29 Soar Automation Jobs

Job description: Job Title: SOAR Automation Engineer Location: Delhi, India Experience: 2-5 years Employment Type: Full-Time Joining: Immediate Job Summary: We are seeking a skilled SOAR Automation Engineer to enhance our cybersecurity operations through automation and orchestration. The ideal candidate will have hands-on experience in SOAR platforms, strong programming expertise, and the ability to develop and optimize playbooks for threat detection and incident response. If you're ready to contribute immediately to cutting-edge security automation, we want you on our team! Key Responsibilities: Develop, customize, and implement SOAR automation workflows using platforms like XSOAR, Google SOAR, IBM SOAR, and Splunk SOAR Design and optimize security playbooks for efficient incident response and threat mitigation Integrate SOAR tools with ServiceNow and other ITSM/security systems Write and maintain Python, JavaScript, and Shell scripting for automation processes Collaborate with cybersecurity analysts to refine security automation strategies Debug and troubleshoot SOAR implementations for optimal performance Stay updated with industry trends in SOAR automation, cybersecurity, and threat intelligence Required Skills & Qualifications: 2-5 years of experience in security automation and programming Strong expertise in SOAR platforms (XSOAR, Google SOAR, IBM SOAR, Splunk SOAR) Solid programming skills in Python, JavaScript, and Shell scripting Experience in creating security playbooks to automate incident response Familiarity with ServiceNow integration for security operations Understanding of cybersecurity principles, threat hunting, and incident management Ability to work efficiently in a fast-paced environment with immediate availability Preferred Qualifications: Certifications in SOAR automation, cybersecurity, or programming languages Knowledge of machine learning applications for security automation Experience with cloud security solutions

Job Title: Security Operations Centre (SOC) Manager/Head Department: Security Command Centre Reports To: Director Location: Goregaon West, Mumbai Job Type: Full-Time, 24x7 Job Summary: We are seeking an experienced and strategic SOC Manager to lead our Security Operations Center. The ideal candidate will oversee daily operations of the SOC, manage a team of analysts and engineers, develop threat detection and incident response strategies, and ensure the organization's cybersecurity posture is proactively monitored and defended 24/7. Key Responsibilities: SOC Leadership & Management Lead, mentor, and manage the SOC team (L1, L2, L3 analysts and threat hunters). Define and enforce SOC operational procedures, SLAs, and escalation processes. Coordinate with IT, Risk, Compliance, and IR teams during incidents and audits. Create shift schedules to ensure 24x7 monitoring and response. Threat Detection & Incident Response Oversee detection, triage, investigation, and resolution of security incidents. Ensure timely and effective response to security threats. Supervise use of SIEM, SOAR, EDR, IDS/IPS, and other security tools. Lead root cause analysis and post-incident reviews. Technology & Process Management Evaluate, implement, and optimize SOC tools and platforms. Maintain and refine threat use cases, playbooks, and detection rules. Drive automation and efficiency improvements in SOC operations. Ensure log sources and threat feeds are integrated and functional. Metrics, Reporting, & Compliance Develop and deliver SOC KPIs, dashboards, and executive reports. Ensure compliance with industry standards (ISO 27001, NIST, GDPR, etc.). Support vulnerability management, threat hunting, and purple team exercises. Required Skills & Qualifications: Bachelors degree in Cybersecurity, Computer Science, or related field. 7+ years of experience in cybersecurity, with at least 2+ years in a SOC leadership role. Strong knowledge of SIEM & SOAR (Splunk, QRadar, AiSIEM), EDR, IDS/IPS, WAF, Networking, ZTNA, Identity, NBAD, Cloud Security and firewall technologies. Strong deployment skill sets, SLA management. Deep understanding of cyber threats, attack vectors, MITRE ATT&CK, kill chain, and incident response lifecycle. Proven experience in managing teams and working in 24x7 environments. Familiar with compliance frameworks: ISO 27001, NIST, SOC2, PCI-DSS. Preferred Certifications: CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) Microsoft Azure/AWS or equivalent (for cloud-focused environments) Key Competencies: Strong leadership, decision-making, and people management skills Excellent communication and reporting abilities (technical + executive level) High attention to detail, and the ability to operate under pressure Strategic thinking with hands-on technical capabilities Role & responsibilities Preferred candidate profile

Job Description: Configure, deploy, and maintain the organization's SIEM platform to ensure optimal performance and functionality. Develop and customize SIEM rules, filters, and alerts to meet specific security monitoring and compliance requirements. Collaborate with IT teams to onboard new data sources and integrate logs into the SIEM platform for comprehensive threat detection. Generate and present regular and ad-hoc reports on SIEM performance, security incidents, and compliance status to stakeholders and management. Stay updated on emerging cybersecurity threats, vulnerabilities, and industry best practices to enhance SIEM capabilities and proactive defense strategies. Participate in incident response activities, including incident simulations, tabletop exercises, and post-incident reviews. Provide guidance and training to junior team members and stakeholders on SIEM platform usage, capabilities, and best practices.

Your potential, unleashed. Indias impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realise your potential amongst cutting edge leaders, and organisations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilientnot only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile As Deputy Manager in our Cyber Team youll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Work with security teams to understand their requirements and translate them into SIEM use cases Design, implement, and test SIEM use cases to detect specific types of security threats Continuously optimize use cases to improve detection accuracy and reduce false positives Develop and implement SIEM rules and correlation logic to detect security incidents Tune alerts to minimize false positives and ensure they are actionable Create and maintaining parsers/connectors in SIEM and SOAR Set appropriate thresholds for alerts based on analysis and threat intelligence Ensure data is normalized and enriched for effective correlation and analysis Develop and maintain log parsing rules to accurately ingest and process data Maintain detailed documentation of SIEM use cases, including design, implementation, and tuning procedures Generate reports on the performance and effectiveness of SIEM use cases Work closely with stakeholders, including SOC analysts, incident responders, and IT teams, to ensure use cases meet their needs Collaborate with SIEM vendors to troubleshoot issues and implement new features Innovate and experiment with new use case ideas to enhance the SIEM's detection capabilities Design and develop automated workflows to address common security operations tasks and incidents Write and maintain scripts (e.g., Python, PowerShell) to support automation tasks Create and implement playbooks that automate the response to security incidents. Develop use cases for automation based on common incident scenarios and threat patterns Automate the enrichment of security alerts with contextual information to improve decision-making Integrate various security tools (e.g., SIEM, EDR, ITSM (Service Now), firewalls, Threat intelligence platforms) with the SOAR platform. Continuously optimize automated workflows to reduce false positives and enhance detection accuracy. Tune the performance of automated workflows to ensure they operate efficiently and effectively. Establish a feedback loop with security teams to gather input on automation performance and make necessary adjustments. Monitor the performance and health of the SOAR platform and automated workflows Maintain detailed documentation of automated workflows, playbooks, and scripts. Skills Required: Proficiency with proposed SOAR and SIEM solutions Experience in configuring, managing, and optimizing SOAR and SIEM platforms Strong skills in scripting languages (e.g., Python, PowerShell, JavaScript) for developing automation scripts Experience in writing and maintaining scripts to automate security tasks and processes Experience in utilizing RESTful APIs to enable communication between different security tools Experience in converting MITRE TTPs to Misuse cases for better detection and response Shall have 7 Years of experience and proposed OEM certifications SOC Operations -SIEM Use case and SOAR Automation Specialist SPLUNK/Palo Alto SOAR Desired qualifications Education B.E / B.Tech (Tier 1/2) in Computer Science, Information Technology or related fields Experience Required - 4 to 9 years Location and way of working Base location: Koramangala - Bangalore (Mandatory client deputation) Professional is required to work from office How youll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the worlds most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report . Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyones welcome entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Heres a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area youre applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution. In this regard, you may refer to a more detailed advisory given on our website at: https://www2.deloitte.com/in/en/careers/advisory-for-career-aspirants.html?icid=wn_

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl We are always moving forward - always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The Role Kyndryl's Security & Resiliency is one of our most critical practices, ensuring enterprises, regardless of their size and complexity, remain secure, available, reliable, and resilient. We take Cybersecurity seriously. We're not just invested we're committed. We're not just protecting data we're empowering. Kyndryl is committed to making the world safer, not only by investing in state-of-the-art services and technologies but also by empowering underserved communities with essential cyber skills. When you walk through our doors, you're not only joining a team but you're also becoming part of a legacy. Welcome to Kyndryl, where Cybersecurity isn't just a job - it's a passion a commitment to designing, running, and managing the most modern and reliable technology infrastructure that the world depends on every day. Join us as a Cybersecurity Infrastructure Professional, where you'll be entrusted with the crucial task of maintaining and enhancing the infrastructure that is the backbone of our cybersecurity operations for our Fortune 500 clients. You'll be responsible for the orchestration of infrastructure, keeping our systems protected from the relentless advances of physical and cyber adversaries. Your vigilance and technical expertise will be the shield that safeguards our computer systems, networks, and invaluable data from the threat of unauthorized access, theft, damage, and other malicious activities. Your domain will revolve around preserving the integrity of an IT infrastructure, the security of networks, and the sanctity of data. If you have a passion for cybersecurity and are looking for a role that combines cutting-edge technology with the thrill of safeguarding critical assets, then this role is your gateway to the world of cybersecurity heroism. Join us at Kyndryl, and let's build the future of digital security together. Your Future at Kyndryl When you join Kyndryl, you're not just joining a company - you're entering a space of opportunities. Our partnerships with industry alliances and vendors mean you'll have access to skilling and certification programs needed to excel in Security & Resiliency, while simultaneously supporting your personal growth. Whether you envision your career path as a technical leader within cybersecurity or transition into other technical, consulting, or go-to-market roles - we're invested in your journey. . Who You Are You're good at what you do and possess the required experience to prove it. However, equally as important - you have a growth mindset keen to drive your own personal and professional development. You are customer-focused - someone who prioritizes customer success in their work. And finally, you're open and borderless - naturally inclusive in how you work with others. Required Skills and Experience: Having 3= Years of Experience in EER Engineering. Monitor and triage alerts from CrowdStrike Falcon and Microsoft Defender for Endpoint. Investigate suspicious endpoint behavior and perform root cause analysis (RCA). Isolate and quarantine compromised endpoints, blacklist malicious indicators, and escalate complex threats to L3 Fine-tune EDR policies to reduce false positives and improve detection accuracy. Perform regular policy reviews and implement configuration changes based on threat trends Coordinate with OEMs for technical support and version upgrades Generate daily, weekly, and monthly reports on endpoint security posture Preferred Skills and Experience: Maintain SOPs, runbooks, and incident logs for audit and compliance Contribute to CXO dashboards and real-time reporting systems Work closely with SOC analysts, SMEs, and CDC governance teams. Participate in service reviews, transformation planning, and change management discussions Support cross-functional initiatives like SOAR automation and GenAI integration Being You Diversity is a whole lot more than what we look like or where we come from, it's how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we're not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you - and everyone next to you - the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That's the Kyndryl Way. What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter - wherever you are in your life journey. Our employee learningprograms give you access to the best learning in the industry to receive certifications, includingMicrosoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. Get Referred! If you know someone that works at Kyndryl, when asked How Did You Hear About Us during the application process, select Employee Referral and enter your contact's Kyndryl email address.

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations, ensuring that all security measures align with organizational objectives and compliance standards. You will engage in discussions to refine security strategies and provide guidance on best practices, contributing to a secure cloud environment that supports the organization's growth and innovation. Roles & Responsibilities:- Architect and maintain scalable Microsoft Sentinel workspaces and data ingestion pipelines (Syslog, Azure AD, MDE, custom logs).- Develop and fine-tune advanced Sentinel analytics rules and watchlists.- Write and optimize complex KQL queries for threat hunting and anomaly detection.- Build and maintain automation workflows via Sentinel Playbooks (Logic Apps).- Conduct deep forensic analysis via MDE (Advanced Hunting, Live Response.- Analyze attacker TTPs leveraging MITRE ATT&CK within Sentinel and MDE environments.- Create and manage custom threat detection and incident enrichment logic.- Build and maintain SOAR playbooks to auto-contain threats (e.g., isolate devices, revoke tokens).- Mentor and train SOC analysts and engineers in Sentinel/MDE best practices.- Collaborate with detection engineers, cloud architects, and incident responders.- Participate in red/blue team exercises to continually improve detection maturity. Professional & Technical Skills: - Exp in Security Operations, Incident Response, or Cyber Threat Detection.- Expert-level KQL (Kusto Query Language) proficiency.- Proven experience in Sentinel rule authoring, hunting queries, and data modeling.- Strong background in SOAR automation (Microsoft Logic Apps).- Deep understanding of MITRE ATT&CK and its mapping to telemetry.- Familiarity with JSON, ARM templates, Azure Monitor, and Event Hub integration.- Experience integrating third-party tools and custom connectors into Sentinel.- Proficiency in PowerShell, REST APIs, and Azure Resource Manager.- SC-200:Microsoft Security Operations Analyst- SC-100:Microsoft Cybersecurity Architect- AZ-500:Microsoft Azure Security Technologies- GCFA/GCIA (SANS) for deep forensic or network detection background- MITRE ATT&CK Defender (MAD) certificate.- CISSP, CEH, or equivalent industry certifications -Strong problem-solving and analytical thinking.- Effective communicator with ability to explain complex issues to various stakeholders.- Passion for mentoring and knowledge-sharing within the security team.- Proactive, detail-oriented, and highly autonomous.- Comfortable working under pressure in high-stakes incident response situations.- Collaboration-first mindset with cross-functional teams (SOC, IR, Cloud, IT) Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Role & responsibilities - Minimum 4 plus years of experience in application development using Python and Rest API. - Experience in managing any SOAR platforms (e.g. Palo Alto Cortex, Phantom, Resilient, Swimlane, etc.) -Experience in SOAR administration, playbook development/automation and life cycle management - Deploying and managing integration packages for various 3rd party tools/applications - Experience in trouble shooting integration issues and code customization. - Experience in developing integration solutions with web services, APIs using REST/JSON. - Ability to install and configure 3rd party applications in a Linux environment, experience in Unix/Linux administration - Understanding of security products and secure coding techniques is a plus Preferred candidate profile Hands-on experience with Palo Alto Cortex XSOAR (mandatory). Strong knowledge of security operations, incident response, and SOC processes. Proficient in Python scripting (must-have for custom automations and integrations). Experience with RESTful APIs and JSON data format. Familiarity with SIEM, EDR, firewalls, threat intelligence platforms, and other security tools. Strong analytical, problem-solving, and troubleshooting skills. Excellent written and verbal communication skills. Ability to work collaboratively in a fast-paced team environment.

About the Organisation DataFlow Group is a pioneering global provider of specialized Primary Source Verification (PSV) solutions, and background screening and immigration compliance services that assist public and private organizations in mitigating risks to make informed, cost-effective decisions regarding their Applicants and Registrants. About the Role: Dataflow is looking to hire a cyber security expert with rich experience leveraging TrendMicro Vision/XDR platform and AWS environment in security alerts triage, investigation and incident response to support on-prem devices and cloud assets remain protected from any security threats. The ideal candidate will have a strong understanding of threat detection and response, and experience with TrendMicro's XDR platform to investigate workstations (windows/mac) and public cloud assets in AWS. Identifying opportunities and designs to automate security tasks, such as threat intelligence enrichment, incident response playbooks and automated workflows using TrendMicro XDR platform is desirable. You will be expected to use your experience, talent and passion to work with a small global team in order to provide a 24x7 service to the rest of the world. Flexibility, energy, curiosity and a desire to simply get the job done will be key. The role encompasses a range of responsibilities that will focus on threat detection and response ,building security orchestration and automation, with ample opportunity to learn more in-depth skills related to workstations and servers. Our company has taken Google Workspace and AWS cloud services for its core technology suite, and you will have ample opportunity to stretch your knowledge into these cutting edge technologies. Work breakdown structure Technical Delivery(Automation):40% Technical analysis: 60% Duties and Responsibilities: Ensure security alerts are thoroughly investigated and closed within SLA. Measure quarterly Mean time to response (MTTR) and improve 5% of MTTR every quarter Ensure up-time is 99.9% for all infrastructure components Build playbook and automation for top 80% security alerts Ensure services are providing optimized performance to end-users 99% of the time Severity 1 incidents returned to service within 2 hours Qualifications: Bachelor of Engineering (B.E.) or Bachelor of Technology (B.Tech) degree A minimum of 3 years of industry experience in cyber security incidents investigation and response Monitor and analyze security events, alerts, and incidents generated by TrendVision/XDR Strong understanding of threats and attacks detection. Experienced on threat hunting and threat intelligence. Experience and working knowledge of: 1) Windows and MAC OS 2) Microsoft or Linux servers 3) Cloud-based services such as AWS, Google Workspace 4) Serverless architecture and technology (Clusters, containers etc.) Proficiency in scripting languages (e.g., Python, PowerShell) Implemented automation tools and orchestration frameworks for efficiency; Best-in-class English communication skills, with a natural confidence and ability to communicate clearly worldwide. Ability to learn quickly and adapt to changing environments. An ability to flex your hours as required, especially during releases or system outages

* Responsible for implementation partner to see project on track along with providing required reports to management and client * Handle the project as well as BAU operations while ensuring high level of systems security compliance * Coordinate with and act as an authority to resolve incidents by working with other information security specialists to correlate threat assessment data. * Analyse data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents. * Ready to support for 24/7 environment. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise * 7+ years of IT experience in security with at least 4+ Years in Security Operation Centre with SIEMs. * B.E./ B. Tech/ MCA/ M.Sc. * Maintaining SIEM/UEBA platform hygiene, Scripting, Automation SOAR Playbook Creation with Testing, with Change/Problem/Incident Management, with CP4S platform integration & dashboarding, Recovery Support. * Expertise in Security Device Management SIEM, Arcsight, Qradar, incident response, threat hunting, Use case engineering, SOC analyst, device integration with SIEM. * Working knowledge of industry standard risk, governance and security standard methodologies * Proficient in incident response processes - detection, triage, incident analysis, remediation and reporting. * Ability to multitask and work independently with minimal direction and maximum accountability. Preferred technical and professional experience * Preferred OEM Certified SOAR specialist + CEH * Ambitious individual who can work under their own direction towards agreed targets/goals and with creative approach to work * Intuitive individual with an ability to manage change and proven time management * Proven interpersonal skills while contributing to team effort by accomplishing related results as needed * Up-to-date technical knowledge by attending educational workshops, reviewing publications

Role & responsibilities Design and develop XSOAR playbooks to automate repetitive tasks in Security Operations. Integrate various security tools and data sources with XSOAR using APIs, custom integrations, and out-of-the-box connectors. Collaborate with SOC analysts, incident responders, and other cybersecurity teams to identify automation opportunities. Maintain and enhance existing playbooks based on feedback and evolving security requirements. Develop custom scripts (Python) and integrations as needed. Troubleshoot and resolve issues related to XSOAR integrations and playbooks. Document processes, playbooks, and integration procedures for knowledge sharing. Ensure automation workflows comply with security policies, standards, and regulatory requirements. Provide training and mentoring to team members on XSOAR automation best practices. Stay up to date with the latest trends, threats, and technologies in security automation Preferred candidate profile Hands-on experience with Palo Alto Cortex XSOAR (mandatory). Strong knowledge of security operations, incident response, and SOC processes. Proficient in Python scripting (must-have for custom automations and integrations). Experience with RESTful APIs and JSON data format. Familiarity with SIEM, EDR, firewalls, threat intelligence platforms, and other security tools. Strong analytical, problem-solving, and troubleshooting skills. Excellent written and verbal communication skills. Ability to work collaboratively in a fast-paced team environment.

Job Role : Cyber Security Engineer--Work From Office Experience : 4 to 8 Yrs Key Skills: Security tools integration and management, Onboarding, Log ingestion, writing rules and polices in Cloud Security/SIEM/EDR/Antivirus/XDR/MDR/SOAR tool/IPS & IDS Notice Period : 0 to 30 days Should be willing to work in Second shift Company: Cyber Towers, Quadrant 3, 3rd floor, Madhapur, Hyderabad -- 500081. Job Overview: They plan, implement, and maintain security measures, respond to security incidents, and identify vulnerabilities. Their roles vary depending on the specific area of security, such as network, application, or cloud security. Here's a more detailed breakdown of their responsibilities: Security Planning and Implementation: Designing and implementing security controls: This includes firewalls, intrusion detection systems, and access control mechanisms. Developing security policies and procedures: Establishing guidelines for secure operations and data handling. Performing risk assessments: Identifying potential vulnerabilities and threats. Implementing security tools and technologies: Integrating security software and hardware into the organization's infrastructure. Analyze and recommend improvements to network, system, and application architectures to enhance security. Research, design, and implement cybersecurity solutions that protect the organizations systems and products. Collaborate with DevOps, Platform Engineering, and Architecture teams to ensure security is embedded in the design and development of applications and systems. Actively participate in the change management process, ensuring security considerations are prioritized in system upgrades and modifications. Design and deploy automated security controls to improve efficiency in risk identification, configuration management, and security assessments. Develop and refine security policies to address cloud security misconfigurations, leveraging cloud-native security technologies. Implement logging and monitoring solutions for cloud environments to enhance SOC team capabilities in detecting and responding to security incidents. Assess and review emerging technologies to identify potential security risks and implement mitigation strategies. Design and deploy innovative security technologies to address evolving security challenges. Conduct vulnerability scanning, anomaly detection, and risk assessment to enhance the security posture. Work closely with security architects to develop and deploy security solutions that address cloud-specific risks. Take ownership of security posture improvements, ensuring strict security policies and controls align with business objectives. Research and stay up to date on emerging security threats and provide strategic recommendations to strengthen security defenses. Qualifications & experience: Hands-on experience with implementing security controls, including Database security, Web content filtering, Anomaly detection & response, Vulnerability scanning & management Proficiency in at least one scripting language (e.g., Perl, Python, PowerShell, Bash) for automation and security tooling. Expertise in at least one of the following security domains: Cloud-native security (e.g., IAM, security groups, encryption), Endpoint security (e.g., EDR/XDR, mobile security) Strong familiarity with industry security frameworks and regulations, including: NIST Cybersecurity Framework (CSF) , CIS Controls, HIPAA, GDPR compliance Ability to assess compliance requirements and implement security controls to ensure adherence. Strong problem-solving and analytical skills, with the ability to assess complex security risks and develop mitigation strategies. Excellent communication and interpersonal skills, with the ability to engage both technical and non-technical stakeholders. Proven ability to work independently, manage projects, and contribute as an integral part of a high-performing security team.

Your Role and Responsibilities* * Responsible for implementation partner to see project on track along with providing required reports to management and client * Handle the project as well as BAU operations while ensuring high level of systems security compliance * Coordinate with and act as an authority to resolve incidents by working with other information security specialists to correlate threat assessment data. * Analyse data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents. * Ready to support for 24/7 environment. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Professional and Technical Expertise* * 7+ years of IT experience in security with at least 4+ Years in Security Operation Centre with SIEMs. * B.E./ B. Tech/ MCA/ M.Sc. * Maintaining SIEM/UEBA platform hygiene, Scripting, Automation SOAR Playbook Creation with Testing, with Change/Problem/Incident Management, with CP4S platform integration & dashboarding, Recovery Support. * Expertise in Security Device Management SIEM, Arcsight, Qradar, incident response, threat hunting, Use case engineering, SOC analyst, device integration with SIEM. * Working knowledge of industry standard risk, governance and security standard methodologies * Proficient in incident response processes - detection, triage, incident analysis, remediation and reporting. * Ability to multitask and work independently with minimal direction and maximum accountability. Preferred technical and professional experience Preferred Professional and Technical Expertise * Preferred OEM Certified SOAR specialist + CEH * Ambitious individual who can work under their own direction towards agreed targets/goals and with creative approach to work * Intuitive individual with an ability to manage change and proven time management * Proven interpersonal skills while contributing to team effort by accomplishing related results as needed * Up-to-date technical knowledge by attending educational workshops, reviewing publications

About BCE Global Tech BCE Global Tech is the technology engine for Bell Canada , North Americas leading communications company. As Bell’s Global Capability Center (GCC) in India, we are at the forefront of building next-gen software solutions that power digital transformation across telecom, media, and technology sectors. Our culture is built on innovation, inclusivity, and continuous learning, offering a dynamic environment where your ideas and skills truly matter. Why Join Us? Work on cutting-edge technologies like Generative AI, LangChain, and Agentic AI. Be part of a SAFe Agile environment with cross-functional squads. Access to learning sprints , mentorship, and career pathing frameworks. Thrive in a growth-focused culture with hybrid work flexibility and wellness programs. Role Overview We are seeking a Senior Python Developer with expertise in XSOAR (Security Orchestration, Automation, and Response) to join our Threat Detection and Response value stream. You will play a key role in developing integrations, playbooks, and automations that enhance our security operations and incident response capabilities. Key Responsibilities Design, develop, and maintain XSOAR integrations and playbooks . Automate security processes and workflows to improve operational efficiency. Collaborate with security analysts to translate requirements into technical solutions. Troubleshoot and resolve issues related to integrations and automations. Contribute to platform architecture improvements and feature enhancements. Participate in code reviews and ensure adherence to best practices. Required Skills & Experience 3+ years of experience in Python development , preferably with Django . Strong understanding of object-oriented programming and RESTful APIs . Experience with CI/CD pipelines (e.g., GitLab CI/CD). Familiarity with Linux server administration and CLI-based troubleshooting. Knowledge of SOAR platforms (e.g., Cortex XSOAR) is a strong plus. Understanding of cybersecurity concepts , networking , and firewall technologies . Exposure to containerization (Docker) and DevOps tools is desirable. Education & Certifications Bachelor’s degree in Computer Science , Information Technology , or a related field.

Overall 3-6 years’ experience in network security with at least 3 years in managing SFTP •Proficiency with management SFTP Experience in working with Windows, Linux, Unix environments Hands-on experience in commissioning and Implementation of SFTP

About the Organisation DataFlow Group is a pioneering global provider of specialized Primary Source Verification (PSV) solutions, and background screening and immigration compliance services that assist public and private organizations in mitigating risks to make informed, cost-effective decisions regarding their Applicants and Registrants. About the Role: Dataflow is looking to hire a cyber security expert with rich experience leveraging TrendMicro Vision/XDR platform and AWS environment in security alerts triage, investigation and incident response to support on-prem devices and cloud assets remain protected from any security threats. The ideal candidate will have a strong understanding of threat detection and response, and experience with TrendMicro's XDR platform to investigate workstations (windows/mac) and public cloud assets in AWS. Identifying opportunities and designs to automate security tasks, such as threat intelligence enrichment, incident response playbooks and automated workflows using TrendMicro XDR platform is desirable. You will be expected to use your experience, talent and passion to work with a small global team in order to provide a 24x7 service to the rest of the world. Flexibility, energy, curiosity and a desire to simply get the job done will be key. The role encompasses a range of responsibilities that will focus on threat detection and response ,building security orchestration and automation, with ample opportunity to learn more in-depth skills related to workstations and servers. Our company has taken Google Workspace and AWS cloud services for its core technology suite, and you will have ample opportunity to stretch your knowledge into these cutting edge technologies. Work breakdown structure Technical Delivery(Automation):40% Technical analysis: 60% Duties and Responsibilities: Ensure security alerts are thoroughly investigated and closed within SLA. Measure quarterly Mean time to response (MTTR) and improve 5% of MTTR every quarter Ensure up-time is 99.9% for all infrastructure components Build playbook and automation for top 80% security alerts Ensure services are providing optimized performance to end-users 99% of the time Severity 1 incidents returned to service within 2 hours Qualifications: Bachelor of Engineering (B.E.) or Bachelor of Technology (B.Tech) degree A minimum of 3 years of industry experience in cyber security incidents investigation and response Monitor and analyze security events, alerts, and incidents generated by TrendVision/XDR Strong understanding of threats and attacks detection. Experienced on threat hunting and threat intelligence. Experience and working knowledge of: 1) Windows and MAC OS 2) Microsoft or Linux servers 3) Cloud-based services such as AWS, Google Workspace 4) Serverless architecture and technology (Clusters, containers etc.) Proficiency in scripting languages (e.g., Python, PowerShell) Implemented automation tools and orchestration frameworks for efficiency; Best-in-class English communication skills, with a natural confidence and ability to communicate clearly worldwide. Ability to learn quickly and adapt to changing environments. An ability to flex your hours as required, especially during releases or system outages

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations, ensuring that all security measures align with organizational objectives and compliance standards. You will engage in discussions to refine security strategies and provide guidance on best practices, contributing to a secure cloud environment that supports the organization's growth and innovation. Roles & Responsibilities:- Architect and maintain scalable Microsoft Sentinel workspaces and data ingestion pipelines (Syslog, Azure AD, MDE, custom logs).- Develop and fine-tune advanced Sentinel analytics rules and watchlists.- Write and optimize complex KQL queries for threat hunting and anomaly detection.- Build and maintain automation workflows via Sentinel Playbooks (Logic Apps).- Conduct deep forensic analysis via MDE (Advanced Hunting, Live Response.- Analyze attacker TTPs leveraging MITRE ATT&CK within Sentinel and MDE environments.- Create and manage custom threat detection and incident enrichment logic.- Build and maintain SOAR playbooks to auto-contain threats (e.g., isolate devices, revoke tokens).- Mentor and train SOC analysts and engineers in Sentinel/MDE best practices.- Collaborate with detection engineers, cloud architects, and incident responders.- Participate in red/blue team exercises to continually improve detection maturity. Professional & Technical Skills: - Exp in Security Operations, Incident Response, or Cyber Threat Detection.- Expert-level KQL (Kusto Query Language) proficiency.- Proven experience in Sentinel rule authoring, hunting queries, and data modeling.- Strong background in SOAR automation (Microsoft Logic Apps).- Deep understanding of MITRE ATT&CK and its mapping to telemetry.- Familiarity with JSON, ARM templates, Azure Monitor, and Event Hub integration.- Experience integrating third-party tools and custom connectors into Sentinel.- Proficiency in PowerShell, REST APIs, and Azure Resource Manager.- SC-200:Microsoft Security Operations Analyst- SC-100:Microsoft Cybersecurity Architect- AZ-500:Microsoft Azure Security Technologies- GCFA/GCIA (SANS) for deep forensic or network detection background- MITRE ATT&CK Defender (MAD) certificate.- CISSP, CEH, or equivalent industry certifications -Strong problem-solving and analytical thinking.- Effective communicator with ability to explain complex issues to various stakeholders.- Passion for mentoring and knowledge-sharing within the security team.- Proactive, detail-oriented, and highly autonomous.- Comfortable working under pressure in high-stakes incident response situations.- Collaboration-first mindset with cross-functional teams (SOC, IR, Cloud, IT) Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Endpoint Extended Detection and Response Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a Lead EDR Engineer with expertise in Microsoft Defender for Endpoint (MDE) to lead its implementation, administration, and incident response. As the MDE expert, you will manage enterprise-wide deployment, optimize configurations, guide incident response efforts, and drive endpoint security strategy in collaboration with cross-functional teams. You will lead EDR strategy design, mentor security teams, and drive defense against advanced threats using MITRE ATT&CK-aligned frameworks. Roles & Responsibilities:-Lead deployment and configuration of Microsoft Defender for Endpoint across all supported platforms.-Customize and manage endpoint security policies, attack surface reduction rules, and threat protection settings.-Monitor security alerts and endpoint telemetry to detect and analyze threats.-Conduct investigations using Microsoft 365 Defender and advanced hunting (KQL) capabilities.-Respond to incidents by initiating remediation actions (e.g., isolate endpoints, remove malware, collect forensic data/Artifacts).-Collaborate with the SOC to provide timely incident resolution and root cause analysis.-Tune detection rules and policies to reduce false positives and enhance protection.-Maintain up-to-date documentation, playbooks, and response procedures.-Provide recommendations to improve the organizations endpoint security posture.-Mentor junior analysts and engineers on best practices for MDE and incident response workflows.-Provide executive-level reporting on threat trends, incident metrics, and risk posture.-Perform gap analysis on endpoint security to identify and address areas of improvement.-Build and maintain SOAR playbooks to auto-contain threats (e.g., isolate devices, revoke tokens).-Stay current on emerging threats and align defense strategies with frameworks like MITRE ATT&CK. Professional & Technical Skills: -68+ years of experience in MDE/EDR implementations and security operations.-Strong background in SOAR automation (Microsoft Logic Apps).-Deep technical knowledge of endpoint protection, threat detection, and incident response workflows.-Proficiency in Microsoft security stack:M365 Defender, Intune, Azure AD, and Sentinel. -Strong command of KQL for custom detections and threat hunting.-Experience with scripting (PowerShell), automation, and EDR tooling integrations is a plus.-Experience with Halcyon and CrowdStrike EDR is a plus and considered an added advantage.- Prefered Certifications SC-200:Microsoft Security Operations Analyst,SC-100:Microsoft Cybersecurity Architect,AZ-500:Microsoft Azure Security Technologies,MITRE ATT&CK Defender (MAD) certs,CISSP, CEH, or equivalent industry certifications Additional Information:- The candidate should have minimum 5 years of experience in Endpoint Extended Detection and Response.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

* Responsible for implementation partner to see project on track along with providing required reports to management and client * Handle the project as well as BAU operations while ensuring high level of systems security compliance * Coordinate with and act as an authority to resolve incidents by working with other information security specialists to correlate threat assessment data. * Analyse data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents. * Ready to support for 24/7 environment. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise * 7+ years of IT experience in security with at least 4+ Years in Security Operation Centre with SIEMs. * B.E./ B. Tech/ MCA/ M.Sc. * Maintaining SIEM/UEBA platform hygiene, Scripting, Automation SOAR Playbook Creation with Testing, with Change/Problem/Incident Management, with CP4S platform integration & dashboarding, Recovery Support. * Expertise in Security Device Management SIEM, Arcsight, Qradar, incident response, threat hunting, Use case engineering, SOC analyst, device integration with SIEM. * Working knowledge of industry standard risk, governance and security standard methodologies * Proficient in incident response processes - detection, triage, incident analysis, remediation and reporting. * Ability to multitask and work independently with minimal direction and maximum accountability. Preferred technical and professional experience * Preferred OEM Certified SOAR specialist + CEH * Ambitious individual who can work under their own direction towards agreed targets/goals and with creative approach to work * Intuitive individual with an ability to manage change and proven time management * Proven interpersonal skills while contributing to team effort by accomplishing related results as needed * Up-to-date technical knowledge by attending educational workshops, reviewing publications

Industry - Leading NBFC. Designation - Senior Manager / AVP. Role - SOAR Admin. Location - Mumbai. Required Candidate profile Role: Minimum 6 years experience in designing, implementing and managing Security Orchestration, Automation, and Response (SOAR) solutions. Interested can share their CV - bhumika@rightmatch.co.in

Skill:- Cybersecurity,Azure Sentinel SIEM,MS Defender for Endpoints (EDR/ATP),AWS IAM,SOAR Concept,Fortinet FortiSOAR,Palo Alto Networks - Firewalls,Cortex XSOAR,Python. We are seeking a Cybersecurity Analyst with 1-6years of experience in fundamental cybersecurity concepts, including SIEM, EDR, IAM, and SOAR platforms. The ideal candidate should have a basic understanding of security automation and orchestration using platforms like FortiSOAR, Palo Alto XSOAR, and ThreatConnect (preferred). Experience with SOAR play book creation , integration etc. Additionally, knowledge of Python scripting for automation and security tasks will be an added advantage. Those who have relevant experience and Skills, as mentioned above please revert back soon. It's a kind request, Please provide the below mentioned details in Ur CV/mail before u send it to us.

____________________________________________________________________________ - PLEASE SAVE WHATSAPP # 9315248639 - Nishant/Shreedevi is your POC from RexOreo Pvt Ltd. -Queries : All emails will come from id : team@rexoreo.com , so please keep an eye. _____________________________________________________________________________ Top Selection & Auto Elimination Criteria: Only Delhi NCR Candidates Need to apply as we need Only Immediate joiners (0-30 days) Rotational Shift Cab facility : Yes only late night pick or drop(1 side only for Gurgaon Employees) Location : Gurgaon Mode : 5 days work from Office only (NO Work from home) Relevant experience range 9+ Position : L3 SOC Analyst Experience : 9-14 years Only Current L2/L2+ (more than 2 years) or L3 candidates need to apply Experience in QRadar is mandatory Total Open Positions (as of 16-June 5.30pm) : 5 EMAIL @ team@rexoreo,com : A VOICE NOTE WHY YOU ARE FIT FOR THIS ROLE ___________________________________________________________________________ Position Description: The SOC Level 3 Analyst is a senior-level cybersecurity professional responsible for leading advanced threat detection, response, and mitigation activities within the Security Operations Center. This role acts as the final escalation point for complex security incidents and plays a crucial role in enhancing security monitoring, incident response procedures, and overall threat defense capabilities. The L3 Analyst collaborates with security engineers, incident response teams, threat intelligence analysts, and IT stakeholders to identify, investigate, and remediate security threats in real-time. Role and responsibilities: 1. Incident Response and Escalation Lead and coordinate end-to-end response for critical and high-severity security incidents. Perform advanced investigation and forensics on compromised systems, including log correlation, packet analysis, and endpoint review. Serve as a primary escalation point for SOC Tier 1 and Tier 2 analysts. Conduct root cause analysis and provide detailed incident reports with lessons learned and mitigation steps. 2. Threat Detection and Analysis Analyze and triage alerts generated by the SIEM and other security tools. Hunt for threats in the environment using threat intelligence and behavioral indicators (proactive threat hunting). Analyze and reverse-engineer malware, if required, to understand behavior and determine mitigation steps. Correlate threat intelligence feeds with internal data to identify indicators of compromise (IOCs) and advanced persistent threats (APTs). 3. Tooling and Automation Optimize and fine-tune detection rules and SIEM use cases to reduce false positives and enhance detection accuracy. Build automation scripts and workflows to improve efficiency in incident triage, correlation, and response. Collaborate with security engineers to integrate new data sources and tools into the SOC ecosystem. 4. Documentation and Reporting Maintain detailed and accurate documentation of incidents, investigations, and actions taken. Develop and update SOC standard operating procedures (SOPs) and playbooks. Prepare and present technical reports, dashboards, and metrics to senior management and stakeholders. 5. Mentorship and Leadership Mentor and guide SOC L1 and L2 analysts on technical skills and investigative processes. Provide training on new threats, tools, and techniques. Assist in evaluating and improving team workflows, processes, and overall SOC maturity. 6. Collaboration and Stakeholder Engagement Work closely with threat intelligence, vulnerability management, and risk teams to stay ahead of emerging threats. Communicate with IT, DevOps, and business units to coordinate responses and ensure secure configurations. Participate in red/blue team exercises and post-mortem reviews to enhance SOC readiness. Required Experience / Skills: Strong expertise with SIEM platforms (e.g., QRadar, Sentinel, LogRhythm , Splunk,). Proficient in EDR and XDR tools (e.g., CrowdStrike, SentinelOne, Carbon Black). Hands-on knowledge of packet capture analysis tools (e.g., Wireshark, tcpdump), forensic tools, and malware analysis tools. Familiarity with scripting or automation languages such as Python, PowerShell, or Bash. Deep understanding of networking protocols, OS internals (Windows/Linux), and security best practices. Familiar with frameworks such as MITRE ATT&CK, NIST, and the Cyber Kill Chain. Minimum of nine (9) years technical experience 7+ years of experience in SOC, security operations, cyber technical analysis, threat hunting, and threat attribution assessment with increasing responsibilities. 3+ years of rule development and tuning experience 2+ years of Incident response Experience supporting 24x7x365 SOC operations and willing to operate in Shifts including but not limited to Alert and notification activities- analysis/triage/response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported alerts and Incidents. Manage multiple tickets/alerts in parallel, including end-user coordination. Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response. Solid understanding and experience analyzing security events generated from security tools and devices not limited to QRadar, MS Sentinel, FireEye, Elastic, SourceFire, Malware Bytes, CarbonBlack/Bit9, Splunk, Prisma Cloud/Compute, Cisco IronPort, BlueCoat Experience and solid understanding of Malware analysis Demonstrated proficiencies with one or more toolsets such as QRadar, MS Sentinel, Bit9/CarbonBlack, Endgame, FireEye HX / CM / ETP, Elastic Kibana Experience and ability to use, contribute, develop and follow Standard Operating Procedures (SOPs) In-depth experience with processing and triage of Security Alerts from multiple sources but not limited to: Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources Experience with scripting languages applied to SOC operations; for example, automating investigations with tools, automating IOC reviews, support SOAR development. Experience with bash, python, and Windows PowerShell scripting Demonstrated experience with triage and resolution of SOC tasks, including but not limited to vulnerability announcements, phishing email review, Tier 1 IR support, SIEM/Security Tools - alert analysis. Demonstrated experience and understanding of event timeline analysis and correlation of events between logs sources. Demonstrated experience with the underlying logs generated by operating systems (Linux/Windows), Network Security Devices, and other enterprise tools. Demonstrated proficiencies with an enterprise SIEM or security analytics solution, including the Elastic Stack or Splunk. Solid understanding and experience analyzing security events generated from security tools and devices not limited to: QRadar, MS Sentinel, Carbon Black, FireEye, Palo Alto, Cylance, and OSSEC Expert in security incident response processes Required Certifications: Two of the following certifications are preferred: GIAC-GCIH Global Certified Incident Handler GIAC-GCFE - Global Information Assurance Certification Forensic Examiner GIAC-GCFA - Global Information Assurance Certification Forensic Analyst GIAC-GREM - GIAC Reverse Engineering Malware GIAC-GNFA - GIAC Network Forensic Analyst GIAC-GCTI - GIAC Cyber Threat Intelligence GIAC-GPen GIAC Certified Penetration Tester GIAC-GWAPT GIAC Certified Web Application Penetration Tester CEPT - Certified Expert Penetration Tester (CEPT) CASS - Certified Application Security Specialist (CASS) CWAPT - Certified Penetration Tester (CWAPT) CREA - Certified Reverse Engineering Analyst (CREA) Qualifications : Bachelors degree in computer science, Information Technology, or a related field. Experience of 5 years or 3 years relevant experience. Strong troubleshooting and problem-solving skills. Excellent communication and interpersonal skills. Ability to work independently and as part of a team. Strong organizational and time management skills. Willingness to work after hours and provide on-call support.

Job description: Job Title: SOAR Automation Engineer Location: Delhi, India Experience: 2-5 years Employment Type: Full-Time Joining: Immediate Job Summary: We are seeking a skilled SOAR Automation Engineer to enhance our cybersecurity operations through automation and orchestration. The ideal candidate will have hands-on experience in SOAR platforms, strong programming expertise, and the ability to develop and optimize playbooks for threat detection and incident response. If you're ready to contribute immediately to cutting-edge security automation, we want you on our team! Key Responsibilities: Develop, customize, and implement SOAR automation workflows using platforms like XSOAR, Google SOAR, IBM SOAR, and Splunk SOAR Design and optimize security playbooks for efficient incident response and threat mitigation Integrate SOAR tools with ServiceNow and other ITSM/security systems Write and maintain Python, JavaScript, and Shell scripting for automation processes Collaborate with cybersecurity analysts to refine security automation strategies Debug and troubleshoot SOAR implementations for optimal performance Stay updated with industry trends in SOAR automation, cybersecurity, and threat intelligence Required Skills & Qualifications: 2-5 years of experience in security automation and programming Strong expertise in SOAR platforms (XSOAR, Google SOAR, IBM SOAR, Splunk SOAR) Solid programming skills in Python, JavaScript, and Shell scripting Experience in creating security playbooks to automate incident response Familiarity with ServiceNow integration for security operations Understanding of cybersecurity principles, threat hunting, and incident management Ability to work efficiently in a fast-paced environment with immediate availability Preferred Qualifications: Certifications in SOAR automation, cybersecurity, or programming languages Knowledge of machine learning applications for security automation Experience with cloud security solutions

Hi , As per response to your profile which is uploaded in Job portals. We have an excellent job openings for XSOAR -Bangalore Location in IT MNC If your already received email or not looking for job change/ irrelevant - please ignore it. Note: Apply for only Relevant & interested candidates. Job Description: Skill:- Cybersecurity,Azure Sentinel SIEM,MS Defender for Endpoints (EDR/ATP),AWS IAM,SOAR Concept,Fortinet FortiSOAR,Palo Alto Networks - Firewalls,Cortex XSOAR,Python. We are seeking a Cybersecurity Analyst with 1-6years of experience in fundamental cybersecurity concepts, including SIEM, EDR, IAM, and SOAR platforms. The ideal candidate should have a basic understanding of security automation and orchestration using platforms like FortiSOAR, Palo Alto XSOAR, and ThreatConnect (preferred). Experience with SOAR play book creation , integration etc. Additionally, knowledge of Python scripting for automation and security tasks will be an added advantage. Those who have relevant experience and Skills, as mentioned above please revert back soon. It"s a kind request, Please provide the below mentioned details in Ur CV/mail before u send it to us. Total Exp: Relevant Exp:- Current Company: Current CTC: Expected CTC: Current Location: Preferred location: Bangalore Notice Period: DOB: Degree: Many Thanks Regards Sreenivas Sreenivasa.k@happiestminds.com

- Design, develop & maintain playbooks within Cortex XSOAR - Integrate security tools & threat intelligence sources with XSOAR - Implement & manage security alerts using XSIAM, SIEM & SOAR platforms - Fine-tune & optimize securty automation processes Required Candidate profile Exp. : 6+ yrs CTC : Upto 30 Lacs Location : Remote WFH (1 Opening) / Central Mumbai WFO (2 Open) Comm. Skills - Excellent Strong in Cortex XSOAR along with automation and XSIAM, SOAR, and SIEM tools.

Top Selection & Auto Elimination Criteria: Rotational Shift, Only Immediate joiners (0-15 days ), Cab facility : Yes only late night pick or drop(1 side only for Gurgaon Employees) Location : Gurgaon Mode : 5 days work from Office only (NO Work from home) Relevant experience range 9+ Position : L3 SOC Analyst Position Description: The SOC Level 3 Analyst is a senior-level cybersecurity professional responsible for leading advanced threat detection, response, and mitigation activities within the Security Operations Center. This role acts as the final escalation point for complex security incidents and plays a crucial role in enhancing security monitoring, incident response procedures, and overall threat defense capabilities. The L3 Analyst collaborates with security engineers, incident response teams, threat intelligence analysts, and IT stakeholders to identify, investigate, and remediate security threats in real-time. Role and responsibilities: 1. Incident Response and Escalation Lead and coordinate end-to-end response for critical and high-severity security incidents. Perform advanced investigation and forensics on compromised systems, including log correlation, packet analysis, and endpoint review. Serve as a primary escalation point for SOC Tier 1 and Tier 2 analysts. Conduct root cause analysis and provide detailed incident reports with lessons learned and mitigation steps. 2. Threat Detection and Analysis Analyze and triage alerts generated by the SIEM and other security tools. Hunt for threats in the environment using threat intelligence and behavioral indicators (proactive threat hunting). Analyze and reverse-engineer malware, if required, to understand behavior and determine mitigation steps. Correlate threat intelligence feeds with internal data to identify indicators of compromise (IOCs) and advanced persistent threats (APTs). 3. Tooling and Automation Optimize and fine-tune detection rules and SIEM use cases to reduce false positives and enhance detection accuracy. Build automation scripts and workflows to improve efficiency in incident triage, correlation, and response. Collaborate with security engineers to integrate new data sources and tools into the SOC ecosystem. 4. Documentation and Reporting Maintain detailed and accurate documentation of incidents, investigations, and actions taken. Develop and update SOC standard operating procedures (SOPs) and playbooks. Prepare and present technical reports, dashboards, and metrics to senior management and stakeholders. 5. Mentorship and Leadership Mentor and guide SOC L1 and L2 analysts on technical skills and investigative processes. Provide training on new threats, tools, and techniques. Assist in evaluating and improving team workflows, processes, and overall SOC maturity. 6. Collaboration and Stakeholder Engagement Work closely with threat intelligence, vulnerability management, and risk teams to stay ahead of emerging threats. Communicate with IT, DevOps, and business units to coordinate responses and ensure secure configurations. Participate in red/blue team exercises and post-mortem reviews to enhance SOC readiness. Required Experience / Skills: Strong expertise with SIEM platforms (e.g., QRadar, Sentinel, LogRhythm , Splunk,). Proficient in EDR and XDR tools (e.g., CrowdStrike, SentinelOne, Carbon Black). Hands-on knowledge of packet capture analysis tools (e.g., Wireshark, tcpdump), forensic tools, and malware analysis tools. Familiarity with scripting or automation languages such as Python, PowerShell, or Bash. Deep understanding of networking protocols, OS internals (Windows/Linux), and security best practices. Familiar with frameworks such as MITRE ATT&CK, NIST, and the Cyber Kill Chain. Minimum of nine (9) years technical experience 7+ years of experience in SOC, security operations, cyber technical analysis, threat hunting, and threat attribution assessment with increasing responsibilities. 3+ years of rule development and tuning experience 2+ years of Incident response Experience supporting 24x7x365 SOC operations and willing to operate in Shifts including but not limited to Alert and notification activities- analysis/triage/response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported alerts and Incidents. Manage multiple tickets/alerts in parallel, including end-user coordination. Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response. Solid understanding and experience analyzing security events generated from security tools and devices not limited to QRadar, MS Sentinel, FireEye, Elastic, SourceFire, Malware Bytes, CarbonBlack/Bit9, Splunk, Prisma Cloud/Compute, Cisco IronPort, BlueCoat Experience and solid understanding of Malware analysis Demonstrated proficiencies with one or more toolsets such as QRadar, MS Sentinel, Bit9/CarbonBlack, Endgame, FireEye HX / CM / ETP, Elastic Kibana Experience and ability to use, contribute, develop and follow Standard Operating Procedures (SOPs) In-depth experience with processing and triage of Security Alerts from multiple sources but not limited to: Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources Experience with scripting languages applied to SOC operations; for example, automating investigations with tools, automating IOC reviews, support SOAR development. Experience with bash, python, and Windows PowerShell scripting Demonstrated experience with triage and resolution of SOC tasks, including but not limited to vulnerability announcements, phishing email review, Tier 1 IR support, SIEM/Security Tools - alert analysis. Demonstrated experience and understanding of event timeline analysis and correlation of events between logs sources. Demonstrated experience with the underlying logs generated by operating systems (Linux/Windows), Network Security Devices, and other enterprise tools. Demonstrated proficiencies with an enterprise SIEM or security analytics solution, including the Elastic Stack or Splunk. Solid understanding and experience analyzing security events generated from security tools and devices not limited to: QRadar, MS Sentinel, Carbon Black, FireEye, Palo Alto, Cylance, and OSSEC Expert in security incident response processes Required Certifications: Two of the following certifications are preferred: GIAC-GCIH Global Certified Incident Handler GIAC-GCFE - Global Information Assurance Certification Forensic Examiner GIAC-GCFA - Global Information Assurance Certification Forensic Analyst GIAC-GREM - GIAC Reverse Engineering Malware GIAC-GNFA - GIAC Network Forensic Analyst GIAC-GCTI - GIAC Cyber Threat Intelligence GIAC-GPen GIAC Certified Penetration Tester GIAC-GWAPT GIAC Certified Web Application Penetration Tester CEPT - Certified Expert Penetration Tester (CEPT) CASS - Certified Application Security Specialist (CASS) CWAPT - Certified Penetration Tester (CWAPT) CREA - Certified Reverse Engineering Analyst (CREA) Qualifications : Bachelors degree in computer science, Information Technology, or a related field. Experience of 5 years or 3 years relevant experience. Strong troubleshooting and problem-solving skills. Excellent communication and interpersonal skills. Ability to work independently and as part of a team. Strong organizational and time management skills. Willingness to work after hours and provide on-call support.