260 Siem Tools Jobs

Position Description: Provides overall engineering support for the Splunk platform. Team is responsible for ingesting all required logs (on-prem and multi-cloud) to be used by the Security Operations Team for investigations and monitoring. Guide and mentor team members. Serves as a level 2 escalation point for the L1 team. Position Summary: Work with IT Teams to remediate server vulnerabilities related to SIEM tool. Ingest required security logs per Voya policy. Develop and maintain weekly and monthly metrics reporting around security tooling coverage. Create and maintain cloud tenant and subscription logging alerts to proactively identify log outages and/or missing logs. Level 2 triage and troubleshooting of incident tickets related to ingestion outages Perform weekend validations and change work during established maintenance windows. Maintain currency by planning and organizing upgrades to maintain N-1 version. Create and maintain Runbooks for related processes. Participate in DR exercises. Gather and submit evidence for audit requests. Good knowledge on CRIBL. Knowledge & Experience: 4+ years experience in related IT Security field, 2+ years Splunk experience Change management experience Strong analytical and problem-solving skills Experience deploying and supporting tools in a large environment (on-prem and multi-cloud). Strong written, verbal communication skills and interpersonal skills across with the ability to communicate with non-technical end users as well as technical IT teams. Technical Expertise: Linux experience Python experience Powershell experience Splunk certifications CRIBL certification

As a Senior SOC Analyst (L2 & L3) at Fiori Technology Solutions in Bengaluru, India, with over 10 years of experience, you will be part of a 24x7 365 operation, working in a rotating schedule involving all shifts in 10-hour swings, including some Holidays. Your primary responsibilities will include: - Monitoring alerts in various tools, performing initial triage analysis, and incident creation - Working on alerts to resolution or escalation, and simple issue resolution based on documentation or guidance from Team Leader - Receiving and documenting incident and service requests via web tickets, phone calls, or emails and converting them to tickets - Following operational processes, delivering shift turn over reports, and managing incidents with a focus on risk - Participating in escalations, process documentation, and continuous improvement initiatives - Performing all functions from our end client facility in Bangalore and collaborating with worldwide customers and global IT teams To be successful in this role, you should have experience in a large-scale heterogeneous corporate environment. Preferred experience includes 5-10 years in Network Security Monitoring, Splunk Enterprise Tools, Phantom, Carbon Black, Malware Analysis, Phishing, Incident response, Endpoint protection, using SIEM Tools. You should also possess a strong desire to provide world-class support, excellent email communication skills, and the ability to communicate effectively with end users and team mates. Demonstrating strong customer service, verbal, documentation, and listening skills, as well as the ability to access, triage, and determine criticality of issues or incidents, is essential. Previous experience in handling risk tickets is also required. If you meet these qualifications and are interested in joining our team, please send your resume to jobs@fiorit.com.,

Responsibilities: 1) Monitoring Security Alerts: Continuous monitoring using SIEM tools to identify alerts and anomalies 2) Incident Response: 3) Threat Analysis: 4) Log Analysis: 5) Vulnerability Management: 6) Reporting: Health insurance

We are seeking an experienced Senior Information Security Engineer to lead critical security initiatives, design secure architectures, and respond to advanced threats. This role requires strong technical expertise, strategic thinking, and a proactive mindset to help mature our cybersecurity posture. Looking for a candidate who thrives in a fast-paced environment and does not shy away from challenges. About Cimpress: Led by founder and CEO Robert Keane, Cimpress invests in and helps build customer-focused, entrepreneurial mass customization businesses. Through the personalized physical (and digital) products these companies create,we empower over 17 million global customers to make an impression. Last year, Cimpress generated $3.5B in revenue through customized print products, signage, apparel, packaging and more. The Cimpress family includes a dynamic, international group of businesses and central teams, all working to solve problems, build businesses, innovate and improve. As a National Pen brand, Pens.com provides custom marketing solutions to 22 countries worldwide, fostering global connections between businesses and their customers. We specialize in personalized promotional products, including writing instruments, stationery, drinkware, bags, gifts, and trade show accessories. Our operations are supported by a network of 9 facilities across North America, Europe, Africa, and India. This global presence underscores our commitment to the timely delivery of our products and services to customers across the markets we serve. About the Role: Key Responsibilities: Design and implement security architecture for infrastructure, cloud, and applications. Lead threat detection, incident response, and forensic analysis . Perform vulnerability management and penetration testing , and guide remediation efforts. Own and optimize SIEM, EDR, Microsoft defender for cloud and O365, CNAPP (Cloud native application protection platform), Cloud security IAM, and other security technologies . Collaborate with DevOps and IT to embed security best practices across systems. Provide technical leadership in risk assessments, audits , and compliance initiatives (ISO 27001, SOC2, GDPR). Mentor junior team members and contribute to InfoSec training and policy development . Partner with business units on risk mitigation and secure solution design . Responding to and completing security requests from SOC, the lead security engineer, or security manager, with assistance from relevant technical teams as needed. Security event monitoring, data analysis and correlation, and escalation where appropriate, using security monitoring and management tools and their outputs. Vulnerability management data generation and analysis (running scans in Tenable, Crowdstrike, and analyzing outputs), and escalation to appropriate teams for remediation. Other duties as assigned. Required Skills & Qualifications: Bachelor's or Masters degree in Cybersecurity, Computer Science, I.T , or related discipline. Experience with Vulnerability assessment and penetration testing and hands on experience in application security domain. 4-6 years of experience in security engineering, Security operations centre, or architecture and application security domain. Deep understanding of SOC, Endpoint security, Data security , network security, cloud security (AWS/Azure/GCP), and Linux/Windows hardening . Hands-on with tools like: SIEM (Splunk, Sentinel) EDR/XDR (CrowdStrike, SentinelOne) IAM, PAM, and firewall solutions Microsoft Defender for cloud and O365 Orac Security: CNAPP Strong knowledge of encryption, secure coding, IAM, and security frameworks (NIST, MITRE ATT&CK). Industry certifications preferred any of these: CompTIA Security+, Microsoft SC-900 , CEH, CISSP, OSCP, CISM, GIAC, or AWS Security Specialty. Proven experience leading security projects and mentoring teams. 4-6 years of experience in an Information Security Analyst role. Experience with common security monitoring tools (Tenable, Solarwinds, Axonius, Aquawave, Splunk). Experience with EDR tools (Crowdstrike). Data management skills using Excel or other data management platform. Preferred Attributes and Qualifications: Ability to excel in a dynamic environment with rapidly changing priorities. Discretion with respect to best practices in information security. Discretion in communication with respect to audience and nature of information communicated. Certifications, education, or experience to demonstrate baseline security, networking, and computing skills commensurate with 4 years' experience in security analysis. What You will Gain: Real-world exposure to enterprise security tools and workflows. Mentorship from experienced InfoSec professionals. A clear career path to mid- and senior-level security engineering roles. Remote First-Culture: In 2020, Cimpress adopted a Remote-First operating model and culture. We heard from our team members that having the freedom, autonomy and trust in each other to work from home and, the ability to operate when they are most productive, empowers everyone to be their best and most brilliant self. Cimpress also provides collaboration spaces for team members to work physically together when it's safe to do so or believe in office working will deliver the best results. Currently we are enabled to hire remote team members in over 20 US States as well as several countries in Europe: Spain, Germany, UK, Czech Republic, the Netherlands and Switzerland. More information about the organization can be found in the below link: https://cimpress.com https://www.linkedin.com/company/cimpress/ https://twitter.com/Cimpress Want to explore more about our brands? Please visit: https://cimpress.com/brands/explore-our-brands/

Job Summary The Security Engineer - (L2) is responsible for implementing and maintaining security measures to protect the organization's IT infrastructure. This role involves monitoring systems, analyzing security incidents, and ensuring compliance with security policies. Location : Pune Key Responsibilities Monitor and respond to security incidents and alerts. Conduct vulnerability assessments and penetration testing. Implement and manage security tools and technologies. Maintain and update security policies and procedures. Collaborate with IT teams to ensure secure system configurations. Provide support during security audits and assessments. Required Qualifications BE, BSC- IT 5+ years of experience in cybersecurity or IT security roles. Strong understanding of network security and firewalls Experience with SIEM tools and security incident response. Preferred Skills Any Cisco Certifications will be added advantage Knowledge of cloud security practices and technologies.

Job Description Mission The Triager CERT position is part of the Groups Computer Emergency Response Team (CERT), the organization’s cyber defense division. The team’s mission is centered around three critical areas: 1. Threat Prevention & Crisis Preparedness – Proactively anticipating and mitigating threats while preparing for potential cyber crises. 2. Threat Detection & Analysis – Identifying vulnerabilities, detecting threats, and uncovering attacks. 3. Incident Response – Investigating, managing, and resolving security incidents while mitigating their impact on the IT ecosystem. 4. Analyzes risks, performs studies and implements solutions to ensure the security of IT and digital solutions (availability, integrity, confidentiality, traceability). Additional Information: This position operates within a follow-the-sun model to ensure global coverage and requires 3-4 days of office presence per week. Weekend on-call support will be on a rotational basis. Experience and Skills Required: 5- 10 years of experience in the IT security domain, with a background in IT development or DevOps. Proven ability to maintain confidentiality and discretion in handling sensitive information. Extensive experience with incident management and familiarity with SIEM tools. Strong collaboration skills, with the ability to work effectively in a global team environment. Behavior skills: Exceptional organizational and analytical skills. Ability to work in a fast-paced environment while maintaining attention to detail. Strong communication and interpersonal skills to liaise with global teams and stakeholders. Proactive mindset with a commitment to continuous improvement in incident management processes. KEY EXPECTED ACHIEVEMENTS: Service Delivery Manager (SDM) – 70% The primary responsibility of the SDM is to ensure the efficient functioning of the incident response process within CERT, ensuring that attacks are detected and contained. Key duties include: Monitoring security alerts raised through various channels. Understanding incidents, assessing their criticality and priority. Creating or modifying tickets and assigning them to analysts. Tracking ticket resolution to ensure closure in compliance with SLAs. Maintaining constant communication with global CERT teams (France, Americas, India, and China) and other stakeholders (e.g., DOTI, DOMF). Consolidating and publishing statistics/figures related to incidents handled by CERT and other stakeholders. This includes: Verifying SLA compliance, especially for priority 1 incidents. Quantifying the number of incidents handled by CERT based on various analytical axes. Analyzing SLAs, proposing improvement actions, and following up on their implementation. Keeping the following documentation updated: Skills matrix for ticket orientation. Analyst access management. Decision trees for incident routing. Additional Activities – 30% Depending on their expertise, the triager may be assigned occasional missions within the team, such as: Development projects. Security incident response tasks.

Job Title: Security Incident Response Analyst Location : Bangalore, KA (Hybrid) Skills Required: Incident Management Oracle SQL Experience: 6-8 years Job Description: Lead security incident response in a cross-functional environment and drive incident resolution. Lead and develop Incident Response initiatives that improve Allianz capabilities to effectively respond and remediate security incidents. Perform digital forensic investigations and analysis of a wide variety of assets including endpoints. Perform log analysis from a variety of sources to identify potential threats. Build automation for response and remediation of malicious activity. Write complex search queries in the EDR as well as SIEM tools for hunting the adversaries. Essential Skills GCFA cert 5-10 years of experience in Security Incident Response, Investigations Working experience in Microsoft On-prem and Entra ID solutions Good knowledge in Active Directories and Tier 0 concepts Very good knowledge of operating systems, processes, registries, file systems, and memory structures and experience in host and memory forensics (including live response) on Windows, macOS and Linux. Experience investigating and responding to both external and insider threats. Experience with attacker tactics, techniques, and procedures (MITRE ATTCK) Experience analyzing network and host-based security events Works on SOAR cases, automation, workflow playbooks. Integrating and working on Identity solutions. Developing SIEM use cases for new detections specifically on identity use cases.

WHO WE ARE: Zinnia is the leading technology platform for accelerating life and annuities growth. With innovative enterprise solutions and data insights, Zinnia simplifies the experience of buying, selling, and administering insurance products. All of which enables more people to protect their financial futures. Our success is driven by a commitment to three core values: be bold, team up, deliver value and that we do. Zinnia has over $180 billion in assets under administration, serves 100+ carrier clients, 2500 distributors and partners, and over 2 million policyholders. WHO YOU ARE We’re looking for a Manager of Platform Security Engineering to lead a team focused on securing our corporate environment and on-premises infrastructure, while also building automation and platform capabilities that support the broader InfoSec function. This role sits at the intersection of infrastructure security, system reliability, and security engineering, and is ideal for someone who knows how to build, maintain, and support production-grade security platforms that scale. You will oversee a team responsible for a range of foundational security services — including endpoint detection and response (EDR), asset management, log management, IAM infrastructure, and more. You’ll also drive initiatives around automation to improve operational efficiency and reduce manual work across the InfoSec organization. You will bring strong technical depth across both Microsoft and Linux environments, a solid understanding of networking and Zero Trust principles, and a track record of building secure, reliable systems. You’re comfortable leading engineering teams while still being hands-on when necessary. WHAT YOU’LL DO: Lead the Security Platform Engineering team responsible for corporate and infrastructure security tooling Own the design, implementation, and operations of production-grade security systems such as log management, EDR, asset inventory, configuration management, etc. Partner with internal infrastructure, IT, and cloud teams to ensure security controls are deployed, monitored, and maintained effectively across all environments Build automation pipelines and backend systems to support security operations – e.g., data pipelines for telemetry, workflow automation for alert handling, enforcement of security policies via code Implement and support security principles such as Zero Trust, least privilege, and secure-by-default infrastructure Ensure systems are reliable, scalable, and properly documented, with appropriate monitoring and alerting Support compliance and audit efforts through well-instrumented systems and accurate reporting capabilities Help define roadmaps, drive technical architecture decisions, and manage day-to-day execution within the team WHAT YOU’LL NEED: 10+ years of experience in security engineering, infrastructure security, or platform engineering roles, with 2+ years in a team leadership or management position Strong hands-on experience with both Microsoft (Active Directory, Intune, Defender, etc.) and Linux platforms in enterprise environments Deep understanding of networking, Zero Trust, EDR, and endpoint hardening Proven ability to design, build, and operate production-grade systems (log management, telemetry pipelines, etc.) Experience with automation frameworks and infrastructure-as-code (e.g., Terraform, Ansible, or similar) Familiarity with SIEM/SOAR platforms, identity platforms, and asset management solutions Comfortable working across cross-functional teams and communicating with both technical and non-technical stakeholders Bonus: experience with regulated environments (e.g., SOC 2, ISO 27001), and security certifications like CISSP, CISM, or OSCP WHAT’S IN IT FOR YOU? At Zinnia, you collaborate with smart, creative professionals who are dedicated to delivering cutting-edge technologies, deeper data insights, and enhanced services to transform how insurance is done. Visit our website at www.zinnia.com for more information. Apply by completing the online application on the careers section of our website. We are an Equal Opportunity employer committed to a diverse workforce. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability

Proactively lead and support incident response team during an incident. Experience in advance investigation, triaging, analysis and escalation of security incidents with recommendations Hands-on basic experience with configurations and management of SIEM tools(Qradar)including log source integrations, custom parser built, fine tuning and optimizing the correlation rules and use cases recommendations Is MUST. Proven Experience on any of the Security information and event management (SIEM) tools using Qradar Data-driven threat hunting using SIEM, EDR and XDR tools Basic Experience is SOAR tools such as Qradar Resilient, PaloAlto XSOAR Identify quick defence techniques till permanent resolution. Recognize successful intrusions and compromises through review and analysis of relevant event detail information. Review incidents escalated by Level 1 analysts. Launch and track investigations to resolution. Recognize attacks based on their signatures, differentiates false positives from true intrusion attempts. Actively investigates the latest in security vulnerabilities, advisories, incidents, and penetration techniques and notifies end users when appropriate. Identify the gaps in security environment & suggest the gap closure Drive & Support Change Management Performs and reviews tasks as identified in a daily task list. Report Generation and Trend Analysis. Participate in the Weekly and Monthly governance calls to support the SOC metrics reporting Good to have hands on experience with managing SIEM solutions on public/private clouds like Amazon AWS, Microsoft Azure, etc. Willing to work in 24x7 rotational shift model including night shift. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 5+ YearsHands-on experience required in Qradar SIEM and SOAR. Desired experience in Threat hunting, Threat intelligence. Worked on tools belongs to Qradar, UEBA, UAX. Bachelor’s degree in engineering/information security, or a related field. Relevant certifications such as CEH, CISSP, CISM, CompTIA CASP+, or equivalent. Proven experience to work in a SOC environment. Preferred technical and professional experience Proven experience in managing and responding to complex security incidents. Strong analytical and problem-solving skills. Excellent communication and collaboration abilities. Ability to work in a fast-paced, dynamic environment. Deep technical knowledge of security technologies and advanced threat landscapes.

Arctera plays a crucial role in ensuring the smooth functioning of IT systems worldwide. Counting on Arctera's expertise, one can rely on the operationality of credit cards at stores, consistent power supply to homes, and uninterrupted production of medications in factories. Arctera's services are trusted by both large-scale organizations and smaller entities, enabling them to combat ransomware attacks, natural calamities, and compliance issues effortlessly. Leveraging the power of data and its flagship products - Insight, InfoScale, and Backup Exec, Arctera ensures data security and privacy while minimizing environmental impact and preventing illicit data usage. The data landscape is evolving rapidly, with a continuous surge in data volumes being generated daily. The ongoing global digital transformation, coupled with the advent of AI, is paving the way for a significant escalation in data creation. By becoming a part of the Arctera team, you will be contributing to the innovative efforts aimed at leveraging cutting-edge technologies to safeguard critical global infrastructure and uphold data integrity. **Job Title:** Info Sec Analyst - Cloud Security Posture Management (CSPM) **Location:** Pune, India **Job Type:** Full-time **Job Summary:** As a Cloud Security Operations Analyst, your primary responsibility will revolve around the monitoring, detection, and response to security threats within cloud environments (AWS, Azure, GCP). This role encompasses the management of Cloud Security Posture Management (CSPM) solutions, incident response, threat analysis, and mitigation of cloud security risks. Your role will be crucial in ensuring that the organization's cloud security posture aligns with industry best practices and regulatory standards. **Key Responsibilities:** - Monitor and handle security alerts from CSPM tools like Crowdstrike CSPM, Zscaler CNAPP, Wiz, and Prisma Cloud. - Conduct basic investigations of cloud security incidents and document the findings. - Assist in reviewing misconfigurations in cloud services and recommend corrective actions. - Maintain documentation for cloud security policies and playbooks. - Lead investigations into cloud security incidents and misconfigurations, including forensic analysis and threat intelligence correlation. - Manage and optimize CSPM tools to minimize false positives and enhance cloud security hygiene. - Collaborate closely with SOC teams to analyze and mitigate cloud-based threats, including IAM misconfigurations, API security, and data exposure risks. - Provide security recommendations and remediation guidance to DevOps and Engineering teams. - Support compliance initiatives (CIS, NIST, PCI-DSS) and cloud security audits. - Lead incident post-mortems to identify gaps and enhance cloud security processes. - Stay updated on emerging cloud threats, vulnerabilities, and attack vectors to proactively reinforce the cloud security posture. **Required Skills & Qualifications:** - 2-4 years of experience in cloud security, SOC operations, or cybersecurity. - Basic understanding of cloud platforms (AWS, Azure, GCP) and their security controls. - Familiarity with SIEM tools and log analysis for security events. - Proficiency in working with CSPM tools like Crowdstrike CSPM, Zscaler CNAPP, Wiz, or other cloud-native security solutions. - Basic comprehension of SIEM integrations with cloud environments and log analysis techniques. - Knowledge of threat intelligence, attack techniques (MITRE ATT&CK), and incident response methodologies. - Experience in scripting and automation for security tasks. - Certifications such as AWS Security Specialty, AZ-500, or Security+ would be advantageous.,

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NA Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of cloud security controls and transition to cloud security-managed operations. Roles & Responsibilities:- Threat Detection Development:Develop, implement, and fine-tune SIEM detection rules and alerts to identify potential security threats, anomalies, and policy violations. MITRE ATT&CK Framework Utilization:Leverage the MITRE ATT&CK framework to develop and enhance detection strategies, ensuring comprehensive coverage of adversary tactics and techniques. Advanced Threat Model Design and Implementation:Develop, implement, and fine-tune sophisticated threat models that address existing and new, emerging threats by leveraging complex data correlations and threat intelligence that go beyond basic signature-based detections. Incident Analysis and Response:Collaborate with the incident response team to analyze security alerts, investigate incidents, and provide insights to enhance detection capabilities and response strategies. SIEM Configuration and Management:Design, configure, and manage SIEM systems to ensure comprehensive monitoring and logging of security events across the organization. Use Case Development:Create and implement security use cases that align with the MITRE ATT&CK framework, enhancing the organization's ability to detect and respond to advanced threats. Integration and Optimization:Integrate SIEM solutions with other security tools and data sources, continuously optimizing performance and accuracy to reduce false positives and enhance detection efficacy. SOC KPI Metrics Development:Develop and monitor key performance indicators (KPIs) for the Security Operations Center (SOC) to measure the effectiveness and efficiency of security operations, incident response times, and detection accuracy. SOC Consultations:Collaborate with SOC analysts and other cybersecurity stakeholders to provide expert consultations and recommendations on improving detection strategies, response processes, and overall SOC performance. Threat Intelligence Collaboration:Work closely with threat intelligence teams to incorporate the latest threat information into SIEM detection strategies, ensuring proactive identification of emerging threats. Detection Gap Analysis:Conduct regular gap analyses to identify and address deficiencies in current detection capabilities, using the MITRE ATT&CK framework to prioritize improvements. Documentation and Reporting:Maintain detailed documentation of SIEM configurations, detection rules, and incident analyses to support compliance requirements and knowledge sharing. Continuous Improvement:Stay updated with the latest developments in cybersecurity threats and SIEM technologies, applying new insights to improve detection strategies and systems. Training and Mentorship:Provide training and mentorship to junior team members on the use of SIEM technologies and the application of the MITRE ATT&CK framework for threat detection. Professional & Technical Skills: Must To Have Skills: Proficiency in Security Information and Event Management (SIEM) Strong understanding of threat intelligence analysis Experience with security incident response Knowledge of security compliance frameworks Hands-on experience with security tools and technologies Additional Information: The candidate should have a minimum of 5 years of experience in Security Information and Event Management (SIEM) This position is based at our Bengaluru office A 15 years full time education is required Qualification 15 years full time education

Role & responsibilities 1. Vulnerability Assessment & Management. • Coordinate with IT teams to patch systems and applications based on critical vulnerabilities. • Assess and mitigate security risks associated with new software, systems, and third-party services. 2. Compliance & Risk Management • Ensure compliance with industry standards (ISO 27001, NIST, GDPR, SOC 2) and regulatory requirements. • Perform risk assessments to evaluate the effectiveness of existing security controls. • Work with internal teams to implement best practices for secure configurations and data protection. 3. Security Architecture & Implementation • Assist in designing and implementing secure architectures for cloud, on-premises, and hybrid environments. • Evaluate and recommend new cybersecurity tools and technologies. Required Qualifications Bachelors degree in computer science, Information Security, or a related field. Experience in cybersecurity roles such as security analyst, incident responder, or similar. Strong understanding of cybersecurity frameworks (NIST, ISO 27001) and regulatory compliance requirements. Experience with SIEM tools (e.g., Splunk, QRadar, LogRhythm) and endpoint security solutions. Proficiency in conducting vulnerability assessments, penetration testing, and risk management. Strong knowledge of cloud security (AWS, Azure, GCP). Preferred Qualifications Industry certifications such as CISSP, CEH, CISM, or OSCP. Experience with DevSecOps, CI/CD pipelines, and secure software development practices. Familiarity with Zero Trust, EDR/XDR solutions, and threat intelligence platforms. Ability to work both independently and as part of a team. Excellent communication and documentation skills. Preferred candidate profile Experience: 5-7 Years Employment: Permanent Full Time Mode: Hybrid Location: Pune / Chennai / Bangalore / Mumbai ***** LOOKING FOR CANDIDATES WHO CAN JOIN MAX WITHIN 15 DAYS ONLY***** If interested kindly share your resume to lakshmi.naidu@citiustech.com with below details: Total Experience: Relevant Experience in Security Analyst: Current CTC: Expected CTC: Notice Period: Current Location: Preferred Location:

Role & responsibilities Should have Cybersecurity Audit experience , PCI DSS/ISO27k/SOC1/SOC2 or any other cybersecurity framework. Should have conducted cybersecurity risk assessment. Should be into security control architect. Must have implemented security controls projects. Requirements : Conduct monthly, quarterly, semi-annual, and annual application, infrastructure, microservices, API and cloud security assessments. 3+ years experience in ERM, BIA, DR and BCP. 3+ years experience with vulnerability management, SIEM and Log Management, Antivirus/Anti- Malware, proxy servers, DLP, IPS/IDS, VPN, PKI, Multi-factor authentication, cryptography. Detailed understanding of common exploits and their defense (EOP, DoS/DDoS, Spoofing, Phishing, Rootkits, RATs, key logging, Zero Day, SQL Injection, XSS, CSRF). Excellent in security incident response and to countermeasure atacks. Knowledge in common operating system and architecture, Windows, Linux, MS SQL, MySQL, Oracle, networking, etc. Research, perform gap analysis, implement, and maintain security controls excellence across existing and new applications, mobile apps, microservices, infrastructure and network. Audit/assess security controls to satisfy PCI DSS. Define application security policies, procedures, and provide application security architecture best practices. Facilitate cyber security training based on the department, role, responsibility, and data access. Manage technical, operational, and administrative projects across the Enterprise.

Come and join a 10-year-old, Fastest Growing, IT Managed Services. We have open positions at various levels throughout the organization. About TeamLogic IT Assist Were a 100-person, $22 M managed services provider operating across PA, NJ, NC and FL. Our culture is built on Empathy, Transparency, and Data-Driven Decision-Making, and our mission is simple: Make fans of clients, coworkers, and vendors. For three years running weve been named a Best Place to Work in PA, and we maintain a 98 % CSAT and 89 NPS. Our Motto is simple yet powerful: MAKE FANS OUT OF OUR CLIENTS MAKE FANS OUT OF OUR VENDORS MAKE FANS OUT OF EACH OTHER We pride ourselves in creating a family-oriented culture and creating a career path for every employee. We invest all our energy in making sure that you achieve your career goals. We are proud of our Glassdoor Review of 5.0 of employee testimonials. Check it out yourself. https://www.glassdoor.com/Reviews/TeamLogic-IT-Newtown-Reviews- EI_IE222125.0,12_IL.13,20_IC1152654.htm Company Website: https://www.teamlogicit.com/ Position Name - NOC & Security Specialist I Department : Security Operations Reports To : Director of Technology Employment Type : [Full-time] Job Location - India (Remote) Overview: The Network Operations & Security Specialist I serves as a first line of defense for security events while also supporting key NOC functions such as daily monitoring, incident response, network performance assurance, and system uptime. This hybrid role is critical to early threat detection, initial incident response, and proactive infrastructure monitoring to prevent critical outages or breaches. The ideal candidate will be hands-on with tools and platforms in both the cybersecurity and network operations domains and play a key role in maintaining service reliability and security for our clients. Key Responsibilities: Security Operations: Monitor alerts and events from SIEMs, EDR/MDR platforms, and other security tools. Perform initial triage and classification of security incidents. Investigate low-severity alerts and perform response and remediation activities where applicable. Escalate high-risk or complex security incidents to senior Security Advisors and Management. Collaborate with partner MDR and SOC vendors to collect additional context or execute recommended actions. Assist in onboarding, tuning, and maintaining security platforms (e.g., EDR, MDR, SIEM). Maintain detailed documentation for security incidents and actions taken. Support the development and enforcement of internal SecOps policies and procedures. Stay current on emerging threats, vulnerabilities, and mitigation strategies. Network Operations Center (NOC): Monitor the health and performance of client environments using RMM and NOC monitoring tools. Proactively identify and respond to service degradations, outages, and other network/system issues. Perform basic troubleshooting of hardware, network, and system-related problems. Communicate status updates for incidents to internal teams, clients, and management. Ensure tickets are properly documented, prioritized, and resolved within defined SLAs. Prepare standard daily, weekly, and monthly operations and availability reports. Coordinate with team members to ensure smooth handoffs and coverage across shifts. Position Requirements: Education : An associate degree in computer science, information technology, cybersecurity, or a related field. OR- 2 or more years of professional experience in an equivalent position. Technical Skills : Foundational knowledge of cybersecurity principles, threats, and vulnerabilities. Familiarity with: Firewalls, antivirus software, EDR/MDR platforms. SOC/SIEM tools and IDS/IPS systems. Network infrastructure, IP networking, and common protocols (TCP/IP, DNS, DHCP, etc.). Experience working with: PSA and RMM tools (e.g., Autotask, NinjaOne, ConnectWise, etc.) BCDR tools and SaaS environments. Microsoft Windows (desktop and server) and virtualized environments. Additional Skills : Excellent customer service and communication skills, with a strong focus on customer satisfaction. Ability to work independently and manage a flexible schedule. Strong documentation skills to record activities and solutions thoroughly and accurately. Strong analytical and problem-solving skills. Excellent communication and interpersonal skills. Ability to work in a fast-paced and dynamic environment. Willingness to work rotational shifts, including nights and weekends. Preferred Qualifications : Relevant certifications such as CompTIA Security+ or equivalent. Work experience for a Managed Services Provider services multiple client environments Physical Requirements : None Work Environment : This is a fully remote role Application Process : Interested candidates should submit their resume and a cover letter detailing relevant experience and qualifications. TeamLogic IT is committed to creating a diverse environment and is proud to be an equal opportunity employer. We do not discriminate based on race, color, religion, national origin, age, sex, disability, genetic information, veteran status, sexual orientation, gender identity, or any other status protected under applicable federal, state, or local laws. We encourage all qualified candidates to apply and join our inclusive and welcoming team.

You will play a critical role as an Enterprise Account Manager by managing and nurturing existing enterprise accounts. Your primary focus will be on identifying farming and upselling opportunities to enhance client relationships and deliver tailored cybersecurity solutions that meet their evolving needs. Your key responsibilities include managing a portfolio of enterprise accounts to ensure high levels of customer satisfaction and engagement. You will identify opportunities for upselling and cross-selling additional products and services within existing accounts. Conducting regular check-ins and business reviews with clients to understand their evolving needs and challenges will be essential. Collaboration with technical teams is necessary to deliver customized solutions that meet client-specific requirements. Developing and executing account growth strategies to meet or exceed revenue targets will be a key aspect of your role. Maintaining detailed records of account activities, sales opportunities, and customer interactions in CRM is crucial. Staying informed about industry trends, competitor offerings, and emerging cybersecurity threats will enable you to provide informed recommendations to clients. Working closely with marketing and product teams to ensure alignment on client needs and feedback is also part of the role. You will serve as a trusted advisor to clients, advocating for their needs within the organization. Qualifications: - Bachelor's degree in Business, Marketing, or a related field; MBA preferred. - 5+ years of experience in account management, sales, or a related role, preferably in the cybersecurity industry. - Proven track record of success in farming existing accounts and driving revenue growth through upselling. - Strong understanding of cybersecurity products, services, and industry trends. - Excellent communication, interpersonal, and negotiation skills. - Ability to build and maintain strong relationships with clients and internal stakeholders. - Strong analytical skills and a strategic mindset. - Proficiency in CRM software and sales analytics tools. - Willingness to travel as needed to meet clients and attend industry events. Desired Skills: - Basic understanding of cybersecurity concepts, SOC & SIEM Tools. - Knowledge of Tools like Imperva, CyberArk, Zscaler, Palo Alto, Tenable, DLP, FIM, WAF, CyberArk, etc.,

You are a proactive and experienced Network Security Analyst sought to join the IT Security team in Mumbai and Mohali. Your role will involve monitoring, managing, and securing enterprise network environments and endpoints to prevent, detect, and respond to cyber threats effectively. Your responsibilities will include monitoring and maintaining network and endpoint security systems, identifying and mitigating threats and vulnerabilities, implementing and managing firewalls, IDS/IPS, and endpoint protection solutions. You will also conduct security assessments, collaborate with the SOC team, maintain security policies, and support patch management. To excel in this role, you should possess at least 3 years of hands-on experience in network security, IT security, and endpoint protection. Strong knowledge of firewall technologies, VPNs, IDS/IPS, and endpoint protection tools is essential. Familiarity with security protocols, risk assessment methodologies, and SIEM tools will be beneficial. Ideal candidates will have a good understanding of network protocols, TCP/IP stack, and Windows/Linux environments. Moreover, excellent problem-solving skills, ability to work under pressure, and strong communication and collaboration skills are crucial for success in this position. Immediate joiners or candidates with short notice periods are highly preferred for this role. If you are passionate about network and endpoint security and have the required skills and qualifications, we welcome you to join our team and contribute to our mission of safeguarding our IT infrastructure effectively.,

As an SOC Analyst, you will work as part of Meditab Security Operations Center to be the first line of defense. You will use various defense tools to conduct analysis, identify security incidents and violations, help strengthen security controls and work with cross-functional teams with a customer-oriented approach to ensure that a secure workspace is provided to the Meditab workforce. Requirements: Strong knowledge of security trends, TCP/IP protocols, and common Internet applications. Experience with SIEM platforms, security event monitoring, and incident response. Understanding of Windows Server, Linux, and cloud security (Azure, AWS, Google, Oracle). Hands-on experience integrating logs/events from cloud platforms into SIEM tools. Proficiency in SumoLogic, query creation, and security log analysis. Strong communication skills and expertise in MS Office. Responsibilities: Operate in a 24x7 SOC environment, handling L1/L2 tasks. Monitor, analyze, and respond to security incidents. Implement and manage SIEM solutions, integrate standard/non-standard logs. Perform threat management, security trend analysis, and reporting. Collaborate with teams to enhance infrastructure, hybrid, and cloud security. Utilize security tools for incident detection and mitigation across multiple platforms.

As a Network Security Analyst at our organization, you will be a valuable member of our IT Security team based in Mumbai and Mohali. With a minimum of 3 years of experience in network security, IT infrastructure security, and endpoint protection, you will play a crucial role in safeguarding our enterprise network environments and endpoints from cyber threats. Your responsibilities will include actively monitoring, managing, and securing network and endpoint security systems, identifying and mitigating threats and vulnerabilities, implementing and maintaining firewalls, IDS/IPS, and endpoint protection solutions, conducting security assessments and audits, collaborating with the SOC team for incident response, and ensuring compliance with security policies and procedures. To excel in this role, you should possess a strong understanding of firewall technologies (e.g., Palo Alto, Fortinet, Cisco), VPNs, IDS/IPS, and endpoint protection tools. Familiarity with security protocols, risk assessment methodologies, and SIEM tools will be beneficial. Additionally, you must have a sound knowledge of network protocols, TCP/IP stack, and Windows/Linux environments. We are looking for candidates with excellent problem-solving skills, the ability to work under pressure, and strong communication and collaboration abilities. Immediate joiners or candidates with short notice periods are highly preferred. If you are passionate about network and endpoint security, eager to stay updated on emerging threats and technologies, and ready to make a meaningful impact, we encourage you to apply for this exciting opportunity with us.,

The Security Analyst monitors security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity, escalate to managed service support teams, tier2 information security specialists, and/or customer as appropriate to perform further investigation and resolution. Good knowledge of SIEM, SIEM Architecture, SIEM health check. Audit the SIEM in the customer environment. Troubleshoot issues regarding SIEM and other SOC tools. Good verbal/written communication skills. Build of use case for the customer. Data archiving and backup and data purging configuration as per need and compliance. Raising change management tickets for SOC Administration activities like Patch upgrade for SIEM, onboarding log sources etc. Helping L3 and L1 with required knowledge base details and basic documentations. Co-ordination SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation. High ethics, ability to protect confidential information. Troubleshooting at device and connector/agent end to fix the anomaly reported by other team and observed on day to day basis. Building of incident reports, advisories and review if SLA has been met for Incident alerting and Incident closure. Update and maintain SOC knowledge base for new security incidents and docs. Creation of daily status report sheet and submit to SOC manager for review. Review advisories and make necessary detection measures. Provide analysis and trending of security log data from a large number of security devices. Troubleshooting non-reporting devices fix and maintain device status. Working with OEM (Tool support) in a way to resolve the issue or incident raised. Administration of Windows and Unix servers. Ready to work on 24/7 shifts to support client requirement. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 2 Years of Experience in SOC monitoring and investigation. Audit the SIEM in the customer environment. Troubleshoot issues regarding SIEM and other SOC tools. Build of use case for the customer. Data archiving and backup and data purging configuration as per need and compliance. Helping L3 and L1’s with required knowledge base details and basic documentations. Co-ordination with SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation. Troubleshooting at device and connector/agent end to fix the anomaly reported by other team and observed on day to day basis. Building of incident reports, advisories and review if SLA has been met for Incident alerting and Incident closure. Update and maintain SOC knowledge base for new security incidents and docs. Creation of daily status report sheet and submit to SOC manager for review. Review advisories and make necessary detection measures.\ Provide analysis and trending of security log data from a large number of security devices. Troubleshooting non-reporting devices fix and maintain device status. Working with OEM (Tool support) in a way to resolve the issue or incident raised. Administration of Windows and Unix servers. Building Parser for the SIEM using regex. Preferred technical and professional experience Escalation point for L1’s and SOC Monitor team. Ability to drive call and summarizing it post discussion. Good Understanding of Firewall, IDP/IPS, SIEM functioning (Generalize HLD as well as LLD). Deep understanding on Windows, DB, Mail cluster, VM and Linux commands. Knowledge of network protocols TCP/IP and ports. Team Spirit and working ideas heading to resolution of issues. Qualifications like CISA, CISM, CISSP, CEH, SANS or any other recognized qualification in Cybersecurity (SIEM/Qradar certification) will be preferred. Thorough knowledge in SIEM tool and experience in networking, Cloud security experience will be preferred. SOC Senior Analyst experience with multiple customers.

As a Deception Technology Specialist, you will be responsible for designing, implementing, and managing deception strategies and technologies within the organisation's cybersecurity infrastructure. Your expertise in working with Deception Technology and SIEM Tools will be crucial in developing scalable, reliable, and fault-tolerant systems. You will play a key role in integrating/modifying existing open-source software to meet the specific requirements of the organization. Additionally, your hands-on experience in virtualization, cloud deployments, networking, and debugging code will be essential in overcoming fundamental challenges while coding. Your proficiency in Python and familiarity with tools such as nmap, Metasploit, Wireshark, Burp suite, etc., will be highly beneficial in executing your responsibilities effectively. You should be comfortable using Linux OS and possess excellent writing and communication skills to contribute to technical writing within the group. To be eligible for this role, you must hold a Bachelor's degree in computer science or a related field and have at least 2 years of experience in the cybersecurity domain as outlined in the responsibilities section. Travel may be required across the country for project execution, monitoring, and coordination with geographically distributed teams. To apply for this position, please submit a cover letter summarizing your relevant experience in technologies and software, along with your resume and the latest passport-size photograph.,

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Platform Engineering Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a skilled Security Engineer with expertise in Google Chronicle SIEM, parser development, and foundational knowledge of cybersecurity. The ideal candidate will be responsible for analyzing security data and logs, ensuring accurate aggregation, normalization, tagging, and classification. You will work closely with log sources, particularly security and networking devices, to enhance our security monitoring capabilities. Roles & Responsibilities:Conduct security and data/log analysis, focusing on the aggregation, normalization, tagging, and classification of logs.Research, analyze, and understand log sources for security monitoring, with a particular focus on security and networking devices such as firewalls, routers, antivirus products, proxies, IDS/IPS, and operating systems.Validate log sources and indexed data, optimizing search criteria to improve search efficiency.Utilize automation tools to build and validate log collectors for parsing aggregated logs. Professional & Technical Skills: Proficiency in log analysis and SIEM tools, including but not limited to Google Chronicle, Splunk, ArcSight, and QRadar. Experience in SIEM content creation and reporting is essential.Strong experience in manual security log review and analysis, such as Windows Event Log and Linux Syslog, including incident classification, investigation, and remediation.Solid understanding of multiple attack vectors, including malware, Trojans, exploit kits, ransomware, phishing techniques, and APTs, as well as familiarity with attack techniques outlined in the OWASP Top 10.Knowledge of security and networking devices, including firewalls, routers, antivirus products, proxies, IDS/IPS, and operating systems.TCP/IP networking skills for packet and log analysis.Experience working with Windows and Unix platforms.Familiarity with databases is an advantage.Experience in GCP, AWS and Azure environments is a plus. Additional Information:- The candidate should have minimum 5 years of experience in Security Platform Engineering.- This position is based at our Pune office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Information and Event Management (SIEM), Splunk Security Information and Event Management (SIEM) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are looking for a proactive and detail-oriented SOC Analyst (Incident Response) to join our Security Operations Center (SOC) team. In this role, you will be responsible for detecting, analyzing, and responding to cybersecurity incidents using a combination of technology solutions and processes. Roles & Responsibilities:- Monitor security alerts and events from various sources (SIEM, EDR, firewall logs, IDS/IPS, etc.) to detect potential security incidents.- Triage, investigate, and respond to incidents following standard operating procedures (SOPs) and incident response playbooks.- Perform in-depth analysis of security incidents to identify root causes, scope, and impact.- Escalate complex incidents to appropriate stakeholders and support containment, eradication, and recovery efforts.- Work with internal teams and external partners to contain and remediate threats.- Contribute to continuous improvement of detection capabilities and IR processes.- Maintain incident documentation and provide detailed reports post-incident.- Stay current with emerging threats, vulnerabilities, and incident response best practices. Professional & Technical Skills: - 25 years of experience in a Security Operations Center (SOC) or similar cybersecurity role.- Strong understandin of security technologies such as SIEM, EDR, IDS/IPS, firewalls, and antivirus.- Experience with incident detection, triage, analysis, and response.- Familiarity with MITRE ATT&CK framework and other threat models.- Knowledge of operating systems (Windows/Linux), networking protocols, and cloud environments.- Strong analytical and problem-solving skills.- Excellent verbal and written communication skills.- Industry certifications such as CEH, GCIH, GCIA, or CompTIA Security+ are a plus. Additional Information:- The candidate should have minimum 3 years of experience in Splunk, QRadar or any SIEM tool.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

We are looking for an experienced DevOps engineer that will help our team establish DevOps practice. You will work closely with the technical lead to identify and establish DevOps practices in the company. You will help us build scalable, efficient cloud infrastructure. Youll implement monitoring for automated system health checks. Lastly, youll build our CI/CD pipeline, and train and guide the team in DevOps practices. Responsibilities Strong Linux/Unix system administration background. Strong hand on in writing Scripts Ability to present and communicate the architecture in a visual form. Strong knowledge of AWS and its various services Strong Hands on with AWS command line Implement and improve monitoring of AWS servers. Strong Experience in SOC and SIEM tools like Datadog, Grafana Qualifications and Skills Strong analytical and logical problem-solving skills. Knowledge of Finance / Accounting Domain Open to learn new technologies and function-domain. Willingness to be available outside of normal office hours. Demonstrates ability to work with a solution mindset approach. Ability to prioritise, taking into consideration various alternate perspectives.

Your role We are seeking an experienced and highly motivated Cloud Security Engineer for 4 to 6 years for Pan India to manage the implementation and optimization of security solutions across our public and hybrid cloud infrastructure. This role requires hands-on expertise in Microsoft Defender for Cloud, Cloud Access Security Broker (CASB), Cloud Workload Protection Platforms (CWPP), and Cloud Security Posture Management (CSPM) tools. The ideal candidate will be responsible for ensuring robust visibility, security, and compliance across all cloud-native assets, workloads, and applications. Design, deploy, and manage cloud-native security architectures across Azure, AWS, and GCP environments. Implement and optimize Microsoft Defender for Cloud, CASB solutions, and CWPP/CSPM tools to secure cloud workloads and assets. Monitor cloud environments for anomalies, vulnerabilities, and potential threats. Ensure compliance with regulatory standards (e.g., ISO, NIST, GDPR, HIPAA) and internal security policies. Conduct risk assessments and threat modeling of cloud services and applications. Collaborate with DevOps and Cloud Engineering teams to embed security into CI/CD pipelines. Develop automated security alerts, incident responses, and logging mechanisms. Provide recommendations for cloud architecture adjustments to strengthen security posture. Create and maintain documentation for cloud security strategies, policies, and procedures. Your profile Hands-on experience with Microsoft Defender for Cloud and CASB solutions (e.g., Microsoft Defender for Cloud Apps). Expertise in CWPP and CSPM platforms such as Prisma Cloud, Wiz, or Microsoft Defender CSPM. Strong knowledge of cloud platforms including Azure, AWS, and GCP. Proficiency in scripting (e.g., PowerShell, Python) and infrastructure-as-code tools (e.g., Terraform, ARM templates). Familiarity with cloud security frameworks, SIEM solutions, and cloud-native logging tools (e.g., Azure Monitor, AWS CloudWatch). What you'll love about working here You can shape yourcareerwith us. We offer a range of career paths and internal opportunities within Capgemini group. You will also get personalized career guidance from our leaders. You will get comprehensive wellness benefits including health checks, telemedicine, insurance with top-ups, elder care, partner coverage or new parent support via flexible work. At Capgemini, you can work oncutting-edge projectsin tech and engineering with industry leaders or createsolutionsto overcome societal and environmental challenges.

Responsibilities Involved in detailing and implementing user stories. Understand the technical specifications and design the solutions. Validate and implement the integration components of the third-party applications. Build scalable and fault-tolerant software solutions adhering to the organization's secured coding standards. Strive for 100% unit tests code coverage. Do code quality checks and code reviews regularly to ensure safe and efficient code. Verify and deploy software solutions for development needs. Work closely with the team to deliver the sprint objectives. Continuously look to improve the organization's standards. Requirements A Bachelors masters degree in engineering or information technology. 4-7 years of software development experience with 2+ years of experience with Python programming language. A thorough understanding of computer architecture, operating systems, and data structures. An in-depth understanding of the Internet, Cloud Computing & Services, and REST APIs. Must have experience with any one of the python frameworks like Flask FastAPI Django REST. Must know GIT and Python virtual environment. Should have experience with python requests module. Must know how to use third-party libraries in Python. Knowledge of Python module/library creation will be added advantageous. Familiarity with SIEM tools like the Qradar app Splunk app and Splunk add-on will be an advantage. Experience working with Linux/Unix and shell scripts. Experience working with Linux/Unix and shell scripts A meticulous and organized approach to work. A logical, analytical, and creative approach to problem-solving. A thorough, detail-oriented work style.