9214 Siem Jobs - Page 31

Level - L3 The CDC Head is a Band 9 leadership role responsible for the end-to-end governance, delivery, and transformation of Cyber Defense Center operations. This role oversees a multi-tiered team of around100 security professionals across L1L4, spanning SOC, SecOps, Threat Hunting, Engineering, AppSec, DevSecOps, VM, AI and Automation domains. The CDC Head acts as the single point of accountability for service delivery, SLA adherence, and strategic alignment with client security objectives. Strategic Leadership & Governance - Define and drive the CDCs vision, roadmap, and transformation strategy, including the shift toward autonomous SOC operations using GenAI and agentic AI - Lead govern...

Level - L3 The SOC Manager is the operational and strategic leader of the Security Operations Center. This role is responsible for managing people, processes, and technologies to ensure the SOC delivers effective threat detection, incident response, and continuous improvement. The SOC Manager reports to Head of CDC and acts as the bridge between technical teams and business stakeholders Lead and mentor SOC staff across L1, L2, and L3 tiers Oversee hiring, onboarding, training, certification and performance evaluations Coordinate 24x7 shift coverage and ensure readiness for high-severity incidents Manage day-to-day SOC operations, including alert triage, incident escalation, and response coor...

Level - L3 The SOC Manager is the operational and strategic leader of the Security Operations Center. This role is responsible for managing people, processes, and technologies to ensure the SOC delivers effective threat detection, incident response, and continuous improvement. The SOC Manager reports to Head of CDC and acts as the bridge between technical teams and business stakeholders Lead and mentor SOC staff across L1, L2, and L3 tiers Oversee hiring, onboarding, training, certification and performance evaluations Coordinate 24x7 shift coverage and ensure readiness for high-severity incidents Manage day-to-day SOC operations, including alert triage, incident escalation, and response coor...

Level -L3 Lead the development of threat hunting hypotheses using threat intelligence, MITRE ATT&CK, and kill chain models Guide the team in conducting hunts across SIEM, EDR/XDR, and network telemetry to uncover hidden threats Validate and refine threat intelligence to ensure it is actionable and relevant Translate hunting outcomes into detection logic and use cases for SIEM and SOAR platforms Collaborate with content developers to build and tune correlation rules and analytics Identify gaps in visibility and recommend improvements to logging and telemetry coverage Escalate confirmed findings to L3 incident response teams with detailed evidence and RCA Recommend preventive and detective cou...

Level -L3 Lead the development of threat hunting hypotheses using threat intelligence, MITRE ATT&CK, and kill chain models Guide the team in conducting hunts across SIEM, EDR/XDR, and network telemetry to uncover hidden threats Validate and refine threat intelligence to ensure it is actionable and relevant Translate hunting outcomes into detection logic and use cases for SIEM and SOAR platforms Collaborate with content developers to build and tune correlation rules and analytics Identify gaps in visibility and recommend improvements to logging and telemetry coverage Escalate confirmed findings to L3 incident response teams with detailed evidence and RCA Recommend preventive and detective cou...

Level -L3 Lead the development of threat hunting hypotheses using threat intelligence, MITRE ATT&CK, and kill chain models Guide the team in conducting hunts across SIEM, EDR/XDR, and network telemetry to uncover hidden threats Validate and refine threat intelligence to ensure it is actionable and relevant Translate hunting outcomes into detection logic and use cases for SIEM and SOAR platforms Collaborate with content developers to build and tune correlation rules and analytics Identify gaps in visibility and recommend improvements to logging and telemetry coverage Escalate confirmed findings to L3 incident response teams with detailed evidence and RCA Recommend preventive and detective cou...

Level -L3 Lead the development of threat hunting hypotheses using threat intelligence, MITRE ATT&CK, and kill chain models Guide the team in conducting hunts across SIEM, EDR/XDR, and network telemetry to uncover hidden threats Validate and refine threat intelligence to ensure it is actionable and relevant Translate hunting outcomes into detection logic and use cases for SIEM and SOAR platforms Collaborate with content developers to build and tune correlation rules and analytics Identify gaps in visibility and recommend improvements to logging and telemetry coverage Escalate confirmed findings to L3 incident response teams with detailed evidence and RCA Recommend preventive and detective cou...

Level -L3 Lead the development of threat hunting hypotheses using threat intelligence, MITRE ATT&CK, and kill chain models Guide the team in conducting hunts across SIEM, EDR/XDR, and network telemetry to uncover hidden threats Validate and refine threat intelligence to ensure it is actionable and relevant Translate hunting outcomes into detection logic and use cases for SIEM and SOAR platforms Collaborate with content developers to build and tune correlation rules and analytics Identify gaps in visibility and recommend improvements to logging and telemetry coverage Escalate confirmed findings to L3 incident response teams with detailed evidence and RCA Recommend preventive and detective cou...

Level : L3 The AI and Automation Lead is responsible for embedding intelligence, efficiency, and scalability into Security Operations Centers (SOCs) by leveraging AI, GenAI, and automation platforms like Microsoft Sentinel, Azure Logic Apps, and Kyndryl Bridge. This role is pivotal in driving transformation, SLA adherence, and operational excellence across global security operations 1. Design and implement AI models for threat detection, behavioural analytics, and anomaly detection using Microsoft Native Tools and Kyndryl Bridge. 2. Integrate GenAI into SOC workflows for predictive threat modelling, incident summarization, and automated RCA generation 3. Lead the development of agentic AI sy...

Level : L3 The AI and Automation Lead is responsible for embedding intelligence, efficiency, and scalability into Security Operations Centers (SOCs) by leveraging AI, GenAI, and automation platforms like Microsoft Sentinel, Azure Logic Apps, and Kyndryl Bridge. This role is pivotal in driving transformation, SLA adherence, and operational excellence across global security operations 1. Design and implement AI models for threat detection, behavioural analytics, and anomaly detection using Microsoft Native Tools and Kyndryl Bridge. 2. Integrate GenAI into SOC workflows for predictive threat modelling, incident summarization, and automated RCA generation 3. Lead the development of agentic AI sy...

Level : L3 The AI and Automation Lead is responsible for embedding intelligence, efficiency, and scalability into Security Operations Centers (SOCs) by leveraging AI, GenAI, and automation platforms like Microsoft Sentinel, Azure Logic Apps, and Kyndryl Bridge. This role is pivotal in driving transformation, SLA adherence, and operational excellence across global security operations 1. Design and implement AI models for threat detection, behavioural analytics, and anomaly detection using Microsoft Native Tools and Kyndryl Bridge. 2. Integrate GenAI into SOC workflows for predictive threat modelling, incident summarization, and automated RCA generation 3. Lead the development of agentic AI sy...

Level : L3 The AI and Automation Lead is responsible for embedding intelligence, efficiency, and scalability into Security Operations Centers (SOCs) by leveraging AI, GenAI, and automation platforms like Microsoft Sentinel, Azure Logic Apps, and Kyndryl Bridge. This role is pivotal in driving transformation, SLA adherence, and operational excellence across global security operations 1. Design and implement AI models for threat detection, behavioural analytics, and anomaly detection using Microsoft Native Tools and Kyndryl Bridge. 2. Integrate GenAI into SOC workflows for predictive threat modelling, incident summarization, and automated RCA generation 3. Lead the development of agentic AI sy...

Level : L3 The AI and Automation Lead is responsible for embedding intelligence, efficiency, and scalability into Security Operations Centers (SOCs) by leveraging AI, GenAI, and automation platforms like Microsoft Sentinel, Azure Logic Apps, and Kyndryl Bridge. This role is pivotal in driving transformation, SLA adherence, and operational excellence across global security operations 1. Design and implement AI models for threat detection, behavioural analytics, and anomaly detection using Microsoft Native Tools and Kyndryl Bridge. 2. Integrate GenAI into SOC workflows for predictive threat modelling, incident summarization, and automated RCA generation 3. Lead the development of agentic AI sy...

Level : L3 The Cloud Security and DLP SME is responsible for managing and optimizing DLP policies across endpoints, cloud services, Web, Network and collaboration platforms: Review and fine-tune existing DLP policies to reduce false positives and improve detection accuracy. Collaborate with Customer business stakeholder and cross functional tower leads to identify new policy requirements and prioritize them in the DLP backlog Implement policy changes through structured change management processes Monitor and triage high and critical severity DLP alerts on a daily basis (typically 8x5 coverage) Investigate incidents, validate true positives, and escalate as needed to SOC or compliance teams. ...

Level : L3 The Cloud Security and DLP SME is responsible for managing and optimizing DLP policies across endpoints, cloud services, Web, Network and collaboration platforms: Review and fine-tune existing DLP policies to reduce false positives and improve detection accuracy. Collaborate with Customer business stakeholder and cross functional tower leads to identify new policy requirements and prioritize them in the DLP backlog Implement policy changes through structured change management processes Monitor and triage high and critical severity DLP alerts on a daily basis (typically 8x5 coverage) Investigate incidents, validate true positives, and escalate as needed to SOC or compliance teams. ...

Level : L3 The Cloud Security and DLP SME is responsible for managing and optimizing DLP policies across endpoints, cloud services, Web, Network and collaboration platforms: Review and fine-tune existing DLP policies to reduce false positives and improve detection accuracy. Collaborate with Customer business stakeholder and cross functional tower leads to identify new policy requirements and prioritize them in the DLP backlog Implement policy changes through structured change management processes Monitor and triage high and critical severity DLP alerts on a daily basis (typically 8x5 coverage) Investigate incidents, validate true positives, and escalate as needed to SOC or compliance teams. ...

Level : L3 The Cloud Security and DLP SME is responsible for managing and optimizing DLP policies across endpoints, cloud services, Web, Network and collaboration platforms: Review and fine-tune existing DLP policies to reduce false positives and improve detection accuracy. Collaborate with Customer business stakeholder and cross functional tower leads to identify new policy requirements and prioritize them in the DLP backlog Implement policy changes through structured change management processes Monitor and triage high and critical severity DLP alerts on a daily basis (typically 8x5 coverage) Investigate incidents, validate true positives, and escalate as needed to SOC or compliance teams. ...

Level : L3 The Cloud Security and DLP SME is responsible for managing and optimizing DLP policies across endpoints, cloud services, Web, Network and collaboration platforms: Review and fine-tune existing DLP policies to reduce false positives and improve detection accuracy. Collaborate with Customer business stakeholder and cross functional tower leads to identify new policy requirements and prioritize them in the DLP backlog Implement policy changes through structured change management processes Monitor and triage high and critical severity DLP alerts on a daily basis (typically 8x5 coverage) Investigate incidents, validate true positives, and escalate as needed to SOC or compliance teams. ...

Level : L3 Managing both on-prem and cloud-based WAF deployments: Citrix NetScaler: Oversee 4 SDX appliances and 11 VPX instances (3 cloud + 8 on-prem), supporting ~1500 internet-facing applications Imperva WAF: Manage gateway appliances and virtual deployments, ensuring high availability, low latency, and SSL acceleration Configure and maintain WAF policies, signatures, and profiles. Apply Web App Firewall protection to VPN, authentication, and portal endpoints in NetScaler environments Ensure compliance with enterprise security standards and vendor best practices Handle 34 change requests and 1012 troubleshooting tasks weekly for WAF platforms Support L3-level incident response and RCA for...

Level : L3 Managing both on-prem and cloud-based WAF deployments: Citrix NetScaler: Oversee 4 SDX appliances and 11 VPX instances (3 cloud + 8 on-prem), supporting ~1500 internet-facing applications Imperva WAF: Manage gateway appliances and virtual deployments, ensuring high availability, low latency, and SSL acceleration Configure and maintain WAF policies, signatures, and profiles. Apply Web App Firewall protection to VPN, authentication, and portal endpoints in NetScaler environments Ensure compliance with enterprise security standards and vendor best practices Handle 34 change requests and 1012 troubleshooting tasks weekly for WAF platforms Support L3-level incident response and RCA for...

Level : L3 Managing both on-prem and cloud-based WAF deployments: Citrix NetScaler: Oversee 4 SDX appliances and 11 VPX instances (3 cloud + 8 on-prem), supporting ~1500 internet-facing applications Imperva WAF: Manage gateway appliances and virtual deployments, ensuring high availability, low latency, and SSL acceleration Configure and maintain WAF policies, signatures, and profiles. Apply Web App Firewall protection to VPN, authentication, and portal endpoints in NetScaler environments Ensure compliance with enterprise security standards and vendor best practices Handle 34 change requests and 1012 troubleshooting tasks weekly for WAF platforms Support L3-level incident response and RCA for...

Level : L3 Managing both on-prem and cloud-based WAF deployments: Citrix NetScaler: Oversee 4 SDX appliances and 11 VPX instances (3 cloud + 8 on-prem), supporting ~1500 internet-facing applications Imperva WAF: Manage gateway appliances and virtual deployments, ensuring high availability, low latency, and SSL acceleration Configure and maintain WAF policies, signatures, and profiles. Apply Web App Firewall protection to VPN, authentication, and portal endpoints in NetScaler environments Ensure compliance with enterprise security standards and vendor best practices Handle 34 change requests and 1012 troubleshooting tasks weekly for WAF platforms Support L3-level incident response and RCA for...

Level : L3 Managing both on-prem and cloud-based WAF deployments: Citrix NetScaler: Oversee 4 SDX appliances and 11 VPX instances (3 cloud + 8 on-prem), supporting ~1500 internet-facing applications Imperva WAF: Manage gateway appliances and virtual deployments, ensuring high availability, low latency, and SSL acceleration Configure and maintain WAF policies, signatures, and profiles. Apply Web App Firewall protection to VPN, authentication, and portal endpoints in NetScaler environments Ensure compliance with enterprise security standards and vendor best practices Handle 34 change requests and 1012 troubleshooting tasks weekly for WAF platforms Support L3-level incident response and RCA for...

Level : L3 Continuously monitor endpoint telemetry for Indicators of Attack (IOAs) and Indicators of Compromise (IOCs). Validate and triage alerts generated by Falcon Insight, and escalate confirmed threats to L2/L3 SOC teams Use Real Time Response (RTR) to investigate and remediate threats directly on endpoints without disrupting operations Assist in troubleshooting sensor-related issues, including log collection and root cause analysis Raise and manage support cases with CrowdStrike for unresolved technical problems Maintain documentation of known issues, fixes, and deployment best practices. Conduct proactive threat hunting using Falcons historical and real-time data. Leverage CrowdStrike...

Level : L3 Continuously monitor endpoint telemetry for Indicators of Attack (IOAs) and Indicators of Compromise (IOCs). Validate and triage alerts generated by Falcon Insight, and escalate confirmed threats to L2/L3 SOC teams Use Real Time Response (RTR) to investigate and remediate threats directly on endpoints without disrupting operations Assist in troubleshooting sensor-related issues, including log collection and root cause analysis Raise and manage support cases with CrowdStrike for unresolved technical problems Maintain documentation of known issues, fixes, and deployment best practices. Conduct proactive threat hunting using Falcons historical and real-time data. Leverage CrowdStrike...