferred Certifications: ServiceNow Certified System Administrator (CSA) Certified Implementation Specialist – ITSM, CSM, and SecOps ServiceNow Certified Application Developer (CAD) ITIL v4 Foundation CISSP (preferred for SecOps expertise) Show more Show less

What Success Looks Like In This Role Vulnerability Management: Experience with vulnerability management tools (e.g., Tenable, Qualys), including actions to remediate identified vulnerabilities Experience in working at “responsibility without authority” engagements for vulnerability remediation Threat Analysis: Perform in-depth analysis of security events and provide actionable intelligence to prevent future incidents. Root Cause Analysis: Conduct post-incident analysis to determine the root cause of incidents and assist in developing mitigation strategies to prevent recurrence. Collaboration: Work closely with other internal teams, such as IT, legal, and compliance, to mitigate and remediate security incidents and provide necessary incident reporting. Security Tools Support: Support the installation and management of security tools such as SIEM, IDS/IPS, endpoint detection & response (EDR), and firewall systems. Continuous Improvement: Contribute to the development and refinement of incident response processes, playbooks, and security protocols. Expected Knowledge And Experience Incident Response: experience in security incident response and resolution, including malware outbreaks, network intrusions, and data breaches alerts monitoring and root-cause analysis. Cybersecurity Frameworks: Familiarity with security frameworks such as NIST, MITRE ATT&CK, and SANS. Tools & Technologies: Familiarity with security technologies and platforms (e.g., SIEMs like Splunk, Tenable; EDR tools like CrowdStrike; firewalls, IDS/IPS systems). Network & Systems: Understanding of network protocols, operating systems (Windows, Linux), and web applications, and how they can be exploited in attacks. Threat Intelligence: Familiarity with threat intelligence feeds and using them to inform incident response and proactively detect threats. Incident Response: Support the analysis and documentation of security incidents, including timelines, actions taken, and outcomes. Reporting: Provide clear and concise incident reports and updates to senior management and relevant stakeholders. Cloud Security: Understanding of cloud platforms (AWS, Azure, GCP) and security implications within cloud environments. Regulatory Compliance: Knowledge of relevant regulatory requirements (e.g., GDPR, ISO27001, PCI-DSS) and how they relate to incident management and reporting. Preferred Qualifications Certifications: Relevant cybersecurity and/or privacy certifications are expected. Scripting Skills: Familiarity with scripting or automation (Python, Bash, PowerShell) for incident investigation and response tasks. Forensics: Understanding of digital forensics, including evidence collection, chain of custody, and data analysis techniques. Skills & Competencies Strong analytical and problem-solving skills. Solid knowledge of MS Excel. Excellent verbal and written communication skills. Ability to handle high-pressure situations and make quick decisions. Ability to work both independently and as part of a collaborative team. Detail-oriented with strong organizational and documentation skills. You will be successful in this role if you have: BA/BS degree and 2-4 years’ relevant experience OR equivalent combination of education and experience Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age, blood type, caste, citizenship, color, disability, family medical history, family status, ethnicity, gender, gender expression, gender identity, genetic information, marital status, national origin, parental status, pregnancy, race, religion, sex, sexual orientation, transgender status, veteran status or any other category protected by law. This commitment includes our efforts to provide for all those who seek to express interest in employment the opportunity to participate without barriers. If you are a US job seeker unable to review the job opportunities herein, or cannot otherwise complete your expression of interest, without additional assistance and would like to discuss a request for reasonable accommodation, please contact our Global Recruiting organization at GlobalRecruiting@unisys.com or alternatively Toll Free: 888-560-1782 (Prompt 4). US job seekers can find more information about Unisys’ EEO commitment here. Show more Show less

Must-Have Skills: Experience in SIEM Management tool (QRadar) / ITIL Certification / CCNA Certification / CEH Certification / VA (Product) Certification / CISM Certification Process and Procedure adherence General network knowledge and TCP/IP Troubleshooting Ability to trace down an endpoint on the network based on ticket information Familiarity with system log information Understanding of common network services (web, mail, DNS, authentication) Knowledge of host based firewalls, Anti-Malware, HIDS General Desktop OS and Server OS knowledge TCP/IP, Internet Routing, UNIX / LINUX & Windows NT knowledge Good-to-Have Skills: Strong analytical and problem-solving abilities Excellent project management capabilities Academic Qualifications: B.E. / B. Tech / MCA degree Requirements: Location: Mumbai Notice Period: 30 days Salary Range: 7-9 LPA Job Type: Full-time Shift Timings: Not specified Key Performance Indicators: Investigate and respond to security incidents Lead incident handling and coordinate with internal teams Develop SIEM rules and maintain correlation logic Integrate and monitor log sources for threat detection Mentor L1 analysts on incident response and best practices Document and report security incidents and SOC activity Kumari Nanhi 7505229019 kumari@zyvka.com Show more Show less