482 Soar Jobs - Page 10

Role & responsibilities Design and develop XSOAR playbooks to automate repetitive tasks in Security Operations. Integrate various security tools and data sources with XSOAR using APIs, custom integrations, and out-of-the-box connectors. Collaborate with SOC analysts, incident responders, and other cybersecurity teams to identify automation opportunities. Maintain and enhance existing playbooks based on feedback and evolving security requirements. Develop custom scripts (Python) and integrations as needed. Troubleshoot and resolve issues related to XSOAR integrations and playbooks. Document processes, playbooks, and integration procedures for knowledge sharing. Ensure automation workflows comply with security policies, standards, and regulatory requirements. Provide training and mentoring to team members on XSOAR automation best practices. Stay up to date with the latest trends, threats, and technologies in security automation Preferred candidate profile Hands-on experience with Palo Alto Cortex XSOAR (mandatory). Strong knowledge of security operations, incident response, and SOC processes. Proficient in Python scripting (must-have for custom automations and integrations). Experience with RESTful APIs and JSON data format. Familiarity with SIEM, EDR, firewalls, threat intelligence platforms, and other security tools. Strong analytical, problem-solving, and troubleshooting skills. Excellent written and verbal communication skills. Ability to work collaboratively in a fast-paced team environment.

1 Role title: Cyber Security Architect Grade Required Qualifications Advanced degree in Computer Science 5+ years of cyber security engineering experience Any of the following: CISSP, CISM, CEH along with Azure, GCP or AWS certifications Experience with security tools and technologies (e.g., firewalls, IPS, Email Security, SOAR, Threat Intel, SIEM, DLP, EDR, encryption, etc.). Experience in global manufacturing, pharma, and/or a life sciences company Summary of Role Duration Key responsibilities Required skills The Security Architect role is a pivotal position within the Cyber Security Office, reporting directly to the Security Architecture Lead. This role offers an exciting opportunity to collaborate with cross-functional teams from IT, Cyber Security, and Business Units to architect and design robust security solutions that effectively protect organisation's enterprise networks from evolving cyber threats. As an individual contributor, you will focus on strategic design and innovation, ensuring that our security strategies align with industry standards and best practices such as TOGAF, SABSA, Purdue, and NIST frameworks. This role is designed for individuals who are passionate about cybersecurity, possess strong expertise in security, and are eager to make a significant impact on organisation's security posture Drive the strategic design and implementation of innovative security solutions and controls Stay at the forefront of industry standards, regulations, and best practices related to IT and OT security, ensuring continuous improvement Generate comprehensive documentation, certification, and testing protocols for the deployment of new security solutions Continuously monitor and analyze current cybersecurity threats, trends, and emerging technologies to inform strategic security initiatives Work closely with engineering and architecture teams to ensure security requirements are integrated into all phases of the system development lifecycle Define and implement advanced security configurations, policies, and procedures for IT and OT assets and systems Effectively communicate with stakeholders at all levels, translating complex technical concepts into actionable security strategies Support the development and implementation of security architectures across various domains, including data security, AI, cloud, network security, monitoring detection and response, threat, risk, vulnerability asset and configuration management, and platform security Conduct security assessments and gap analyses to identify and mitigate security risks Provide technical guidance and mentorship to security engineers and other team members Perform assessments of capabilities and tools to ensure alignment with GSK business and security needs Assist with product Proof of Concept (POC) evaluations to validate security solutions Create and execute test plans to rigorously evaluate security controls and document results to provide unbiased outcomes that demonstrate alignment with GSK business and security needs in a seamless manner Proven experience in developing security strategies and reference architectures Familiarity with TOGAF, SABSA, or Purdue Enterprise Reference Architecture Experience in designing and deploying network security controls and solutions Extensive knowledge of security technologies, including encryption, authentication, authorization, security protocols, data and privacy, AI/ML, and application development Strong communication and interpersonal skills, ability to effectively manage stakeholders Proficiency in writing, developing, and maintaining technical documentation, including security standards, strategies, and implementation plans Ability to prioritize and filter actions to focus on those with significant impact on the program Capability to work with multiple stakeholders to promote practical solutions to complex security problems Excellent problem-solving and analytical skills, with the ability to work under pressure Hands-on experience in at least three of the following security domains: data security, AI, cloud, network security, monitoring detection and response, threat, risk, vulnerability asset and configuration management, or platform security Experience with threat modeling and risk assessment methodologies Experience in security automation and orchestration Knowledge of AI and machine learning security considerations Understanding of regulatory requirements/industry standards (e.g., GDPR, HIPAA, PCI)

Responsibilities: * Conduct threat analysis using SOC tools like QRadar & LogRhythm. * Collaborate with incident response team on security incidents. * Monitor network activity for suspicious behavior.

As a Manager, Information Security Incident Response at NTT DATA, you will be responsible for leading the Information Security Incident Response Management team. Your role will involve ensuring that your team is well-equipped to detect and monitor threats and suspicious activities affecting the organization's technology domain. You will serve as the escalation point for incident workflows and actively participate in delivering security measures through analytics and threat hunting processes. Your primary responsibilities will include managing a team of security professionals while fostering a collaborative and innovative team culture focused on operational excellence. You will be expected to have at least 10 years of experience in SOC, with a minimum of 4 years as a SOC Manager. Additionally, you should have 4+ years of experience in SIEM (Splunk) and hold a CISM/CISSP certification. Your role will also involve troubleshooting technical issues to ensure project success, implementing changes to align with client demands, and providing guidance to the team to achieve specific objectives. You will be responsible for developing and executing a timeline for the team to achieve its goals, monitoring incident detection and closure, and presenting regular metrics and reports. Furthermore, you will be required to conduct periodic DR drills, design SIEM solutions to enhance security value, and conduct root-cause analysis for security incidents. It will be vital for you to ensure that the SIEM system is optimized for efficient performance, align reports SIEM rules and alerts with security policies, and compliance reports requirements. You will also collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. To qualify for this role, you should have a Bachelor's degree or equivalent in Information Technology, Computer Science, or a related field, along with industry certifications such as CISSP or CISM. You should possess advanced experience in the Technology Information Security industry, prior experience working in a SOC/CSIR, and advanced knowledge of tools, techniques, and processes used by threat actors. Additionally, you should have practical knowledge of indicators of compromise (IOCs), end-point protection, enterprise detention, response software, SIEM, and IPS technologies. This is an on-site working position at NTT DATA, where diversity and inclusion are embraced, and you will have the opportunity to continue growing, belonging, and thriving in a collaborative environment. NTT DATA is an Equal Opportunity Employer, and your career progression here will involve seizing new opportunities, expanding your skills, and preparing for future advancements within the global team.,

Job Description Lead the design and deployment of scalable security automation workflows and playbooks in Cortex XSOAR (or equivalent platforms such as Splunk SOAR, Siemplify, etc.). Serve as technical owner of the SOAR platform, managing connectors, integrations, performance monitoring, version control, and upgrades. Build custom automations using Python scripts, decision logic, and API integrations to support alert enrichment, containment, and notification tasks. Architect integrations with SIEMs (e.g., Splunk, QRadar), EDR, threat intel feeds (e.g., Anomali, VirusTotal), ticketing systems (e.g., ServiceNow, Jira), and other tools. Drive automation of incident response (IR) use cases including phishing, malware, lateral movement, data exfiltration, insider threats, and vulnerability exploitation. Partner with SOC, threat intelligence, and cloud security teams to identify automation opportunities and translate them into technical solutions. Optimize SOAR playbooks to reduce mean time to detect (MTTD) and respond (MTTR) while maintaining reliability and resilience. Mentor junior automation engineers and provide code reviews, best practices, and process guidance. Contribute to development of automation standards, security engineering roadmaps, and cross-team documentation. Stay abreast of emerging SOAR trends, threat landscapes, and new platform features. Required Qualifications: 3+ years specifically working with SOAR platforms—Cortex XSOAR strongly preferred; Splunk SOAR, Siemplify, or Chronicle SOAR also acceptable. Strong scripting experience in Python, especially within automation workflows. Proven expertise in integrating security tools using REST APIs, Python SDKs, and platform connectors. In-depth understanding of SOC operations, incident lifecycle, and security best practices (MITRE ATT&CK, NIST, etc.). Familiarity with SIEM platforms (e.g., Splunk) and threat intelligence enrichment techniques. Experience with version control (Git), CI/CD pipelines, and structured testing of automation code. Demonstrated ability to lead complex automation initiatives and work independently with minimal guidance. Strong written and verbal communication skills, especially in cross-functional team environments.

position: Cybersecurity Enterprise Sales SIEM Engineering Focus Location: Hyderabad/Bangalore/Mumbai Role Overview: We are seeking a dynamic and results-driven Cybersecurity Enterprise Sales professional to join our team. This role is focused on selling advanced cybersecurity solutions, including SIEM, SOAR, and Adaptive MDR offerings, to mid-to-large enterprises. The ideal candidate will have a strong foundation in cybersecurity operations, particularly SIEM engineering, and a proven track record in enterprise technology sales Key Responsibilities: Develop and execute a strategic sales plan to meet and exceed quarterly and annual sales targets. Identify, qualify, and pursue new business opportunities in enterprise accounts. Conduct engaging product presentations and solution demonstrations to prospective clients. Understand customer security needs and map solutions accordingly, with a focus on SIEM, SOAR, and MDR. Lead contract negotiations and close deals. Build and maintain long-term relationships with key stakeholders and channel partners. Stay current on the latest cybersecurity trends and emerging technologies. Collaborate with internal technical and product teams to align solutions with customer needs. Required Qualifications: Bachelor's degree in Business, Computer Science, Information Security, or a related field. 8+ years of experience in cybersecurity sales, with a focus on enterprise customers. Hands-on understanding of SIEM tools (e.g., Splunk, IBM QRadar, Securonix) and security operations workflows. Proven ability to meet or exceed sales targets in a complex, solution-oriented environment. Excellent communication, presentation, and negotiation skills. Self-starter with the ability to work independently and cross-functionally Preferred Skills: Experience selling MDR, SIEM, SOAR, or AI-driven security solutions. Familiarity with SaaS security platforms and cloud security posture management. Background in threat detection, incident response, or SIEM engineering is a strong plus

Job Title : Cybersecurity Analyst Fortinet, SIEM, and SOAR Expert Location : Chennai Experience : 5 to 8 Years Employment Type : Contract Job Summary : We are looking for an experienced Cybersecurity Analyst with a strong background in Fortinet firewall configuration , SIEM tools (like Splunk, QRadar, or SentinelOne), and SOAR platforms . The ideal candidate will be highly skilled in threat detection, incident response automation, and log analysis. A basic understanding of OT/IoT security concepts is desirable. Key Responsibilities : Configure and audit firewall rules in Fortinet environments Work with SIEM tools (e.g., Splunk, QRadar, SentinelOne) to: Monitor and analyze logs and security events Create and tune correlation rules and alerts Manage incident detection workflows Develop and manage automated playbooks in SOAR/XSOAR platforms Integrate security tools and enable automation for incident response Understand OT/IoT security threats and risk areas (hands-on experience not mandatory) Required Skills : Hands-on experience with Fortinet firewall configuration and policy audits Strong knowledge of at least one SIEM tool (Splunk, QRadar, or SentinelOne) Practical experience in log analysis , threat detection, and workflow creation Familiarity with SOAR tools and playbook development Basic understanding of OT/IoT security environments Good analytical and troubleshooting skills Ability to work in a fast-paced environment Preferred Qualifications : Certifications such as Fortinet NSE , Splunk Certified , etc. Experience in scripting/automation using Python , PowerShell , or similar tools Exposure to MITRE ATT&CK framework and incident response procedures

Sr. Associate - SOC - Netskope: Elevate Your Impact Through Innovation and Learning Evalueserve is a global leader in delivering innovative and sustainable solutions to a diverse range of clients, including over 30% of Fortune 500 companies. With a presence in more than 45 countries across five continents, we excel in leveraging state-of-the-art technology, artificial intelligence, and unparalleled subject matter expertise to elevate our clients' business impact and strategic decision-making. Our team of over 4, 500 talented professionals operates in countries such as India, China, Chile, Romania, the US, and Canada. Our global network also extends to emerging markets like Colombia, the Middle East, and the rest of Asia-Pacific. Recognized by Great Place to Work in India, Chile, Romania, the US, and the UK in 2022, we offer a dynamic, growth-oriented, and meritocracy-based culture that prioritizes continuous learning and skill development and work-life balance. Curious to know what its like to work at Evalueserve? Watch this video What you will be doing at Evalueserve Threat and Vulnerability analysis. Analysis and response to hardware and software vulnerabilities. Manage security tools Knowledge of Cloud security Comprehensive knowledge on Vulnerability scanning tool UEBA and SOAR Audit and Compliance support Incident Response on Cybersecurity Knowledge of EDR, identity threat protection, Exposure management, RFM and unmanaged assets Knowledge of SIEM (Security Information and Event Management) and use cases. Monitoring network activity and ensuring no suspicious activities are happening. Collaborating with other departments to ensure system security. Identifying vulnerabilities and recommending changes to strengthen security. Conduct detailed analysis of incidents and create reports and dashboards. Handling incident alerts and collaborating with right stakeholders. Analyses all the attack alerts and come up with proper analysis What were looking for: About 4 - 8 years of work experience Knowledge of Proxy, secure web gateway (Policies, Rules) and related security alerts. Working experience of Endpoint DLP, Cloud DLP and CASB. Critical thinking and problem-solving abilities Monitoring and auditing the companys systems. Follow us on https://www.linkedin.com/compan y/evalueserve/ Click here to learn more about what our Leaders talking on achievements AI-powered supply chain optimization solution built on Google Cloud. How Evalueserve is now Leveraging NVIDIA NIM to enhance our AI and digital transformation solutions and to accelerate AI Capabilities . Know more about how Evalueserve has climbed 16 places on the 50 Best Firms for Data Scientists in 2024! Want to learn more about our culture and what its like to work with us? Write to us at: careers@evalueserve.com Disclaimer: The following job description serves as an informative reference for the tasks you may be required to perform. However, it does not constitute an integral component of your employment agreement and is subject to periodic modifications to align with evolving circumstances. Please Note :We appreciate the accuracy and authenticity of the information you provide, asit plays a key role in your candidacy. As part of the Background Verification Process, we verify your employment, education, and personal details. Please ensure allinformation is factual and submitted on time. For any assistance, your TA SPOCis available to support you .

Operational security automation is the process of automating some or all aspects of SOC or VOC operations. Replacing manual workflows with automated ones. A fundamental building block of automation is the security playbook. A playbook defines a workflow by outlining the steps teams will take to handle different types of security alerts or events. By developing playbooks ahead of time, teams avoid having to make a response plan every time an alert or event occurs. Responsibilities: Scripting and workflow development, follow proper engineering and integration lifecycles (design, create, test, document, integrate, monitor, maintain) and are designed to be reusable. Creating and integrating APIs to create orchestrated workflows. Autonomously plan security automation daily operations to ensure targets are being met. Identify and recommend necessary changes to the operational security teams to ensure automation and orchestration, maximize team talent and reduce routine tasks. Ensure operational security automations meet business and technical requirements, are maintainable, scalable and meet performance standards Bring external perspective and ideas from relevant sources, keep current with technology and industry best practices of the security industry threat landscape Communicate technical and functional requirements using an effective, efficient, and creative approach with a high degree of collaboration and influence. Work with in-house teams to identify the right mix of tools, techniques, and procedures to translate our needs and future goals into a plan that will enable secure and effective solutions. Qualifications: Extensive experience working in Information Security with focus in operational security. Experience with agile project management processes and methodologies Mandatory 3 years experiences with one of the following SOAR vendor platforms (Tines, Swimlane) Being autonomous. Advanced research, analytical, and problem-solving skills Masters degree in Computer Science, Information Security, or related field

About The Company: Ara's Client is a leading global data analytics & AI consulting. They partner with clients to resolve the most common & complex challenges standing in their way of using data to strengthen business decisions. The Role: We are seeking a motivated Cybersecurity Automation Specialist with 6 Months to 2 Years of experience to join our team. This role involves working with cutting-edge tools to enhance our cybersecurity automation program. The ideal candidate will have a foundational understanding of cybersecurity principles and be eager to learn and grow within the field. Key Responsibilities: Collaborate with the team to develop and optimize automation workflows using SOAR tools such as Cortex XSOAR and CrowdStrike Fusion. Integrate various tools and platforms using APIs and webhooks to enable seamless data flow and automation. Support threat detection and mitigation efforts by developing automated processes and playbooks for incident response. Design and implement custom playbooks for threat identification, response, and remediation. Build real-time automated workflows and response mechanisms to enhance security operations. Develop custom applications and triggers using PowerApps and the Microsoft Power Platform to support cybersecurity initiatives. Implement conditional logic, approvals, and interactive elements in automated workflows. Design and integrate AI/ML-based conversational agents, leveraging NLP techniques, and connect them to automation platforms for enhanced interactivity Qualifications & Experience: Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related field. Experience Minimum 6 Months to 3 Years. Basic understanding of cybersecurity principles, threats, and practices. Hands-on experience or familiarity with SOAR platforms and automation tools. Exposure to Agile methodology and tools like JIRA is a plus. Strong analytical, problem-solving, and communication skills. Ability to work collaboratively in a team-oriented, fast-paced environment.

Dear Cybersecurity Professionals, We are thrilled to invite you to our upcoming AI in Cybersecurity User Group activity , happening on 26th July in Chennai . This is an excellent opportunity to connect, learn, and exchange insights on how AI is revolutionizing the cybersecurity landscape. Highlights of the event: Expert talks on AI-driven cybersecurity solutions Real-world case studies and practical insights Networking with industry peers and thought leaders Interactive sessions to discuss challenges & best practices Please note: Seats are strictly limited , and registrations will be accepted on a first-come, first-served basis. Date: 26th July 2025 Time: 10:30 AM 12:30 PM Location: Chennai (venue details will be shared upon confirmation) If youre interested in joining, please reply to this email or register through below link at the earliest to secure your spot. https://forms.cloud.microsoft/r/Qc57BKrBmQ Looking forward to your participation in building a vibrant AI in cybersecurity community!

Location: Remote (India-based preferred),Delhi NCR,Bengaluru,Chennai,Pune,Kolkata, Ahmedabad, Mumbai, Hyderabad Client: Confidential Experience Required: 7-10 Years Employment Type: Contract JobDescription We are seeking an experienced Security Consultant with 710 years of deep technical expertise across AWS security practices, posture assessment, incident response, and automation in security environments. The ideal candidate will play a key role in advising on cloud security design, conducting risk assessments, and strengthening compliance and data protection mechanisms in cloud-native environments. KeyResponsibilities Lead cloud security strategy and implementation for AWS-based applications Conduct Security Posture Assessments, identify gaps, and define risk prioritization plans Implement and manage AWS security controls: IAM (Identity & Access Management) Network Security & Logging Data Encryption & Secrets Management Ensure adherence to compliance frameworks (ISO 27001, NIST, CIS, etc.) Implement Data Loss Prevention (DLP), Data Masking/Obfuscation solutions Drive SIEM/SOAR integration for intelligent threat detection and response Develop and maintain Incident Response plans and coordinate response activities Conduct automated security scanning and integrate into DevSecOps pipelines Provide consultation and innovation around Agentic AI applications in security Qualifications 7+ years of hands-on experience in cloud security, with a focus on AWS Deep knowledge of IAM, encryption, secrets management, and compliance frameworks Experience with SIEM/SOAR platforms, automated scanning tools, and AI-driven security solutions Strong documentation, communication, and stakeholder collaboration skills Ability to work independently in a remote team structure ShareYourProfile Kindly share your updated resume with the following details: Current CTC: Expected CTC: Notice Period: Current Location: Submit To: navaneetha@suzva.com

As Assistant Manager in our Cyber Team you'll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - We are seeking a skilled and proactive SIEM Content Management Specialist to join our security operations team. The ideal candidate will be responsible for designing, implementing, and managing custom SIEM content that supports the organization's security monitoring and threat detection capabilities. You will play a key role in ensuring that our SIEM system is optimized to detect, analyze, and respond to potential security threats effectively and efficiently. Desired qualifications Experience required 4-6 Years Certification's requirementssuch as CISSP, CISM,CEH or any other relevant certificate. Your role as a Assistant Manager We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society. In addition to living our purpose, Senior Executive across our organization must strive to be: Develop, test, and implement custom SIEM rules, correlation logic, and use cases to detect security threats. Continuously improve and tune existing detection content to reduce false positives and enhance detection accuracy. Build and maintain complex correlation rules, dashboards, and alerts tailored to organizational needs. Stay current with emerging threats and vulnerability trends, ensuring SIEM content is aligned with the latest threat intelligence. Knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc. Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc. Active analysis on Security Vulnerabilities, Advisories, Incidents, and Attack techniques. Creating SIEM rules to fulfill requirements provided by customers in their security use cases. SIEM Administrator is responsible for maintaining client's SIEM appliance by making sure all SIEM deployment devices are working properly, efficiently and with desired performance. Inform L3 team of proactive and reactive actions to minimize false positives Identifying the risk for Infrastructure and executing the plan to reduce the risk. Driving End to End Internal and External Audits related tocontent management. Responsible to Perform detailed investigation on security log data events. Security Analysis using Industry standard tools and technologies. Preparing detailedrun book for each Use casefor creating theSOAR playbook Active analysis on Security Vulnerabilities, Advisories, Incidents, and Attack techniques. Have knowledge in device integration for log collection and developing custom parser for unsupported log source integration. Creating security Use cases and mapping it line to MITRE ATTACK and Cyber Kill Chain phases.

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion it's a place where you can grow, belong and thrive. Your day at NTT DATA The Security Managed Services Engineer (L3) is a seasoned engineering role, responsible for providing a service to clients by proactively identifying and resolving technical incidents and problems. Through pre-emptive service incident and resolution activities, as well as product reviews, operational improvements, operational practices, and quality assurance this role will maintain a high level of service to clients. The primary objective of this role is to ensure zero missed service level agreement (SLA) conditions and is responsible for managing tickets of high complexity, conducts advanced and complicated tasks, aware of client's high level and low-level security architecture and provides resolution to a diverse range of complex problems. This position uses considerable judgment and independent analysis within defined policies and practices and applies analytical thinking and deep technical expertise in achieving client outcomes, while coaching and mentoring junior team members across functions. The Security Managed Services Engineer (L3) may also contribute to / support on project work as and when required. What you'll be doing Key Responsibilities: SOC L3 Analyst The SOC L3 analyst is responsible for handling major security incidents escalated by SOC L2 analyst and proactively identifying possible threats, security gaps that might be unknown. SOC L3 will also be responsible for suggesting improvements for process gaps identified. The main duties of the SOC L3 analyst are: - Handle and manage major security incidents escalated by SOC L2 analyst, using expert techniques and tools - Proactively identify possible threats, security gaps, and vulnerabilities that might be unknown, using threat hunting methods and tools - Provide strategic guidance and recommendations for the SIEM solution and other security tools and systems, such as configuration, tuning, optimization, integration, etc. - Mentor and train other SOC team members, such as SOC L1 analyst and SOC L2 analyst - Research and keep up to date with the latest security trends, threats, and technologies - Communicate and report the findings and outcomes of security incidents, threat hunting and provide best practices and lessons learned The main skills and qualifications of the SOC L3 analyst are: - Bachelor's degree in computer science, information security, or related field - At least 8years of experience in security operations, incident response, or related field - Expert knowledge of security concepts, principles, and best practices - Expert knowledge in AIML SIEM , SOAR solutions and cybersecurity solutions such as WAF,IPS, DDOS etc. - Expert knowledge of security tools and systems, such as firewalls, antivirus, IDS/IPS, etc. - Expert knowledge of threat intelligence sources and platforms - Expert knowledge of threat hunting methods and tools, such as [your threat hunting method or tool name] - Expert knowledge of vulnerability assessment and penetration testing methods and tools, - Adequate knowledge of web programming languages, such as Python, Ruby, PHP, etc. - Adequate knowledge of scripting languages, such as PowerShell, Bash, etc. - Analytical and problem-solving skills - Communication and teamwork skills - Attention to detail and accuracy Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience) Workplace type: On-site Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

You will be joining TriNet's Security Engineering and Automation team in India as a Manager, where you will lead a team of security engineers focusing on cloud security, security orchestration, automation and response (SOAR), and identity and access management (IAM). Your role will involve providing daily oversight and support to ensure the team executes tasks effectively, delivers work packages and deliverables on time, and meets project milestones. You will foster a collaborative and high-performance team environment, provide project management support as needed, and communicate security needs to non-technical stakeholders. In terms of Security Engineering, you will oversee the operations of the SOAR platform, support cloud security engineers in establishing and maintaining security policies, and provide oversight for IAM engineers managing privileged access. You will act as a liaison between the security team and other departments, review security metrics, promote a security-first culture within the organization, and ensure open communication with senior management regarding progress and challenges. As a Manager, you will be responsible for creating an inclusive work environment that encourages staff engagement and collaboration, setting expectations for team members, providing feedback and guidance, and evaluating performance. You will need a Bachelor's degree, 5 years of relevant experience with 2-3 years in management, and desired certifications such as CISSP, CISA, CISM, or PMP. Strong communication, organization, planning, analytical, and leadership skills are essential for this role. Ability to adapt to a fast-paced environment, work collaboratively, and maintain effective relationships with stakeholders is crucial. This position is based in India and requires minimal travel, offering a clean and comfortable office setting. TriNet reserves the right to modify job duties and assignments as needed, and the above description may not cover all responsibilities and qualifications.,

STS Service Provisioning - Senior Security Analyst Today's world is fueled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of almost 950 people who collaborate to support the business of EY by protecting EY and client information assets! Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team help protect the EY brand and build client trust. In Information Security, we combine risk strategy, digital identity, cyber defense, application security, and technology solutions throughout the security lifecycle.You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting, and enabling the business through innovative, secure solutions that provide speed to market and business value. The opportunity The Security Technology Services (STS) group is a division of Information Security that ensures secure access to systems and information for more than 390,000 people in over 150 countries. You will be part of STS DLP Engineering Team specifically to support the Enterprise Data Loss Prevention (DLP) solution. The STS team is responsible for the delivery of DLP Services and the maintenance of the global DLP applications. The team is geographically dispersed and comprises of all disciplines required to deliver Data Security Services for our customers. Your key responsibilities The Senior Analyst will be primarily responsible for configuring Data Security Solutions like the enterprise Data Loss Prevention System. The main duties of this role will include helping to translate business requirements to secure data with our technical capabilities, especially overseeing the configuration of the DLP environments in a heterogenous global environment. This role requires strong hands-on experience in leading data security solutions with a strong focus on DLP. It will also participate in Data Access Governance Program development and assist in administering the program. The Senior Analyst will help to supervise and mentor junior analysts on the team. The role will also interface with internal customers, stakeholders and support teams at various levels within the organization including Legal, Data Protection, IT Operations and Engineering. Skills and attributes for success Technical knowledge in Data Protection technology (DLP, SIEM, SOAR, Data Access Governance, Networking) Administration of the DLP tools which includes configuring policies, upgrading, and patching, etc. Proven effective verbal and written communication skills Ability to independently research and solve technical issues Demonstrated integrity in a professional environment Knowledge of core Information Security concepts related to Governance, Risk & Compliance Excellent teaming skills Ability to work in and adapt to a changing environment Flexibility to adjust to multiple demands, shifting priorities, ambiguity and rapid change Ability to efficiently handle customer concerns and difficult situations with ease and professionalism Essential Functions of the Job Work with vendors to support the different security technologies Configuration of the Security tools which includes configuring policies, response rules & notifications Work with Monitor & Response team to analyse alerts generating from various systems to tune their configuration Understand and follow the incident response process through event escalations Work with Senior level stakeholders (Risk Management, Compliance & Data Protection) Understand Business requirements and translate into technical controls Ability to work within and alongside diverse, global and virtual teams To qualify for the role you must have Degree in Computer Science, Information Systems, Engineering or a related field. Knowledge of security controls: data classification; data labeling and data loss 3-5 years of experience in one or more of the following: Data Loss Prevention (DLP) Technology support and Event Handling Information Security concepts related to Governance, Risk & Compliance Supporting Information Security Technology English language skills - excellent written and verbal communication Exceptional judgement, tact and decision-making ability Ideally, you'll also have Demonstrated integrity in a professional environment Ability to work within diverse, global, virtual teams Ability to appropriately balance firm security needs with business impact and benefit What we look for Good interpersonal, communication and presentation skills Ability to deal with ambiguity and change, and exercise appropriate time management to meet deliverables Prioritization of work items to ensure timelines are achieved Good judgment, tact, and decision-making ability Deep critical thinking skills demonstrating analytical and systematic approach to problem solving Experience working in a global virtual environment Ability to work independently but also within a team environment

Job Summary: We are seeking a highly skilled and motivated SOC Analyst / Detection Engineer to join our Security Operations Center. This role requires expertise in developing advanced KQL and Splunk queries, detection engineering, and incident response within complex enterprise environments. The ideal candidate will bring hands-on experience with SIEM, EDR, cloud security, incident playbooks, and OSINT tools, while also showing a passion for mentoring junior team members. Key Responsibilities: Develop and fine-tune detection rules and analytics using KQL (Microsoft Sentinel) and SPL (Splunk). Lead threat hunting activities leveraging EDR telemetry, SIEM logs, and threat intelligence sources. Design and implement detections based on behavioral patterns and MITRE ATT&CK mappings. Investigate security alerts and incidents, triage threats, and provide detailed incident reports and root cause analysis. Build and maintain incident response playbooks, SOPs, and runbooks to streamline SOC operations. Collaborate with internal teams to continuously improve detection logic and incident workflows. Mentor and train junior analysts, promote knowledge sharing, and support SOC skill development. Develop integrations and use cases with various log sources from on-prem, cloud, and hybrid environments. Utilize OSINT tools and frameworks (e.g., VirusTotal, Shodan, Censys, MISP, AbuseIPDB, Whois, etc.) during threat investigation and enrichment. Drive automation and orchestration where applicable using SOAR technologies. Stay up to date on threat intelligence, emerging tactics, techniques, and procedures (TTPs). Technical Skill Requirements: Detection Engineering: Strong expertise in writing detection queries (KQL/SPL), developing use cases, and tuning alerts. SIEM: Hands-on experience with Microsoft Sentinel and Splunk (Enterprise Security). EDR/XDR: CrowdStrike Falcon, Microsoft Defender for Endpoint. Cloud Security: Security monitoring in Azure, AWS, and GCP. Microsoft 365 Security: Defender for Office 365, Entra ID (Azure AD), Purview (compliance). Web Security Filtering: Experience or knowledge of Zscaler and similar solutions. Incident Response: Playbook development, SOPs, runbook creation, triage, and remediation. OSINT Tools: Practical usage of VirusTotal, URLScan.io, MISP, Shodan, Censys, GreyNoise, AbuseIPDB, Whois, etc. Log Analysis: Deep understanding of log formats from servers, network devices, cloud services, and applications. Automation/SOAR: Familiarity with automation frameworks (Logic Apps, Sentinel Playbooks, Splunk SOAR) is a plus. Scripting: PowerShell, Python, or equivalent scripting for enrichment and automation. Additional Expectations: Willingness to mentor and train junior SOC team members. Ability to work independently in a fast-paced SOC environment. Excellent analytical, communication, and problem-solving skills. Strong attention to detail and a proactive security mindset. Preferred Certifications (Nice to Have): SC-200: Microsoft Security Operations Analyst Splunk Core/Enterprise Security certifications CrowdStrike CCFR / CCFH Zscaler ZCCA/ZCCP Azure/AWS/GCP security certifications GIAC (GCIA, GCED, GCIH) or other relevant SANS certifications

Job Description We are looking for an experienced Cyber Defense Operations Manager to lead and strengthen our Cyber Risk Defense Center (CRDC). This role will be responsible for managing security analysts and engineers, driving operational excellence, and enhancing the overall cybersecurity posture of the organization. The ideal candidate will have hands-on experience in SOC operations, incident response, threat detection, vulnerability management , and should demonstrate strong leadership in managing cross-functional cybersecurity teams. You will act as a key liaison between the security operations team and executive stakeholders, ensuring alignment with business goals and regulatory standards. Key Responsibilities Lead the end-to-end operations of the Cyber Defense team including threat monitoring, triage, containment, and remediation. Define and implement security operations strategies aligned with organizational goals and compliance standards. Supervise shift planning, team onboarding, performance reviews, and skill development plans. Drive incident lifecycle management from detection and escalation to root cause analysis and reporting. Collaborate with IT, cloud, infrastructure, and compliance teams to identify and resolve security vulnerabilities and gaps. Provide management reporting on threat posture, SOC metrics, and team performance using dashboards and KPIs. Develop and maintain standard operating procedures (SOPs), response playbooks, and use-case development protocols. Manage relationships with external vendors, MSSPs, and threat intelligence service providers. Participate in the formulation of security governance, policies, and audit/compliance readiness efforts. Support business continuity planning and disaster recovery exercises. Required Qualifications Bachelor’s degree in Computer Science, Information Security, or related field (OR minimum 8 years of work experience in relevant domains) Minimum 5 years of experience in IT or cybersecurity domains Minimum 2 years of experience in a managerial or team lead role within SOC or cyber defense operations Experience in handling large-scale security operations and critical incident response Familiarity with tools like SIEM (e.g., Splunk, QRadar), SOAR platforms, EDR, NDR, and cloud security tools Strong understanding of NIST, ISO 27001, MITRE ATT&CK, and incident response frameworks Preferred Qualifications 3+ years of experience managing cross-functional cybersecurity teams Hands-on experience in threat hunting, vulnerability assessment, and remediation planning Industry-recognized certifications such as CISSP, CISM, CISA, GIAC, CEH, or equivalent Experience working with executive leadership and non-technical stakeholders Knowledge of compliance frameworks including HIPAA, PCI-DSS, SOX, or GDPR Master’s degree in Information Security, Cybersecurity, or IT Management is a plus Key Skills Cybersecurity Operations, SOC Management, Incident Response, Threat Detection, SIEM, SOAR, EDR, Vulnerability Management, Security Monitoring, Security Engineering, Security Architecture, Team Leadership, Cyber Risk Management, Cloud Security, Compliance

Key Skills: SIEM, SOAR, Azure Sentinel, FortiSOAR, Python, PowerShell, Cyber Security, Automation, Security Frameworks, Compliance, Incident Response, Playbook Creation, Log Onboarding, Cyber Kill Chain. Roles & Responsibilities: Manage and oversee SIEM and SOAR solutions, including log onboarding and creation of automated playbooks. Provide hands-on technical expertise across Cyber Security and technology domains. Collaborate with internal teams to integrate and optimize security monitoring tools and automate workflows. Maintain and ensure the performance of SIEM and SOAR platforms, enhancing detection and response capabilities. Design and implement automation solutions using scripting languages (e.g., Python, PowerShell). Support and ensure compliance with security frameworks and industry regulations. Analyze and remediate security incidents, leveraging expertise in the Cyber Kill Chain and common attack methods. Work closely with cross-functional teams to define security requirements, processes, and practices. Communicate complex security concepts to non-technical stakeholders. Monitor and report on security events and incidents to ensure continuous improvement of security posture. Experience Required: 8-11 years of experience in IT Security, with at least 6 years managing SIEM and SOAR solutions. Strong hands-on experience with SIEM (e.g., Azure Sentinel) and SOAR platforms (e.g., FortiSOAR). Experience in log onboarding for SIEM solutions and creating automated playbooks on SOAR platforms. Solid understanding of security frameworks, compliance regulations, and industry standards. Technical experience in Cyber Security and technology domains, including threat analysis and remediation. Proven ability to work under pressure and manage time effectively. Familiarity with e-commerce, logistics, supply chain, and port operations applications is a plus. Education: A ny Graduation.

We are seeking an experienced Security Consultant with 710 years of deep technical expertise across AWS security practices, posture assessment, incident response, and automation in security environments. The ideal candidate will play a key role in advising on cloud security design, conducting risk assessments, and strengthening compliance and data protection mechanisms in cloud-native environments. #KeyResponsibilities Lead cloud security strategy and implementation for AWS-based applications Conduct Security Posture Assessments, identify gaps, and define risk prioritization plans Implement and manage AWS security controls: IAM (Identity & Access Management) Network Security & Logging Data Encryption & Secrets Management Ensure adherence to compliance frameworks (ISO 27001, NIST, CIS, etc.) Implement Data Loss Prevention (DLP), Data Masking/Obfuscation solutions Drive SIEM/SOAR integration for intelligent threat detection and response Develop and maintain Incident Response plans and coordinate response activities Conduct automated security scanning and integrate into DevSecOps pipelines Provide consultation and innovation around Agentic AI applications in security #Qualifications 7+ years of hands-on experience in cloud security, with a focus on AWS Deep knowledge of IAM, encryption, secrets management, and compliance frameworks Experience with SIEM/SOAR platforms, automated scanning tools, and AI-driven security solutions Strong documentation, communication, and stakeholder collaboration skills Ability to work independently in a remote team structure Location: Delhi NCR,Bangalore,Chennai,Pune,Kolkata,Ahmedabad,Mumbai,Hyderabad

As a member of the Cyber Incident Response Team (CIRT) at Ingka Group, you will play a crucial role in developing and operating threat detection, investigation, and response capabilities to ensure a secure environment for the organization. Based in Malm, Helsingborg, or Amsterdam, you will lead the response to complex, major, or recurring cyber security incidents across the global organization. Your responsibilities will include reporting on the overall performance of incident response, writing comprehensive documentation such as plans, playbooks, and runbooks, and developing automated incident response playbooks using SOAR. Additionally, you will engineer threat detections using SIEM and XDR technology. The ideal candidate for this role should have over 5 years of experience in a security operations role and be familiar with tools like XDR, SIEM, and SOAR. You should also have knowledge of endpoint systems like Windows, macOS, and Linux, cloud platforms such as Azure and Google Cloud, and Entra ID. A strong curiosity, a willingness to learn, and the ability to work in an on-call rotation for major incident response are essential qualities we are looking for in potential candidates. We believe that you are passionate about exploring and understanding the intricacies of cybersecurity, combining theoretical knowledge with practical skills to address challenges effectively. Your analytical capabilities, structured problem-solving approach, and pragmatic mindset will contribute to the success of our team in enabling the business to thrive today and in the future. If you are someone who thrives in open-ended situations, values collaboration, and seeks continuous growth, we encourage you to apply for the position of Senior Cyber Engineer with us. We understand the importance of diversity and inclusion, and we welcome applicants from all backgrounds and experiences. Your application, submitted in English, will be a step towards joining our team dedicated to creating a better everyday life for the many people. Please note that we expect the majority of your time to be spent in the office, aligning with our value of togetherness and fostering a collaborative work environment. Interviews will be conducted on an ongoing basis, and we are excited to review your application submitted through our recruitment program.,

Dear Candidate, We are looking for a skilled Cybersecurity Analyst to monitor, detect, and respond to security threats. If you have expertise in threat intelligence, SIEM tools, and incident response, wed love to hear from you! Key Responsibilities: Monitor network traffic and systems for potential security threats. Investigate and analyze security incidents to prevent breaches. Implement security controls and best practices for data protection. Manage security tools such as SIEM, IDS/IPS, and endpoint protection. Conduct vulnerability assessments and recommend mitigation strategies. Ensure compliance with security standards like ISO 27001, NIST, and GDPR. Required Skills & Qualifications: Strong knowledge of security frameworks and incident response. Experience with SIEM tools (Splunk, QRadar, ArcSight). Proficiency in scripting (Python, Bash, PowerShell) for security automation. Understanding of network protocols, firewalls, and VPN security. Knowledge of penetration testing and ethical hacking techniques. Soft Skills: Strong analytical and problem-solving skills. Excellent attention to detail and ability to work under pressure. Good communication and teamwork skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

Your role as a Cyber Security Analyst requires 5-8 years of experience in the field, with expertise in various domains and tools such as Elasticsearch (ELK), Sqrrl, CrowdStrike, FireEye Mandiant HX, SOAR, Cloud Incident Response, Sysinternals, Sysmon, malware analysis tools like Cuckoo, Cisco Threat Grid, ThreatConnect, and Cyber Detection technologies including Advanced Threat Detection Tools, UEBA Tools, Network Packet Analysis, and Endpoint Protection. You should have hands-on experience in investigating Spam and Malware samples. As a candidate for this position, you should possess Mandatory hands-on experience in at least one of the mentioned Domains/Tools. Additionally, certifications such as CISSP, CCSP, GCIH, GCFA are preferred. Your responsibilities will include actively participating in the detection, analysis, and response to potential security threats while continuously monitoring and enhancing the organization's security posture. You will be expected to collaborate with cross-functional teams and stakeholders to ensure a robust cybersecurity framework. The ideal candidate should be detail-oriented, proactive, and possess excellent problem-solving skills. Strong communication and interpersonal abilities are essential for effectively liaising with internal and external stakeholders to mitigate potential security risks. If you meet the qualifications and have a genuine interest in cyber security, we encourage you to apply for this exciting opportunity. This is a highly rewarding role, based in Mumbai, exclusively for local candidates. The compensation package is competitive and in line with industry standards. Please ensure that your application includes all the required details mentioned in the job description to be considered for this role. We look forward to welcoming a skilled and dedicated professional to our dynamic team.,

Paytm is India's leading mobile payments and financial services distribution company. Pioneer of the mobile QR payments revolution in India, Paytm builds technologies that help small businesses with payments and commerce. Paytms mission is to serve half a billion Indians and bring them to the mainstream economy with the help of technology. Job Title: IBM SOAR Administrator / Automation Engineer Experience Required: Minimum 5+ years overall experience - 2+ years hands-on experience with IBM SOAR (Resilient) - 3+ years experience in Python scripting and API integrations Job Summary: We are seeking a skilled and proactive IBM SOAR Administrator / Automation Engineer to manage, customize, and enhance our Security Orchestration, Automation and Response (SOAR) platform. The candidate will be responsible for developing and maintaining playbooks, integrating various security and threat intelligence tools, and automating key SOC tasks to improve efficiency and response times. Key Responsibilities: ‚ Act as the Master Administrator for IBM SOAR platform ‚ Design, implement, and maintain automatic and manual playbooks based on SOC workflows and requirements ‚ Develop and manage custom scripts, functions, and workflows to support automation in IBM SOAR ‚ Setup and manage the IBM SOAR Integration Server ‚ Integrate IBM SOAR with various SOC tools (SIEMs, EDRs, firewalls, etc.) and threat intelligence platforms ‚ Automate manual processes handled by SOC analysts to streamline operations ‚ Collaborate with the SOC team to identify opportunities for orchestration and automation ‚ Maintain platform documentation and provide training to SOC team members as needed ‚ Perform regular system checks and updates to ensure platform reliability and security Required Skills and Qualifications: ‚ Strong hands-on experience with IBM SOAR (Resilient) platform ‚ Deep knowledge of IBM SOAR playbook creation, workflow design, and integration ‚ Proficiency in Python scripting and using RESTful APIs ‚ Working knowledge of HTML, JavaScript, CSS for UI-level customizations ‚ Familiarity with basic Linux commands and system operations ‚ Experience integrating security tools (SIEM, EDR, AV, firewalls) and threat intelligence feeds with SOAR ‚ Basic understanding of ticketing systems (ServiceNow, JIRA, etc.) ‚ Ability to work independently as well as collaboratively within a team ‚ Strong analytical, troubleshooting, and problem-solving skills Preferred Qualifications: ‚ IBM SOAR certification or equivalent training ‚ Exposure to other SOAR platforms like Palo Alto XSOAR, Splunk SOAR is a plus

Your role We are looking for an experienced and strategic Detection Engineer across India. The ideal candidate will have a strong background in cybersecurity, detection and Splunk Enterprise Security. Develop and maintain cyber threat detection and hunting capabilities for Organization. Actively research, innovate and uplift in the areas of threat detection and hunting. Develop and maintain attack & use case models against Organizations environment and systems for the purposes of detection and monitoring use cases. Build and maintain continuous validation and assurance of the detection and hunting pipeline. Maximise detection visibility, coverage, and return-on-investment to maintain a defensible architecture across the business. Develop threat/attack models to depict and model detection of known attack vectors. Work with Threat Intelligence, Incident Response and Cyber Orchestration teams to prioritise and develop detection and orchestration capability. Work with the Red Team to actively test and validate detection capabilities Your Profile 5+ years of experience in a CSOC, Cyber detection, Threat Hunting and/or SOAR development role. 5+ years developing detections within a SIEM environment. Experience working with security tools such as endpoint detection and response systems, network anomaly detection, etc. Designing and implementing threat/attack modelling to derive abuse cases, detection logic and automation course of actions. Well versed in the development of detection and hunting strategies for a broad range of cyber threats, including malware, DDOS, hacking, phishing, lateral movement and data exfiltration in the Financial Services sector or similar. Knowledge of the frameworks like NIST Cybersecurity framework, MITRE ATT&CK, Lockheed Martin Cyber Kill Chain or similar methodologies is required What you"ll love about working here You can shape yourcareerwith us. We offer a range of career paths and internal opportunities within Capgemini group. You will also get personalized career guidance from our leaders. You will get comprehensive wellness benefits including health checks, telemedicine, insurance with top-ups, elder care, partner coverage or new parent support via flexible work. At Capgemini, you can work on cutting-edge projectsin tech and engineering with industry leaders or createsolutionsto overcome societal and environmental challenges