482 Soar Jobs - Page 11

Continue to make an impact with a company that is pushing the boundaries of what is possible. At NTT DATA, renowned for technical excellence, leading innovations, and making a difference for clients and society. The workplace embraces diversity and inclusion, offering a place where you can grow, belong, and thrive. Your career here is about believing in yourself, seizing new opportunities and challenges, expanding skills, and expertise in your current role while preparing for future advancements. Encouraged to take every opportunity to further your career within the great global team. The Security Managed Services Engineer (L1) is an entry-level engineering role responsible for providing a managed service to clients to ensure operational Firewall infrastructure. The role involves proactively identifying, investigating, and routing incidents to the correct resolver group. The primary objective is to ensure zero missed service level agreement (SLA) conditions, focusing on first-line support for standard and low complexity incidents and service requests. Additionally, the Security Managed Services Engineer (L1) may contribute to project work as needed. **What you'll be doing:** **Academic Qualifications and Certifications:** - BE/BTech in Electronics/EC/EE/CS/IT Engineering - At least one security certification such as CCNA Security, CCSA, CEH, CompTIA **Required Experience:** - Minimum 2 years of experience in handling security-related products & services, preferably SIEM solution. - Adequate knowledge of security devices like firewalls, IPS, Web Application Firewall, DDOS, EDR, Incident response, SOAR, and other security devices. - Construction of SIEM content required for Content Outputs. - Knowledge of packet level analysis, networking protocols, technologies, and network security. - Sound analytical and troubleshooting skills. **Key Responsibilities:** - Monitor client infrastructure and solutions, identifying problems and errors before or when they occur. - Investigate first-line incidents, identifying root causes. - Provide telephonic or chat support to clients. - Schedule maintenance activity windows for patching and configuration changes. - Follow required handover procedures for shift changes. - Report and escalate incidents as necessary. - Ensure efficient resolution of incidents and requests, update knowledge articles, identify optimization opportunities, and contribute to project work as required. - Implement and deliver Disaster Recovery functions and tests. - Perform any other related task as required. **Workplace type:** On-site Working **Equal Opportunity Employer**,

What we’re looking for In this dynamic Information Security Analyst III role, you'll be at the forefront of protecting SurveyMonkey by crafting sophisticated threat detections and staying ahead of emerging threats within the security operations team. You will be reporting to the Information Security Manager. Leveraging your expertise in SIEM query languages, you'll play a key role in identifying and mitigating risks, ensuring the company's security posture remains robust. We are looking for someone who has experience in automation and is constantly challenged to expand their knowledge of the latest security trends while contributing to the defense of a widely trusted service. What you’ll be working on Monitor and triage security events, identify vulnerabilities, and respond to security incidents. Develop and refine security automation playbooks. Expertise in creating threat detections and staying abreast of new and evolving threats. Ability to conduct research and log analysis into IT security issues and products as required. Deploy, manage and maintain all security tools and ensure strong security posture of corporate devices. We’d love to hear from people with Bachelor degree in Information Security, Cybersecurity, Information Technology, or a related field. 8+ years of hands-on experience in IT security, compliance or incident response. Strong familiarity with SIEMs, EDR, SOAR platforms (e.g.,CrowdStrike, LogScale, XSOAR) Working experience with MITRE ATT&CK and Cyber Kill Chain frameworks Experience with AWS cloud security monitor and detection tools. (e.g, AWS GuardDuty, AWS Cloudwatch or AWS CloudTrail or similar) Ability to effectively prioritize and execute tasks in a high-pressure environment. Certifications preferred: Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), CompTIA Security+, Certified Information Security Manager (CISM), or similar. SurveyMonkey believes in-person collaboration is valuable for building relationships, fostering community, and enhancing our speed and execution in problem-solving and decision-making. As such, this opportunity is hybrid and requires you to work from the SurveyMonkey office in Bengaluru 3 days per week. #LI - Hybrid

SOC Analyst Core Responsibilities Monitor security dashboards and alerts to identify potential threats. Respond to security incidents by following established response plans. Conduct threat hunting to proactively identify vulnerabilities and potential threats. Collaborate with other departments, such as network engineering and incident response teams, for coordinated threat response. Analyze security incidents and document findings to prevent future occurrences. Develop and maintain security monitoring tools and processes. Implement and optimize SIEM, SOAR, EDR, and Threat Intelligence platforms. Conduct vulnerability assessments and penetration tests to identify weaknesses. Create and maintain incident response procedures and playbooks. Provide detailed reports on security incidents and emerging threats. Stay updated with the latest cybersecurity trends and threats. Experience 7-9 years of experience in cybersecurity, with a focus on SOC operations. Extensive experience with security monitoring tools and incident response. Proficiency in threat hunting and vulnerability analysis. Strong knowledge of network protocols, operating systems, and common cybersecurity threats. Experience with SIEM, SOAR, EDR, and Threat Intelligence platforms. Ability to conduct in-depth threat intelligence analysis and develop containment strategies. Experience in conducting vulnerability assessments and penetration tests. Excellent analytical and problem-solving skills. Strong communication and collaboration skills. Knowledge of frameworks such as NIST Cybersecurity framework, MITRE ATT&CK, and Lockheed Martin Cyber Kill Chain.

As the Director of Engineering for Connectors and Platform Integrations at our company, you will play a crucial role in leading and scaling our efforts to build high-impact integrations across cloud platforms, third-party applications (on-premises and cloud), security tools, and partner ecosystems. Your main focus will be to enhance the interoperability of the Qualys Enterprise TruRisk Platform with the broader security and IT operations ecosystem. You will be responsible for leading multiple engineering teams that are dedicated to developing scalable connectors, APIs, SDKs, and integration solutions. These solutions will empower our customers to extract maximum value from the Qualys Enterprise TruRisk Platform. The ideal candidate will have a proven track record in building and managing high-impact connectors in the cybersecurity domain. Your key responsibilities will include: - Leading engineering efforts for developing and maintaining connectors and integrations with third-party platforms, including cloud providers (AWS, Azure, GCP), security tools, ITSM systems, and other enterprise applications. - Building and nurturing technical partnerships with vendors, technology partners, and integration collaborators to expand the Qualys Enterprise TruRisk Platform ecosystem. - Collaborating with Cross-Functional Engineering Teams, Product Management, Solution Architects, and Sales Engineering teams to define integration strategies and prioritize development based on customer needs and strategic initiatives. - Overseeing the architecture and delivery of integration components to ensure they meet performance, scalability, and security requirements. - Managing, mentoring, and scaling high-performing engineering teams, with a focus on execution, innovation, and excellence. - Owning the roadmap and execution for integration-related initiatives, ensuring on-time delivery and alignment with business goals. - Acting as a senior technical leader, driving engineering best practices and fostering a culture of continuous improvement and collaboration. - Representing Qualys in partner-facing engagements, technical workshops, and integration strategy meetings. To qualify for this role, you should have: - 12+ years of experience in software engineering, with at least 5+ years in a senior leadership role. - A proven track record in building and delivering enterprise-scale platform integrations and connectors for technologies such as SIEM, SOAR, CMDB, Ticketing Systems, and ITSM integrations. - Strong experience working with cloud providers (AWS, Azure, GCP), RESTful APIs, webhooks, message brokers, and modern integration frameworks (Apache Camel, Apache NiFi). - Knowledge of API gateways, authentication protocols (OAuth, SAML), and integration security best practices. - Familiarity with data normalization, transformation, and sync mechanisms with Connector development. - Deep understanding of partner ecosystem management, including collaboration, co-development, and joint delivery. - Exposure to working with partner certification programs. - Excellent stakeholder management and communication skills; able to bridge technical and business conversations across internal and external teams. - Demonstrated ability to lead cross-functional initiatives and manage engineering teams in a distributed and agile environment. - Expertise with programming languages such as Java. - A Bachelors or Masters degree in Computer Science, Engineering, or a related field.,

As an ideal candidate for the role, you should possess a total experience of 6+ years with a minimum of 5 years dedicated to SOAR (Security Orchestration, Automation, and Response). Additionally, you must have at least 4 years of experience at the L2 level. We are specifically seeking individuals who are proficient experts in SOAR technology. Your primary responsibilities will include creating and managing security playbooks aimed at automating incident response procedures. It will be essential for you to assess security incidents and identify areas where automation can be implemented effectively. Furthermore, you will be tasked with enhancing existing playbooks for improved efficiency and efficacy. In this role, you will play a crucial part in testing and validating the playbooks to guarantee their accuracy and reliability. You will also be expected to develop integrations with various security tools, systems, and APIs. This involves mapping data flows between different systems to ensure data consistency. Your expertise will be crucial in creating custom scripts and connectors to facilitate seamless integrations. Moreover, you will be responsible for implementing robust error handling and troubleshooting mechanisms for these integrations. This will involve ensuring that the integrations are functioning effectively and efficiently. Your role will be vital in maintaining the integrity and smooth operation of the security automation processes. Overall, your contribution will be instrumental in driving the automation of incident response procedures and enhancing the overall security posture of the organization.,

Experience in working with tools like CrowdStrike, Proofpoint, Proxy, SIEM like Google SecOps, Azure Sentinel and understanding of SOAR/MDR platforms (Demisto, Resilient etc.) Good knowledge of cyber kill chain, recent threats and MITRE ATT&CK techniques and tactics. Experience in Manual Threat Hunting, effective dashboard, views, reports, alarm understanding. Regularly review standard operating procedures. Helping client in mitigating critical incidents. Advanced Device Health Management, Threat Intel feeds knowledge. Good functional knowledge of cloud, linux, windows, EDR, sandbox, firewall, IDS/IPS, AV, WAF, AD, DNS etc. Must have any one of CEH/ECSA/CHFI/ACISE. Excellent communication and presentation skills. Open to work on 24x7 shifts from office. Preferred Skills: Azure Sentinel SIEM,SOAR Concept,Cyber Security,SOC Monitoring

Experience: Minimum 5+ years of experience in Enterprise Elastic, kibana and logstash (ELK stack for SIEM) administration. Which includes designing, deploying and managing SOC environments & deploying Microsoft Sentinel Content

Key Responsibilities : The Identify Service Line is responsible for identifying, assessing and analyzing all of the cyber threats and vulnerabilities that can affect the Group. This Service Line is composed of three main activities : - Cyber Threat Intelligence (CTI) - Vulnerability Assessment - Sandboxing You will be hierarchically attached to the IT Manager responsible of the CyberSOC team based in India and will daily refer to the Identify Service Line Team Leader based in India and the Identify Service Line Manager based in France. The Cyber Threat Intelligence Analyst will be in charge of delivering these three services : - Collect, analyze and exploit customized outputs from our Cyber Threat Intelligence partner and open-source intelligence to anticipate emerging cyber threats and get knowledge on threat actors, tactics, techniques and procedures : - Performs cyber threat hunting on Indicators of Compromise (IoCs) through our security tools (EDR, SIEM, SOAR, etc.) to detect prior compromise. - Ask for blocking IoCs in anticipation in our different security tools (EDR, Antivirus, Proxies, Email Protection solution, etc.). - Communicate on vulnerabilities related to the software used in the Saint-Gobain's scope. - Update on a regular basis our software inventory in the scope of Vulnerability Assessment Service. - Analyze on request the maliciousness of packages and files in our sandbox and formalize synthesis. - Produce and communicate monthly KPIs on each activity. Qualification : - Bachelor's Degree in Computer Engineering, Information Technology or any relevant certifications. - Experience in investigating and reporting on cyber-attacks. - Ability to demonstrate comprehensive, practical knowledge of research/collection skills and analytic methods. - Strong technical skills with an interest in open source intelligence investigations and malware analysis. - In-depth knowledge of security tools such as SIEM, IDS/IPS, web proxies, SIEM and firewalls. - Team-oriented and skilled in working within a collaborative environment and with other Service Lines. - Good sense of priorities and good sense of initiative. - Rigorous and autonomous. - Excellent writing skills in English and ability to communicate complicate technical challenges in a business language to a range of stakeholders.

Job Purpose/Summary : - Evaluate and enhance the performance of SIEM/SOAR systems to ensure optimal threat detection and incident response. - Develop and maintain automation scripts and playbooks to streamline incident detection, analysis, and response processes. Leverage SOAR capabilities to reduce manual intervention and improve response times. - Oversee the day-to-day administration of SIEM/SOAR platforms, ensuring their availability, reliability, and security. Perform regular updates, patches, and configuration changes. - Collaborate with the Incident Response team to ensure seamless integration of detection and response functions. Provide support during security incidents to ensure timely and effective remediation. - Work closely with other IT and security teams to develop specific use cases and to enhance the overall security posture of the organization. Share insights and recommendations to improve overall cybersecurity posture. - Maintain detailed documentation of automation, scripts, and improvement. - Manage execution of standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/SOAR platforms. - Manage technical documentation around the content deployed to the SIEM/SOAR. - Manage reports, dashboards, metrics for CyberSOC KPIs and presentation to senior management & other stakeholders. Qualification: - Bachelor's degree in Computer Science, Information Security, EXTC or related field. - Relevant certifications (e.g., CISSP, CCSP, CompTIA Security+) are highly desirable. - Proven experience (3+ years) working within the Cybersecurity field, with a focus on security platform implementation & administration. - Experience with deploying and managing a large SIEM/SOAR environment. - Experience with Palo Alto XDR and/or other SIEM platforms like Sentinel, Qradar, Splunk, ArcSight, etc. - Experience with Palo Alto XSOAR and/or equivalent SOAR Platforms like Resilient, Phantom, etc. - Proficiency in scripting languages (e.g., Python, Bash) for automation and customization of security processes is highly desirable.

We are seeking a skilled and proactive Network Security Engineer with strong expertise in managing and implementing Netskope Proxy Solutions. The ideal candidate will have a solid background in network security, hands-on experience with various proxy tools and protocols, and a proven track record of maintaining, analyzing, and troubleshooting network security environments in complex setups. Key Responsibilities: Manage and maintain Netskope Proxy solutions across enterprise environments including DC, DR, Cloud, and Branch offices. Commission, implement, and integrate Proxy with authentication and authorization systems (AD, IAM, Email, SIEM, etc.). Automate routine processes using scripting/configuration tools and integrate with SOAR platforms. Manage proxy policies, access rules, and exception handling. Perform packet capture analysis and in-depth troubleshooting (OSI Layers 1-7). Respond to and investigate Proxy-related incidents, outages, and compliance findings. Coordinate with users and cross-functional teams for issue resolution and change implementations. Ensure adherence to network security policies, standards, and procedures. Create and maintain technical documentation including SOPs, network diagrams, and audit reports. Monitor network health using tools and proactively identify potential service degradations. Provide mentorship and guidance to L1 and L2 engineers. Ensure timely ticket resolution and SLA compliance. Coordinate with OEMs for RMA, TAC support, firmware upgrades, and patching. Collaborate with helpdesk and IT teams during major incident handling and resolution. Report and track SLA performance and RCA documentation. Required Candidate Profile: Experience: 36 years in network security with minimum 3 years in managing Proxy solutions. Skills: Hands-on with Proxy solutions (deployment, management, policy design) Strong scripting/configuration experience (for automation/SOAR) Expertise in network troubleshooting (Wireshark/PCAP analysis) Good understanding of security integrations (AD, IDAM, PAM, SIEM, SOAR) Experience with incident/problem/change/configuration management practices SLA-based support handling and compliance closures Strong documentation and communication skills Leadership capabilities to manage and mentor junior engineers High level of accountability and ownership of assigned technologies

Senior SOC Eng to lead incident response, threat detection & automation initiatives for Rocket EMS's globl security operatn. SIEM/SOAR optimization, advanced threat hunting & direct response to cyberattacks across endpoints, cloud & identity systems.

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The Role Kyndryl’s Security & Resiliency is one of our most critical practices, ensuring enterprises, regardless of their size and complexity, remain secure, available, reliable, and resilient. We take Cybersecurity seriously. We're not just invested; we're committed. We're not just protecting data; we're empowering. Kyndryl is committed to making the world safer, not only by investing in state-of-the-art services and technologies but also by empowering underserved communities with essential cyber skills. When you walk through our doors, you're not only joining a team but you're also becoming part of a legacy. Welcome to Kyndryl, where Cybersecurity isn't just a job – it’s a passion; a commitment to designing, running, and managing the most modern and reliable technology infrastructure that the world depends on every day. As a Cybersecurity Defense professional at Kyndryl, you will encompass cybersecurity, incident response, security operations, vulnerability management, and the world of cyber threat hunting and security intelligence analysis all to protect the very heartbeat of organizations – their infrastructure. Responsibilities: Design & Implementation : Lead the design, configuration, and implementation of Cortex XSIAM solutions, ensuring they meet organizational security requirements and integrate with existing infrastructure. Expertise in XSIAM: Deep understanding of the XSIAM platform, its features, and capabilities, including log ingestion, correlation rules, detection strategy, and integration with other security tools. Keep up to date with the latest XSIAM features, releases, and security threats, ensuring ongoing expertise Log Ingestion and Optimization: Devise and implement log ingestion strategies, ensuring high-quality log sources are ingested. Monitor and optimize log sources for performance Detection Strategy: Design and implement effective detection strategies, including the creation and tuning of correlation rules to identify and alert on potential threats Correlation Rules: Create and fine-tune correlation rules to enhance security detections. Automation & Orchestration : Develop and maintain automated workflows, playbooks, and integrations to streamline incident response, threat detection, and security operations. Platform Optimization : Continuously monitor, tune, and optimize Cortex XSIAM performance, ensuring high availability and scalability. Security Operations Collaboration : Collaborate with Security Operations Center (SOC) teams to enhance incident management, response times, and threat intelligence sharing. Integration with Security Tools : Integrate Cortex XSIAM with SIEM, EDR, threat intelligence platforms, and other security tools to create a comprehensive security ecosystem. Problem Solving: Identify, analyze, and resolve technical issues related to XSIAM, providing effective solutions. Documentation and Reporting: Create and maintain technical documentation, training materials, and knowledge base articles for XSIAM. Maintain detailed documentation for system configurations, integrations, and workflows. Provide regular status reports to management on platform performance and incident metrics. Best Practices : Establish and maintain best practices for Cortex XSIAM configuration, workflow design, and incident response. Understanding of cybersecurity threats, vulnerabilities, and industry best practices. Customer Support and Consulting: Serve as a subject matter expert, providing consultative guidance to end-users on optimizing XSIAM usage. Training & Support : Provide training to internal teams and clients on Cortex XSIAM features, workflows, and incident response protocols. Act as a go-to resource for troubleshooting and technical support. Innovation & Continuous Improvement : Stay current with the latest developments in Cortex XSIAM and cybersecurity automation, bringing innovative ideas to enhance security operations. Incident Management and Investigation : Assist in the design and execution of automated response playbooks for common and emerging threats, ensuring rapid and effective resolution of incidents. Participate in incident response activities, including investigating security alerts and supporting incident resolution. Collaboration: Foster collaboration with internal and external teams to drive product adoption Threat Hunting: May be involved in proactive threat hunting activities, identifying potential vulnerabilities and threats. In this role, you won't just monitor; you'll actively engage in the relentless hunt for cyber adversaries. In a world where every click and keystroke could be a potential gateway for attackers, your role will be nothing short of critical as you seek out advanced threats, attackers, and Indicators of Compromise (IOCs). Your expertise in endpoint detection and response (EDR) will be the shield that safeguards individual workstations, laptops, servers, and other devices from cybercrime. Your responsibilities go beyond vigilance. When it comes to network security, you'll utilize Network Detection and Response (NDR) to monitor the ever-flowing currents of network traffic. The incident management process will be used as you respond and manage to cybersecurity incidents. Cybersecurity Defense is all about information. You'll gather, analyze, and interpret data applying your own and external threat intelligence to uncover potential security threats and risks. These insights and your ability to analyze complex attack scenarios will be the foundation of our security strategy – helping Kyndryl stay one step ahead of security breaches. In Cybersecurity Defense at Kyndryl, you’re not just protecting the present – you’re shaping the future of digital security. Join us on this cybersecurity venture where your expertise and creativity will have a lasting impact in the world of digital defense. Your Future at Kyndryl When you join Kyndryl, you're not just joining a company – you're entering a space of opportunities. Our partnerships with industry alliances and vendors mean you'll have access to skilling and certification programs needed to excel in Security & Resiliency, while simultaneously supporting your personal growth. Whether you envision your career path as a technical leader within cybersecurity or transition into other technical, consulting, or go-to-market roles – we’re invested in your journey. Who You Are You’re good at what you do and possess the required experience to prove it. However, equally as important – you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused – someone who prioritizes customer success in their work. And finally, you’re open and borderless – naturally inclusive in how you work with others. Required Skills and Experience 8 to 10 years of security analyst experience, preferably in a managed services environment in XSIAM Engineer In-depth expertise in Palo Alto Networks Cortex XSIAM (XSOAR) platform. Proficient in scripting languages (e.g., Python, JavaScript) for creating automated workflows and integrations. Strong understanding of security technologies such as SIEM, SOAR, EDR, XDR and threat intelligence platforms. Hands-on experience with Cortex XSIAM integrations (e.g., RESTful APIs, webhooks, etc.). Experience with developing and tuning playbooks, tasks, and workflows within the Cortex XSIAM platform. Knowledge of security best practices and frameworks such as MITRE ATT&CK, NIST, ISO 27001, etc. Preferred Skills and Experience Cortex XSOAR certification (e.g., Palo Alto Networks Cortex XSOAR Certified Automation Engineer). Security Operations and Incident Response certifications (e.g., GIAC, SOC Analyst). Being You Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way. What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. Get Referred! If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address.

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L2 Analyst has responsibility to closely track the incidents and support for closure. 10.Working with logsource and usecase management in integrating log sources and developing & testing usecase 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Developing SOP / instruction manual for L1 team 13.Guiding L1 team for triage/analysis and assist in clousure of cybersecurity alert and incidents 14.Handle XDR alerts and followup with customer team for agent updates 15.Escalate more complex incidents to L3 SME for deeper analysis. Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.3-7 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques. Preferred technical and professional experience Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications"

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L2 Analyst has responsibility to closely track the incidents and support for closure. 10.Working with logsource and usecase management in integrating log sources and developing & testing usecase 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Developing SOP / instruction manual for L1 team 13.Guiding L1 team for triage/analysis and assist in clousure of cybersecurity alert and incidents 14.Handle XDR alerts and followup with customer team for agent updates 15.Escalate more complex incidents to L3 SME for deeper analysis. Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.3-5 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques. Preferred technical and professional experience Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications

Key Skills: Cybersecurity, Incident Response, SIEM, SOAR, MDR, Threat Hunting, Python, Bash, SQL, AWS, Azure, GCP, MITRE ATT&CK, Splunk, QRadar, CrowdStrike, Microsoft Defender, Palo Alto, Datadog. Roles & Responsibilities: Investigate security incidents related to network traffic, IAM violations, and unauthorized access. Analyze security detection rules, alerts, and correlation logic to identify malicious activities. Conduct threat hunting activities to proactively identify potential threats within the environment. Participate in incident response efforts, including containment, eradication, and recovery. Collaborate with the software development & SRE teams. Onboard customers and guide them through integration with MDR platforms. Ensure customer satisfaction and provide strategic security recommendations. This is a fully onsite role that requires high availability and proactive engagement. On-call/rotational work required. Experience Requirement: 3-8 years of experience in cybersecurity operations and advanced threat detection. Experience with SIEM platforms, Security orchestration platforms (SOAR), or specialized MDR providers such as Splunk, QRadar, CrowdStrike Falcon, Datadog, SentinelOne, Microsoft Defender, Palo Alto Cortex XDR, Panther, etc. Experience with threat hunting methodologies. Experience with databases and SQL. Scripting experience with Python and Bash. Ability to work in a team and in a 24/7 environment. Good written and verbal communication skills. MITRE ATT&CK framework knowledge is a plus. Cybersecurity certifications are a plus. Education: Any Graduation.

Location : Mumbai, Delhi / NCR, Bengaluru , Kolkata, Chennai, Hyderabad, Ahmedabad, Pune, Remote (India-based preferred) Experience Required : 710 Years Employment Type : Contract Primary Skills Cloud Security, AWS, IAM, DLP, Security Consultant, Data Encryption, Logging, Secrets Management, Security Posture, Risk Assessment, Compliance Frameworks, SIEM, SOAR, Incident Response, Automated Security, AIin Security Job Description We are seeking an experienced Security Consultant with 710 years of deep technical expertise across AWS security practices, posture assessment, incident response, and automation in security environments. The ideal candidate will play a key role in advising on cloud security design, conducting risk assessments, and strengthening compliance and data protection mechanisms in cloud-native environments. Key Responsibilities Lead cloud security strategy and implementation for AWS-based applications Conduct Security Posture Assessments, identify gaps, and define risk prioritization plans Implement and manage AWS security controls: IAM (Identity & Access Management) Network Security & Logging Data Encryption & Secrets Management Ensure adherence to compliance frameworks (ISO 27001, NIST, CIS, etc.) Implement Data Loss Prevention (DLP), Data Masking/Obfuscation solutions Drive SIEM/SOAR integration for intelligent threat detection and response Develop and maintain Incident Response plans and coordinate response activities Conduct automated security scanning and integrate into DevSecOps pipelines Provide consultation and innovation around Agentic AI applications in security Qualifications 7+ years of hands-on experience in cloud security, with a focus on AWS Deep knowledge of IAM, encryption, secrets management, and compliance frameworks Experience with SIEM/SOAR platforms, automated scanning tools, and AI-driven security solutions Strong documentation, communication, and stakeholder collaboration skills Ability to work independently in a remote team structure

10+ years of work experience in cyber security /Information security project, with progressive work experience in cybersecurity and technical project management, three years of which shall have been in a technology project oversight capacity. Graduation/Post graduation in, Computers, Information Systems, Computer Science, or Information technology systems At least one technical certification (CCNA/MCSE/ RHCE/Etc) Have a PMP or equivalent project management certification At Least one cyber security certification (CISSP/CISM/CEH/ COBIT/ CompTia/etc.) Experience with Network Security design and Active Directory management and architecture. Experience with NIST Cybersecurity Framework and Risk Management Framework is strongly preferred. Technical Skills: Splunk Security: Execute Splunk application upgrades to maintain system robustness.Security and Monitoring (SIEM): Proactively address missing data sources to improve overall system integrity and response quality. Application and Infrastructure Security Hardening:& Document security hardening processes comprehensively to ensure clarity and repeatability. Collaborate with application and infrastructure teams to implement security configurations based on identified hardening requirements - SOAR (XSOAR): Ensure seamless integration of SOAR workflows with existing security systems. Project Management Skills: Strong understanding of critical PM concepts such as activity plans, milestones, task dependencies, risk and issue tracking, status reporting. Ability to effectively lead an engagement team, making effective and efficient use of project resources, identifying and resolving complex problems/issues related to people, processes, and technology and strategy, both internally (organizational) and externally (client/engagement/project). Strong understanding of, and ability to execute project management methodologies and tools. The ability to function in a fast moving and rapidly changing environment, make quick sense of it all and add value beyond just a task-oriented doer or project manager; display strong oral and written communication skills from the top down; demonstrate problem solving and analytical skills. The ability to work on multiple projects simultaneously and balance conflicting demands. The Ability to manage projects and teams that do not always report through the same department. Roles & Responsibilities - Develop and implement project plans that support business objectives, timelines, budgets, milestones, deliverables and success criteria. Drive day to day execution of the project task to ensure activity plans remain relevant and are being executed effectively, for all deliverables on defined schedule. Prepare project status reports and conduct meetings regularly on progress, risks, issues, and recommended solutions. Responsible for the identification of project measurements in order to measure, track and report on the progress of migrations against established targets as well as the overall effectiveness of the migration project. Defines the project requirements, ensuring that the requirements catalogue traceability matrix is complete, follow up with stakeholders for their task status. Manages business and project risks, producing an effective plan and risk assessment, so that timescales and project costs are understood and underwritten by all by the appropriate parties. Accountable for managing and tracking the project costs and supporting Business Units in meeting payment milestones. Work with sensitive, confidential and/or proprietary information while maintaining the highest level of confidentiality, professionalism, and ethics. Resource and task monitoring for all deliverables. Creating HLD/LLD documents with support of Technical SMe. Creating Knowledge transfer documents Generate sign off request for Project Closure. Contact Person - Supraja. Email - supraja@gojobs.biz

Minimum 2-4 years of experience in Security Operations Centre Experience across SOC domains use case creation, incident management, threat hunting, threat intelligence etc. Solid understanding of cyber security, network security, end point security concepts Good understanding of recent cyber threats, latest attack vectors Must have experience in any one SIEM (Splunk), EDR and SOAR solution Must have experience in leading/managing SOC shifts Experience in shift roster creation, resource management etc. Will be responsible for critical incident investigation, use case review, mentoring Shift Leads, SLA management etc.

As a Presales Consultant at Netenrich, you will play a crucial role in the sales process, specializing in advanced cybersecurity solutions with a focus on SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) technologies. Your deep understanding of these technologies will enable you to tailor solutions to meet the unique security needs of our clients. Your responsibilities will include collaborating with the sales and marketing teams to drive sales by presenting and demonstrating comprehensive security solutions that incorporate SIEM and SOAR capabilities. You will oversee partner support for Netenrich partners, managing account management, pricing and quoting support, and identifying opportunities to drive growth in partner accounts. To excel in this role, you must become intimately familiar with partner businesses, work closely with the sales team to identify growth opportunities, and assist partners with day-to-day requirements such as pricing, quoting, and solution development. You will be responsible for presenting and demonstrating cybersecurity solutions to clients, addressing technical queries, and ensuring a high-quality customer experience throughout the partner/customer lifecycle. Qualifications and Requirements: - Ability to quickly understand client business structures and needs - Professional certifications in cybersecurity such as CISSP, CISM, or CISA preferred - Strong understanding of various cybersecurity concepts, technologies, and best practices - Sales acumen and the ability to understand client needs - Experience in working with US channel partners preferred - Proficient at communicating with US sellers and professionals - Ability to develop and execute efficient and repeatable business processes - Comfortable interacting with senior executives, sales technical, engineering, and operations teams - Efficient multitasking and prioritization skills - Prior experience in Security Services, Information Technology, and Management Services If you are a self-motivated individual with a passion for cybersecurity and a track record of success in presales roles, we invite you to join our team at Netenrich and make a significant impact on our partner relationships and revenue growth.,

Experience with Network Architecture Review and Firewall Rule-base Audit. Strong understanding of OWASP top 10 and SANS top 25 programming errors.Threat Hunting, attack identification, investigation, correlation and suggesting mitigation measures. Required Candidate profile Experience on Vulnerability Assessment and Penetration Testing for Infrastructure / network / web application / databases.Propose, plan, & execute Red Team operations based on threats to organization.

The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: SOAR Tools. Experience: 5-8 Years.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: SOAR Tools. Experience:8-10 Years.

Role & responsibilities Minimum experience 8 years experience in SIEM and SOAR engineering work. Knowledge on XSOAR, Sentinel SOAR, Splunk Phantom, IBM QRadar, Microsoft Sentinel, Tines SOAR. Should have experience configuring Security Orchestration, Automation, and Response tools, scripts, events, and playbooks. Should be well versed with XSOAR application components and know how to configure it and implement system updates. Should be able to create and maintain custom content and playbooks. Should be able to troubleshoot client/server issues. Should be able to manage and maintain the health of Security Orchestration, Automation, and Response infrastructure manager/clients. Must possess strong Python, JavaScript and other scripting skills to automate system maintenance tasks. Must be comfortable and proficient in use of regular expression (regex). Must have a solid understanding of REST/SOAP/WSDL/XML (Web Services), HTTP Request Methods. Must possess strong analytical, problem solving and documentation skills• Experience in creating threat detection use cases on any SIEM tools (QRadar/Sentinel/Splunk) Experience in Log Source integration for use case and SOAR automation Strong defensive mindset with understanding of security events of interest for building detection rules Experience with programming (preferably Python, REST API), automation or machine learning Good in query languages like SQL, KQL, AQL from Splunk, Sentinel and QRadar pov Good command of the English language, both written and verbally Must demonstrate strong oral and written communication skills, with the ability to communicate technical topics to management and non-technical audiences Apply here: https://career.infosys.com/jobdesc?jobReferenceCode=INFSYS-EXTERNAL- 218424

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an L1 SOC Analyst you are the first line of defense in monitoring and triaging security alerts. You will work primarily with Sumo Logic SIEM and SOAR tools to identify potential security incidents, validate alerts, and escalate them according to the defined SOPs. You will ensure real-time visibility and log health while flagging suspicious activity promptly. This role is essential to ensuring timely detection and reducing noise from false positives Roles & Responsibilities:--Basic Security Knowledge:Understanding of key concepts (malware, phishing, brute force, etc.-SIEM Familiarity:Exposure to Sumo Logic UI and understanding how to read/query logs-Exposure to CrowdStrike Falcon Console:Ability to view and interpret endpoint alerts-Alert Triage:Ability to differentiate between false positives and real threats-Communication Skills: Clear written documentation and verbal escalation-Ticketing Systems:Familiarity with platforms like JIRA, ServiceNow, or similar-Basic understanding of cybersecurity fundamentals-Basic Scripting:Awareness of PowerShell or Python for log parsing-SOAR Exposure:Familiarity with automated triage workflows-Security Certifications:Security+, Microsoft SC-900, or similar certification-Operating System Basics:Windows and Linux process and file system awareness Professional & Technical Skills: -Monitor real-time alerts and dashboards in Sumo Logic SIEM-Perform initial triage on alerts and determine severity/priority-Escalate validated security incidents to L2 analysts per defined SOPs-Follow pre-defined SOAR playbooks to document or assist in response-Ensure alert enrichment fields are populated like host info, user details, etc.-Conduct basic log searches to support alert analysis-Perform daily health checks on log sources and ingestion pipelines-Maintain accurate ticket documentation for each alert handled-Participate in shift handovers and team sync-ups for awareness-SIEM:Basic log searching, correlation rule awareness-SOAR:Familiarity with playbook execution-Security Concepts:Basic understanding of malware, phishing, brute force-Tools:CrowdStrike EDR, Sumo Logic Additional Information:- The candidate should have minimum 2 years of experience in Security Information and Event Management (SIEM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Level 2 SOC Analyst, your role involves deeper investigation of security alerts and confirmed incidents. You will validate escalated events using Sumo Logic and CrowdStrike Falcon, enrich them with context, and work closely with L3 analysts to assist in containment and timely remediation. You will also assist in improving detection fidelity and supporting SOAR automation. Roles & Responsibilities:-Intermediate Sumo Logic SIEM query and dashboarding skills-Alert Triage & Investigation:Experience investigating escalated alerts using SIEM or EDR-Hands-on experience with CrowdStrike EDR investigations-Incident Response and Containment:Take necessary actions to contain, eradicate and recover from security incidents.-Malware Analysis:Perform malware analysis using the sandboxing tools like CS etc.-SOAR Execution:Running and modifying basic playbooks in Sumo Logic SOAR-Incident Reporting and Documentation:Strong reporting skills with accurate detail capture to provide the RCA for the true positive security incidents with detailed documentation.-Communication & Collaboration:Send emails to request information, provide updates, and coordinate with different teams to ensure tasks are completed efficiently.-MITRE ATT&CK Mapping:Ability to classify incidents with tactics/techniques-Alert fine tuning recommendations to reduce false positive noise-Investigate alerts escalated by L1 to determine scope, impact, and root cause-Perform in-depth endpoint and network triage using CrowdStrike-Use CrowdStrike Falcon to perform endpoint analysis and threat validation-Correlate multiple log sources in Sumo Logic to trace attacker activity-Execute or verify SOAR playbooks for containment actions (isolate host, disable user)-Enrich events with asset, identity, and threat intelligence context-Document investigation workflows, evidence, and final conclusions-Support L3 during major incidents by performing log or memory triage-Suggest improvements in alert logic or SOAR workflow to reduce false positives-Conduct threat research aligned to alert patterns and business context-Enhance alert fidelity with threat intel and historical context-Document investigation findings and communicate with stakeholders Professional & Technical Skills: -Exposure to threat hunting techniques-Scripting to assist SOAR playbook tuning-Triage Automation:Ability to identify playbook gaps and recommend improvements-Cloud Security Basics:Awareness of log patterns from AWS/Azure-Log Analysis:Correlation and trend identification in Sumo Logic-Certifications:SC-200, CySA+, ECSA or relevant advanced certification-SIEM:Advanced queries, dashboards, correlation logic-SOAR:Execute and troubleshoot playbooks-Tools:CrowdStrike (RTR, detections, indicators), Sumo Logic SIEM-Threat Analysis:IOC enrichment, TTP identification-Primary Skill:Incident Investigation and Enrichment Additional Information:- The candidate should have minimum 3 years of experience in Security Information and Event Management (SIEM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education