5462 Siem Jobs - Page 48

About Gruve Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks. Position Summary We are looking for a skilled Software Engineer with 3-5 years of experience in Java development, SaaS architectures, and cybersecurity solutions. You will play a key role in designing and implementing scalable security applications while following best practices in secure coding and cloud-native development. Key Responsibilities Develop and maintain scalable, secure software solutions using Java. Build and optimize SaaS-based cybersecurity applications, ensuring high performance and reliability. Collaborate with cross-functional teams including Product Management, Security, and DevOps to deliver high-quality security solutions. Design and implement security analytics, automation workflows and ITSM integrations. Basic Qualifications A bachelor’s or master’s degree in computer science, electronics engineering or a related field 3-5 years of experience in software development using Java. Experience with cloud platforms (AWS, GCP, or Azure) and microservices architectures. Proficiency in containerization and orchestration tools (Docker, Kubernetes). Knowledge of DevSecOps principles, CI/CD, and infrastructure-as-code tools (Terraform, Ansible). Preferred Qualifications Exposure to cybersecurity solutions, including SIEM (Splunk, ELK, QRadar) and SOAR (XSOAR, Swimlane). Familiarity with machine learning or AI-driven security analytics. Strong problem-solving skills and ability to work in an agile, fast-paced environment. Why Gruve At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you’re passionate about technology and eager to make an impact, we’d love to hear from you. Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.

Advanced knowledge in handling security incidents and leading investigations. Proficiency in managing and optimizing SOC operations. Experience in implementing security protocols and policies. Expertise in Malware Reverse Engineering, Required Candidate profile Certified Information Systems Security Professional (CISSP). Certified Information Security Manager (CISM). GIAC Certified Enterprise Defender (GCED). Certified Information Security Auditor (CISA),

At Securonix, we’re on a mission to secure the world by staying ahead of cyber threats, reinforcing all layers of our platform with AI capabilities. Our Securonix Unified Defense SIEM provides organizations with the first and only AI-Reinforced solution built with a cybersecurity mesh architecture on a highly scalable data cloud. Enhanced by Securonix EON’s AI capabilities, our innovative cloud-native solution delivers a seamless CyberOps experience, empowering organizations to scale their security operations and keep up with evolving threats. Recognized as a five-time leader in the Gartner Magic Quadrant for SIEM and highly rated on Gartner Peer Insights, our award-winning Unified Defense SIEM provides organizations with 365 days of ‘hot’ data for rapid search and investigation, threat content-as-a-service, proactive defense through continuous peer and partner collaboration, and a fully integrated Threat Detection, Investigation, and Response (TDIR) experience—all within a single platform. Built on a cloud-native architecture, the platform leverages the Snowflake Data Cloud for unparalleled scalability and performance. Securonix is proud to be a cybersecurity unicorn and featured in CRN's 2024 Security 100 list. Backed by Vista Equity Partners, one of the largest private equity firms with over $100 billion in assets under management, we have a unique advantage in driving innovation and growth. With a global footprint, we serve more than 1,000 customers worldwide, including 10% of the Fortune 100. Our network of 150+ partners and Managed Security Service Providers (MSSPs) enables us to deliver unmatched security solutions on a global scale. At Securonix, we are driven by our core values and place our people at the heart of everything we do: Winning as One Team: We work together with universal respect to achieve aligned outcomes Customer Driven Innovation: We innovate to stay ahead of the market and create value for our customers Agility in Action: We embrace change and are unified in our purpose and objectives amidst change Join us as we redefine cybersecurity, innovate fearlessly, and grow together as one team. Role Summary: The SIEM Engineer III position is an integral part of our Professional Services team. In this role, you will work with our customers , supporting our mission to help them quickly and completely adopt our Security Operating Platform, leaving them more secure. This is a highly technical, hands-on role that will focus on architecting, planning, implementing, and operationalizing the SIEM platform. The ideal candidate will have a demonstrated understanding of information security and networking and extensive experience interacting with customers. Securonix Next-Gen SIEM and UEBA experience, although desired, is not required, but the candidate must have SIEM and SOAR software expertise and be willing to train on the Securonix platform and products. Primary Responsibility: Lead end-to-end SIEM implementation or integrations in a customer environment. Understand customer business requirements and the threat landscape applicable to their industry’s vertical sector to develop tailored use cases for security and Incident monitoring. Coordinate with customers to deploy collectors and agents in the on-premises network for data collection and forwarding. Work with customers to design and implement secure data flow into the Securonix cloud, following industry-standard best practices. Coordinate with service delivery managers, management, engineering, maintenance, and operational support teams to ensure timely delivery. Develop content, use cases, data models, dashboards, and connectors to support custom user requirements. Troubleshooting end-to-end network and infrastructure issues during data onboarding. Deploy and integrate the Securonix SOAR solution with the customer infrastructure for response orchestration. Engage with customers and internal product development teams to gather user requirements, suggest new product features, and help improve existing ones. Training and enabling customers and partners for successful adoption. Minimum Requirements: 5+ years of experience in information security and SIEM field. Strong understanding of SIEM solutions such as Splunk, Qradar, ArcSight, Logrhythm and Exabeam. Experience deploying SIEM across multiple customers. Good understanding of MITRE ATT&CK matrices, kill chains and other attack models. Strong communication skills and customer facing experience. Strong knowledge of scripting languages such as Python, Powershell. Industry certifications such as CISSP, CISM Preferred: BS in Computer Science, Information Systems, CyberSecurity 3-4+ years of experience in UEBA deployment Working knowledge of Machine learning in cybersecurity Working knowledge of cloud technologies such as Amazon, Azure and Google Good understanding of log collection methodologies and aggregation techniques such as Syslog-NG, syslog, Nxlog, Windows Event Forwarding Good understanding of Hadoop ecosystem and Apache technologies. Experience integrating endpoint security and host-based intrusion detection solutions Experience with network forensics and toolsets such as Wireshark, PCAP, tcpdump Benefits: As a full-time employee with Securonix, you will be eligible for the following employee benefits: Health Insurance with a total sum insured is INR 7,50,000 Coverage: Self, Spouse, 2 kids, Dependent parents, or parents-in-law Personal Accident with total sum insured is INR 10,00,000 Term Life Insurance with a sum assured for employees is 5 times fixed base pay is covered. Securonix provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state and local laws. Securonix complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including hiring, placement, promotion, termination, layoff, recall, and transfer, leaves of absence, compensation and training. Securonix expressly prohibits any form of unlawful employee harassment based on race, color, religion, gender, sexual orientation, national origin, age, genetic information, disability or veteran status. Improper interference with the ability of Securonix employees to perform their expected job duties is absolutely not tolerated. Headhunters and recruitment agencies may not submit candidates through this application. Securonix does not accept unsolicited headhunter and agency submissions for candidates and will not pay fees to any third-party agency without a prior agreement with Securonix.

Exp. in a SOC, incident detection and response,SIEM platform and EDR. understanding of networking principles, TCP/IP, WANs, LANs, and Internet protocols (SMTP, HTTP, FTP, POP, LDAP). cloud security concepts & platforms (e.g., AWS, Azure, GCP).

Lead and manage the end-to-end functioning of the SOC team, ensuring 24x7 coverage Oversee daily operations, incident response quality, and compliance with SLAs.Work closely with the SOC Manager to prepare periodic threat reports, executive dashboards, and compliance status updates Develop and maintain SOC playbooks, SOPs, and reporting dashboards Conduct regular review meetings, threat landscape briefings, and knowledge sharing sessions Act as point of contact for critical escalations, audits, and client reporting Coordinate with OEMs, security architects, and client IT teams for policy updates and improvements Train and mentor L1 and L2 SOC Analysts to build internal capabilities Ensure policies for endpoints, DLP, firewall rules, and SOAR playbooks are appropriately enabled and updated as per approved change management Assist in root cause analysis (RCA) for incidents and recommend corrective actions Document incidents, resolutions, and playbook adjustments for knowledge base updates Qualification & Skills: Bachelor's degree in Computer Science, IT, or related field (Master's preferred) 7-10 years of experience in SOC operations, including at least 2-3 years in a lead/managerial role Strong expertise in EDR, SIEM, SOAR, DLP, NDR, threat intelligence, and compliance frameworks Relevant certifications preferred:CISSP, CISM, CCSP, GIAC GCIA/GCIH, or other SOC Manager-specific certifications Excellent leadership, communication, and stakeholder management skills

Handle advanced incident investigation, correlation, and in-depth threat analysis Validate and respond to escalations from L1 Analysts Perform threat hunting, malware analysis, and root cause analysis as needed Implement and tune detection use cases and SIEM rules/playbooks Coordinate with OEM L3 Support for complex incident resolution Support dashboard reporting, policy compliance, and continuous improvement Qualification & Skills: Bachelor's degree in IT, Computer Science, or Cyber Security 2-4 years of experience in SOC operations, threat detection, and incident response Good working knowledge of EDR, SIEM, SOAR, DLP, and network security tools Relevant certifications preferred:EC-Council CEH, CompTIA CySA+, EC-Council CHFI, Cisco CyberOps Professional, or equivalent Strong analytical, problem-solving, and communication skills

Perform continuous monitoring of security events and alerts from EDR, SIEM, SOAR, DLP, NDR, and other security solutions Conduct initial triage and categorization of incidents as per defined playbooks Escalate confirmed incidents to L2 SOC Analysts with proper documentation Generate daily incident and alert reports for review Ensure timely closure of false positives and routine alerts Follow standard operating procedures (SOPs) for all security monitoring tasks Qualification & Skills: Graduate in IT, Computer Science, or related field Basic understanding of security concepts, log analysis, and network fundamentals Familiarity with EDR, SIEM, or SOC workflows is preferred

Carry out on-site installation, configuration, and testing of XDR, SIEM, DLP, SOAR components as per deployment plans Perform initial troubleshooting of deployment and integration issues; resolve wherever possible or escalate to L2/L3 teams Coordinate with the client's IT, network, and security teams for necessary access, log configurations, and policy enablement Ensure proper ingestion of logs, agent installations, network traffic configurations, and data flow for solution effectiveness Maintain detailed deployment and issue logs, prepare installation reports, and update project status to the project manager Conduct basic training for client IT/security staff on solution operation and basic troubleshooting Support acceptance testing and handover documentation Follow change management and security best practices during deployment Required Qualifications and Experience : Diploma/Bachelor's Degree in Computer Science, IT, Electronics, or related field 1-5 years of hands-on experience in deploying or supporting cybersecurity solutions (XDR/EDR, SIEM, DLP, SOAR) or enterprise network security solutions Sound knowledge of networking concepts (routing, switching, firewalls, proxy, VPN) Working knowledge of operating systems (Windows/Linux) and endpoint security tools Ability to analyze logs, troubleshoot connectivity or policy issues, and perform root cause analysis

We are looking for an experienced and results-driven Key Account Manager to lead sales and business development efforts for IT Infrastructure, Cybersecurity Solutions, (SaaS/strong background in B2B software and security sales.

At Securonix, we’re on a mission to secure the world by staying ahead of cyber threats, reinforcing all layers of our platform with AI capabilities. Our Securonix Unified Defense SIEM provides organizations with the first and only AI-Reinforced solution built with a cybersecurity mesh architecture on a highly scalable data cloud. Enhanced by Securonix EON’s AI capabilities, our innovative cloud-native solution delivers a seamless CyberOps experience, empowering organizations to scale their security operations and keep up with evolving threats. Recognized as a five-time leader in the Gartner Magic Quadrant for SIEM and highly rated on Gartner Peer Insights, our award-winning Unified Defense SIEM provides organizations with 365 days of ‘hot’ data for rapid search and investigation, threat content-as-a-service, proactive defense through continuous peer and partner collaboration, and a fully integrated Threat Detection, Investigation, and Response (TDIR) experience—all within a single platform. Built on a cloud-native architecture, the platform leverages the Snowflake Data Cloud for unparalleled scalability and performance. Securonix is proud to be a cybersecurity unicorn and featured in CRN's 2024 Security 100 list. Backed by Vista Equity Partners, one of the largest private equity firms with over $100 billion in assets under management, we have a unique advantage in driving innovation and growth. With a global footprint, we serve more than 1,000 customers worldwide, including 10% of the Fortune 100. Our network of 150+ partners and Managed Security Service Providers (MSSPs) enables us to deliver unmatched security solutions on a global scale. At Securonix, we are driven by our core values and place our people at the heart of everything we do: Winning as One Team: We work together with universal respect to achieve aligned outcomes Customer Driven Innovation: We innovate to stay ahead of the market and create value for our customers Agility in Action: We embrace change and are unified in our purpose and objectives amidst change Join us as we redefine cybersecurity, innovate fearlessly, and grow together as one team. Role Summary: The SIEM Engineer III position is an integral part of our Professional Services team. In this role, you will work with our customers , supporting our mission to help them quickly and completely adopt our Security Operating Platform, leaving them more secure. This is a highly technical, hands-on role that will focus on architecting, planning, implementing, and operationalizing the SIEM platform. The ideal candidate will have a demonstrated understanding of information security and networking and extensive experience interacting with customers. Securonix Next-Gen SIEM and UEBA experience, although desired, is not required, but the candidate must have SIEM and SOAR software expertise and be willing to train on the Securonix platform and products. Primary Responsibility: Lead end-to-end SIEM implementation or integrations in a customer environment. Understand customer business requirements and the threat landscape applicable to their industry’s vertical sector to develop tailored use cases for security and Incident monitoring. Coordinate with customers to deploy collectors and agents in the on-premises network for data collection and forwarding. Work with customers to design and implement secure data flow into the Securonix cloud, following industry-standard best practices. Coordinate with service delivery managers, management, engineering, maintenance, and operational support teams to ensure timely delivery. Develop content, use cases, data models, dashboards, and connectors to support custom user requirements. Troubleshooting end-to-end network and infrastructure issues during data onboarding. Deploy and integrate the Securonix SOAR solution with the customer infrastructure for response orchestration. Engage with customers and internal product development teams to gather user requirements, suggest new product features, and help improve existing ones. Training and enabling customers and partners for successful adoption. Minimum Requirements: 5+ years of experience in information security and SIEM field. Strong understanding of SIEM solutions such as Splunk, Qradar, ArcSight, Logrhythm and Exabeam. Experience deploying SIEM across multiple customers. Good understanding of MITRE ATT&CK matrices, kill chains and other attack models. Strong communication skills and customer facing experience. Strong knowledge of scripting languages such as Python, Powershell. Industry certifications such as CISSP, CISM Preferred: BS in Computer Science, Information Systems, CyberSecurity 3-4+ years of experience in UEBA deployment Working knowledge of Machine learning in cybersecurity Working knowledge of cloud technologies such as Amazon, Azure and Google Good understanding of log collection methodologies and aggregation techniques such as Syslog-NG, syslog, Nxlog, Windows Event Forwarding Good understanding of Hadoop ecosystem and Apache technologies. Experience integrating endpoint security and host-based intrusion detection solutions Experience with network forensics and toolsets such as Wireshark, PCAP, tcpdump Benefits: As a full-time employee with Securonix, you will be eligible for the following employee benefits: Health Insurance with a total sum insured is INR 7,50,000 Coverage: Self, Spouse, 2 kids, Dependent parents, or parents-in-law Personal Accident with total sum insured is INR 10,00,000 Term Life Insurance with a sum assured for employees is 5 times fixed base pay is covered. Securonix provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state and local laws. Securonix complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including hiring, placement, promotion, termination, layoff, recall, and transfer, leaves of absence, compensation and training. Securonix expressly prohibits any form of unlawful employee harassment based on race, color, religion, gender, sexual orientation, national origin, age, genetic information, disability or veteran status. Improper interference with the ability of Securonix employees to perform their expected job duties is absolutely not tolerated. Headhunters and recruitment agencies may not submit candidates through this application. Securonix does not accept unsolicited headhunter and agency submissions for candidates and will not pay fees to any third-party agency without a prior agreement with Securonix.

Role: Security Analyst Experience: 8-12 yrs Skills: Vulnerability management, Incident Response, Monitoring SIEM, EDR, Firewall Analysis L2 support Logs and Remediation Security Analyst/ Engineer As a Security Analyst/Engineer, you will be responsible for supporting the security operations of our organization by assisting in the monitoring, detection, and response to security incidents. This role offers a blend of security analysis and engineering tasks. This position offers a progression from foundational knowledge to more advanced responsibilities, allowing you to contribute significantly to the organization's cybersecurity efforts. Key Responsibilities: Security monitoring and analysis • You assist in monitoring security events and alerts from various sources such as SIEM, IDS/IPS, antivirus systems, and endpoint detection platforms • You conduct initial analysis of security events to determine their nature and potential impact on the organization • You collaborate with senior analysts to investigate and respond to security incidents, including malware infections, phishing attempts, and unauthorized access attempts. Incident response • You contribute to incident response activities by providing technical assistance during security incidents, including containment, eradication, and recovery efforts • You document incident response procedures, develop post-incident reports, and conduct lessons learned sessions to improve incident handling capabilities • You implement proactive measures to enhance incident detection and response capabilities, such as developing playbooks for common attack scenarios. Vulnerability management • You support the vulnerability management process by assisting in vulnerability scanning, assessment, and remediation efforts • You help prioritize and track the resolution of identified vulnerabilities in systems and applications • You collaborate with system owners and IT teams to ensure timely patching and mitigation of identified vulnerabilities, leveraging automation and orchestration where possible • You conduct security assessments and penetration tests to identify weaknesses in systems, applications, and network infrastructure. Security tool • You assist in the administration and configuration of security tools and technologies, such as firewalls, intrusion detection/prevention systems, and endpoint security solutions • You participate in the evaluation and testing of new security technologies to enhance the organization's security posture • You optimize the configuration and tuning of security tools and technologies to improve detection accuracy, reduce false positives, and enhance overall effectiveness • You evaluate emerging security technologies and solutions, recommending and implementing enhancements to the security toolset based on industry best practices and organizational requirements. Security awareness and training • You support security awareness and training initiatives by assisting in the development of educational materials and delivering security awareness briefings to staff. Qualifications and Skills: • Bachelor's degree in computer science, Information Security, or related field • Minimum 8 years of experience in a cybersecurity role with progressively increasing responsibilities • Strong understanding of cybersecurity principles, threat landscape, and attack methodologies • Proficiency in security tools and technologies such as SIEM, EDR, IDS/IPS, firewalls, and vulnerability scanners • Excellent analytical, problem-solving, and decision-making skills • Effective communication and stakeholder management abilities • Certifications such as CompTIA Security+, CEH (Certified Ethical Hacker), or equivalent are a plus. Experience • Demonstrated experience in conducting security analysis, incident response, and vulnerability management in a complex environment • Hands-on experience with security tool optimization, security assessments, and penetration testing • Proven track record of incident response efforts and effectively managing security incidents from detection to resolution.

Requirements: Bachelor’s degree in Security Engineering, Computer Engineering, Computer Science, Data Science, or similar technical discipline Familiarity with a broad range of security technologies: SIEM, CASB, SOAR, DLP, and EDR. Technical proficiency with one or more of the major cloud computing environments. Several years of experience with the Python programming language. Excellent software design, problem-solving, and debugging skills. Energetic, passionate about security, and professionally curious about the cybersecurity threat landscape

Position: Cybersecurity Enterprise Sales – SIEM Engineering Focus Experience : 8+ Location: Hyderabad/Bangalore/Mumbai Role Overview: We are seeking a dynamic and results-driven Cybersecurity Enterprise Sales professional to join our team. This role is focused on selling advanced cybersecurity solutions, including SIEM, SOAR, and Adaptive MDR offerings, to mid-to-large enterprises. The ideal candidate will have a strong foundation in cybersecurity operations, particularly SIEM engineering, and a proven track record in enterprise technology sales Key Responsibilities: • Develop and execute a strategic sales plan to meet and exceed quarterly and annual sales targets. • Identify, qualify, and pursue new business opportunities in enterprise accounts. • Conduct engaging product presentations and solution demonstrations to prospective clients. • Understand customer security needs and map solutions accordingly, with a focus on SIEM, SOAR, and MDR. • Lead contract negotiations and close deals. • Build and maintain long-term relationships with key stakeholders and channel partners. • Stay current on the latest cybersecurity trends and emerging technologies. • Collaborate with internal technical and product teams to align solutions with customer needs. Required Qualifications: • Bachelor's degree in Business, Computer Science, Information Security, or a related field. • 8+ years of experience in cybersecurity sales, with a focus on enterprise customers. • Hands-on understanding of SIEM tools (e.g., Splunk, IBM QRadar, Securonix) and security operations workflows. • Proven ability to meet or exceed sales targets in a complex, solution-oriented environment. • Excellent communication, presentation, and negotiation skills. • Self-starter with the ability to work independently and cross-functionally Preferred Skills: • Experience selling MDR, SIEM, SOAR, or AI-driven security solutions. • Familiarity with SaaS security platforms and cloud security posture management. • Background in threat detection, incident response, or SIEM engineering is a strong plus

Join DAZN's Security Operations team as a Security Operations Analyst and help protect the world's leading global sports streaming platform. You'll be part of a dynamic team responsible for detecting, investigating, and responding to security threats across our diverse technology stack, from cloud infrastructure to broadcasting systems that deliver live sports to millions of fans worldwide. ## What You'll Do Threat Detection & Response Configure, maintain, and monitor security alerts and escalations from various tools including Microsoft Sentinel SIEM, Defender for Endpoint, WIZ, AWS WAFv2, Tenable, and other security platforms Lead and drive incident response activities from initial detection through remediation to prevention Conduct thorough incident root cause analysis and recommend actionable steps to prevent future occurrences Triage and investigate security alerts, determining true positives from false positives Threat Intelligence & Analysis Monitor and analyze global threat intelligence trends with potential impact on DAZN's business operations Get hands-on with threat feeds and real-time attack data, with particular focus on threats targeting broadcasting and streaming environments Configure new detection rules and alerts based on emerging threats, hunt results, or lessons learned from incident analysis Security Operations Enhancement Identify, develop, and implement new processes and procedures to strengthen our security operations program Contribute to the development of custom automation tools to enhance monitoring and response capabilities Collaborate with the team to continuously improve security monitoring across our cloud and on-prem environments Stakeholder Support Respond to internal security-related questions and requests from teams across DAZN Provide security and privacy expertise to support multiple business units and technical teams Participate in security awareness initiatives and help educate colleagues on security best practices What We're Looking For Essential Requirements Strong passion for cybersecurity, particularly threat detection and response Experience handling complex security incidents and conducting investigations Knowledge across multiple cybersecurity domains (network security, identity security, endpoint protection, cloud security, etc.) Familiarity with SIEM platforms (Microsoft Sentinel experience preferred) Understanding of security tools such as EDR, CASB, CSPM solutions Ability to work independently with minimal guidance while managing multiple tasks within set timeframes Strong analytical and problem-solving skills with attention to detail

We are seeking a versatile and experienced Cybersecurity Professional to join our team as a Threat Hunter and VAPT Analyst . In this dual-capacity role, you will proactively identify and mitigate emerging cyber threats, perform in-depth vulnerability assessments, and help protect critical infrastructure and data assets. This role requires a blend of advanced technical expertise , analytical mindset , and strong collaboration with SOC and incident response teams. Key Responsibilities Threat Hunting Proactively hunt for undetected threats across networks, systems, and endpoints using behavioral analysis and threat intelligence . Identify Tactics, Techniques, and Procedures (TTPs) and anomalies to detect potential threats or APT activities. Leverage threat intelligence feeds and the MITRE ATT&CK framework to build and validate detection use cases. Collaborate with SOC teams to enhance detection rules and reduce false positives. Conduct forensic investigations and perform root cause analysis on incidents and suspicious behaviors. Develop custom scripts and queries (Python, PowerShell, Bash) for automating hunting activities in EDR, SIEM, and XDR platforms. Document and share threat hunting reports , IOCs , and actionable recommendations with relevant stakeholders. Vulnerability Assessment & Penetration Testing (VAPT) Conduct vulnerability assessments and penetration tests on systems, applications, networks, and APIs. Analyze vulnerabilities, assess risks, and deliver detailed, actionable reports to technical teams. Use a combination of automated tools (e.g., Nessus , Burp Suite , Nmap , Metasploit ) and manual techniques to identify security flaws. Ensure all assessments adhere to internal policies and regulatory standards . Perform periodic and ad-hoc security assessments for web applications , databases , wireless , and cloud environments . Collaborate with IT teams to validate remediations through re-testing and follow-ups . Stay current on emerging vulnerabilities , exploit techniques , and threat actor tactics . Qualifications & Skills Bachelor’s degree in computer science, Information Security , or a related discipline. 5+ years of experience in a cybersecurity role with hands-on work in threat hunting and VAPT . Strong expertise in VAPT tools and methodologies: Nessus, Burp Suite, Nmap, Metasploit, OWASP Top 10 . Experience with SIEMs , EDR platforms , and threat intelligence tools . Working knowledge of the MITRE ATT&CK framework . Proficient in scripting languages such as Python, PowerShell, or Bash . Excellent analytical , investigative , and report-writing skills. Strong communication and stakeholder engagement abilities. Preferred Certifications OSCP – Offensive Security Certified Professional CEH – Certified Ethical Hacker GIAC – GCIH, GPEN, GWAPT

Role- Senior Security Analyst Location- Ghaziabad Budget- 9 LPA Note:- Candidate must have 4+ years of SOC experience with hands-on exposure at L1 level. Job Description: We are looking for a highly skilled and proactive Senior Security Analyst to join our Security Operations Center (SOC) team. The ideal candidate will be responsible for monitoring security alerts, investigating threats, managing SIEM operations, and ensuring timely incident resolution while maintaining log integrity and system health. Key Responsibilities: Continuously monitor security alerts, incidents, and health dashboards. Investigate security alerts and ensure closure by coordinating with the concerned teams. Analyze and report on bad reputation IPs; forward findings to the network team for appropriate blocking. Develop and customize reports, rules, and dashboards as per client requirements. Create and tune incident alert rules in the SIEM platform. Integrate various security devices and log sources into the SIEM (e.g., firewalls, routers, servers). Perform fine-tuning of security alerts to reduce false positives and improve detection accuracy. Monitor and manage SIEM storage components such as Archiver. Maintain connectivity checks of all RSA NetWitness components (Log Decoder, Concentrator, ESA, etc.). Backup logs from cold storage to virtual machines (VMs) as per retention policy. Ensure the integrity, availability, and confidentiality of event and log data. Provide end-to-end resolution for HPSM (HP Service Manager) tickets. Participate in compliance checks and audit readiness tasks. Required Skills: Strong hands-on experience with RSA NetWitness SIEM or similar platforms. Deep understanding of security monitoring, alert handling, and incident response. Experience in log analysis and security use case development. Proficient in integrating new log sources and performing log correlation. Knowledge of network security, IP reputation, and attack vectors. Familiar with HPSM or other ITSM tools for ticket lifecycle management. Tools & Technologies: RSA NetWitness SIEM HPSM or ITSM Tools Security Dashboards and Reporting Tools Cold Storage Backup Systems Network Threat Intelligence Platforms -- Kirti Rustagi kirti.rustagi@raspl.com

Responsible for conducting all threat-hunting activities necessary for identifying the threats including zero day. Hunt for security threats, identify threat actor groups and their techniques, tools and processes. Strong knowledge of APT lifecycle, tactics, techniques, and procedures (TTPs). Familiarity with MITRE ATT&CK framework and mapping threats to techniques. Provide expert analytic investigative support toL1 and L2 analysts for complex security incidents. Proficiency in malware behavior analysis and sandboxing. Perform analysis of security incidents for further enhancement of rules, reports, AI/ML models. Perform analysis of network packet captures, DNS, proxy, NetFlow, malware, host-based security and application logs, as well as logs from various types of security sensors uncovering the unknown about internet threats and threat actors. Analyse logs, alerts, suspicious malwares samples from all the SOC tools, other security tools deployed such as Anti-Virus, Anti APT solutions, EDR, IPS/IDS, Firewalls, Proxies, Active Directory, Vulnerability assessment tools etc. Using knowledge of the current threat landscape, threat actor techniques, and the internal network, analyze log data to detect active threats within the network. Build, document and maintain a comprehensive model of relevant threats to customer. Proactively identify potential threat vectors and work with team to improve prevention and detection methods. Identify and propose automated alerts for new and previously unknown threats. Incident Response for identified threats. Strong knowledge of APT lifecycle, tactics, techniques, and procedures (TTPs). Hands-on experience with Trellix (formerly McAfee) APT solutions, EDR, and Threat Intelligence. Proficiency in malware behavior analysis and sandboxing. Familiarity with MITRE ATT&CK framework and mapping threats to techniques. Experience with security monitoring tools such as SIEM, SOAR, EDR, and Threat Intelligence Platforms (TIPs). Solid understanding of network protocols, endpoint protection, and intrusion detection systems.

Key Responsibilities Monitor, identify, and respond to security incidents across systems and networks. Implement and maintain security measures such as firewalls, intrusion detection systems (IDS), and endpoint protection. Conduct regular vulnerability assessments and penetration tests on systems and applications. Collaborate with DevOps and Engineering teams to integrate security best practices into CI/CD pipelines. Manage and review access controls, identity management, and secure configurations. Investigate and remediate security breaches, threats, and anomalies. Stay current with the latest security trends, vulnerabilities, and threat intelligence. Document security processes, policies, incident response plans, and risk assessments. Assist in compliance efforts (e.g., ISO 27001, SOC 2, GDPR) as applicable. Required Skills and Qualifications Bachelor’s degree in Computer Science, Information Security, or related field. Proven experience in system/network/application security. Strong knowledge of cybersecurity frameworks and standards (OWASP, NIST, CIS). Familiarity with tools such as Wireshark, Nessus, Burp Suite, Metasploit, or similar. Hands-on experience with cloud platforms (AWS, Azure, or GCP) and securing cloud infrastructure. Understanding of secure coding practices and code review for security flaws. Scripting knowledge (e.g., Python, Bash, PowerShell) is a plus. Nice to Have Security certifications like CEH, CISSP, OSCP, or CompTIA Security+. Experience in automating security tasks or using SIEM tools. Knowledge of container security (e.g., Docker, Kubernetes). Job Types: Full-time, Permanent Pay: ₹500,000.00 - ₹800,000.00 per year Benefits: Flexible schedule Paid sick time Paid time off Provident Fund Ability to commute/relocate: Gandhinagar, Gujarat: Reliably commute or planning to relocate before starting work (Required) Experience: Security Engineer: 2 years (Required) Work Location: In person

Role Overview: The Cyber & Technical Risk Assessment Officer will be responsible for identifying, analysing, and mitigating cyber and technical risks associated with banking systems, infrastructure, and digital assets. This role will ensure that the bank complies with regulatory requirements (such as RBI, SEBI, ISO, NIST, etc.), and internal risk frameworks, and maintains a strong security posture. Required Qualifications & Skills: Certifications (Preferred): CRISC, CISA, CISSP, ISO 27001 LA, CEH, or similar. Experience: 8-10 years of relevant experience in Information Security domain (minimum 3 years in cyber/IT risk assessment, preferably in BFSI). Familiarity with GRC tools (RSA Archer, ServiceNow GRC, etc.). Key Responsibilities: 1. Cyber & IT Risk Assessments: Conduct end-to-end cyber risk assessments for critical IT systems, applications, and infrastructure. Evaluate technology solutions and vendors for inherent risks. Perform periodic threat modelling and vulnerability assessments. Maintain risk registers and report on identified risks with remediation plans. 2. Control Reviews & Compliance: Assess and ensure compliance with applicable regulatory guidelines such as: RBI’s Cybersecurity Framework for Banks SEBI’s CSCRF (for REs, if applicable) ISO 27001, NIST CSF, PCI-DSS Validate implementation of security controls across endpoints, network, cloud, and application layers. 3. Governance and Reporting: Prepare cyber risk dashboards and submit periodic reports to senior management, CRO, and Board committees. Track and follow up on mitigation of identified risks. Coordinate with auditors (internal/external) during cyber/IT audits. 4. Third-party & Cloud Risk Management: Conduct third-party risk assessments for outsourced vendors and cloud service providers. Ensure that Service Level Agreements (SLAs) and contracts cover cyber risk clauses and responsibilities. 5. Incident Risk Evaluation: Participate in root cause analysis for cyber incidents. Assess risk impact of incidents and define compensating controls. 6. Policy and Process Development: Assist in drafting or updating Information Security and Risk Management policies. Ensure adherence to secure SDLC and DevSecOps practices. Technical Skills: Understanding of firewalls, IDS/IPS, DLP, SIEM, EDR, IAM tools. Knowledge of cybersecurity standards and frameworks (e.g., NIST, MITRE ATT&CK). Ability to interpret vulnerability scan results and threat intelligence reports. Soft Skills: Strong analytical and documentation skills. Communication and stakeholder management. Ability to work independently and handle multiple priorities. Desirable: Hands-on experience with risk scoring methodologies. Exposure to cloud platforms (AWS, Azure) and their risk models. Experience in cybersecurity exercises, RCSA, and BIA for IT systems.

Location: Muscat Oman Type Of Role: Full time Onsite (Not a Hybrid/Remote Position) Experience: 3-6 Years Job Summary: We are seeking a skilled and motivated Security Engineer with expertise in the Netskope platform to join our Information Security team. The ideal candidate will be responsible for implementing, configuring, monitoring, and optimizing Netskope’s Security Cloud Platform to protect organizational data, support secure cloud adoption, and ensure compliance with corporate security policies. Key Responsibilities: Design, deploy, and maintain Netskope security solutions across the enterprise. Work closely with IT, Security, and Compliance teams to integrate Netskope with existing systems (e.g., identity providers, SIEM, CASB, DLP). Monitor and analyze Netskope alerts, events, and logs to detect and respond to threats in real time. Tune policies and configurations in Netskope to improve visibility and reduce false positives. Lead incident response efforts involving cloud-based threats detected via Netskope. Ensure Secure Web Gateway (SWG) , Cloud Access Security Broker (CASB) , Zero Trust Network Access (ZTNA) , and Data Loss Prevention (DLP) policies are effectively implemented and maintained. Create and maintain technical documentation, including architecture diagrams and SOPs. Provide subject matter expertise in cloud security and secure SaaS application usage . Stay current with Netskope product updates, emerging threats, and industry best practices. Requirements: Must-Have Skills: Hands-on experience with Netskope Security Cloud Platform (SWG, CASB, ZTNA, DLP, etc.). Strong understanding of cloud security architecture and best practices. Knowledge of protocols like HTTP, HTTPS, SAML, OAuth, and APIs. Familiarity with SIEM platforms , cloud platforms (e.g., AWS, Azure, GCP), and identity providers (e.g., Okta, Azure AD). Strong troubleshooting and analytical skills. Preferred Qualifications: Certifications such as Netskope Certified Cloud Security Administrator (NCCSA) , CCSP , CISSP , or CEH . Experience with scripting or automation tools (Python, PowerShell, etc.). Prior experience in large-scale enterprise or multi-cloud environments.

Information SecurityPune Corporate Office - Mantri Posted On 23 Jul 2025 End Date 23 Jul 2026 Required Experience 3 - 4 Years BASIC SECTION Job Level GB04 Job Title Senior Domain Manager - Information Security, Security Operations, Security Operations Job Location Country India State MAHARASHTRA Region West City Pune Location Name Pune Corporate Office - Mantri Tier Tier 1 Skills SKILL SKILLS AS PER JD Minimum Qualification OTHERS JOB DESCRIPTION Job Purpose Information security team member (with skip level reporting to CISO) who is proficient in maintaining & managing data base security DAM. Information Security tool management & governance. Understanding of regulatory requirements, maintaining the tool compliance, configuring the tool policy, logs review & alert/incident handling. Driving information Security projects & Monitoring Key Risk Indicators (KRIs) for Information Security. Duties and Responsibilities A- Minimum required Accountabilities for this role Deployment & Configuration Lead or assist in the deployment of DAM tools (e.g., Imperva SecureSphere, IBM Guardium, DataSunrise, Oracle Audit Vault). Configure agents/connectors for various database platforms (Oracle, SQL Server, MySQL, PostgreSQL, etc.). Ensure proper integration with SIEM and other security infrastructure. Validate data collection and ensure coverage across critical databases. Management & Maintenance Create, Maintain and update DAM policies, rules, and configurations. Monitor DAM tool health, performance, and data integrity. Perform regular audits of DAM coverage and ensure alignment with compliance requirements. Manage user access and role-based permissions within the DAM platform. Incident Detection & Handling Monitor alerts and logs for suspicious database activity (e.g., unauthorized access, privilege escalation, data exfiltration). Investigate DAM-generated incidents and coordinate with SOC/IR teams. Document incident findings and support forensic analysis. Recommend and implement remediation actions based on incident outcomes. Collaboration & Knowledge Sharing Work closely with DBAs, InfoSec, and IT teams to ensure secure database operations. Provide training and guidance on DAM tool usage and best practices. Stay updated on DAM tool enhancements and database security|B- Additional Accountabilities pertaining to the role  Manage & maintain security tool policies like like AV/EDR, Vulnerability management tool, FIM, SIEM agent.  Maintain compliance as per organization compliance policy  Highlight risk & mitigation plan  Work with SOC team to investigate security alerts and improve detection rules.  Document security policies, configurations, and incident reports.  Risk analysis and mitigation  Interaction with OEM for Highly Critical technical support.  Responsible for Reports & Technical documentation.  Should be capable to guide the team/individual on requirement basis.  Communicate effectively with stakeholders & cross function teams  Responsible for MIS Reports/ Technical documents  Vendor Co-ordination  Excellent spoken and written English Communication.  Strong troubleshooting, analytical, and communication skills  Good attitude towards corporate environment.  Team player & Mentor to the team.  Energetic, self-motivated and self-sufficient in accomplishing tasks.  Good analytical and problem solving skills. Key Decisions / Dimensions Identification of right contacts to channelise the issue/problem for closure. Review the alert/incident and categorised True positive / False positive and take require steps. Discuss observation response as applicable & improve security controls. Decide if the policy and procedure documents need changes based on new regulations or audit outcomes. Major Challenges Handling of fast changing environment with variety of cloud service providers Handling of compliance expectations in stringent timelines Handling multiple stakeholders at a time Coordination with third party consultants who assist in auditing and compliance initiatives Required Qualifications and Experience a) Qualifications Minimum 3+ years of experience in Database Activity monitoring tool (DAM). Minimum 3+ years in Database operations/Installation & health monitoring/ Knowledge of SQL queries. b) Work Experience Knowledge & hands-on experience in information security tool compliance & incident management Database Activity monitoring tool (DAM). Sound knowledge on IT infrastructure, Information Security concept & tools, ISMS & BCMS frameworks, regulatory guidelines related to IT and cyber for NBFCs Experience in Project management. Positive attitude, Hard Worker and team player Excellent Communication and Leadership Skills Certifications like CEH (Ethical Hacking), Azure/AWS Security, application penetration testing would be an added advantage

Information SecurityPune Corporate Office - Mantri Posted On 23 Jul 2025 End Date 23 Jul 2026 Required Experience 3 - 4 Years BASIC SECTION Job Level GB04 Job Title Senior Domain Manager - Information Security, Security Operations, Security Operations Job Location Country India State MAHARASHTRA Region West City Pune Location Name Pune Corporate Office - Mantri Tier Tier 1 Skills SKILL SKILLS AS PER JD Minimum Qualification OTHERS JOB DESCRIPTION Job Purpose Information security team member (with skip level reporting to CISO) who is proficient in maintaining & managing Cloud Security, Container security & CICD deployment. Information Security tool management & governance. Understanding of regulatory requirements, maintaining the tool compliance, configuring the tool policy, logs review & alert/incident handling. Driving information Security projects & Monitoring Key Risk Indicators (KRIs) for Information Security. Duties and Responsibilities A- Minimum required Accountabilities for this role Role: The CSPM Specialist is responsible for continuously monitoring and improving the security posture of cloud environments (AWS, Azure, GCP) by identifying misconfigurations, enforcing compliance, and mitigating risks. Key Responsibilities: Security Posture Monitoring:  Implement and manage CSPM tools (e.g., Prisma Cloud, Wiz, Orca, Microsoft Defender for Cloud).  Continuously assess cloud configurations for security risks and compliance violations.  Monitor for drift from secure baselines and enforce remediation workflows. Risk Identification & Remediation:  Detect misconfigurations, excessive permissions, and insecure storage or networking setups.  Collaborate with cloud engineering and DevOps teams to remediate findings.  Prioritize risks based on impact and likelihood. Compliance & Governance:  Map cloud resources to compliance frameworks (e.g., CIS Benchmarks, NIST, ISO 27001, GDPR).  Generate reports and dashboards for audits and executive visibility.  Ensure tagging, encryption, and access control policies are enforced. Automation & Integration:  Integrate CSPM tools with SIEM, SOAR, and ticketing systems.  Automate alerts, remediation, and policy enforcement using IaC (Terraform, CloudFormation).  Develop custom rules and policies for cloud security monitoring. Incident Response & Forensics:  Investigate alerts and anomalies flagged by CSPM tools.  Support cloud incident response and post-mortem analysis.  Maintain logs and evidence for forensic investigations.  Role: Focuses on securing containerized environments (e.g., Docker, Kubernetes) and integrating security into the software development lifecycle. Key Responsibilities:  Design and implement security controls for containers.  Conduct penetration testing and vulnerability scans on container images.  Automate security tasks within CI/CD pipelines.  Monitor container environments using tools like SIEM and vulnerability scanners.  Develop and maintain container security policies.  Collaborate with DevOps and security teams.  Stay updated on container security threats and best practices Role Overview: Ensures security is embedded throughout the CI/CD pipeline, from code development to deployment. Key Responsibilities:  Implement automated security testing and vulnerability scanning in CI/CD.  Review code and architecture for security risks.  Monitor and respond to security incidents in the pipeline.  Collaborate with developers and IT teams to enforce secure coding practices.  Develop and maintain secure coding standards and policies.  Evaluate and integrate security tools into the pipeline.  Stay current with cybersecurity trends and threats.|B- Additional Accountabilities pertaining to the role  Manage & maintain security tool policies like like AV/EDR, Vulnerability management tool, FIM, SIEM agent.  Maintain compliance as per organization compliance policy  Highlight risk & mitigation plan  Work with SOC team to investigate security alerts and improve detection rules.  Document security policies, configurations, and incident reports.  Risk analysis and mitigation  Interaction with OEM for Highly Critical technical support.  Responsible for Reports & Technical documentation.  Should be capable to guide the team/individual on requirement basis.  Communicate effectively with stakeholders & cross function teams  Responsible for MIS Reports/ Technical documents  Vendor Co-ordination  Excellent spoken and written English Communication.  Strong troubleshooting, analytical, and communication skills  Good attitude towards corporate environment.  Team player & Mentor to the team.  Energetic, self-motivated and self-sufficient in accomplishing tasks.  Good analytical and problem solving skills. Key Decisions / Dimensions Identification of right contacts to channelise the issue/problem for closure. Review the alert/incident and categorised True positive / False positive and take require steps. Discuss observation response as applicable & improve security controls. Decide if the policy and procedure documents need changes based on new regulations or audit outcomes. Major Challenges Handling of fast changing environment with variety of cloud service providers Handling of compliance expectations in stringent timelines Handling multiple stakeholders at a time Coordination with third party consultants who assist in auditing and compliance initiatives Required Qualifications and Experience a) Qualifications Minimum 3+ years of experience in Cloud Security Posture management, Cloud workload protection. (CSPM, CWP) Minimum 3+ years in Information / Cyber / application security. b) Work Experience Knowledge & hands-on experience in information security tool compliance & incident management (CSPM (PaloAlto Prisma), AV/EDR, Vulnerability management tool, FIM, SIEM (Microsoft Sentinel) Sound knowledge on IT infrastructure, Information Security concept & tools, ISMS & BCMS frameworks, regulatory guidelines related to IT and cyber for NBFCs Experience in Project management. Positive attitude, Hard Worker and team player Excellent Communication and Leadership Skills Certifications like CEH (Ethical Hacking), Azure/AWS Security, application penetration testing would be an added advantage

About Us Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos’ complete portfolio includes industry-leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com. Role Summary Our Sophos ZTNA Team is looking for developers who possess excellent programming skills and have prior experience in network security field. We are looking for a backend developer for managing and advancing our cloud-based network security platform that handles tens of thousands of devices and customers. You will build features from the ground up using sound design principles around security and scale. Sophos ZTNA is the only zero trust network access solution that is tightly integrated with next-gen endpoint, XDR, and MDR. ZTNA eliminates vulnerable VPN clients, integrates device health, and removes the implicit trust and broad network access that VPN provides. It allows granular access to resources defined by policies based on health and identity to enhance your security posture. What you will do Be able to interact with product managers to define the feature and write clear functional specs Work with the frontend team to define the API contracts for the backend services Work on critical field escalations and drive closure Work on prototypes that are pre-cursors to features on the product roadmap What you will bring Must have 12+ years of progressive experience in enterprise architecture, with hands-on leadership across business, application, data, and technology domains 5+ years’ experience working with commercial software using either Java Springboot or Golang 2+ years’ experience working with containers & microservices (e.g., Docker, Kubernetes environments) In depth knowledge of different networking protocols (e.g. HTTP/HTTPS, TCP/IP) Excellent design skills using principles of reuse, modularity, scale, etc Excellent understanding of data structures and algorithms Good understanding of, Microservice architecture, AWS cloud infrastructure, SQL and NoSQL databases Experience working on Network Security domain is mandatory Bachelor's degree in Computer Science (or related field) #B2 Ready to Join Us? At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply. What's Great About Sophos? · Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. Please refer to the location details in our job postings for further information. · Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit · Employee-led diversity and inclusion networks that build community and provide education and advocacy · Annual charity and fundraising initiatives and volunteer days for employees to support local communities · Global employee sustainability initiatives to reduce our environmental footprint · Global fitness and trivia competitions to keep our bodies and minds sharp · Global wellbeing days for employees to relax and recharge · Monthly wellbeing webinars and training to support employee health and wellbeing Our Commitment To You We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know. Data Protection If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos

Senior IT Assistant, Security, Risk and Compliance Job #: req33827 Organization: World Bank Sector: Information Technology Grade: GD Term Duration: 3 years 0 months Recruitment Type: Local Recruitment Location: Chennai,India Required Language(s) Preferred Language(s): Closing Date: 8/1/2025 (MM/DD/YYYY) at 11:59pm UTC Description Working at the World Bank Group provides a unique opportunity for you to help our clients solve their greatest development challenges. The World Bank Group is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions dedicated to ending extreme poverty, increasing shared prosperity and promoting sustainable development. With 189 member countries and more than 120 offices worldwide, we work with public and private sector partners, investing in groundbreaking projects and using data, research, and technology to develop solutions to the most urgent global challenges. For more information, visit www.worldbank.org ITS Vice Presidency Context The Information and Technology Solutions (ITS) Vice Presidential Unit (VPU) enables the World Bank Group to achieve its mission of ending extreme poverty and boost shared prosperity on a livable planet by delivering transformative information and technologies to its staff working in over 150+ locations. For more information on ITS, see this video:https://www.youtube.com/watch?reload=9&v=VTFGffa1Y7w Vice Presidency Context Information and Technology Solutions (ITS) enables the WBG to achieve its mission of ending extreme poverty by 2030 and boosting shared prosperity in a sustainable manner by delivering transformative information and technologies to its staff working in over 130 client countries. ITS services range from: establishing the infrastructure to reach and connect staff and development stakeholders; providing the devices and agile technology and information applications to facilitate the science of delivery through decentralized services; creating and maintaining tools to integrate information across the World Bank Group, the clients we serve and the countries where we operate; and delivering the computing power staff need to analyze development challenges and identify solutions. The ITS business model combines dedicated business solutions centers that provide services tailored to specific World Bank Group business needs and shared services that provide infrastructure, applications and platforms for the entire Group. ITS is one of three VPUs that have been brought together as the World Bank Group Integrated Services (WBGIS), to provide enhanced corporate core services and enable the institution to operate as one strategic and coordinated entity. Unit Context The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), is responsible for providing leadership in managing the functions and activities of information security and risk across the World Bank Group, enabling the achievement of WBG’s business objectives. ITSSR enables and facilitates a risk aware culture, ensures that WBG information assets are protected in an effective, efficient, and balanced manner; and IT security and risk management efforts throughout the World Bank Group are coordinated and aligned to the Bank's business and IT strategy. ITSSR establishes and maintains the World Bank Group's IT and InfoSec policies and standards; develops and engineers the WBG’s information security plans and solutions; responds to security incidents; and ensures that the information risks are identified, assessed, and managed in consistent with the overall risk management approach and with the established appetite and tolerance. ITSSR consists of three main units: 1) ITS Risk Management, Compliance, and Policy, 2) ITS Information Security Engineering and Operations (ITSIS), and 3) Program Management Office (PMO). Duties And Accountabilities ITSIS is seeking to fill the position of IT Analyst, Security, Risk and Compliance within the ISOC. The successful candidate will be responsible for managing high-visibility security incident responses. The ideal candidate will possess the necessary technical and interpersonal skills to handle high-impact incidents. We are looking for an incident responder who thrives under intense pressure and is committed to round-the-clock availability to swiftly identify, contain, and remediate critical security incidents. This role demands immediate response to potential breaches, requiring exceptional problem-solving abilities and the capacity to work effectively during off-hours. In addition to applied experience, the individual will bring excellent problem solving, communication and teamwork skills, along with agile ways of working, strong business insight, an inclusive leadership attitude and a continuous learning focus. Scope of Work Provide Information Security Operations Center (ISOC) support on a 24x7x365 basis by shift work with rotation Review information security alerts from various sources and based on the classification and its impact would prioritize the alerts and assign to the respective teams within Information Security Office. Conduct thorough investigative actions based on security events and remediate as dictated by standard operating procedures Participate in all the phases of security incident response process, including detection, containment, eradication, and post-incident reporting. Record detailed Security Incident Response activities in the Case Management System. Use Security information and event management (SIEM) capabilities to develop alerts to detect anomalies. Assist in developing and setting up frameworks for developing Security incident response. Assist developing and maintaining ISMS procedures (related to ISOC) for complying with global ISMS policy defined by the organization. Maintain technical proficiency in information security concepts and related technologies through on the job training, performing individual research and attending training courses as necessary. Undertake knowledge sharing and training activities on various monitoring tools and remediation techniques on periodic basis. Develop periodic status reports and monthly metrics for reporting purposes. Support R&D lab using virtual machines and monitor open-source security research news, contribute to control testing and strengthening. Experience in threat hunting in a diverse log and tool environment. The role requires the person to be able to manage threat hunting work program not limited to scoping, tooling and reporting metrics. Perform detailed analysis of attacks against web infrastructure. This includes identification of malicious code within URLs, collection of malicious plugins and/or exploits' payload. Able to identify exploit and exploit tools involved in attacks. Able to identify packing techniques used to obfuscate URLs. Able to look at return traffic from exploitation activity looking for successful exploitation. Respond to High impact incident like ransomware, major compromise, internal threats, third parties, and data leakage. Perform log analysis, analyze large datasets, forensic analysis and create reports. Create and deliver data driven reports and presentations for management and other stakeholders. Liaison with threat hunting, infrastructure, IT, vulnerability management, threat intelligence and software engineer team members. Conduct forensic examinations that include collection, preservation and analysis of data and systems. Support creation and delivery of incident response tabletop exercises designed to identify gaps, improve skills, enhance communication and engage with key stakeholders. Perform other duties as assigned. Selection Criteria Bachelor's degree in computer science, information technology, systems engineering, or a related field. Minimum 2 years of Information Security experience required with majority of time in a SOC. Experience in investigations including, but not limited to, end-user hosts, servers, network infrastructure, mobile devices, peripherals and application systems. Experience in working on High impact incident like ransomware, major compromise, internal threats, third parties, and data leakage. Experience in log analysis, ability to analyze large datasets, create reports, perform forensic analysis. Experience in building and maintaining tools, processes, and capabilities for log analysis, ensuring the provision of data to incident stakeholders in an easy and scalable manner. Understanding of network traffic and be able to analyze network traffic from an Incident Response perspective. Past exposure to handle malware and financial crime malware related incidents. Familiarity with industry-standard processes defined for systems design, database design, development, testing, and integration phases of a project, including Agile-based implementations. Experience working in Agile environments, participating in Agile ceremonies, and utilizing Agile methodologies for security operations and threat investigations. Knowledge of common hacking tools and techniques Preferred Skillsets / Requirements GIAC Certified Intrusion Analyst (GCIA) or GIAC Certified Incident Handler (GCIH) Security + , CEH WBG Culture Attributes Sense of Urgency – Anticipating and quickly reacting to the needs of internal and external stakeholders. Thoughtful Risk Taking – Taking informed and thoughtful risks and making courageous decisions to push boundaries for greater impact. Empowerment and Accountability – Engaging with others in an empowered and accountable manner for impactful results. World Bank Group Core Competencies The World Bank Group offers comprehensive benefits, including a retirement plan; medical, life and disability insurance; and paid leave, including parental leave, as well as reasonable accommodations for individuals with disabilities. We are proud to be an equal opportunity and inclusive employer with a dedicated and committed workforce, and do not discriminate based on gender, gender identity, religion, race, ethnicity, sexual orientation, or disability. Learn more about working at the World Bank and IFC , including our values and inspiring stories.

Job Summary The IT Infrastructure Manager will be responsible for overseeing all aspects of the organization's IT infrastructure, ensuring its stability, security, and efficiency. This role involves strategic planning, implementation, and maintenance of IT systems, managing vendor relationships, ensuring compliance with industry standards, and leading a team to provide excellent user support. The ideal candidate will have a strong background in IT operations, security, and disaster recovery, with a proven ability to manage complex IT environments. Key Responsibilities IT Infrastructure Management : Design, implement, and manage the organization's IT infrastructure, including servers, networks, storage, virtualization platforms, and cloud services. Monitor system performance and ensure high availability and reliability of all IT services. Develop and implement IT policies, procedures, and best practices. Plan and execute infrastructure upgrades, migrations, and new technology deployments. Ensure optimal performance and scalability of all infrastructure components. IT Security Audit & Security Management Develop, implement, and maintain comprehensive IT security policies and procedures. Conduct regular IT security audits, vulnerability assessments, and penetration testing to identify and mitigate risks. Monitor security systems (e.g., firewalls, IDS/IPS, SIEM) for threats and anomalies. Respond to security incidents, conduct investigations, and implement corrective actions. Ensure compliance with data protection regulations and industry security standards. Implement and manage identity and access management (IAM) solutions. System Maintenance Oversee routine system maintenance activities, including patching, updates, backups, and performance tuning for all IT systems and applications. Develop and manage maintenance schedules to minimize disruption to business operations. Troubleshoot and resolve complex hardware and software issues. Maintain accurate documentation of all system configurations and Management : Manage relationships with IT vendors and service providers, including contract negotiation, service level agreement (SLA) adherence, and performance review. Evaluate new technologies and solutions offered by vendors to ensure they align with organizational needs. Ensure cost-effective procurement of IT hardware, software, and services. IT Asset Management Develop and maintain an accurate inventory of all IT assets (hardware, software licenses, network devices). Implement asset tracking systems and procedures to manage the lifecycle of IT assets from procurement to disposal. Ensure compliance with software licensing agreements. User Support Oversee the IT helpdesk operations, ensuring timely and effective resolution of user issues and requests. Develop and implement user training programs on IT best practices and security awareness. Foster a culture of excellent customer service within the IT team. Disaster Recovery & Business Continuity Develop, implement, and regularly test disaster recovery (DR) and business continuity (BC) plans. Ensure data backup and restoration procedures are robust and regularly verified. Lead efforts to minimize downtime and ensure rapid recovery in the event of a : Ensure all IT operations and infrastructure adhere to relevant industry regulations, legal requirements, and internal policies (e.g., GDPR, ISO 27001, HIPAA, PCI DSS where applicable). Prepare for and participate in internal and external audits related to IT infrastructure and security. Maintain comprehensive records of compliance activities and audit findings. Required Skills & Competencies Proven experience in managing complex IT infrastructure environments. Strong knowledge of network protocols, server operating systems (Windows Server, Linux), virtualization technologies (VMware, Hyper-V), and cloud platforms (AWS, Azure, GCP). Expertise in IT security principles, tools, and best practices. Experience with IT service management (ITSM) frameworks (e.g., ITIL). Excellent problem-solving, analytical, and decision-making skills. Strong leadership and team management abilities. Exceptional communication and interpersonal skills. Ability to work under pressure and manage multiple priorities effectively. Preferred Skills (Nice To Have) Relevant certifications (e.g., CompTIA Security+, CISSP, CCNA, MCSA, ITIL). Experience with DevOps practices and automation tools. Knowledge of scripting languages (e.g., PowerShell, Python) (ref:hirist.tech)