482 Soar Jobs - Page 12

About The Role Project Role : Security Delivery Lead Project Role Description : Leads the implementation and delivery of Security Services projects, leveraging our global delivery capability (method, tools, training, assets). Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 15 year(s) of experience is required Educational Qualification : be btech mtech Summary :As a Security Delivery Lead, you will lead the implementation and delivery of Security Services projects, leveraging our global delivery capability. You will be responsible for ensuring the successful execution of projects, utilizing our method, tools, training, and assets. Your role will involve overseeing the entire project lifecycle, from planning and design to implementation and post-implementation support. You will collaborate with cross-functional teams and stakeholders to ensure the delivery of high-quality security solutions. Roles & Responsibilities:- Expected to be a SME with deep knowledge and experience.- Should have Influencing and Advisory skills.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Expected to provide solutions to problems that apply across multiple teams.- Lead the implementation and delivery of Security Services projects.- Utilize global delivery capability, including method, tools, training, and assets.- Oversee the entire project lifecycle, from planning and design to implementation and post-implementation support.- Collaborate with cross-functional teams and stakeholders to ensure the delivery of high-quality security solutions. Professional & Technical Skills: - Must Have Skills: Proficiency in Security Information and Event Management (SIEM). Proficiency in consulting (solutioning work with presales, RFP's, estimation), client management, SOC Delivery- Strong understanding of security principles and best practices.-Deep expertise in SIEM, SOAR and Incident Response- Experience in designing and implementing security solutions.- Knowledge of security frameworks and standards (e.g., ISO 27001, NIST).- Experience in conducting security assessments and audits.- Good To Have Skills: Experience with security incident response and threat intelligence.- Familiarity with security technologies and tools (e.g., firewalls, IDS/IPS, SIEM).- Knowledge of cloud security and emerging trends in the security industry. Additional Information:- The candidate should have a minimum of 15 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A B.e B.tech M.tech is required. Qualification be btech mtech

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As the SOC L3 Analyst you will lead the technical handling of critical security incidents. Youll be responsible for deep-dive analysis, root cause investigation, forensics, and containment using tools such as CrowdStrike, Sumo Logic SIEM, and SOAR. You will be responsible for onboarding and managing log sources, building SIEM use cases (custom + in built), and developing automation in SOAR to support incident response and threat detection workflows Roles & Responsibilities:-End-to-End Incident Response Ownership:Ability to handle incident lifecycle (detect, contain, remediate)-Subject matter expert for handling the escalated critical or actual true positive incidents.-CrowdStrike Deep Dive:Using Real Time Response (RTR), Threat Graph, custom IOA rules-Strong command over Sumo Logic SIEM content engineering:Creating detection rules, dashboards, and field extractions-Threat Hunting:Behavior-based detection using TTPs-SOAR Automation:Designing playbooks, integrations with REST APIs, ServiceNow, CrowdStrike-Threat Intel Integration:Automation of IOC lookups and enrichment flows-Forensic Skills: Live host forensics, log correlation, malware behavioral analysis-Deep experience in advanced threat detection and incident response-Scripting Proficiency:Python, PowerShell, Bash for automation or ETL-Error Handling & Debugging:Identify and resolve failures in SOAR or data pipelines-Proficiency in CrowdStrike forensic and real-time response capabilities-Experience Sumo Logic SOAR for playbook optimization-Use case development in Sumo Logic SIEM Professional & Technical Skills: -Lead high-severity incident response, coordinating with stakeholders and IT teams-Perform endpoint forensic triage using CrowdStrike Real Time Response (RTR)-Conduct detailed log analysis and anomaly detection in Sumo Logic-Customize or create new detection rules and enrichments in SIEM-Develop/Tune SOAR playbooks for advanced scenarios, branching logic, and enrichment-Perform root cause analysis and support RCA documentation-Mentor L1 and L2 analysts through case walk-throughs and knowledge sharing-Generate post-incident reports and present findings to leadership-Lead investigations and coordinate response for major incidents-Perform root cause analysis and post-incident reviews-Develop advanced detection content in Sumo Logic-Optimize SOAR playbooks for complex use cases-Onboard and maintain data sources in Sumo Logic SIEM and ensure parsing accuracy-Build custom dashboards, alerts, and queries aligned with SOC use cases-Create and maintain field extractions, log normalization schemas, and alert suppression rules-Integrate external APIs into SOAR (e.g., VirusTotal, WHOIS, CrowdStrike)-Monitor log health and alert performance metrics; troubleshoot data quality issues-Collaborate with L3 IR and Threat Intel teams to translate threat use cases into detections-Participate in continuous improvement initiatives and tech upgrades-Conduct playbook testing, version control, and change documentation-CrowdStrike:Custom detections, forensic triage, threat graphs-SIEM:Rule creation, anomaly detection, ATT&CK mapping-SOAR:Playbook customization, API integrations, dynamic playbook logic-Threat Intelligence:TTP mapping, behavioral correlation-SIEM:Parser creation, field extraction, correlation rule design-Scripting:Python, regex, shell scripting for ETL workflows-Data Handling:JSON, syslog, Windows Event Logs-Tools:Sumologic SIEM, Sumo logic SOAR & Crowdstrike EDR-Exp in in SOC/IR including 4+ in L3 role (IR + SIEM Content Engineering & SOAR) Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Responsibilities: * Conduct threat analysis using SIEM, SOC tools on AWS/Azure/GCP clouds. * Monitor web apps with WAF, IPS; respond to incidents promptly. * Collaborate with security teams on incident response plans. Health insurance Provident fund

Dream11 is seeking a skilled Senior Security Engineer - Security Operations to strengthen our defense against evolving threats. If you have over 5 years of experience in SecOps, incident response, or threat hunting, and a strong background in SIEM implementation, you'll be crucial in maintaining security compliance and building automated defense frameworks. Your Role Integrate data sources, analyze logs, write/fine-tune alerts, and maintain security compliance across the infrastructure. Manage and implement SIEM solutions for both on-premise and cloud architectures. Develop and optimize the incident response framework , including processes, playbooks, and documentation. Develop and optimize the threat hunting/intelligence framework , including processes, playbooks, and documentation. Build automated frameworks to remediate threats without human intervention based on incident response policies. Effectively communicate with internal and external stakeholders to drive the security operations roadmap . Qualifiers 5+ years of work experience in SecOps/Incident Response/Threat hunting (Blue Team)/SIEM tool implementation . Working knowledge of security technologies like EDR/Firewalls/Antivirus/SOAR .

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L2 Analyst has responsibility to closely track the incidents and support for closure. 10.Working with logsource and usecase management in integrating log sources and developing & testing usecase 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Developing SOP / instruction manual for L1 team 13.Guiding L1 team for triage/analysis and assist in clousure of cybersecurity alert and incidents 14.Handle XDR alerts and followup with customer team for agent updates 15.Escalate more complex incidents to L3 SME for deeper analysis. Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.3-7 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques. Preferred technical and professional experience Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L1 Analyst has responsibility to closely track the incidents and support for closure. 10.Escalate more complex incidents to L2 analysts for deeper analysis. 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Handle XDR alerts and followup with customer team for agent updates Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Preferred technical and professional experience Required Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.2 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques.Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications"

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L1 Analyst has responsibility to closely track the incidents and support for closure. 10.Escalate more complex incidents to L2 analysts for deeper analysis. 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Handle XDR alerts and followup with customer team for agent updates Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.2 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques. Preferred technical and professional experience Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Managed Cloud Security Services Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Senior Security Engineer your typical day will involve security platform related activities on Microsoft Sentinel, providing end to end investigation on health monitoring and platform monitoring. You will also engage in proactive monitoring of security systems to analyze and respond to incidents effectively and normalize the log source and use case finetuning activities. Roles & Responsibilities:- Develop and deploy use case -New log source onboarding to SIEM-Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct regular security assessments and audits to identify gaps in the configuration and detections of false positives.- Develop and implement security policies and procedures to safeguard information, inclusive of optimization of analytic rules. Professional & Technical Skills- Microsoft Sentinel:Hands-on experience with SIEM/SOAR, including KQL query development, alert tuning, and automation with Logic Apps.- Expertise in Devops and Terraform to mange pipeline and infrastructure deployment.-Platform and Healthmonitorng incident investigation and deployment. -Required knowledge Entra ID management.-Managing Cribl and Logstash pipeline for log source onboarding.-Strong understanding of incident response and threat management.-Experience with security monitoring tools and technologies.-Able to manage requests, incidents, and changes on ServiceNow as per service management process.-Familiarity with scripting (PowerShell, KQL), infrastructure-as-code, and automation tools is a plus.-Required active participation/contribution in team discussions-To be a part of audits and service improvement activities within the team- threat hunting, MDE and use case engineering experience- Knowledge of security frameworks like MITRE.- Deliver security solutions using Microsofts security stack, with a focus on Microsoft Defender for Cloud, Endpoint, Identity, Azure Firewall, and Microsoft Sentinel.-Implement and operationalize MDC for cloud security posture management and workload protection.-Support deployment and ongoing management of MDE for endpoint threat detection and response.-Integrate MDI into customer environments to monitor identity-related threats and provide remediation recommendations.- Ability to analyze security incidents from L2/L3 perspective as well as developing effective response strategies.-Knowledge of network security protocols and best practices. Additional Information:- The candidate should have minimum 6 years of experience in Microsoft Azure Security suite.- This position will be operated from Bengaluru location.-A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Managed Cloud Security Services Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are looking for an experienced and detail-oriented Security Delivery Associate Manager to support the planning, implementation, and delivery of cybersecurity services across Microsoft security technologies. will play a key role in delivering secure, scalable, and compliant security solutions for internal stakeholders or clients. Roles & responsibilities:The ideal candidate will have practical expertise in Microsoft Sentinel, Cribl, Logstash, Devops, Terraform, Logsource onboarding, ASIM Parsing Deliver security solutions using Microsofts security stack, with a focus on Microsoft Sentinel Platform Management.Translate business and technical requirements into well-architected security solutions and support delivery from design to deployment.Managing Cluster with multiple clients Lead and manage cross-functional teams, ensuring effective collaboration, communication, and alignment with business objectives. Responsible for team decisions.Engage with multiple teams and contribute on key decisions.Develop and implement security strategies.Conduct security assessments and audits.Stay updated on the latest security trends and technologies.Configure and fine-tune Microsoft Sentinel, develop analytics rules, workbooks, playbooks, and maintain alerting mechanisms.Coordinate with engineering, operations, and risk teams to ensure consistent and secure delivery of services.Create technical documentation, deployment guides, and knowledge transfer materials for clients or internal teams.Collaborate with project managers and stakeholders to ensure timely and successful delivery of security services.Contribute to continuous improvement initiatives and automation of delivery processes. Professional & Technical Skills: Strong client-facing and stakeholder engagement capabilities.Excellent organizational and project coordination skills.Ability to clearly communicate technical information to both technical and non-technical audiences.Proactive mindset with a focus on security service quality and consistency.Experience working in delivery frameworks such as Agile, ITIL. Microsoft Sentinel:Hands-on experience with SIEM/SOAR, including KQL query development, alert tuning, and automation with Logic Apps.Configure and fine-tune Microsoft Sentinel, develop analytics rules, workbooks, playbooks, and maintain alerting mechanisms.Able to manage key vault and secret rotation Required knowledge Entra ID management.Required knowledge in Log source optimizationASIM parsing and normalizationManaging Cribl and Logstash pipeline for log source onboarding.Strong understanding of incident response and threat management.Familiarity with scripting (PowerShell, KQL), infrastructure-as-code, and automation tools is a plus.Able to manage requests, incidents, and changes on ServiceNow as per service management process.Required active participation/contribution in team discussionsTo be a part of audits and service improvement activities within the teamSentinel data modelling experienceExperience in designing and implementing security solutions. Deliver security solutions using Microsofts security stack, with a focus on Microsoft Defender for Cloud, Endpoint, Identity, Azure Firewall, and Microsoft Sentinel.Implement and operationalize MDC for cloud security posture management and workload protection.Support deployment and ongoing management of MDE for endpoint threat detection and response.Integrate MDI into customer environments to monitor identity-related threats and provide remediation recommendations.Knowledge of network security protocols and best practices.Hands-on experience with security tools and technologies. Additional Information:The candidate should have a minimum of 10+ years of experience in Managed Cloud Security Services.This position will be operated from Bengaluru location.A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Managed Cloud Security Services Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Platform engineering lead you will design, implement, and manage Microsoft Sentinel security solutions including analytics rules and automation workflows. Collaborate across teams to align threat detection and response with compliance, while ensuring integration with Microsoft and third-party security tools. Roles & Responsibilities:-Design and implement Microsoft Sentinel solutions including workspace configuration, data ingestion, and role-based access control.-Develop and tune analytics rules, workbooks, and hunting queries using KQL (Kusto Query Language).-Integrate various log sources (Azure, Microsoft 365, on-premise systems, third-party security tools) using built-in and custom connectors.-Create custom workbooks and dashboards for security visibility, KPIs, and executive reporting.-Build and maintain automation workflows using Logic Apps for incident enrichment, notification, and response.-Collaborate with SOC teams, cloud architects, and compliance teams to align monitoring with threat models and regulatory requirements.-Participate in incident response by investigating and analyzing alerts and security events within Sentinel.-Ensure integration with Microsoft Defender Suite (MDE, MDI, MDC, O365) and third-party SIEM/SOAR tools as needed.-Provide documentation, knowledge transfer, and ongoing Sentinel tuning and support. Professional & Technical Skills: - Must Have Skills: Proficiency in Microsoft Azure Security, including Microsoft sentinel, Microsoft Defender XDR and KQL and have a good understanding of Microsoft Defender solution platform for MDE, MDI, XDR, MDA and MDO. Must have capability to develop sentinel bases solutions with KQL queries.- Good to have Skills: Google SecOps MxDR solution.- Strong understanding of cloud security principles and best practices.- Experience with security tools and technologies on Microsoft Azure. Multi-Cloud experience will be additional.- Knowledge of security frameworks like MITRE.- Ability to analyze and develop use cases L3 perspective as well as developing effective response strategies. Additional Information:- The candidate should have minimum 5 years of experience in Microsoft Azure Security suite.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Application Developer Project Role Description : Design, build and configure applications to meet business process and application requirements. Must have skills : Managed Cloud Security Services Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are looking for an experienced and detail-oriented Security Delivery Specialist to support the planning, implementation, and delivery of cybersecurity services across Microsoft security technologies. The ideal candidate will have practical expertise in Microsoft Sentinel, Cribl, Logstash, Devops, Terraform will play a key role in delivering secure, scalable, and compliant security solutions for internal stakeholders or clients. Roles & responsibilities:Deliver security solutions using Microsofts security stack, with a focus on Microsoft Sentinel Platform Management.Translate business and technical requirements into well-architected security solutions and support delivery from design to deployment.Configure and fine-tune Microsoft Sentinel, develop analytics rules, workbooks, playbooks, and maintain alerting mechanisms.Coordinate with engineering, operations, and risk teams to ensure consistent and secure delivery of services.Create technical documentation, deployment guides, and knowledge transfer materials for clients or internal teams.Collaborate with project managers and stakeholders to ensure timely and successful delivery of security services.Contribute to continuous improvement initiatives and automation of delivery processes. Professional & Technical Skills: Strong client-facing and stakeholder engagement capabilities.Excellent organizational and project coordination skills.Ability to clearly communicate technical information to both technical and non-technical audiences.Proactive mindset with a focus on security service quality and consistency.Experience working in delivery frameworks such as Agile, ITIL.Microsoft Sentinel:Hands-on experience with SIEM/SOAR, including KQL query development, alert tuning, and automation with Logic Apps.Able to manage key vault and secret rotation Azure Devops, Github, CICD, Terraform.Required knowledge Entra ID management.Managing Cribl and Logstash pipeline for log source onboarding.Strong understanding of incident response and threat management.Experience with security monitoring tools and technologies.Able to manage requests, incidents and changes on ServiceNow as per service management process.Familiarity with scripting (PowerShell, KQL), infrastructure-as-code, and automation tools is a plus.Required active participation/contribution in team discussionsTo be a part of audits and service improvement activities within the teamthreat hunting, MDE and use case engineering experienceKnowledge of network security protocols and best practices.Experience in designing and implementing security solutions. Deliver security solutions using Microsofts security stack, with a focus on Microsoft Defender for Cloud, Endpoint, Identity, Azure Firewall, and Microsoft Sentinel.Implement and operationalize MDC for cloud security posture management and workload protection.Support deployment and ongoing management of MDE for endpoint threat detection and response.Integrate MDI into customer environments to monitor identity-related threats and provide remediation recommendations.Knowledge of network security protocols and best practices. Additional Information:The candidate should have a minimum of 7+ years of experience in Managed Cloud Security Services.This position will be operated from Bengaluru location.A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :This Role is responsible for leading SOC operations, focusing on threat detection, incident response, and security monitoring using Microsoft Sentinel as the primary SIEM platform. This role demands deep expertise in Sentinel architecture, rule creation, workbook/reporting, and playbook orchestration (Logic Apps), along with proven experience in m anaging SOC analysts, ensuring SLA adherence, and driving continuous improvement in security operations Roles & Responsibilities:-Lead 24x7 SOC operations using Microsoft Sentinel.-Develop and tune KQL analytics rules, workbooks, and SOAR playbooks (Logic Apps).-Manage Sentinel data connectors (M365, Azure, Defender suite).-Respond to and lead major incidents and investigations.-Guide and mentor L1-L3 analysts.-Collaborate with threat intel and compliance teams.-Own reporting, metrics, and client governance interactions.-Improve SOC processes and reduce false positives. Professional & Technical Skills: --Cybersecurity experience with at least 3+ years in SOC leadership.-Hands-on expertise with Microsoft Sentinel, KQL, Logic Apps, Microsoft Defender Suite.-Strong understanding of incident lifecycle, MITRE ATT&CK, and SOAR workflows.-Familiarity with regulatory standards like ISO 27001, NIST, and Azure security best practices.-Excellent communication, reporting, and team management capabilities. Additional Information:- The candidate should have minimum 7.5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

ELIGIBILITY: MCA / B Tech (CS/IT) / BE (CS/IT) Work Experience: 7-10 Years of total work experience. 4+ Years experience of managing SOC. Roles & Responsibilities Manage the SOC operations and related activities Lead SOC team to SOC/SIEM implementation, Log aggregation, Detection & Prevention rules. Direct the functions, processes, and operations of the SOC and ensure standard SOPs are followed. Lead the continuous monitoring related operations of the SOC to ensure optimal identification / resolution of security incidents and enhance security. Develop and maintain an incident response management program that includes incident detection, analysis, containment, eradication, recovery and chain of evidence / forensic Actively participate in security incident management and document security/incident response playbooks Review SOC Roster and SOC team performance. Ensure compliance of SLA and adherence of related processes with review of improvement opportunities to meet operational objectives. Lead SOC threat hunting team and create new detection rules Create and publish reports, dashboards, metrics for SOC operations and presentation to customers and management. Conduct scheduled and ad hoc training exercises to ensure staff are current with the latest threats and incident response techniques. Optimization of rules, alerts as per severity of threat perceived from any specific events. Build use cases and correlation alerts in the SIEM for continuous security monitoring Periodic Rules/configuration review as per standard procedure / CIS. SKILLS: Hands-on experience of security tools that include SIEM, SOAR and EDR/XDR, experience in Microsoft Sentinel and IBM Qradar preferred. Familiar with MITRE ATT&CK framework Familiar with multiple Operating System platforms such as Windows, Linux and Unix. Familiar with popular commercials / open source tools and techniques used by hackers Knowledge of Security testing methodology, and other international industry recognised standards and guidelines including CIS controls in depth. Experience in creating detection rule creation using KQL and Regex Aware of general cyber security practices needed by computer and internet user Strong written and verbal communication skills expected - ability to communicate security and risk-related scenarios to both technical and non-technical stakeholders Strong knowledge of Word, Excel and PowerPoint for professional documentations. Ability to work at nights and/or weekends as per urgency / requirement.

Avalara is seeking a Security Automation Engineer to join our Security Automation & Platform Enhancement Team (SAPET). You will be at the intersection of cybersecurity, automation, and AI, focusing on designing and implementing scalable security solutions that enhance Avalara's security posture. You will have expertise in programming, cloud technologies, security automation, and modern software engineering practices, with experience with using Generative AI to improve security processes. What Makes This Role Unique at Avalara Cutting-Edge Security Automation: You will work on advanced cybersecurity automation projects, including fraud detection, AI-based security document analysis, and IT security process automation. AI-Powered Innovation: We integrate Generative AI to identify risks, analyze security documents, and automate compliance tasks. Impact Across Multiple Security Domains: Your work will support AML, fraud detection, IT security, and vendor risk management. What Your Responsibilities Will Be As a Security Automation Engineer, your primary focus will be to develop automation solutions that improve efficiency across several security teams. Develop and maintain security automation solutions to streamline security operations and reduce manual efforts. Work on automation projects that augment security teams, enabling them to work more efficiently. Design and implement scalable security frameworks for Security Teams. What You'll Need to be Successful 5+ years experience Programming & Scripting: Python, GoLang, Bash Infrastructure as Code & Orchestration: Terraform, Kubernetes, Docker Security & CI/CD Pipelines: Jenkins, GitHub Actions, CI/CD tools Database & Data Analysis: SQL, security data analytics tools Experience with RDBMS and SQL, including database design, normalization, query optimization Experience. Hands-on experience with security automation tools, SIEM, SOAR, or threat intelligence platforms.

About the Organisation DataFlow Group is a pioneering global provider of specialized Primary Source Verification (PSV) solutions, and background screening and immigration compliance services that assist public and private organizations in mitigating risks to make informed, cost-effective decisions regarding their Applicants and Registrants. About the Role: Dataflow is looking to hire a cyber security expert with rich experience leveraging TrendMicro Vision/XDR platform and AWS environment in security alerts triage, investigation and incident response to support on-prem devices and cloud assets remain protected from any security threats. The ideal candidate will have a strong understanding of threat detection and response, and experience with TrendMicro's XDR platform to investigate workstations (windows/mac) and public cloud assets in AWS. Identifying opportunities and designs to automate security tasks, such as threat intelligence enrichment, incident response playbooks and automated workflows using TrendMicro XDR platform is desirable. You will be expected to use your experience, talent and passion to work with a small global team in order to provide a 24x7 service to the rest of the world. Flexibility, energy, curiosity and a desire to simply get the job done will be key. The role encompasses a range of responsibilities that will focus on threat detection and response ,building security orchestration and automation, with ample opportunity to learn more in-depth skills related to workstations and servers. Our company has taken Google Workspace and AWS cloud services for its core technology suite, and you will have ample opportunity to stretch your knowledge into these cutting edge technologies. Work breakdown structure Technical Delivery(Automation):40% Technical analysis: 60% Duties and Responsibilities: Ensure security alerts are thoroughly investigated and closed within SLA. Measure quarterly Mean time to response (MTTR) and improve 5% of MTTR every quarter Ensure up-time is 99.9% for all infrastructure components Build playbook and automation for top 80% security alerts Ensure services are providing optimized performance to end-users 99% of the time Severity 1 incidents returned to service within 2 hours Qualifications: Bachelor of Engineering (B.E.) or Bachelor of Technology (B.Tech) degree A minimum of 3 years of industry experience in cyber security incidents investigation and response Monitor and analyze security events, alerts, and incidents generated by TrendVision/XDR Strong understanding of threats and attacks detection. Experienced on threat hunting and threat intelligence. Experience and working knowledge of: 1) Windows and MAC OS 2) Microsoft or Linux servers 3) Cloud-based services such as AWS, Google Workspace 4) Serverless architecture and technology (Clusters, containers etc.) Proficiency in scripting languages (e.g., Python, PowerShell) Implemented automation tools and orchestration frameworks for efficiency; Best-in-class English communication skills, with a natural confidence and ability to communicate clearly worldwide. Ability to learn quickly and adapt to changing environments. An ability to flex your hours as required, especially during releases or system outages

Implement, monitor, and enhance IT security infrastructure; manage SIEM, endpoint protection, vulnerability scanning, and incident response within IT environments. Required Candidate profile Experienced IT security professionals with strong knowledge of enterprise cybersecurity tools, SIEM, firewalls, and security standards like NIST, ISO 27001.

SFTP L1 & L2

Deploy and configure Microsoft Sentinel and dependent resources. Integrate diverse data sources into SIEM for holistic threat visibility. Develop advanced KQL queries and build analytical rules and alerts. Design and implement use cases aligned to NIST and MITRE ATT&CK frameworks. Build SOAR workflows using Azure Logic Apps for automated incident response. Perform threat hunting and simulate non-invasive attacks based on TTPs and threat actor behavior. Conduct forensic analysis, root cause analysis, and incident triage. Leverage threat intelligence for proactive defense and detection strategies. Create and maintain KPI dashboards and reporting metrics. Build Proof of Concepts (PoCs) for domain-specific security implementations. Utilize and maintain EDR and CASB tools , preferably Microsoft Defender ATP. Maintain and enhance security in hybrid and multi-cloud environments (Azure, AWS, GCP). Create custom security policies , dashboards, and workbooks in Sentinel. Participate in compliance control strategies (e.g., PCI, PII) using Azure Automation . Support Cloud Security Posture Management (CSPM) tool testing and policy scoring. Support in report generation (daily, weekly, quarterly, annually) for various stakeholders. Technical Skills & Experience: Deep understanding of Active Directory, DNS Security, Network Protocols, Web Technologies , TLS, and Firewalls. Proficient in EDR solutions , preferably Microsoft Defender ATP . Hands-on with Azure cloud security technologies: Defender for Cloud, Defender for Identity, Defender for Office365, etc. Exposure to GCP (Security Command Center, Confidential Computing) and AWS (Security Hub, GuardDuty, Macie) is a plus. Proficient in PowerShell, Bash, Python scripting (preferred but not mandatory). Knowledge of IT Forensics tools, techniques, and methodologies. Experience in policy creation, dashboarding , and process automation. Good to Have: Exposure to Cloud App Security , Azure Key Vault , Confidential Computing , AWS Shield , etc. Certifications like AZ-500 , SC-200 , AWS Certified Security , etc. Experience with setting up SOC processes or security frameworks .

The Security Operation Specialist has the end-to-end responsibility for the physical and logical security of the Network/Services, OSS/SQM, and Infrastructure in accordance with the security policy technically manage and operate components of security services provided to end users of Nokia customers, within service levels agreed with those customers. You have: 10+ years of extensive relevant experience and a graduate / postgraduate equivalent degree. Exposure to telecom technologies Security analytics and working knowledge of SOC technologies like SIEM, SOAR, etc. Scripting capabilities Industry certifications like CISSP/CEH/CISM/CISA It would be nice if you also had: Understanding of hacking techniques Understanding of 3GPP security requirements, ITU-T x.805, ISO27001, NIST, Mitre attack framework Build and maintain a library of threat hunting or analytics use cases for non-signature-based threat detection Build and maintain a library of pre-developed connectors to integrate leading SIEMs with diverse network elements Build and maintain a customizable library of remediation workflows or cyber playbooks Use cases should cover the entire kill chain, starting from reconnaissance, weaponization, delivery, exploitation, installation, C2, exfiltration, remediation, etc. Provide SME support to the delivery organization Testing and PoC of use cases in a lab environment Support in building use case demos. Work with different product lines to validate and test the feasibility of security use cases Build risk-driven cyber attack scenarios by clearly identifying threats, vulnerabilities, business impact, likelihood, approach, use case, scenarios, rules, remediation workflows, or a cyber playbook.

Key Responsibilities: Design, implement, and manage Palo Alto Networks solutions, including: Next-Gen Firewall (NGFW) EDR/XDR (Cortex XDR) SIEM/SOAR (Cortex XSIAM) Lead and support migration projects from legacy platforms (e.g., Splunk, Sentinel, QRadar) to Palo Alto Cortex XSIAM Work with clients to understand business requirements and deliver tailored cybersecurity solutions Perform threat hunting, alert tuning, policy configuration, and use case development Collaborate with global teams (onshore/offshore model) for delivery in sectors like Telecom, Finance, Retail, and Public Sector Support security assessments, integrations, and continuous improvement initiatives Required Skills & Qualifications: Strong hands-on experience in Palo Alto technologies (NGFW, Cortex XDR/XSIAM) Proven knowledge of cybersecurity operations, SOC processes, and incident response Experience with SIEM migration and integrations Understanding of threat intelligence, detection engineering, and automation Good knowledge of scripting (Python, PowerShell) and log analysis Excellent communication and client-facing skills Preferred Certifications: Palo Alto Networks Certifications, such as: PCNSE (Network Security Engineer) Cortex XDR/XSIAM certifications (if available) Additional certifications like CEH, CISSP, or relevant SIEM/EDR vendor certifications are a plus

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Accenture MxDR Ops Security Threat Analysis Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build, and protect enterprise systems, applications, data, assets, and people. You will provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Be a crucial part of ensuring the security of the organization's digital assets and operations. Roles & Responsibilities:Perform security monitoring by analyzing logs, traffic and alerts generated by variety of device technologiesTimely response to customer requests like detection capabilities, tuning.Research new threats and provide recommendations to enhance detection capabilitiesStrong desire for continuous learning on vulnerabilities, attacks and countermeasures Identify opportunities for process improvement Professional & Technical Skills: Experience in SOC operations with customer-facing responsibilitiesDeep understanding on cyber security fundamentals, security devices, network defense concepts and threat landscapeHands-on experience in SIEM and threat hunting tools Added advantage in working with any SOAR platformDesirable knowledge in any scripting language and EDR productsPreferable GCIA, GCFA, CISSPStrong customer service and interpersonal skillsStrong problem-solving skillsAbility to communicate clearly at all levels, demonstrating strong verbal and written communication skills.Adaptability to accept change Additional Information:Work as part of analysis team that works 24x7 on a rotational shift The candidate should have minimum 2 years of experience This position is based at our Chennai office.A 15 year full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Accenture MxDR Ops Security Threat Analysis Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your security skills to design, build, and protect enterprise systems, applications, data, assets, and people. Your typical day will involve collaborating with various teams to implement security measures, conducting assessments to identify vulnerabilities, and ensuring that the organization's information and infrastructure are safeguarded against potential cyber threats. You will also engage in continuous learning to stay updated on the latest security trends and technologies, contributing to a secure environment for all stakeholders. Roles & Responsibilities:Perform security monitoring by analyzing logs, traffic and alerts generated by variety of device technologiesTimely response to customer requests like detection capabilities, tuning.Research new threats and provide recommendations to enhance detection capabilitiesStrong desire for continuous learning on vulnerabilities, attacks and countermeasures Identify opportunities for process improvement Professional & Technical Skills: Experience in SOC operations with customer-facing responsibilitiesDeep understanding on cyber security fundamentals, security devices, network defense concepts and threat landscapeHands-on experience in SIEM and threat hunting tools Added advantage in working with any SOAR platformDesirable knowledge in any scripting language and EDR productsPreferable GCIA, GCFA, CISSPStrong customer service and interpersonal skillsStrong problem-solving skillsAbility to communicate clearly at all levels, demonstrating strong verbal and written communication skills.Adaptability to accept change Additional Information:Work as part of analysis team that works 24x7 on a rotational shift Minimum a bachelors or a masters degree in addition to regular 15- year full time educationThe candidate should have minimum 2 years of experience This position is based at our Chennai office. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Accenture MxDR Ops Security Threat Analysis Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your security skills to design, build, and protect enterprise systems, applications, data, assets, and people. A typical day involves collaborating with various teams to implement security measures, conducting assessments to identify vulnerabilities, and ensuring that all systems are fortified against potential cyber threats. You will engage in proactive monitoring and response to security incidents, while also contributing to the development of security policies and procedures that align with organizational goals. Your role is crucial in safeguarding information and maintaining the integrity of business processes in a constantly evolving threat landscape. Roles & Responsibilities:Perform security monitoring by analyzing logs, traffic and alerts generated by variety of device technologiesTimely response to customer requests like detection capabilities, tuning, etc.Research new threats and provide recommendations to enhance detection capabilitiesStrong desire for continuous learning on vulnerabilities, attacks and countermeasures Identify opportunities for process improvement Professional & Technical Skills: Experience in SOC operations with customer-facing responsibilitiesDeep understanding on cyber security fundamentals, security devices, network defense concepts and threat landscapeHands-on experience in SIEM and threat hunting tools Added advantage in working with any SOAR platformDesirable knowledge in any scripting language and EDR productsPreferable GCIA, GCFA, CISSPStrong customer service and interpersonal skillsStrong problem-solving skillsAbility to communicate clearly at all levels, demonstrating strong verbal and written communication skills.Adaptability to accept change Additional Information:Work as part of analysis team that works 24x7 on a rotational shift Minimum a bachelors or a masters degree in addition to regular 15- year full time educationThe candidate should have minimum 2 years of experience This position is based at our Chennai office. Qualification 15 years full time education

Position Summary We are looking for a skilled Software Engineer with 3-5 years of experience in Java development, SaaS architectures, and cybersecurity solutions. You will play a key role in designing and implementing scalable security applications while following best practices in secure coding and cloud-native development. Key Responsibilities Develop and maintain scalable, secure software solutions using Java. Build and optimize SaaS-based cybersecurity applications, ensuring high performance and reliability. Collaborate with cross-functional teams including Product Management, Security, and DevOps to deliver high-quality security solutions. Design and implement security analytics, automation workflows and ITSM integrations. Basic Qualifications A bachelor’s or master’s degree in computer science, electronics engineering or a related field 3-5 years of experience in software development using Java. Experience with cloud platforms (AWS, GCP, or Azure) and microservices architectures. Proficiency in containerization and orchestration tools (Docker, Kubernetes). Knowledge of DevSecOps principles, CI/CD, and infrastructure-as-code tools (Terraform, Ansible). Preferred Qualifications Exposure to cybersecurity solutions, including SIEM (Splunk, ELK, QRadar) and SOAR (XSOAR, Swimlane). Familiarity with machine learning or AI-driven security analytics. Strong problem-solving skills and ability to work in an agile, fast-paced environment.

Role & responsibilities Must Have: 3 + years hands-on experience with cybersecurity Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), antivirus (AV), Identity and Access Management (IDAM), Security Information and Event Monitoring (SIEM) Security Orchestration and Automation (SOAR) platforms Key Ask for the discussed role: Candidate should be able to support for security related incidents Troubleshooting experience is essential. Should be able to identify and applies mitigation controls (where possible) to remediate alerts Good to have Skills: Cybersecurity certifications including CompTIA Network+, Security+, Cloud+, Ethical Hacker, EnCE, GCFE, GCFA, GNFA, GDAT, GCIH, GREM, CISA, CISM, CISSP, and/or similar cybersecurity certifications