30 Snort Jobs - Page 2

locationsIndia, Bangalore time typeFull time posted onPosted 30+ Days Ago job requisition idJR0034151 Job Title: Security Researcher - EDR About Trellix: Trellix, the trusted CISO ally, is redefining the future of cybersecurity and soulful work. Our comprehensive, GenAI-powered platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Along with an extensive partner ecosystem, we accelerate technology innovation through artificial intelligence, automation, and analytics to empower over 53,000 customers with responsibly architected security solutions. We also recognize the importance of closing the 4-million-person cybersecurity talent gap. We aim to create a home for anyone seeking a meaningful future in cybersecurity and look for candidates across industries to join us in soulful work. More at . Role Overview: We are looking for a skilled EDR Security Researcher. Your primary responsibility will be to evaluate and improve our EDR product's detection capabilities by identifying detection coverage gaps and developing signatures to address these gaps effectively. About the role Reverse engineer malware to identify malicious code, obfuscation techniques, and communication protocols. Author detection rules for behavior-based detection engines. Conduct deep research on attacker campaigns and techniques to support detection investments and improve customer experience. Write generic threat detections based on static and dynamic detection engines. Demonstrate a strong understanding of cybersecurity threats, attack techniques, and the MITRE ATT&CK framework. Conduct proactive and reactive threat hunting and identify detection issues such as misses or misclassifications from a large-scale dataset. Respond to escalations to resolve detection effectiveness issues (misclassifications, false positives, and false negatives). Engage and collaborate with diverse partner teams to drive great customer experiences and ensure holistic protection. Develop alerting, reporting, and automated detection solutions. Build tools and automation to improve productivity. About you 3+ years of experience writing detection using Snort, Yara, Sandbox, or proprietary detection engines. 2+ years of experience performing threat hunting or deep familiarity with incident response procedures, processes, and tools. 2+ years of experience querying and analyzing (for malware/TTPs) large datasets. Experience in programming or scripting languages (e.g., Python, PowerShell). Experience in utilizing various malware analysis tools and frameworks (e.g., IDA Pro). Experience performing detection engineering across multiple operating systems, including Windows, Linux, and macOS. Excellent verbal and written communication skills in English. Company Benefits and Perks: We work hard to embrace diversity and inclusion and encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees. Retirement Plans Medical, Dental and Vision Coverage Paid Time Off Paid Parental Leave Support for Community Involvement We're serious about our commitment to diversity which is why we prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.

About Trellix: Trellix, the trusted CISO ally, is redefining the future of cybersecurity and soulful work. Our comprehensive, GenAI-powered platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Along with an extensive partner ecosystem, we accelerate technology innovation through artificial intelligence, automation, and analytics to empower over 53,000 customers with responsibly architected security solutions. We also recognize the importance of closing the 4-million-person cybersecurity talent gap. We aim to create a home for anyone seeking a meaningful future in cybersecurity and look for candidates across industries to join us in soulful work. More at . Role Overview: We are looking for a skilled EDR Security Researcher. Your primary responsibility will be to evaluate and improve our EDR product's detection capabilities by identifying detection coverage gaps and developing signatures to address these gaps effectively. About the role: Reverse engineer malware to identify malicious code, obfuscation techniques, and communication protocols. Author detection rules for behavior-based detection engines. Conduct deep research on attacker campaigns and techniques to support detection investments and improve customer experience. Write generic threat detections based on static and dynamic detection engines. Demonstrate a strong understanding of cybersecurity threats, attack techniques, and the MITRE ATT&CK framework. Conduct proactive and reactive threat hunting and identify detection issues such as misses or misclassifications from a large-scale dataset. Respond to escalations to resolve detection effectiveness issues (misclassifications, false positives, and false negatives). Engage and collaborate with diverse partner teams to drive great customer experiences and ensure holistic protection. Develop alerting, reporting, and automated detection solutions. Build tools and automation to improve productivity. About you: 3+ years of experience writing detection using Snort, Yara, Sandbox, or proprietary detection engines. 2+ years of experience performing threat hunting or deep familiarity with incident response procedures, processes, and tools. 2+ years of experience querying and analyzing (for malware/TTPs) large datasets. Experience in programming or scripting languages (e.g., Python, PowerShell). Experience in utilizing various malware analysis tools and frameworks (e.g., IDA Pro). Experience performing detection engineering across multiple operating systems, including Windows, Linux, and macOS. Excellent verbal and written communication skills in English

Role & responsibilities Utilize strong L2/L3 networking skills to test and validate security product features. Conduct thorough testing of security products including SSL, firewall, next-generation firewall, Snort, IPS, IDS, and VPN. Plan and strategize release cycles, test strategies, and test execution plans. Coordinate effectively among various teams to ensure timely releases. Track defects and perform root cause analysis (RCA) to improve product quality. Communicate effectively with cross-border teams and stakeholders to facilitate timely releases. Test various traffic flows and utilize traffic generator tools for comprehensive testing. Guide and mentor engineers to identify and report more bugs. Experience with ASA and FTD is a plus. Good experience in manual testing

Must Have : - Should be able to work on Signature Writing: Suricate, Regex, Basics YARA, Snort, Lua Must be in Cyber security Nice to have : - should be aware of Ticketing Tools: ServiceNow, Jira should be worked on Kali Linux

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY-Cyber Security-CMS TDR – Senior OT Consultant The OT Security Consultant role encompasses proactive and reactive measures to secure OT environments. The ideal candidate will provide comprehensive support to clients in installing, onboarding, troubleshooting, upgrading, and maintaining OT network solutions or IDS. This role requires close collaboration with SOC and clients to analyze, mitigate, and fine-tune alerts. The candidate will be responsible for all aspects related to the tool and should be proficient in providing training on the tool and OT in general. The opportunity We’re looking for Senior consultant with expertise in OT/IOT security solutions. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. The role requires an analyst proficient in administrative tasks of an OT network solution with also experience in OT alert analysis/triage. Experience with OT monitoring solutions such as Nozomi, Defender for IoT, Claroty etc is preferred. Knowledge or experience in pcap analysis for identifying suspicious activities within network traffic, including OT protocols/processes, logon attempts and file transfers, ransomware or malware incidents etc. And should also have a comprehensive understanding of both OT and IT traffic. As for tool-specific skills, the candidate should possess strong knowledge or experience in OT IDS tools and should be able to handle admin activities such as upgrading, troubleshooting and maintaining health of OT IDs sensors. Experience working in a SOC that encompasses both OT and IT and experience with EDR, SIEM tools like CrowdStrike, SentinelOne, Sentinel, Splunk respectively. Knowledge of Snort and Suricata for writing OT specific signatures is an added advantage. Your Key Responsibilities Provide support to clients in installing, onboarding, troubleshooting, upgrading, and maintaining OT network solutions or IDS.Collaborate with SOC and clients to configure OT related use-cases and fine-tune alerts.Handle all aspects related to the OT tools, ensuring optimal performance and reliability.Develop and maintain documentation, including user guides and SOPs.Understand OT architecture, device placement, and the integration of OT and IT systems.Devise solutions to client problems and troubleshoot issues with vendor support teams.Stay updated with the latest trends and developments in OT security and technology.Deliver training sessions on OT tools and general OT concepts to clients and internal teams.Ability to work collaboratively with SOC teams and clients. Skills And Attributes For Success Strong knowledge of industrial control systems (ICS), SCADA systems, and other OT technologies.Good understanding of how OT and IT devices interact with each other and how OT devices workExperience with network security solutions, including firewalls, intrusion detection systems (IDS) etc.Experience SIEM tools and log management.Good to have knowledge of regulatory requirements and standards related to ICS/OT security (e.g., NERC CIP, IEC 62443) but not mandatory.Analytical skills to screen through data and logs to identify the patterns indicative of cyber threats or threat actor methods.Effective communication skills for interacting with technical and non-technical colleagues and stakeholders.Prevailing knowledge of OT-specific malware, Mitre ICS tactics & techniques, and procedures used by threat actors.Relevant certifications are desirable. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues aroundOpportunities to develop new skills and progress your careerThe freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.