93 Snort Jobs

🔐 We’re Hiring : Senior Cyber Security Engineer 📍 Location : Chennai (On-site) 💼 Experience : 6 – 8 years 💰 Salary Range : ₹12 – 18 LPA ⏳ Immediate Joiners Preferred We are looking for an experienced Senior Cyber Security Engineer to join our team in Chennai and play a key role in securing mission-critical systems, embedded platforms, and communication protocols. Key Responsibilities Perform threat modeling, risk assessments, and vulnerability analysis for embedded systems and networks. Work on decryption, decoding, and reverse engineering of protocols and firmware. Implement and evaluate encryption standards (AES, RSA, ECC). Secure CPS communications (CAN, UAV telemetry, etc.). Utilize network security tools (Wireshark, Snort) for traffic analysis and intrusion detection. Enhance hardware security measures (JTAG/UART, side-channel attack prevention). Skills & Experience Required ✅ 6–8 years of proven experience in cybersecurity. ✅ Strong expertise in cryptography (AES, RSA, ECC). ✅ Hands-on experience in threat modeling & secure architecture design. ✅ Proficiency in reverse engineering protocols & firmware security. ✅ Knowledge of embedded systems security. ✅ Practical use of Wireshark, Snort and similar tools. ✅ Exposure to CPS/IoT communications security (CAN, UAV telemetry). ✅ Solid understanding of hardware security (debug ports, fault injection, side-channel attacks). Why Join Us? Work on cutting-edge cybersecurity challenges across hardware, firmware, and embedded systems. Be part of a collaborative, innovative work culture. Competitive salary with growth opportunities. 📩 How to Apply E-mail: snehaa.sp@jobseeks4u.com 📞 Phone: 9384127723

Job Title: Specialist I, Cyber Defense Operation Centre (TCF) Job Description We are looking for an experienced and proactive SOC Analyst – Level 2 (L2) to join our Managed Security Services Provider (MSSP) team. In this role, you will handle advanced security investigations, lead incident response for escalated cases, fine-tune detection capabilities, and mentor L1 analysts. You will be expected to have strong technical expertise across security platforms, incident handling processes, and threat analysis to ensure timely and accurate response to security incidents in a 24x7 environment. Key Responsibilities Investigate and respond to escalated security incidents from L1 analysts, ensuring timely containment, eradication, and recovery. Perform in-depth log and packet analysis to identify root causes and attack vectors. Correlate alerts across multiple data sources (SIEM, EDR, IDS/IPS, cloud, threat intel) for context-rich investigations. Conduct malware analysis (static/dynamic) and assess potential impact on client systems. Create and refine incident response playbooks, use cases, and correlation rules. Collaborate with threat intelligence teams to enrich investigations and proactively identify emerging threats. Lead the onboarding and configuration validation for new clients and POCs. Support tuning of SIEM and EDR rules to reduce false positives and improve detection accuracy. Mentor and provide technical guidance to L1 analysts, ensuring knowledge transfer and skill growth. Document detailed investigation reports for incidents, ensuring compliance with client and regulatory requirements. Tools & Technologies (proficiency in several is required) SIEM: Palo Alto XSIAM/XDR, Splunk, Microsoft Sentinel, QRadar, LogRhythm EDR: CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint, Palo Alto Cortex XDR Network Security: IDS/IPS (Snort, Suricata), Next-Gen Firewalls (Palo Alto, Fortinet, Cisco) Threat Intelligence: VirusTotal, Anomali ThreatStream, Recorded Future, MISP Forensics: FTK, EnCase, Volatility, Autopsy (awareness) Case Management: ServiceNow, JIRA, TheHive Cloud Security: AWS Security Hub, Azure Security Center, GCP Security Command Center Vulnerability Management: Qualys, Tenable Nessus, Rapid7 InsightVM Required Skills & Qualifications Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience). Experience: 2–4 years in a SOC, incident response, or security operations role. Strong understanding of cyber attack techniques, MITRE ATT&CK framework, and incident handling methodologies. Proficiency in log analysis, endpoint forensics, and network traffic analysis. Experience with SIEM and EDR tool configuration, alert tuning, and custom rule creation. Working knowledge of scripting languages (Python, PowerShell, Bash) for automation and analysis is a plus. Preferred Certifications: GCIA, GCIH, CEH, CompTIA CySA+, Microsoft SC-200, or equivalent. Key Attributes for Success Strong problem-solving skills and ability to work on complex incidents under pressure. Excellent written and verbal communication for clear incident reporting and stakeholder updates. Collaborative mindset with the ability to mentor junior analysts and contribute to team development. Proactive in learning and adapting to evolving threats, tools, and best practices. Location: IND Gurgaon - Bld 14 IT SEZ Unit 1, 17th C & D and Gd Flr D Language Requirements: Time Type: Full time If you are a California resident, by submitting your information, you acknowledge that you have read and have access to the Job Applicant Privacy Notice for California Residents R1649251

We are seeking a Threat Researcher to join our Threat Research team and contribute to the identification of cyber threats, code dissection, and malware reverse engineering. As a Threat Researcher, you will be responsible for conducting research semi-autonomously, generating concise written analyses and visual presentations of findings, and collaborating with clients to deliver innovative detection and eradication solutions to mitigate risks to their networks and operations. The ideal candidate should exhibit technical expertise and a proactive mindset to understand and meet company and customer requirements effectively. Your responsibilities will include: - Analyzing malicious software to discover new techniques and potential targets for client intelligence requirements - Conducting Threat Hunting exercises using telemetry data - Documenting attack capabilities, understanding propagation characteristics, and defining detection signatures - Independently conducting data collection, developing solutions, and supporting intelligence production as per standard operating procedures - Analyzing malware to determine attack techniques and targets - Writing sigma rules for identified malware samples Key requirements for this role include: - A Bachelor's or Master's degree in Computer Science or a related field - Previous experience in threat research with a focus on malware analysis - Demonstrated expertise in advanced reverse engineering of file-based threats, exploits, and attack techniques - Familiarity with using the Pyramid of Pain alongside MITRE's ATT&CK Framework for developing threat hunting hypotheses - Knowledge of Advanced Persistent Threat (APT) tactics and targeted attacks - Strong understanding of mitigation strategies like Suricata, Snort, and YARA signatures - Proficiency in structured programming principles to disassemble code effectively - Expertise in at least one major Operating System to dissect behavior-based systems - Familiarity with malware-based automation workflows and techniques - Basic programming and scripting skills (e.g., .NET, Perl, Java, or Python) This position is based in Hyderabad, India, and requires a minimum of 2 years of relevant experience. It is a full-time role that offers the opportunity to work on challenging projects in the field of threat research and cybersecurity.,

You will be responsible for deploying various Open-Source Network Security Solutions and integrating relevant components to ensure system reliability and performance improvement. Your role will involve performance optimization, customization of event-driven process flows, and actions for IPC and enrichments. Additionally, you will be required to conduct research on new approaches and contribute to IP creation. To excel in this role, you must possess rich experience in working with Network Security Products such as IDS/IPS, Next Generation Firewall, and have a background in product development/solution engineering. Your expertise should include IP networking, IP networking protocols, computer system internals, and IPCs. A strong understanding and knowledge of TCP/IP networking, including L2/L3/L4/L7 protocols, is essential. Proficiency in PCAP, DPI (Deep Packet Inspection), and deployment and performance optimization of tools like Suricata/SNORT/Zeek are also required. You should have experience in creating and adopting rules for IDS/IPS, working with large networks, network clustering, parallel processing, virtual appliances, and have familiarity with Linux, Cloud Environment, Network Processing Cards (NICs), and various processing accelerations. The ideal candidate will hold a postgraduate degree in Computer Science Engineering with a specialization in IP Networking and possess programming skills in C/C++ and Python. Proficiency in Linux operating systems with 4-6 years of relevant experience is preferred. If you meet these qualifications and are looking to apply your expertise in a dynamic and challenging environment, we encourage you to apply for this position.,

We’re looking for a skilled Al/ML lead ( 5+ years) based out of Chennai, for a global computer and network security company. Deep experience in training and fine-tuning Large Language Models (LLMs) such as LLaMA 3 using frameworks like vLLM . The ideal candidate will bring a strong background in machine learning and a practical understanding of the cybersecurity domain—especially around threat intelligence, vulnerabilities, exploits, and configuration analysis . You will lead the development and implementation of models that understand, process, and generate insights across a wide range of cybersecurity content. You will guide a team of ML engineers and collaborate closely with cybersecurity SMEs, data engineers, and DevOps to ensure delivery of scalable, performant, and security-aware AI systems. Key Responsibilities Lead the fine-tuning and domain adaptation of open-source LLMs (e.g., LLaMA 3) using frameworks like vLLM, HuggingFace, DeepSpeed, and PEFT techniques . Develop data pipelines to ingest, clean, and structure cybersecurity data, including threat intelligence reports, CVEs, exploits, malware analysis, and configuration files . Collaborate with cybersecurity analysts to build taxonomy and structured knowledge representations to embed into LLMs. Drive the design and execution of evaluation frameworks specific to cybersecurity tasks (e.g., classification, summarization, anomaly detection). Own the lifecycle of model development including training, inference optimization, testing, and deployment . Provide technical leadership and mentorship to a team of ML engineers and researchers. Stay current with advances in LLM architectures, cybersecurity datasets, and AI-based threat detection. Advocate for ethical AI use and model robustness, especially given the sensitive nature of cybersecurity data. Required Qualifications 5+ years of experience in machine learning , with at least 2 years focused on LLM training or fine-tuning . Strong experience with vLLM, HuggingFace Transformers, LoRA/QLoRA, and distributed training techniques . Proven experience working with cybersecurity data —ideally including MITRE ATT&CK, CVE/NVD databases, YARA rules, Snort/Suricata rules, STIX/TAXII, or malware datasets . Proficiency in Python , ML libraries (PyTorch, Transformers), and MLOps practices. Familiarity with prompt engineering, RAG (Retrieval-Augmented Generation), and vector stores like FAISS or Weaviate. Demonstrated ability to lead projects and collaborate across interdisciplinary teams. Excellent problem-solving skills and strong written & verbal communication. Nice to Have Experience deploying models via vLLM in production environments with FastAPI or similar APIs . Knowledge of cloud-based ML training (AWS/GCP/Azure) and GPU infrastructure. Background in reverse engineering, malware analysis, red teaming, or threat hunting . Publications, open-source contributions, or technical blogs in the intersection of AI and cybersecurity.

We are seeking an experienced SOC Analyst L3 with strong expertise in SIEM and SOAR solutions (FortiSIEM, QRadar, Qualys, or similar platforms). The candidate will be responsible for designing, deploying, managing, and optimizing SIEM/SOAR solutions at our SOC Centre and client locations. This role also includes providing technical leadership, guiding L1 and L2 analysts, managing escalations, and ensuring 24x7 SOC effectiveness. The ideal candidate is hands-on, with strong experience in end-to-end SIEM/SOAR deployment, threat hunting, automation playbooks, and incident response. ⸻ Key Responsibilities • Deployment & Implementation • Design, deploy, configure, and maintain SIEM solutions (FortiSIEM, IBM QRadar, Splunk, Qualys, etc.) at client environments. • Implement and optimize SOAR platforms, create automation playbooks for incident response. • Integrate multiple log sources (firewalls, IDS/IPS, endpoints, cloud, applications, databases, etc.) into SIEM. • Configure custom parsers, correlation rules, dashboards, and alerts based on client use cases. • SOC Operations Leadership • Act as the technical escalation point for L1/L2 SOC analysts. • Provide training and mentorship to SOC teams. • Lead threat hunting and advanced incident response. • Develop and maintain incident handling and escalation procedures. • Perform periodic tuning of SIEM to minimize false positives and improve detection. • Security Monitoring & Incident Response • Conduct real-time monitoring of alerts and incidents. • Lead root cause analysis of security events. • Coordinate with client IT/security teams for containment, eradication, and recovery. • Maintain forensic evidence and reporting for incidents. • Client Engagement • Work closely with client stakeholders to understand security requirements and map SIEM/SOAR solutions accordingly. • Conduct periodic security posture reviews and present improvement reports. • Assist in compliance reporting (PCI-DSS, ISO 27001, GDPR, etc.). • Continuous Improvement • Research and evaluate new threat intelligence, tools, and security technologies. • Enhance SOC processes, playbooks, and knowledge base. • Ensure compliance with cybersecurity frameworks and best practices. ⸻ Technical Requirements • SIEM Solutions: Hands-on deployment, tuning, and management of FortiSIEM, IBM QRadar, Splunk, Qualys VMDR, ELK Stack, or equivalent. • SOAR Platforms: Experience in implementing SOAR playbooks for automated incident handling. • Security Tools Integration: • Firewalls (Fortinet, Palo Alto, Cisco ASA) • IDS/IPS (Snort, Suricata) • Endpoint Security (EDR/XDR solutions) • Cloud Security (AWS Security Hub, Azure Sentinel, GCP Security) • Threat Intelligence feeds integration • Log & Event Management: Strong knowledge of log parsing, correlation rules, dashboards, and custom alerts. • Threat Detection & Response: Experience in threat hunting, malware analysis, forensics, and advanced persistent threat detection. • Vulnerability Management: Familiarity with Qualys/Nessus/Rapid7 integration with SIEM. • Compliance & Frameworks: Understanding of ISO 27001, NIST, SOC 2, PCI-DSS, GDPR requirements. ⸻ Required Skills & Experience • Experience: Minimum 6–8 years in SOC operations, with 3+ years as L3 SOC Analyst/Engineer. • Proven expertise in end-to-end SIEM/SOAR deployment and operations. • Strong understanding of network protocols, operating systems (Windows/Linux), cloud environments, and databases. • Ability to script and automate tasks (Python, PowerShell, Bash). • Excellent incident response, forensic investigation, and threat hunting skills. • Leadership qualities with the ability to manage SOC teams and mentor juniors. • Strong communication and client-handling skills. ⸻ Certifications (Preferred but not mandatory) • SIEM-related: IBM QRadar Certified Specialist / FortiSIEM Specialist / Splunk Certified Architect • Cybersecurity: CEH, CHFI, CompTIA Security+, CySA+, CISSP, CISM, GCIA, GCFA, GCIH • Cloud Security: AWS Security Specialty, Microsoft SC-200, Azure Sentinel Certifications ⸻ What We Offer • Opportunity to work on cutting-edge SOC environments across diverse industries. • Hands-on exposure to FortiSIEM, QRadar, Qualys, and leading SOAR tools. • Leadership role with growth path to SOC Manager/Practice Lead. • Competitive salary & benefits.

About ASB ASB is committed to empowering students with expertise in emerging technologies. We are looking for an enthusiastic and passionate Cybersecurity Training Expert to lead and mentor students, equipping them with industry-relevant skills in cybersecurity. This role requires a deep understanding of cybersecurity principles, hands-on technical expertise, and a passion for teaching. The ideal candidate will have solid experience in network security, penetration testing, ethical hacking, compliance, and security frameworks. They should be an excellent communicator who can break down complex cybersecurity concepts into easy-to-understand modules. Key Responsibilities 1. Training Delivery Design, develop, and deliver high-quality cybersecurity training through courses, workshops, boot camps, and webinars. Cover a broad range of cybersecurity topics, including but not limited to: Network Security & Firewalls Penetration Testing & Ethical Hacking Cloud Security & DevSecOps Security Compliance & Auditing (ISO 27001, NIST, GDPR, etc.) Threat Intelligence & Incident Response SIEM, SOC & Security Tools (Burp Suite, Wireshark, Metasploit, AWS Security Hub, etc.) 2. Curriculum Development Develop and continuously update cybersecurity training materials, including hands-on labs, case studies, quizzes, and real-world projects. Ensure training content is aligned with industry best practices, compliance frameworks, and emerging security trends. 3. Training Management Organize and manage cybersecurity training sessions, ensuring smooth content delivery, engagement, and assessments. Track learner progress and provide additional support, including one-on-one guidance and mentorship. 4. Technical Support & Mentorship Assist students with technical queries and troubleshoot cybersecurity-related challenges. Provide career guidance and mentorship, helping students navigate certifications (CEH, CISSP, OSCP, CISM, etc.) and job opportunities in cybersecurity. 5. Industry Engagement Stay updated with the latest cybersecurity threats, vulnerabilities, and defense mechanisms. Represent ASB at cybersecurity conferences, webinars, and industry events. 6. Assessment & Evaluation Develop hands-on challenges, CTFs (Capture The Flag), and practical assessments to evaluate student proficiency. Provide constructive feedback to enhance their technical skills. Required Qualifications & Skills Educational Background Bachelor's or Masters degree in Computer Science, Cybersecurity, Information Security, or a related field. Hands-on Cybersecurity Experience 3+ years of experience in cybersecurity roles such as Penetration Tester, Security Analyst, SOC Analyst, Cybersecurity Engineer, or Security Auditor. Expertise in ethical hacking, threat analysis, cloud security, risk assessment, and compliance. Strong knowledge of Linux, Windows Security, Networking, and Cryptography. Teaching & Communication Skills 2+ years of experience in training, mentoring, or delivering cybersecurity education. Ability to explain complex security concepts in a clear and engaging way. Cybersecurity Tools & Platforms Experience with security tools such as Kali Linux, Metasploit, Burp Suite, Wireshark, Nessus, Nmap, Snort, Splunk, SIEM platforms, and AWS Security Hub. Knowledge of SOC operations, incident response, and security automation tools. Passion for Education A genuine enthusiasm for training the next generation of cybersecurity professionals. Preferred Qualifications Industry Certifications CEH, OSCP, CISSP, CISM, CCSP, AWS Security Certification, or equivalent. Experience in Online Teaching Prior experience in online training platforms (Udemy, Coursera, etc.) or learning management systems (LMS). Knowledge of Security Frameworks & Compliance Familiarity with ISO 27001, NIST, GDPR, SOC 2, and PCI-DSS. Experience in Blue Team & Red Team Operations Understanding of ethical hacking (offensive security) and defensive security (SOC, SIEM, endpoint protection, etc.).

Job Title Security Operations Center (SOC) Analyst Overview We are seeking a motivated SOC Analyst to join our team. This is a unique opportunity to gain hands-on experience in detecting, analyzing, and responding to cybersecurity threats while also contributing to research, automation, and advanced security initiatives. This role blends operational monitoring with coding/scripting and R&D, making it ideal for candidates who want to grow into well-rounded cybersecurity professionals—not just alert responders. Candidates must be eager to learn, adaptable to rotating shifts (including night shifts), and passionate about making an impact in cybersecurity defense. Key Responsibilities Monitor, analyze, and respond to security alerts, incidents, and potential threats within a 24/7 SOC environment. Perform initial triage, investigation, and escalation of security events, ensuring timely and accurate threat response. Develop and improve automation scripts, tools, and playbooks (primarily in Python) to enhance SOC efficiency and reduce manual workload. Participate in threat research: analyzing emerging attack vectors, malware, and vulnerabilities to strengthen detection strategies. Contribute to security R&D projects—experimenting with new technologies, writing proof-of-concept scripts, and implementing detection logic. Collaborate with senior analysts, threat hunters, and incident response on complex investigations. Maintain documentation of incidents, findings, and process improvements. Continuously upgrade skills through research, and certifications. Requirements Bachelor’s degree in Computer Science, Information Security, or related discipline (or equivalent experience). Strong foundation in networking, operating systems, and security fundamentals (TCP/IP, logs, firewalls, SIEM, IDS/IPS). Hands-on coding/scripting skills – preferably in Python (PowerShell, Bash, or other scripting languages are a plus). Familiarity with SIEM solutions (Splunk, QRadar, Elastic, etc.) and log analysis. Analytical and troubleshooting ability under pressure. Good written and verbal communication skills. Strong willingness to work in rotational shifts (morning/afternoon/evening). Preferred Skills Certifications: CompTIA Security+, CySA+, CEH, or equivalent. are a plus Exposure to malware analysis, threat intelligence, Experience in creating custom detection rules or scripts (YARA, Sigma, Snort, etc.). are plus Previous internship or hands-on project experience in a SOC, cybersecurity lab, or capture-the-flag (CTF) competitions. Shift Details 6 Day work week, 9hour shift Rotating shifts (Morning/Evening/Night) Must be comfortable with night shifts and flexible to work weekends/holidays as part of the rotation. Benefits Gain real SOC experience in a fast-paced cybersecurity environment. Exposure to advanced tools, frameworks, and research projects that go beyond monitoring. Learning and certification support for relevant cybersecurity credentials. Clear career growth opportunities into Mid-level SOC, Threat Hunting, or Incident Response roles.

Role Description: As a Senior Network Security Specialist at Incedo, you will be responsible for managing and maintaining client network security. Your duties will include implementing security protocols, monitoring security logs, conducting vulnerability assessments, collaborating with other teams to manage risk, and providing security recommendations. Roles & Responsibilities: Designing and implementing network security strategies. Identifying and mitigating network security threats and vulnerabilities. Configuring and managing security devices such as firewalls and intrusion detection systems. Conducting security audits and assessments. Collaborating with other IT teams to ensure security policies and procedures are implemented. Providing technical support for security-related issues. Maintaining documentation of security configurations and changes. Technical Skills Skills Requirements: Knowledge of network security practices such as access control, intrusion detection, and incident response. Experience in configuring and managing network security devices such as firewalls, VPNs, and IDS/IPS. Familiarity with network security monitoring tools such as Wireshark, Snort, or Bro. Understanding of security frameworks and regulations such as NIST or PCI-DSS. Must have excellent communication skills and be able to communicate complex technical information to non-technical stakeholders in a clear and concise manner. Must understand the company's long-term vision and align with it. Provide leadership, guidance, and support to team members, ensuring the successful completion of tasks, and promoting a positive work environment that fosters collaboration and productivity, taking responsibility of the whole team. Nice-to-have skills Qualifications 4-6 years of work experience in relevant field B.Tech/B.E/M.Tech or MCA degree from a reputed university. Computer science background is preferred

Role Description As a Software Engineer - Network Security at Incedo, you will be responsible for managing and maintaining client network security. Your duties will include implementing security protocols, monitoring security logs, conducting vulnerability assessments, collaborating with other teams to manage risk, and providing security recommendations. Roles & Responsibilities: Designing and implementing network security strategies. Identifying and mitigating network security threats and vulnerabilities. Configuring and managing security devices such as firewalls and intrusion detection systems. Conducting security audits and assessments. Collaborating with other IT teams to ensure security policies and procedures are implemented. Providing technical support for security-related issues. Maintaining documentation of security configurations and changes. Technical Skills Skills Requirements: Knowledge of network security practices such as access control, intrusion detection, and incident response. Experience in configuring and managing network security devices such as firewalls, VPNs, and IDS/IPS. Familiarity with network security monitoring tools such as Wireshark, Snort, or Bro. Understanding of security frameworks and regulations such as NIST or PCI-DSS. Must have excellent communication skills and be able to communicate complex technical information to non-technical stakeholders in a clear and concise manner. Must understand the company's long-term vision and align with it. Nice-to-have skills Qualifications 3-5 years of work experience in relevant field B.Tech/B.E/M.Tech or MCA degree from a reputed university. Computer science background is preferred

Role Description As a Software Engineer - Network Security at Incedo, you will be responsible for managing and maintaining client network security. Your duties will include implementing security protocols, monitoring security logs, conducting vulnerability assessments, collaborating with other teams to manage risk, and providing security recommendations. Roles & Responsibilities: Designing and implementing network security strategies. Identifying and mitigating network security threats and vulnerabilities. Configuring and managing security devices such as firewalls and intrusion detection systems. Conducting security audits and assessments. Collaborating with other IT teams to ensure security policies and procedures are implemented. Providing technical support for security-related issues. Maintaining documentation of security configurations and changes. Technical Skills Skills Requirements: Knowledge of network security practices such as access control, intrusion detection, and incident response. Experience in configuring and managing network security devices such as firewalls, VPNs, and IDS/IPS. Familiarity with network security monitoring tools such as Wireshark, Snort, or Bro. Understanding of security frameworks and regulations such as NIST or PCI-DSS. Must have excellent communication skills and be able to communicate complex technical information to non-technical stakeholders in a clear and concise manner. Must understand the company's long-term vision and align with it. Nice-to-have skills Qualifications 3-5 years of work experience in relevant field B.Tech/B.E/M.Tech or MCA degree from a reputed university. Computer science background is preferred

Role Description : As a Senior Network Security Specialist at Incedo, you will be responsible for managing and maintaining client network security. Your duties will include implementing security protocols, monitoring security logs, conducting vulnerability assessments, collaborating with other teams to manage risk, and providing security recommendations. Roles & Responsibilities: Designing and implementing network security strategies. Identifying and mitigating network security threats and vulnerabilities. Configuring and managing security devices such as firewalls and intrusion detection systems. Conducting security audits and assessments. Collaborating with other IT teams to ensure security policies and procedures are implemented. Providing technical support for security-related issues. Maintaining documentation of security configurations and changes. Technical Skills : Knowledge of network security practices such as access control, intrusion detection, and incident response. Experience in configuring and managing network security devices such as firewalls, VPNs, and IDS/IPS. Familiarity with network security monitoring tools such as Wireshark, Snort, or Bro. Understanding of security frameworks and regulations such as NIST or PCI-DSS. Must have excellent communication skills and be able to communicate complex technical information to non-technical stakeholders in a clear and concise manner. Must understand the company's long-term vision and align with it. Provide leadership, guidance, and support to team members, ensuring the successful completion of tasks, and promoting a positive work environment that fosters collaboration and productivity, taking responsibility of the whole team. Qualifications 4-6 years of work experience in relevant field B.Tech/B.E/M.Tech or MCA degree from a reputed university. Computer science background is preferred

Role Description : As a Technical Lead - Network Security at Incedo, you will be responsible for managing and maintaining client network security. Your duties will include implementing security protocols, monitoring security logs, conducting vulnerability assessments, collaborating with other teams to manage risk, and providing security recommendations. Roles & Responsibilities: Designing and implementing network security strategies. Identifying and mitigating network security threats and vulnerabilities. Configuring and managing security devices such as firewalls and intrusion detection systems. Conducting security audits and assessments. Collaborating with other IT teams to ensure security policies and procedures are implemented. Providing technical support for security-related issues. Maintaining documentation of security configurations and changes. Technical Skills Skills Requirements: Knowledge of network security practices such as access control, intrusion detection, and incident response. Experience in configuring and managing network security devices such as firewalls, VPNs, and IDS/IPS. Familiarity with network security monitoring tools such as Wireshark, Snort, or Bro. Understanding of security frameworks and regulations such as NIST or PCI-DSS. Must have excellent communication skills and be able to communicate complex technical information to non-technical stakeholders in a clear and concise manner. Must understand the company's long-term vision and align with it. Should be open to new ideas and be willing to learn and develop new skills. Should also be able to work well under pressure and manage multiple tasks and priorities. Qualifications 7-9 years of work experience in relevant field B.Tech/B.E/M.Tech or MCA degree from a reputed university. Computer science background is preferred .

Role Description : As a Senior Network Security Specialist at Incedo, you will be responsible for managing and maintaining client network security. Your duties will include implementing security protocols, monitoring security logs, conducting vulnerability assessments, collaborating with other teams to manage risk, and providing security recommendations. Roles & Responsibilities: Designing and implementing network security strategies. Identifying and mitigating network security threats and vulnerabilities. Configuring and managing security devices such as firewalls and intrusion detection systems. Conducting security audits and assessments. Collaborating with other IT teams to ensure security policies and procedures are implemented. Providing technical support for security-related issues. Maintaining documentation of security configurations and changes. Technical Skills Skills Requirements: Knowledge of network security practices such as access control, intrusion detection, and incident response. Experience in configuring and managing network security devices such as firewalls, VPNs, and IDS/IPS. Familiarity with network security monitoring tools such as Wireshark, Snort, or Bro. Understanding of security frameworks and regulations such as NIST or PCI-DSS. Must have excellent communication skills and be able to communicate complex technical information to non-technical stakeholders in a clear and concise manner. Must understand the company's long-term vision and align with it. Provide leadership, guidance, and support to team members, ensuring the successful completion of tasks, and promoting a positive work environment that fosters collaboration and productivity, taking responsibility of the whole team. Qualifications 4-6 years of work experience in relevant field B.Tech/B.E/M.Tech or MCA degree from a reputed university. Computer science background is preferred

Tech Co-founder Wanted- Let's build a large consumer internet company We’re building Plunge: a new-age social networking app that helps people meet IRL for activities, plans, and experiences. Think of it as the opposite of endless scrolling: instead of wasting time online, Plunge gets you out, meeting people, and living real moments. We're solving urban loneliness which is the root cause to a lot of mental health issues. We’re at the MVP stage with early traction (2,000+ active users) and are raising an angel round. Now, I’m looking for a tech co-founder who’s crazy enough to believe we can build India’s next big consumer internet company. Who you are: A builder at heart: someone who loves shipping fast, breaking things, and iterating. Eat, breath, snort and love code Ambitious: you want to create something massive, not just “work at a startup.” Hungry for ownership: you’re not looking for a salary right now, you’re looking for equity, impact, and a chance to change the game . High Agency Comfortable with uncertainty and chaos (that’s where legends are born). have a contrarian bend inner ich to change the status quo What you’ll do: Own and scale the Plunge product end-to-end. Work closely with me (CEO) on product, growth, and strategy. Build a strong tech culture + future engineering team. Help us go from MVP → 100K users → millions . What’s in it for you: Co-founder title and meaningful equity . A front-row seat in building a bold, contrarian social network. Fundraise exposure, startup house access, and direct network of investors/founders. The thrill of creating something people will talk about for years. Money and the freedom that comes with it J-curve growth This isn’t a job. It’s a ride . If you’ve got the fire to build something big, DM me or drop your details. Let’s plunge into it. Drop the formalities and ping me on 7814916436, LFG 🔥

The Sr. Threat Analyst will provide deep-level analysis for client investigations utilizing customer-provided data sources, audit, and monitoring tools at both the government and enterprise levels. The Senior Threat Analyst will work closely with our Technology Engineers, Architects, and Threat Analysts to service customers. How You'll Make An Impact High-level professional writing experience regarding documenting and reporting on potential security incidents identified in customer environments including timeline of events Work with partners to maintain an understanding of security threats, vulnerabilities, and exploits that could impact systems, networks, and assets. Provide analysis on various security enforcement technologies including, but not limited to SIEM, anti-virus, content filtering/reporting, malware prevention, firewalls, intrusion detection systems, web application firewalls, messaging security platforms, vulnerability scanners etc. Perform knowledge transfers, document, and train clients regarding the mitigation of identified threats. Provide ongoing recommendations to peers and customers on tuning and best practices. Actively research current threats and attack vectors being exploited in the wild Actively work with analysts and perform investigations of escalations. Ability to discuss security posture with multiple clients and make recommendations to better their holistic security approach. Provide gap analysis for clients to better their security posture. Maintain and develop SOPs for the threat analyst team. Develop and maintain Playbooks and runbooks. Work with internal teams to increase the efficiency and effectiveness of security analysis provided by the threat analysis team. Training of new analysts on security and tools Create and maintain a Content Catalog based on security essentials and the evolving threat landscape. Provide quality assurance (QA) review of security alerts handled by Team members. What We’re Looking For Five or more years of full-time professional experience in the Information Security field Experience working in a Security Operations Center (SOC), Managed Security Service (MSS), or enterprise network environment as a point of escalation. Excellent time management, reporting, and communication skills including customer interactions and executive presentations. Data analysis using SIEM, Database tools, and Excel. Experience troubleshooting security devices and SIEM. Ability to create and maintain content within SIEM environments and make recommendations to clients to better their visibility. IDS monitoring/analysis with tools such as Sourcefire and Snort Experience with SIEM platforms preferred (QRadar, LogRhythm, McAfee/Nitro, ArcSight, Splunk) is a plus. Direct (E.g., SQL Injection) versus indirect (E.g., cross-site scripting) attacks Experience with the following attacks: Web Based Attacks and the OWASP Top 10, Network-Based DoS, Brute force, HTTP Based DoS, Denial of Service, and Network-Based / System Based Attacks. Familiarity with SANS top 20 critical security controls Understand the foundations of enterprise Windows security including Active Directory, Windows security architecture and terminology, Privilege escalation techniques, Common mitigation controls and system hardening. Anti-virus (AV) and Host Based Intrusion Prevention (HIPS) Experience in monitoring at least one commercial AV solution such as (but not limited to) McAfee/Intel, Symantec, Sophos, or Trend Micro Ability to identify common false positives and make suggestions on tuning. Understanding of root causes of malware and proactive mitigation Propagation of malware in enterprise environments Familiarity with web-based exploit kits and the methods employed by web-based exploit kits. Familiarity with concepts associated with Advanced Persistent Threats and “targeted malware.” Experience and understanding of malware protection tools (FireEye) and controls in an enterprise environment. Covert channels, egress, and data exfiltration techniques Familiarity with vulnerability scoring systems such as CVSS. Basic understanding of vulnerability assessment tools such as vulnerability scanners and exploitation frameworks The role demands the availability for US working hours 5PM (IST) to 3AM (IST) This role is Work From Office role. What You Can Expect From Optiv A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups. Work/life balance Professional training resources Creative problem-solving and the ability to tackle unique, complex projects Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities. The ability and technology necessary to productively work remotely/from home (where applicable) EEO Statement Optiv is an equal opportunity employer (EEO). All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, status as an individual with a disability, veteran status, or any other basis protected by federal, state, or local law. Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time.

At Allstate, great things happen when our people work together to protect families and their belongings from life’s uncertainties. And for more than 90 years our innovative drive has kept us a step ahead of our customers’ evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection. Job Description We are seeking an experienced Threat Hunter to perform intelligence-driven network defense supporting the monitoring and incident response capabilities. The role will involve analysis of large amounts of data from vendors and internal sources, including various indicator feeds, Splunk, and several threat intelligence tools, etc. The candidate will perform the functions of threat operations and hunting and serve as a liaison for Threat Intelligence for the Cyber Security Operations Center, and mentor the incident handling, incident response, and forensics teams. Key Responsibilities Performs research and analysis of potential and known threats and vulnerabilities for assigned areas and cybersecurity operational systems; designs, executes, and records results of testing plans and scripts and suggests improvements Understanding of common network and application stack protocols, including but not limited to TCP/IP, SMTP, DNS, TLS, XML, HTTP, etc. Experience with security operations tools, including but not limited to: SIEM (e.g. Defender, Splunk, ArcSight) EDR (e.g. CrowdStrike, Tanium) Indicator management (e.g. ThreatConnect) Signature development/management (e.g. Snort rules, Yara rules) Knowledge of common security infrastructure tools (NIDS, HIPS, EDR, etc.) Excellent analytical and problem solving skills, a passion for research and puzzle-solving. Understanding of large, complex corporate network environments. Strong communication (oral, written, presentation), interpersonal and consultative skills, especially in regard to white papers, briefs, and presentations. Good organization and documentation skills Peer collaboration and mentorship skills Critically evaluates business processes and cybersecurity systems to develop incident response plans for assigned area; executes plan to detect, alert, and contain intrusions and attacks, ensure required actions are taking place, and communicate status to affected areas and leadership. Education 4 year Bachelors Degree (Preferred) Experience 2 or more years of experience (Preferred) Supervisory Responsibilities This job does not have any supervisory duties Education & Experience (in Lieu) In lieu of the above education requirements, an equivalent combination of education and experience may be considered. Primary Skills Cyber Defense, Cyber Threat Analysis, Cyber Threat Hunting, Cyber Threat Intelligence, Endgame Threat Hunting, IT Security Operations, Security Tools, Technical Investigation, Threat Assessment, Threat Modeling, Threat Monitoring, Vulnerability Scanning Shift Time Shift B (India) Recruiter Info Yateesh ybgaa@allstate.com About Allstate Joining our team isn’t just a job — it’s an opportunity. One that takes your skills and pushes them to the next level. One that encourages you to challenge the status quo. One where you can shape the future of protection while supporting causes that mean the most to you. Joining our team means being part of something bigger – a winning team making a meaningful impact. The Allstate Corporation is one of the largest publicly held insurance providers in the United States. Ranked No. 84 in the 2023 Fortune 500 list of the largest United States corporations by total revenue, The Allstate Corporation owns and operates 18 companies in the United States, Canada, Northern Ireland, and India. Allstate India Private Limited, also known as Allstate India, is a subsidiary of The Allstate Corporation. The India talent center was set up in 2012 and operates under the corporation's Good Hands promise. As it innovates operations and technology, Allstate India has evolved beyond its technology functions to be the critical strategic business services arm of the corporation. With offices in Bengaluru and Pune, the company offers expertise to the parent organization’s business areas including technology and innovation, accounting and imaging services, policy administration, transformation solution design and support services, transformation of property liability service design, global operations and integration, and training and transition. Learn more about Allstate India here.

About noon noon, the region's leading consumer commerce platform. On December 12th, 2017, noon launched its consumer platform in Saudi Arabia and the UAE, expanding to Egypt in February 2019. The noon ecosystem of services now includes marketplaces for food delivery, quick-commerce, fintech, and fashion. noon is a work in progress; we’re six years in, but only 5% done. noon’s mission: every door, everyday. What we are looking for Noon’s Cybersecurity department, Security operations team is looking for a talented, experienced, and enthusiastic Senior Threat Detection Engineer to help build and scale the Detection & Threat Hunting program at Noon. The ideal candidate will be someone who has diverse security skill-set (IR, TI, SOC..) and specialized in detecting engineering and threat hunting. The focus area for this role will be on designing and implementing advanced detection mechanisms based on known/emerging attacks and pivoting techniques. The Sr. Threat Detection will be working on proactive approaches to advance steps ahead of attackers and help in building detection to identify advanced, current and emerging threats. He will be responsible for the design and implementation of security intelligence and detection capabilities across our applications and networks. This role will be assisting in building the strategy and the team for our Detection and Threat Hunting Program. He will be the focal point for the planning and execution of security investigation, response process and coordination of relevant parties when an information security incident occurs. In addition, documentation, analytical and critical thinking skills, investigation and forensics, and the ability to identify needs and take the initiative are key requirements of this position. About the role Help build and scale the Detection & Threat hunting Program at Noon Drive improvements in detection and response capabilities, and operations for the Internal SOC/TI Write detection signatures, tune security monitoring systems/ tools, develop automation scripts and correlation rules. Work closely with other Security Team members to strengthen our detection and defence mechanisms in regards to, Web applications, Cloud and Network. Exhibit knowledge of attacker lifecycle, TTPs, indicators of compromise (IOCs), and proactively implementing countermeasures to neutralize the threats. Identifies opportunities to enhance the development and implementation of new methods for detecting attacks and malicious activities. Participate as a member of the CSIRT during major incidents and lend contributions to post-Incident review and continuous improvement Proactive threat hunting of anomalies to identify IOCs and derive custom snort signatures for the IOCs Identifying and managing a wide range of intelligence sources to provide a holistic view of the threat landscape. (OSINT aggregation) Work closely with the Red Team and Blue Team to implement custom detection of new and emerging threats, and develop monitoring use cases. Coordinate in red teaming activities such as table-top and adversarial simulation exercises. Responsible for owning all confirmed incidents. This includes publishing Incident Report, documenting Lessons Learnt and updating Knowledge Base. Required Expertise: Required: Senior level experience in a threat intel, detection, IR, or similar cybersecurity roles for medium to large organizations. Required: Technical professional security certifications in Incident Response, Digital Forensics, Offensive Security, or Malware Analysis, such as GCIH, GCFA, GNFA, GCTI, OSCP or similar Bachelor’s degree in Computing, Information Technology, Engineering or a related field, with a strong security component. Hands-on experience in detection engineering, advanced cyber threat intelligence activities, intrusion detection, incident response, and security content development (e.g., signatures, rules, etc.) A broad and diverse security skill-set with an advanced understanding of modern network security technologies (e.g. Firewalls, Intrusion Detection/Prevention Systems, Access Control Lists, Network Segmentation, SIEMs, Auditing/Logging and Identity & Access Management solutions, DDoS protection etc.). Knowledge of at least one common scripting language (Python, Ruby, Go). Experience handling and building a SOAR such as Chronicle’s SOAR, Demisto, Phantom or similar tools. Experience conducting and leading incident response investigations for organizations, investigating targeted threats such as the Advanced Persistent Threat, Insider Threats .. etc. Understanding of log collection and aggregation techniques, Elastic Search, Logstash, Kibana (ELK), Syslog-NG, Windows Event Forwarding (WEF), etc. Experience with endpoint security agents (Carbon Black, Crowdstrike, etc.). Preferred Qualifications: Hands on experience with Chronicle SIEM/SOAR and Google SecOps Expertise in threat hunting in one or more public cloud solutions such as AWS and GCP Ability to work with a team or independently with minimal direction/leadership Hands-on experience in offensive/defensive web applications security is a big plus for this role. Highly motivated and self-directed with a passion for solving complex problems Establishes industry expertise through writing, speaking or online presence. Who will excel? We’re looking for people with high standards, who understand that hard work matters. You need to be relentlessly resourceful and operate with a deep bias for action. We need people with the courage to be fiercely original. noon is not for everyone; readiness to adapt, pivot, and learn is essential.

Kanchipuram, Tamil Nadu Full-time (Rotational Shifts – 24x7) 0–1 year (Freshers welcome) Security Operations Analyst– 2 positions We’re seeking a motivated and detail-oriented Security Operations Analyst to join our Security Operations Center (SOC). In this role, you’ll monitor, investigate, and respond to real-time security alerts across our infrastructure. You'll play a key part in strengthening our organization’s security posture by identifying potential threats, supporting incident response efforts, and continuously improving detection and response capabilities. This role is ideal for individuals who are passionate about cybersecurity, eager to learn, and ready to tackle evolving security challenges in a fast-paced cloud environment. Job Responsibilities Monitor SIEM dashboards and alerting tools to detect suspicious activity. Triage security alerts and escalate genuine threats to the incident response team. Analyze logs from firewalls, servers, applications, and cloud platforms to identify anomalies. Investigate phishing reports, unauthorized access attempts, malware infections, and other security incidents. Maintain up-to-date documentation of security processes and incident reports. Assist in vulnerability scanning, patch tracking, and compliance-related activities. Stay informed about emerging threats, vulnerabilities, and attack vectors. Technical Skills – Nice to Have (Not All Required) We value potential and a willingness to grow. While prior cybersecurity experience is a plus, we welcome applicants with a strong interest in security and a basic foundation in IT or networking concepts. Security Concepts: Threat detection, incident response, vulnerability management Operating Systems: Linux and Windows security basics Networking: TCP/IP, firewalls, VPNs, proxies, DNS Tools: SIEM (like Wazuh, Splunk), Suricata, Snort, Wireshark, Nessus Scripting & Automation: Bash, Python (for basic automation) Cloud Security: Awareness of security concerns in public cloud environments Certifications (Preferred but not mandatory): CompTIA Security+, CEH, OSCP, or equivalent You Should Be Someone Who: Has keen attention to detail and problem-solving ability Communicates clearly and handles confidential data responsibly Is eager to explore and learn cybersecurity tools and methodologies Takes initiative and works well both independently and in a team Thrives in high-pressure situations and can think clearly during incidents What You’ll Gain Hands-on experience with real-world security monitoring and incident response Exposure to cybersecurity tools used in cloud and enterprise environments Practical understanding of Linux/Windows hardening, network security, and log analysis Opportunity to grow into advanced roles in cyber defense, threat hunting, or ethical hacking Apply today Kindly assist in fast forwarding your application by sending us a mail on the email ID mentioned below! Best in the industry compensation Scope for growth Great company culture For tech roles: tech-role@e2enetworks.com For non-tech roles: recruitment@e2enetworks.com

Key Responsibility Areas (KRAs) of an ITEXE 1. IT Infrastructure Management Objective: Ensure that the resort’s IT infrastructure is robust, secure, and always operational. Responsibilities: Oversee the installation, maintenance, and upgrade of servers, network systems, and hardware. IDS KNOWLEDGE is a must. Maintain uninterrupted operation of internet connectivity, Wi-Fi access points, and LAN/WAN infrastructure. Manage cloud and on-premises data center infrastructure. Monitor system performance and troubleshoot issues proactively. Coordinate with external vendors for infrastructure support and upgrades. 2. Hotel Systems Administration Objective: Manage and support critical hotel operation systems. Responsibilities: Administer Property Management System (PMS) such as Opera, Protel, or eZee FrontDesk. Support POS (Point-of-Sale) systems in restaurants, bars, and retail outlets. Manage interface integrations between PMS, POS, CRM, and third-party systems (e.g., payment gateways, key card access, guest apps). Ensure Business Intelligence tools and reporting platforms are functioning optimally. 3. Data Security & Compliance Objective: Ensure data security, privacy compliance, and risk mitigation. Responsibilities: Implement and enforce cyber security protocols, firewalls, antivirus, and intrusion detection systems. Maintain backup and disaster recovery systems. Ensure compliance with data protection regulations (e.g., GDPR, PCI-DSS). Conduct periodic IT audits and vulnerability assessments. Train staff on information security awareness. 4. Guest-Facing Technology Support Objective: Enhance guest experience through seamless and innovative technology. Responsibilities: Ensure high-speed internet/Wi-Fi coverage throughout the resort. Manage IPTV systems, smart room controls, in-room tablets, or voice assistants. Troubleshoot guest technology issues promptly and courteously. Implement and maintain digital check-in/check-out solutions and guest mobile apps. 5. IT Budgeting & Procurement Objective: Plan and manage IT expenditures efficiently. Responsibilities: Prepare and manage annual IT budget. Evaluate and recommend technology purchases, upgrades, and vendor contracts. Track IT asset inventory (hardware, software, licenses). Ensure cost-effective sourcing of IT supplies and services. 6. Team Leadership & Staff Support Objective: Lead IT staff and support internal departments. Responsibilities: Manage and train the IT support team. Provide desktop and application support to all departments (front office, housekeeping, finance, F\&B, spa, etc.). Ensure proper functioning of staff communication tools (IP phones, radios, internal messaging apps). Set SLAs (Service Level Agreements) for response and resolution times. 7. Technology Strategy & Innovation Objective: Drive digital transformation and strategic improvements. Responsibilities: Identify and implement emerging hospitality technologies. Recommend system enhancements based on operational feedback and technology trends. Support digital marketing initiatives with tech tools and analytics platforms. Align IT strategy with the resort’s business objectives. 8. Vendor and Contract Management Objective: Maintain productive relationships with technology partners. Responsibilities: Manage contracts and performance of IT service providers, hardware vendors, and software vendors. Evaluate service levels and renewals of support agreements and licensing. Liaise with telecom providers, surveillance system providers, and guest entertainment system vendors. 9. Surveillance, Access Control & Safety Systems Objective: Oversee electronic safety and monitoring systems. Responsibilities: Maintain and monitor CCTV systems, access control, and electronic key card systems. Support integration of IT with security systems (e.g., fire alarms, emergency response). Ensure uptime and recording integrity of surveillance systems. 10. Sustainability & Green IT Initiatives Objective: Promote energy-efficient and eco-friendly IT practices. Responsibilities: Implement power-saving settings, e-waste disposal policies, and cloud solutions. Support digital processes to reduce paper usage (e.g., e-billing, e-menus). Summary Table: Key KRAs at a Glance | KRA | Key Focus | | --------------------- | -------------------------------- | | IT Infrastructure | Network, servers, hardware | | Hotel Systems | PMS, POS, interfaces | | Data Security | Firewalls, compliance, DR | | Guest Tech Support | Wi-Fi, IPTV, smart rooms | | Budget & Procurement | Planning, purchases, inventory | | Team Leadership | IT support, training, SLAs | | Strategy & Innovation | Tech upgrades, alignment | | Vendor Management | Contracts, SLAs, procurement | | Surveillance & Access | CCTV, key card, alarms | | Sustainability | Green IT, digital transformation | Technical Checklist for IDS Expertise For assessing or preparing for the IT Manager role 1. System Design & Architecture [ ] Understands NIDS vs HIDS and can design hybrid IDS architecture. [ ] Able to place sensors at critical network chokepoints (e.g., between VLANs, DMZ, guest/staff networks). [ ] Can build redundancy/failover into IDS deployments. [ ] Knows how to minimize false positives and alert fatigue. 2. IDS Tools Mastery [ ] Hands-on with Snort, Suricata, or Zeek (Bro) for traffic inspection. [ ] Familiarity with OSSEC or Wazuh for host-based intrusion detection. [ ] Experience integrating IDS with SIEM tools(e.g., Splunk, QRadar, ELK). [ ] Can create, modify, and optimize custom rulesets and detection signatures. [ ] Knows **packet capture and log analysis tools (Wireshark, tcpdump, etc.). 3. Network & Endpoint Integration [ ] Understands VLAN segmentation, port mirroring (SPAN), and firewall placement. [ ] Capable of monitoring POS, PMS, guest Wi-Fi, and IoT networks via IDS. [ ] Experience integrating IDS with **endpoint security suites** (e.g., CrowdStrike, SentinelOne). 4. Threat Detection & Response [ ] Able to identify and react to DDoS attacks, malware signatures, brute-force attempts. [ ] Can write and manage incident response plans using IDS data. [ ] Maintains **threat intelligence feeds** and updates IDS signatures regularly. [ ] Correlates logs and triggers **automated alerts/responses** via SIEM or EDR. 5. Policy & Compliance [ ] Designs IDS policies, incident playbooks, and alerting thresholds. [ ] Ensures GDPR, PCI-DSS, ISO 27001 alignment in IDS use. [ ] Conducts regular **vulnerability assessments** and penetration testing. Job Types: Full-time, Permanent Pay: ₹13,874.67 - ₹21,522.23 per month Benefits: Cell phone reimbursement Commuter assistance Flexible schedule Food provided Health insurance Internet reimbursement Leave encashment Paid sick time Paid time off Provident Fund Work Location: In person

As one of the world’s leading asset managers, Invesco is dedicated to helping investors worldwide achieve their financial objectives. By delivering the combined power of our distinctive investment management capabilities, we provide a wide range of investment strategies and vehicles to our clients around the world. If you're looking for challenging work, smart colleagues, and a global employer with a social conscience, come explore your potential at Invesco. Make a difference every day! Job Description Duties: Lead and coordinate incident response efforts for cloud-based environments (AWS, Azure, GCP). Analyze and investigate security alerts, logs, and events from SIEM, EDR, and cloud-native tools. Develop and maintain incident response playbooks, runbooks, and escalation procedures. Collaborate with CloudOps, Cloud Engineering, and Application Teams to contain and remediate threats. Analyze information security events from multiple sources, including SIEM, IPS/IDS, firewalls, Endpoint security, cloud security, email gateway, Identity protection, etc., identify the cause of incidents, and respond by applying containment and eradication strategies. Design and implement IT security systems (Endpoint security, Email protection, Identity protection, Cloud security) to protect corporate network from cyber threats. Respond and analyze cyber incidents, Monitoring IPS/IDS alerts, Coordinating and distributing advisories on cyber security Incident, vulnerabilities, and threats to relevant stakeholders. Collaborate closely with Threat Intelligence, Incident Response, Business Security, Application Security, Technology, and other teams as vital. Assess vulnerabilities and attacker tactics, techniques, and procedures (TTP) and provide defensive action to locate and prevent threats. Review and analyze security data within the SIEM and network traffic such as full packet captures and analysis/or NetFlow data to detect traffic anomalies, identify infected systems, and threat actor related activity based on known tactics, techniques, and procedures. Configure rules for real-time alerting in SIEM tool for events, analytic rules, automation rules, hunting queries & Playbook. Conduct static and dynamic Malware Analysis. Configure and deploy security policies, Rules, and controls within firewalls. Configure Palo-Alto Security firewall Policies/Rules, Build Custom objects/Categories for network Configurations based on various enterprise requirements. Create and enforce security policies in various Cyber defense tools (Endpoint security/Email gateway, firewalls, AD Groups) to mitigate risks. Create and update interactive Security event/Incident Reports and Dashboards for executive leadership. Conduct proactive Threat Hunting exercises to identify and mitigate security threats through the review of system logs, threat intelligence, network activity, and known tactics, techniques, and procedures. Lead activities to simulate real-world cyber-attacks and assess effectiveness of defensive measures. Configure IDS/IPS signatures based on Vendor-provided signatures, Vulnerability Database, CTI Feeds, TCP/IP, HTTP, FTP, SSH protocols following industry standards (NIST, PCI-DSS, HIPAA. etc.), regex, hex encoding and create Custom IDS/IPS based on opensource signatures (snort, Suricata). Work under Team Leader to maintain security devices and show practical experience in managing SIEM environments, firewalls, content filters, NIDS, proxy servers, HIPS, and packet capture devices. Perform malware analysis by sandboxing file, URL, decoding a script and locate IOCs (Indicators of Compromise) within the file while knowing and understanding the MITRE Kill Chain and other Cybersecurity standards. Work on End-End malware remediation process from identifying malware, containing systems while assessing the Enterprise risk, Malware reverse engineering, identifying IOC’s, updating identified signatures and Hunting IOCs in Enterprise environment. Work on endpoint security Incidents while providing recommended actions for completely removing all traces of malware from the infected system, including rootkits, Trojans, viruses, and malicious software’s restoring system to a known good state, ensuring the integrity and security of all data and applications. Serve as the primary escalation contact for all security incidents in the absence of L3. Make recommendations, build, modify, and update IPS policies, Endpoint AV security controls, Network AV security controls, and Security Information Event Management (SIEM) tool rules. Mentor and train team members. Deliver technical training in areas such as log monitoring, security event analysis, phishing email investigations, and incident handling. Requirements: Must have a Bachelor’s degree in Software or Computer Engineering, Mechanical Engineering, Information Security, or related field. Must have obtained at least one of the following certifications: CISSP, CompTIA Security +, CHFI ,AWS Security Specialty, AWS Solution Architect Associate Strong knowledge of cloud platforms (AWS, Azure, GCP) and their security services. Experience with cloud-native logging and monitoring (e.g., CloudTrail, GuardDuty, Azure Defender). Must have 5 years of progressive experience in Information/Cyber Security positions performing/utilizing the following: Information Security Operations. Cyber Incident Response Process identification, analysis, reporting, remediation/mitigation, verification, post-analysis, and process improvement. Network analysis tools, scripting languages, software vulnerabilities, exploits and malware analysis, and reverse engineering. Reading and understanding system data including security event logs, system logs, application logs, and device logs. Strong network security, threat hunting, and threat intelligence Must have at least 4 years of experience with: Enterprise grade technologies including Windows and Linux Operating Systems, Databases, Endpoint security, Web Applications and Applicable monitoring tools, including. SIEM, DLP, Internet filtering/blocking, IDS/IPS, firewalls, Anti-Virus, encryption technologies, and Vulnerability management). Creating custom correlation rules to detect known or suspected malware traffic patterns within security tools. Full Time / Part Time Full time Worker Type Employee Job Exempt (Yes / No) Yes Workplace Model At Invesco, our workplace model supports our culture and meets the needs of our clients while providing flexibility our employees value. As a full-time employee, compliance with the workplace policy means working with your direct manager to create a schedule where you will work in your designated office at least three days a week, with two days working outside an Invesco office. Why Invesco In Invesco, we act with integrity and do meaningful work to create impact for our stakeholders. We believe our culture is stronger when we all feel we belong, and we respect each other’s identities, lives, health, and well-being. We come together to create better solutions for our clients, our business and each other by building on different voices and perspectives. We nurture and encourage each other to ensure our meaningful growth, both personally and professionally. We believe in diverse, inclusive, and supportive workplace where everyone feels equally valued, and this starts at the top with our senior leaders having diversity and inclusion goals. Our global focus on diversity and inclusion has grown exponentially and we encourage connection and community through our many employee-led Business Resource Groups (BRGs). What’s in it for you? As an organization we support personal needs, diverse backgrounds and provide internal networks, as well as opportunities to get involved in the community and in the world. Our benefit policy includes but not limited to: Competitive Compensation Flexible, Hybrid Work 30 days’ Annual Leave + Public Holidays Life Insurance Retirement Planning Group Personal Accident Insurance Medical Insurance for Employee and Family Annual Health Check-up 26 weeks Maternity Leave Paternal Leave Adoption Leave Near site Childcare Facility Employee Assistance Program Study Support Employee Stock Purchase Plan ESG Commitments and Goals Business Resource Groups Career Development Programs Mentoring Programs Invesco Cares Dress for your Day In Invesco, we offer development opportunities that help you thrive as a lifelong learner in a constantly evolving business environment and ensure your constant growth. Our AI enabled learning platform delivers curated content based on your role and interest. We ensure our manager and leaders also have many opportunities to advance their skills and competencies that becomes pivotal in their continuous pursuit of performance excellence. To know more about us About Invesco: https://www.invesco.com/corporate/en/home.html About our Culture: https://www.invesco.com/corporate/en/about-us/our-culture.html About our D&I policy: https://www.invesco.com/corporate/en/our-commitments/diversity-and-inclusion.html About our CR program: https://www.invesco.com/corporate/en/our-commitments/corporate-responsibility.html Apply for the role @ Invesco Careers: https://careers.invesco.com/india/

The Consulting business at KPMG Global Services (KGS) is a diverse team of more than 6400 professionals. We work with KPMG Firms worldwide to transform the businesses of clients across industries through the latest technology and innovation. Our technology professionals combine deep industry knowledge with strong technical experience to navigate through complex challenges and deliver real value for our clients. Through your work, you’ll build a global network and unlock opportunities that you may not have thought possible with access to great support, vast resources, and an inclusive, supportive environment to help you reach your full potential. Roles and Responsibilities: We are seeking a motivated and enthusiastic individual to join our Security Operations Center as a Level 1 SOC Analyst . This entry-level position is perfect for recent graduates or professionals new to the field of cyber security, looking to develop their skills and gain practical experience in a dynamic and challenging environment. You will be part of a team responsible for monitoring and analyzing our security posture, responding to alerts, and participating in incident response activities. We are currently seeking Security Associate for our KPMG Managed Services (Spectrum) practice to join us in our Bangalore office. Note : Candidate must be willing to Work from Office only (Bangalore Location) & willing to do 24x7 rotational shift (Mandatory requirement for this role) Job details: Proposed designation : TMO SOC L1 analyst Role type : Analyst / Freshers with 0-1 years exp Reporting to : Managed Services Cyber Delivery Lead Work timings : 24*7 & all 5 days WFO This role is for you if you have the below Work experience: Specifically, Security Analysts (L1) will: Rapidly identify, categorize, prioritize and investigate events as the initial cyber event detection group for the enterprise using all available security logs and intelligence sources to include but not limited to: a. Firewalls b. Systems and Network Devices c. Web Proxies d. Intrusion Detection/Prevention Systems e. Data Loss Prevention f. EDR / Antivirus Systems g. Knowledgebase Framework (Confluence) Continuously monitor SIEM and logging environments for security events and alerts to threats, intrusions, and/or compromises, including: SIEM alert queue Security email inbox Intel feeds via email and other sources (e.g. NH-ISAC) Incident Ticketing queue (IT Security group) Validate alerts as they come in to eliminate false positives and use other internal and external data sources to enrich alerts with additional context Perform triage of service requests from customers and internal teams Use playbook procedures to carry out standard plays for routine event types and escalate alerts to Level 2 Analysts for further triage and remediation Assist with containment of threats and remediation of environment during or after an incident Act as a participant during Threat Hunting activities at the direction of one or more Incident Response Handlers Document event analysis and write comprehensive reports of incident investigations Proactively improve security-related operational processes and procedures Use available security tools for historical analysis purposes as necessary for detected events; for example, historical searches using SIEM tools Maintain operational shift logs with relevant activity from the Analyst’s shift. Document investigation results, ensuring relevant details are passed to Level 2 or MDR Analysts for final event analysis Update/reference knowledgebase tool (e.g. Confluence) as necessary for changes to processes and procedures, and ingest of daily intelligence reports and previous shift logs Conduct research and document events of interest within the scope of IT Security This role is for you if you have the below: Educational qualifications : Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field Minimum of 0-1 years of prior MDR/SOC/Incident response experience Basic understanding of network protocols, security principles, and security technologies (e.g., firewalls, IDS/IPS, antivirus, etc.). Act as a workstream participant to support tier-1, tier-2, or tier-3 SOC environments Demonstrated strong oral and written communication and client facing skills Demonstrated strong analytical and communications skills Flexibility to adapt to different types of engagement, working hours, work environments, and locations Proven ability to work creatively, analytically in a problem-solving environment Ability to work nights, weekends, and/or holidays in the event of an incident response emergency Be comfortable working against deadlines in a fast-paced environment Identify issues, opportunities for improvement, and communicate them to an appropriate senior member Required skills: Excellent written and verbal communication skills. Experience with SIEM tools (Qradar, Splunk, Logrhythm, Solarwinds, etc.) Experience in Microsoft Sentinel Familiarity with common IDS/IPS and Firewalls (Snort, Cisco, Fortigate, Sourcefire) Familiarity with incident response process and activities Familiarity with TCP/IP protocol, OSI Seven Layer Model Knowledge of Windows, Unix-based systems, architectures, and network security devices Intermediate level of knowledge of LAN and WAN technologies Must have a solid understanding of information technology, information security domains Knowledge of security best practices and concepts Desired certifications: Security+, C|EH, Network+, Certified Information Systems Security Professional (CISSP), GIAC Certified Intrusion Analyst, GIAC Certified Incident Handler, or GIAC Reverse Engineering Malware Familiarity with ticketing tool / ITSM tool Personal drive, positive work ethic to deliver results within tight deadlines and in demanding situations

As one of the world’s leading asset managers, Invesco is dedicated to helping investors worldwide achieve their financial objectives. By delivering the combined power of our distinctive investment management capabilities, we provide a wide range of investment strategies and vehicles to our clients around the world. If you're looking for challenging work, smart colleagues, and a global employer with a social conscience, come explore your potential at Invesco. Make a difference every day! Job Description Duties: Lead and coordinate incident response efforts for cloud-based environments (AWS, Azure, GCP). Analyze and investigate security alerts, logs, and events from SIEM, EDR, and cloud-native tools. Develop and maintain incident response playbooks, runbooks, and escalation procedures. Collaborate with CloudOps, Cloud Engineering, and Application Teams to contain and remediate threats. Analyze information security events from multiple sources, including SIEM, IPS/IDS, firewalls, Endpoint security, cloud security, email gateway, Identity protection, etc., identify the cause of incidents, and respond by applying containment and eradication strategies. Design and implement IT security systems (Endpoint security, Email protection, Identity protection, Cloud security) to protect corporate network from cyber threats. Respond and analyze cyber incidents, Monitoring IPS/IDS alerts, Coordinating and distributing advisories on cyber security Incident, vulnerabilities, and threats to relevant stakeholders. Collaborate closely with Threat Intelligence, Incident Response, Business Security, Application Security, Technology, and other teams as vital. Assess vulnerabilities and attacker tactics, techniques, and procedures (TTP) and provide defensive action to locate and prevent threats. Review and analyze security data within the SIEM and network traffic such as full packet captures and analysis/or NetFlow data to detect traffic anomalies, identify infected systems, and threat actor related activity based on known tactics, techniques, and procedures. Configure rules for real-time alerting in SIEM tool for events, analytic rules, automation rules, hunting queries & Playbook. Conduct static and dynamic Malware Analysis. Configure and deploy security policies, Rules, and controls within firewalls. Configure Palo-Alto Security firewall Policies/Rules, Build Custom objects/Categories for network Configurations based on various enterprise requirements. Create and enforce security policies in various Cyber defense tools (Endpoint security/Email gateway, firewalls, AD Groups) to mitigate risks. Create and update interactive Security event/Incident Reports and Dashboards for executive leadership. Conduct proactive Threat Hunting exercises to identify and mitigate security threats through the review of system logs, threat intelligence, network activity, and known tactics, techniques, and procedures. Lead activities to simulate real-world cyber-attacks and assess effectiveness of defensive measures. Configure IDS/IPS signatures based on Vendor-provided signatures, Vulnerability Database, CTI Feeds, TCP/IP, HTTP, FTP, SSH protocols following industry standards (NIST, PCI-DSS, HIPAA. etc.), regex, hex encoding and create Custom IDS/IPS based on opensource signatures (snort, Suricata). Work under Team Leader to maintain security devices and show practical experience in managing SIEM environments, firewalls, content filters, NIDS, proxy servers, HIPS, and packet capture devices. Perform malware analysis by sandboxing file, URL, decoding a script and locate IOCs (Indicators of Compromise) within the file while knowing and understanding the MITRE Kill Chain and other Cybersecurity standards. Work on End-End malware remediation process from identifying malware, containing systems while assessing the Enterprise risk, Malware reverse engineering, identifying IOC’s, updating identified signatures and Hunting IOCs in Enterprise environment. Work on endpoint security Incidents while providing recommended actions for completely removing all traces of malware from the infected system, including rootkits, Trojans, viruses, and malicious software’s restoring system to a known good state, ensuring the integrity and security of all data and applications. Serve as the primary escalation contact for all security incidents in the absence of L3. Make recommendations, build, modify, and update IPS policies, Endpoint AV security controls, Network AV security controls, and Security Information Event Management (SIEM) tool rules. Mentor and train team members. Deliver technical training in areas such as log monitoring, security event analysis, phishing email investigations, and incident handling. Requirements: Must have a Bachelor’s degree in Software or Computer Engineering, Mechanical Engineering, Information Security, or related field. Must have obtained at least one of the following certifications: CISSP, CompTIA Security +, CHFI ,AWS Security Specialty, AWS Solution Architect Associate Strong knowledge of cloud platforms (AWS, Azure, GCP) and their security services. Experience with cloud-native logging and monitoring (e.g., CloudTrail, GuardDuty, Azure Defender). Must have 5 years of progressive experience in Information/Cyber Security positions performing/utilizing the following: Information Security Operations. Cyber Incident Response Process identification, analysis, reporting, remediation/mitigation, verification, post-analysis, and process improvement. Network analysis tools, scripting languages, software vulnerabilities, exploits and malware analysis, and reverse engineering. Reading and understanding system data including security event logs, system logs, application logs, and device logs. Strong network security, threat hunting, and threat intelligence Must have at least 4 years of experience with: Enterprise grade technologies including Windows and Linux Operating Systems, Databases, Endpoint security, Web Applications and Applicable monitoring tools, including. SIEM, DLP, Internet filtering/blocking, IDS/IPS, firewalls, Anti-Virus, encryption technologies, and Vulnerability management). Creating custom correlation rules to detect known or suspected malware traffic patterns within security tools. Full Time / Part Time Full time Worker Type Employee Job Exempt (Yes / No) Yes Workplace Model At Invesco, our workplace model supports our culture and meets the needs of our clients while providing flexibility our employees value. As a full-time employee, compliance with the workplace policy means working with your direct manager to create a schedule where you will work in your designated office at least three days a week, with two days working outside an Invesco office. Why Invesco In Invesco, we act with integrity and do meaningful work to create impact for our stakeholders. We believe our culture is stronger when we all feel we belong, and we respect each other’s identities, lives, health, and well-being. We come together to create better solutions for our clients, our business and each other by building on different voices and perspectives. We nurture and encourage each other to ensure our meaningful growth, both personally and professionally. We believe in diverse, inclusive, and supportive workplace where everyone feels equally valued, and this starts at the top with our senior leaders having diversity and inclusion goals. Our global focus on diversity and inclusion has grown exponentially and we encourage connection and community through our many employee-led Business Resource Groups (BRGs). What’s in it for you? As an organization we support personal needs, diverse backgrounds and provide internal networks, as well as opportunities to get involved in the community and in the world. Our benefit policy includes but not limited to: Competitive Compensation Flexible, Hybrid Work 30 days’ Annual Leave + Public Holidays Life Insurance Retirement Planning Group Personal Accident Insurance Medical Insurance for Employee and Family Annual Health Check-up 26 weeks Maternity Leave Paternal Leave Adoption Leave Near site Childcare Facility Employee Assistance Program Study Support Employee Stock Purchase Plan ESG Commitments and Goals Business Resource Groups Career Development Programs Mentoring Programs Invesco Cares Dress for your Day In Invesco, we offer development opportunities that help you thrive as a lifelong learner in a constantly evolving business environment and ensure your constant growth. Our AI enabled learning platform delivers curated content based on your role and interest. We ensure our manager and leaders also have many opportunities to advance their skills and competencies that becomes pivotal in their continuous pursuit of performance excellence. To Know More About Us About Invesco: https://www.invesco.com/corporate/en/home.html About our Culture: https://www.invesco.com/corporate/en/about-us/our-culture.html About our D&I policy: https://www.invesco.com/corporate/en/our-commitments/diversity-and-inclusion.html About our CR program: https://www.invesco.com/corporate/en/our-commitments/corporate-responsibility.html Apply for the role @ Invesco Careers : https://careers.invesco.com/india/

Job Description TITLE : SOC Analyst I DEPARTMENT : Information Technology REPORTING TO : Manager, Cyber Security PURPOSE OF THE POSITION: The SOC Analyst I position is a key role responsible for supporting company's global security infrastructure working in close coordination with the US onsite team. The positions primary role is to monitor systems to identify threats. A SOC analyst I will respond to alerts and carry out triage operations to determine what type of response, if any, is required. They also scan systems for vulnerabilities and manage monitoring and reporting tools. The SOC Analyst I position will follow standard operating procedure for detecting, classifying, escalating, and reporting of incidents. Job Responsibilities: Perform monitoring and data correlation to events of interest using multiple tools such as system event logs, SIEM, IPS/IDS logs, network traffic, anti-virus console and client end-point software to determine if there is an incident. Respond to security incident and investigation requests in line with established processes and procedures within defined service level targets. Must have extensive experience in multiple security areas such as SIEM, IDS and APT. Drive containment strategy during data loss or breach events. Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs). Perform basic forensic activities e.g. conducting examinations of computers, system logs, applications and networks to locate evidence. Perform Root cause analysis (RCA) for the incidents and update the knowledge management. Tuning of IDS, proxy policy, in-line malware tools based on threat feeds, trust and reputation data, incidents, or vulnerabilities and exploits of downstream systems. Provide tuning recommendations to administrators based on findings during investigations or threat information reviews. Research and stay up-to-date on current security threats and vulnerabilities to relevant information systems Qualifications Required: Bachelor's degree in Computer Science or related field. Should have 3 to 7 years of experience supporting complex global environment. Accredited Certification on Incident Handling (CEH, GCIH, ECIH). Hands-on investigation and log analysis exposure. Experience in IT security and defensive technologies (Antivirus, Firewalls, Event Monitoring, Network and Perimeter devices, Data Loss Prevention, IDS, Web content filtering). Should be familiar with handling and mitigating attacks related to viruses, spoofing, hoaxes, malware Should be familiar with emerging security threats and their attack vectors especially web application attacks Knowledge of SSL/TLS, certificates and encryption methods Exposure to security tools (Web application security scanning with Netsparker, Nessus and Tenable Security Center, Snort IDS, Wireshark, Data Loss Prevention software) Sound understanding of OS (Unix/Linux, Windows), IPS/IDS, VPN, Firewalls, Application Security. Interpersonal skills Passionate, Self-motivated and driven, with keen attention to detail, action-and-results oriented. Excellent interpersonal, verbal and written communication skills as well as strong logical, analytical, problem solving skills and reporting skills. Able to prioritize and execute tasks in a high-pressure environment. Experience with in a team-oriented, collaborative environment. About Berkadia: Berkadia , a joint venture of Berkshire Hathaway and Jefferies Financial Group, is an industry leading commercial real estate company providing comprehensive capital solutions and investment sales advisory and research services for multifamily and commercial properties. Berkadia is amongst the largest, highest rated and most respected primary, master and special servicers in the industry. Berkadia is an equal opportunity employer and affords equal opportunity to all applicants and employees for all positions without regard to race, color, religion, gender, national origin, age, disability or any other status protected under the law. Our people are our greatest strength and make Berkadia a great place to work, creating an environment of trust, mutual respect, innovation and collaboration. Our culture is driven by our core values: https://www.berkadia.com/about/vision-and-values. To know more about Berkadia, please visit our website https://www.berkadia.com/aboutus/

About noon noon, the region's leading consumer commerce platform. On December 12th, 2017, noon launched its consumer platform in Saudi Arabia and the UAE, expanding to Egypt in February 2019. The noon ecosystem of services now includes marketplaces for food delivery, quick-commerce, fintech, and fashion. noon is a work in progress; we’re six years in, but only 5% done. noon’s mission: every door, everyday. What we are looking for Noon’s Cybersecurity department, Security operations team is looking for a talented, experienced, and enthusiastic Senior Threat Detection Engineer to help build and scale the Detection & Threat Hunting program at Noon. The ideal candidate will be someone who has diverse security skill-set (IR, TI, SOC..) and specialized in detecting engineering and threat hunting. The focus area for this role will be on designing and implementing advanced detection mechanisms based on known/emerging attacks and pivoting techniques. The Sr. Threat Detection will be working on proactive approaches to advance steps ahead of attackers and help in building detection to identify advanced, current and emerging threats. He will be responsible for the design and implementation of security intelligence and detection capabilities across our applications and networks. This role will be assisting in building the strategy and the team for our Detection and Threat Hunting Program. He will be the focal point for the planning and execution of security investigation, response process and coordination of relevant parties when an information security incident occurs. In addition, documentation, analytical and critical thinking skills, investigation and forensics, and the ability to identify needs and take the initiative are key requirements of this position. About the role Help build and scale the Detection & Threat hunting Program at Noon Drive improvements in detection and response capabilities, and operations for the Internal SOC/TI Write detection signatures, tune security monitoring systems/ tools, develop automation scripts and correlation rules. Work closely with other Security Team members to strengthen our detection and defence mechanisms in regards to, Web applications, Cloud and Network. Exhibit knowledge of attacker lifecycle, TTPs, indicators of compromise (IOCs), and proactively implementing countermeasures to neutralize the threats. Identifies opportunities to enhance the development and implementation of new methods for detecting attacks and malicious activities. Participate as a member of the CSIRT during major incidents and lend contributions to post-Incident review and continuous improvement Proactive threat hunting of anomalies to identify IOCs and derive custom snort signatures for the IOCs Identifying and managing a wide range of intelligence sources to provide a holistic view of the threat landscape. (OSINT aggregation) Work closely with the Red Team and Blue Team to implement custom detection of new and emerging threats, and develop monitoring use cases. Coordinate in red teaming activities such as table-top and adversarial simulation exercises. Responsible for owning all confirmed incidents. This includes publishing Incident Report, documenting Lessons Learnt and updating Knowledge Base. Required Expertise: Required: Senior level experience in a threat intel, detection, IR, or similar cybersecurity roles for medium to large organizations. Required: Technical professional security certifications in Incident Response, Digital Forensics, Offensive Security, or Malware Analysis, such as GCIH, GCFA, GNFA, GCTI, OSCP or similar Bachelor’s degree in Computing, Information Technology, Engineering or a related field, with a strong security component. Hands-on experience in detection engineering, advanced cyber threat intelligence activities, intrusion detection, incident response, and security content development (e.g., signatures, rules, etc.) A broad and diverse security skill-set with an advanced understanding of modern network security technologies (e.g. Firewalls, Intrusion Detection/Prevention Systems, Access Control Lists, Network Segmentation, SIEMs, Auditing/Logging and Identity & Access Management solutions, DDoS protection etc.). Knowledge of at least one common scripting language (Python, Ruby, Go). Experience handling and building a SOAR such as Chronicle’s SOAR, Demisto, Phantom or similar tools. Experience conducting and leading incident response investigations for organizations, investigating targeted threats such as the Advanced Persistent Threat, Insider Threats .. etc. Understanding of log collection and aggregation techniques, Elastic Search, Logstash, Kibana (ELK), Syslog-NG, Windows Event Forwarding (WEF), etc. Experience with endpoint security agents (Carbon Black, Crowdstrike, etc.). Preferred Qualifications: Hands on experience with Chronicle SIEM/SOAR and Google SecOps Expertise in threat hunting in one or more public cloud solutions such as AWS and GCP Ability to work with a team or independently with minimal direction/leadership Hands-on experience in offensive/defensive web applications security is a big plus for this role. Highly motivated and self-directed with a passion for solving complex problems Establishes industry expertise through writing, speaking or online presence. Who will excel? We’re looking for people with high standards, who understand that hard work matters. You need to be relentlessly resourceful and operate with a deep bias for action. We need people with the courage to be fiercely original. noon is not for everyone; readiness to adapt, pivot, and learn is essential.