482 Soar Jobs - Page 15

Enable a world-class cyber defense program by working closely with other technical, incident management, and forensic personnel to develop a fuller understanding of the intent, objectives, and activity of cyber threat actors Work at the forefront of designing an innovative threat and security incident management solution Develop and optimize SOAR playbooks, integrating various security tools and platforms to automate threat detection, incident response, and remediation processes. Work closely with cross-functional teams, including SOC, IT, DevOps, and Risk Management, to align SOAR capabilities with organizational security objectives. Customize SOAR workflows, scripts, and connectors to meet the specific needs of the organization, ensuring seamless interoperability between systems. Participate in a 24x7 coverage model to prevent and remediate security threats against Goldman Sachs global business network Basic Qualifications: Strong verbal and written communication skills, with the ability to convey complex technical concepts to both technical and non-technical stakeholders. Strong analytical and problem-solving skills, with a proactive approach to identifying and addressing security challenges. In-depth understanding of security frameworks (MITRE ATTCK, NIST), threat intelligence, and automation strategies. Strong sense of ownership and driven to manage tasks to completion Proficient scripting skills utilizing both Python and PowerShell Preferred qualifications: 1+ years of experience in cybersecurity, with SOAR technologies and incident response. Proficiency in SOAR platforms (eg, Splunk Phantom, Demisto, Siemplify), scripting languages (Python, PowerShell), and integration with security tools (SIEM, EDR, etc). Knowledge conducting incident response within a major public cloud (ie AWS, Google, Azure) Any of following certifications: GNFA, GCFE, GCFA, CCFP, CFCE, ACE, OSCP, GCFR

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Accenture MxDR Ops Security Threat Analysis Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build, and protect enterprise systems, applications, data, assets, and people. You will provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Be a crucial part of ensuring the security of the organization's digital assets and operations. Roles & Responsibilities:Perform security monitoring by analyzing logs, traffic and alerts generated by variety of device technologiesTimely response to customer requests like detection capabilities, tuning, etc.Research new threats and provide recommendations to enhance detection capabilitiesStrong desire for continuous learning on vulnerabilities, attacks and countermeasures Identify opportunities for process improvement Professional & Technical Skills: Experience in SOC operations with customer-facing responsibilitiesDeep understanding on cyber security fundamentals, security devices, network defense concepts and threat landscapeHands-on experience in SIEM and threat hunting tools Added advantage in working with any SOAR platformDesirable knowledge in any scripting language and EDR productsStrong customer service and interpersonal skillsStrong problem-solving skillsAbility to communicate clearly at all levels, demonstrating strong verbal and written communication skills.Adaptability to accept change Additional Information:Work as part of analysis team that works 24x7 on a rotational shift Minimum a bachelors or a masters degree in addition to regular 15- year full time educationThe candidate should have minimum 2 years of experience This position is based at our Chennai office. Qualification 15 years full time education

Deployment and maintenance of PA/CHECKPOINT/CISCO ASA/FORTINET firewall solutions Experience in working with Windows, Linux, Unix environments and integrating management tools Automate processes using scripting and SOAR tools Required Candidate profile Experience with PA/CHECKPOINT/CISCO ASA/FORTINET firewall solutions Scripting and Automation skills Strong in packet Capture, Analysis, and Troubleshooting Tools

Key Responsibilities: Develop and execute strategic sales plans to meet quarterly and annual targets Identify, qualify, and pursue new enterprise sales opportunities Deliver compelling product presentations and solution demos to potential clients Understand client security pain points and align appropriate solutions (MDR, SIEM, SOAR) Lead contract negotiations, pricing, and deal closures Build and maintain long-term relationships with key stakeholders and channel partners Stay current with evolving cybersecurity threats, tools, and market trends Collaborate with internal technical, product, and marketing teams to shape go-to-market strategy Required Skills & Experience: Bachelor's degree in Business, Computer Science, Information Security, or related field 5+ years of experience in cybersecurity solution sales or enterprise B2B technology sales Strong understanding of SIEM tools (e.g., Splunk, QRadar, Securonix), SOAR , and MDR offerings Excellent communication, presentation, and negotiation skills Proven ability to build strong client relationships and consistently close deals Self-motivated and results-driven with a strategic sales mindset Ability to work both independently and cross-functionally in fast-paced environments Preferred Skills: Experience with cybersecurity operations , threat detection, and incident response Familiarity with cloud security , SaaS-based platforms, or XDR/MDR tools Exposure to channel sales , partner engagement, and GTM planning Understanding of cybersecurity compliance standards (e.g., ISO 27001, SOC2, NIST)

Responsibilities Work in a 24x7 Security Operation Centre (SOC) environment. Provide analysis and trending of security log data from various security devices. Coordinate incident response on a daily basis. Perform threat analysis to improve detection capabilities. Conduct forensic investigations and develop recovery plans. Develop and implement advanced defensive strategies and countermeasures. Engage in threat hunting to identify potential threats that may have bypassed defenses. Communicate effectively through written and visual documents for diverse audiences. Requirements Minimum of 8 - 10 years of experience in Cybersecurity. At least 6 years of working in a Security Operations Center (SOC). Proficient in Incident Management and Response, handling escalations. In-depth knowledge of security concepts such as cyber-attacks, threat vectors, and risk management. Knowledge of various operating system flavors including Windows, Linux, and Unix. Knowledge of TCP/IP protocols and network analysis. Experience with SIEM, SSL, Packet Analysis, HIPS/NIPS, and network monitoring tools. Nice-to-haves Hands-on experience with Splunk. Experience with Proofpoint and Azure security. Ability to suggest fine-tuning of existing security use cases.

- Design, develop & maintain playbooks within Cortex XSOAR - Integrate security tools & threat intelligence sources with XSOAR - Implement & manage security alerts using XSIAM, SIEM & SOAR platforms - Fine-tune & optimize securty automation processes Required Candidate profile Exp. : 6+ yrs CTC : Upto 30 Lacs Location : Remote WFH (1 Opening) / Central Mumbai WFO (2 Open) Comm. Skills - Excellent Strong in Cortex XSOAR along with automation and XSIAM, SOAR, and SIEM tools.

What You'll Do Reports to: Manager - Security Engineering Avalara is seeking a Security Automation Engineer to join our Security Automation & Platform Enhancement Team (SAPET). You will be at the intersection of cybersecurity, automation, and AI, focusing on designing and implementing scalable security solutions that enhance Avalara's security posture. You will have expertise in programming, cloud technologies, security automation, and modern software engineering practices, with experience with using Generative AI to improve security processes. What Makes This Role Unique at Avalara? Cutting-Edge Security Automation: You will work on advanced cybersecurity automation projects, including fraud detection, AI-based security document analysis, and IT security process automation. AI-Powered Innovation: We integrate Generative AI to identify risks, analyze security documents, and automate compliance tasks. Impact Across Multiple Security Domains: Your work will support AML, fraud detection, IT security, and vendor risk management. What Your Responsibilities Will Be As a Security Automation Engineer, your primary focus will be to develop automation solutions that improve efficiency across several security teams. Develop and maintain security automation solutions to streamline security operations and reduce manual efforts. Work on automation projects that augment security teams, enabling them to work more efficiently. Design and implement scalable security frameworks for Security Teams. What You'll Need to be Successful 5+ years experience Programming & Scripting: Python, GoLang, Bash Infrastructure as Code & Orchestration: Terraform, Kubernetes, Docker Security & CI/CD Pipelines: Jenkins, GitHub Actions, CI/CD tools Database & Data Analysis: SQL, security data analytics tools Experience with RDBMS and SQL, including database design, normalization, query optimization Experience. Hands-on experience with security automation tools, SIEM, SOAR, or threat intelligence platforms.

Role: Regional Sales Manager Job Type: Full Time, Permanent Location: Kolkata (East Region), Chennai (South Region), Delhi (North Region) Number of Openings : 3 Experience Required: Minimum 5 years experience in cyber security Field Qualification: Bachelor’s degree in Business Administration, Marketing, Engineering, or a related field. MBA or equivalent postgraduate qualification is preferred. Brief Role Description We are seeking a highly experienced and driven Sales Professional having 7–12 years of experience in B2B sales with minimum 5 years’ experience in cyber security field. The ideal candidate will take ownership of the complete sales cycle - from lead generation to deal closure - while building strong relationships with clients and driving business growth. Responsibilities: Formulate and implement strategic sales plans to meet revenue targets and drive customer base expansion within the East / South / North Indian region. Proactively identify and pursue new business opportunities through market research, networking and cold callings. Coordinate with operations and technical teams and educate, empower the team to capture cybersecurity services opportunity at the end customer. Foster strong post-sales relationships to ensure customer satisfaction and identify opportunities for upselling and cross-selling. Deliver accurate sales forecasts and provide timely, detailed reports to Executive. Skills Required: Ability to handle complex sales cycles and decision-making units. Self-motivated with a high level of accountability and initiative. Extensive professional network and comprehensive market knowledge of East / South / North India Corporate sector. Thorough understanding of CRM systems with the ability to generate and analyze sales reports effectively. Engage with clients in strategic discussions to provide best in class cybersecurity. Proficiency in delivering impactful presentations to clients, showcasing cybersecurity solutions with clarity and compelling manner. Conduct market research and identify leads. Proven track record in the sales of cybersecurity technologies or enterprise software solutions. Experience in engaging and collaborating with government entities and PSU clients. About Company Innspark is the fastest-growing Deep-tech Solutions company that provides next-generation products and services in Cybersecurity and Telematics. The Cybersecurity segment provides out-of-the-box solutions to detect and respond to sophisticated cyber incidents, threats, and attacks. The solutions are powered by advanced Threat Intelligence, Machine Learning, and Artificial Intelligence that provides deep visibility of the enterprise’s security. We have developed and implemented solutions for a wide range of customers with highly complex environments including Government Organizations, Banks & Financial institutes, PSU, Healthcare Providers, Private Enterprises. Website : https://innspark.in/

Monitor,analyze security events,alerts across various platforms. Investigate potential security incidents,escalate as appropriate,following defined incident response processes. Correlate events from multiple sources to identify patterns or anomalies Required Candidate profile Lead,participate in threat hunting activities to proactively identify potential threats vulnerabilities Serve as the administrator for SOC tools including SIEM, EDR, SOAR,threat intelligence platforms Perks and benefits To be disclosed post interview

Your day at NTT DATA The Security Platform Engineer is a seasoned subject matter expert, responsible for facilitating problem resolution and mentoring for the overall Global Data Centers Office of Information Security (GDC-OIS) team. This role performs important tasks specialized at threat hunting, Crowdstrike, Network Security and other operational security tasks such as performance and availability monitoring, log monitoring, security incident detection and response, security event reporting, and content maintenance (tuning). The Security Platform Engineer is responsible for detecting and monitoring escalated threats and suspicious activity affecting the organization's technology domain (servers, networks, appliances and all infrastructure supporting production applications for the enterprise, as well as development environments). What you'll be doing KEY RESPONSIBILITIES Works as part of a 24/7 global team in IT/OT environment. ICS and SCADA knowledge preferred. Administers the organization's security tools to gather security logs from the environment and performs lifecycle management, including break-fix, patching, and live updates. Performs security incident handling and response from various vectors, including endpoint protection, enterprise detection and response tools, attack analysis, malware analysis, network forensics, and computer forensics. Conducts vulnerability assessments using automated scanning tools and manual techniques to identify security vulnerabilities in systems, networks, applications, and infrastructure components. Analyzes scan results, prioritizes vulnerabilities based on severity, impact, and exploitability, and provides detailed remediation recommendations to system owners, administrators, and IT teams. Monitors security alerts and maintains awareness of new threats and vulnerabilities to identify potential risks. Reads reports, makes risk assessments, works to detect the source of attacks, and tests current defenses against threats. Collaborates to develop practical mitigation strategies, configuration changes, and patch management processes to address identified vulnerabilities. Identifies opportunities to make automations that will help the incident response team. Ensures usage of knowledge articles in incident diagnosis and resolution and assists with updating as required. Investigates causes of incidents, seeks resolution, and escalates unresolved incidents, following up until resolved. Provides service recovery following the resolution of incidents and documents and closes resolved incidents according to agreed procedures. Maintains knowledge of specific , provides detailed advice regarding their application, and ensures efficient and comprehensive resolution of incidents. Logs all incidents in a timely manner with the required level of detail and cooperates with all stakeholders, including client IT environments, vendors, and carriers, to expedite diagnosis of errors and problems and identify a resolution. Analyzes data from various sources, including network traffic, email logs, malware files, web server logs, and DNS records, to identify potential risks and improve security measures Leads projects, self-starter, and performs any other related task as required. KNOWLEDGE & ATTRIBUTES Seasoned working knowledge on implementation and monitoring of any SIEM or security tools/technologies. ICS and SCADA knowledge preferred Seasoned knowledge on security architecture, worked across different security technologies. Customer service orientated and pro-active thinking. Problem solver who is highly driven and self-organized. Great attention to detail. Good analytical and logical thinking. Excellent spoken and written communication skills. Team leader with the ability to work well with others and in group with colleagues and stakeholders. ACADEMIC QUALIFICATIONS & CERTIFICATIONS Bachelor's degree or equivalent in Information Technology or related field. Relevant level of Security certifications such as CySA+, PenTest+, CCSP, GCIH, OSCP, etc. preferred. Relevant level of IT certifications such as GRID, GICSP, AZ-500, SC-200, etc. will be added advantage. REQUIRED EXPERIENCE Seasoned experience in Security technologies like (SIEM, PAM, IAM, PenTest, Threat Hunting, Firewall, Proxy etc.) preferably within a global IT services organization. Prior experience of working into Security Operation centers of a Data Center will be an added advantage. ICS and SCADA knowledge preferred. Seasoned experience in technical support to clients. Seasoned experience in diagnosis and troubleshooting. Seasoned experience providing remote support in Security Technologies. Seasoned experience in SOC/CSIRT Operations. Seasoned experience in handling security incidents end to end. Seasoned experience in Security Engineering. Knowledge on networking, Windows, Linux and security concepts. Seasoned experience in configuring/managing security controls such as RBAC, IAM, Zero Trust, UTM, Proxy, SOAR, etc.. Knowledge on log collection mechanism such as Syslog, Log file, DB API. Knowledge in security architecture. Prior experience of working on platforms like Crowd strike, Qualys, Palo Alto, Splunk, QRADAR, Cisco, VMWare and Ubuntu PHYSICAL REQUIREMENTS Primarily sitting with some walking, standing, and bending. Able to hear and speak into a telephone. Close visual work on a computer terminal. Dexterity of hands and fingers to operate any required to operate computer keyboard, mouse, and other technical instruments. WORK CONDITIONS & OTHER REQUIREMENTS This position is expected to be Hybrid for the foreseeable future with an occasional need to be onsite in a shared work environment. Must be comfortable with flexible working schedules across regions and their standard Time zones other than the base location. (US, EMEA & APAC) Extensive daily usage of workstation or computer. Must be comfortable working in a highly critical, fast paced environment with shifting priorities. Some domestic and/or international travel required, up to 25% of time. Perform work from a remote location with stable internet connection.

Your day at NTT DATA The Security Managed Services Engineer (L2) is a developing engineering role, responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational. Through the proactive monitoring, identifying, investigating, and resolving of technical incidents and problems, this role is able to restore service to clients. The primary objective of this role is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA) and focuses on second-line support for incidents and requests with a medium level of complexity. The Security Managed Services Engineer (L2) may also contribute to support on project work as and when required. What you'll be doing Key Responsibilities: Min 4+ Years exp in Soc along with SIEM (Splunk). Min 2 years Hands on exp in Splunk. Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD, PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities. Identify log sources and examine system logs to reconstruct event histories using forensic techniques. Align SIEM rules and alerts with the LICs security policies and compliance requirements. Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans. Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively. Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits. Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive. Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Knowledge and Attributes: Ability to communicate and work across different cultures and social groups. Ability to plan activities and projects well in advance, and takes into account possible changing circumstances. Ability to maintain a positive outlook at work. Ability to work well in a pressurized environment. Ability to work hard and put in longer hours when it is necessary. Ability to apply active listening techniques such as paraphrasing the message to confirm understanding, probing for further relevant information, and refraining from interrupting. Ability to adapt to changing circumstances. Ability to place clients at the forefront of all interactions, understanding their requirements, and creating a positive client experience throughout the total client journey. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). Active CEH certification is Must. Required Experience: Moderate level of relevant managed services experience handling Security Infrastructure. Moderate level of knowledge in ticketing tools preferably Service Now. Moderate level of working knowledge of ITIL processes. Moderate level of experience working with vendors and/or 3rd parties. Workplace type : On-site Working

Your day at NTT DATA The Security Managed Services Engineer (L2) is a developing engineering role, responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational. Through the proactive monitoring, identifying, investigating, and resolving of technical incidents and problems, this role is able to restore service to clients. The primary objective of this role is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA) and focuses on second-line support for incidents and requests with a medium level of complexity. The Security Managed Services Engineer (L2) may also contribute to support on project work as and when required. What you'll be doing Key Responsibilities: Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD, PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities. Identify log sources and examine system logs to reconstruct event histories using forensic techniques. Align SIEM rules and alerts with the LICs security policies and compliance requirements. Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans. Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively. Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits. Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive. Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). CEH certification is Must. Workplace type : On-site Working

Your day at NTT DATA The Security Managed Services Engineer (L2) is a developing engineering role, responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational. Through the proactive monitoring, identifying, investigating, and resolving of technical incidents and problems, this role is able to restore service to clients. The primary objective of this role is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA) and focuses on second-line support for incidents and requests with a medium level of complexity. The Security Managed Services Engineer (L2) may also contribute to support on project work as and when required. What you'll be doing Key Responsibilities: Min 4+ Years exp in Soc along with SIEM (Splunk). Min 2 years Hands on exp in Splunk. Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD, PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities. Identify log sources and examine system logs to reconstruct event histories using forensic techniques. Align SIEM rules and alerts with the LICs security policies and compliance requirements. Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans. Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively. Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits. Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive. Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Knowledge and Attributes: Ability to communicate and work across different cultures and social groups. Ability to plan activities and projects well in advance, and takes into account possible changing circumstances. Ability to maintain a positive outlook at work. Ability to work well in a pressurized environment. Ability to work hard and put in longer hours when it is necessary. Ability to apply active listening techniques such as paraphrasing the message to confirm understanding, probing for further relevant information, and refraining from interrupting. Ability to adapt to changing circumstances. Ability to place clients at the forefront of all interactions, understanding their requirements, and creating a positive client experience throughout the total client journey. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). Active CEH certification is Must. Required Experience: Moderate level of relevant managed services experience handling Security Infrastructure. Moderate level of knowledge in ticketing tools preferably Service Now. Moderate level of working knowledge of ITIL processes. Moderate level of experience working with vendors and/or 3rd parties. Workplace type : On-site Working

Your day at NTT DATA The Security Managed Services Engineer (L1) is an entry level engineering role, responsible for providing a managed service to clients to ensure that their Firewall infrastructure remain operational through proactively identifying, investigating, and routing the incidents to correct resolver group. The primary objective of this role is to ensure zero missed service level agreement (SLA) conditions and focuses on first-line support for standard and low complexity incidents and service requests. The Security Managed Services Engineer (L1) may also contribute to support on project work as and when required. What you'll be doing Key Responsibilities: Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD,PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities.Identify log sources and examine system logs to reconstruct event histories using forensic techniques.Align SIEM rules and alerts with the LICs security policies and compliance requirements.Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets.Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness.Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans.Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively.Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits.Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive.Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Workplace type : On-site Working

Your day at NTT DATA The Manager, Information Security Incident Response is a management role, responsible for managing the Information Security Incident Response Management team. This role ensures their team is equipped and enabled to detect and monitor threats and suspicious activity affecting the organization's technology domain. This role serves as the escalation point for incidents workflows and participates in the delivery of security measures through analytics and threat hunting processes. The Senior Manager, Information Security Incident Response manages a team of security professionals whilst fostering a collaborative and innovative team culture focused on operational excellence. What youll be doing Key Responsibilities: 10+ Years of experience in SOC. 4+ Years of experience as a SOC Manager. 4+ Years of experience in SIEM (Splunk) CISM/CISSP Certification is must. Good understanding about SOAR/UEBA/NBAD/XDR. Strong Exp in EDR and email fishing, Ransomware alerts. Troubleshooting technical issues to ensure project success. End-end integration of all soc solutions health check as per the signoff Implementing changes to align with Client demands and specifications. Providing guidance, direction, and instructions to the team to achieve specific objectives. Developing and executing a timeline for the team to achieve its goals. Monitoring incident detection and closure. Presenting regular metrics and reports. Identifying new alert requirements. Ensuring services meet SLA parameters. Conducting periodic DR drills. Following up with departments to close various reports/incidents and escalating long outstanding issues. Designing SIEM solutions to enhance security value, service management, and scalability. Identify, resolve, and conduct root-cause analysis for security incidents which is essential for maintaining a proactive and responsive security posture. Develop and document incident response procedures. Ensuring the SIEM system is optimized for efficient performance is vital. This includes handling data volume effectively and maintaining responsiveness for timely threat detection and response. Align reports SIEM rules and alerts with security policies and compliance reports requirements ensures that the system contributes to overall security and regulatory adherence. Developing customized and dashboards provides meaningful insights into the LICs security posture, aiding in decision-making and monitoring. Integration with other solutions/devices (including security solutions) to enhance overall security monitoring and incident response capabilities, creating a more comprehensive security infrastructure. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the systems reliability and effectiveness. Academic Qualifications and Certifications: Bachelors degree or equivalent in Information Technology, Computer Science or related field. Industry Certifications such as CISSP, CISM preferred. Required Experience: Advanced experience in a Technology Information Security Industry. Advanced prior experience working in a SOC/CSIR. Comprehension and practical knowledge of the Cyber Threat Kill Chains. Advanced knowledge of Tools, Techniques and Processes (TTP) used by threat actors. Advanced practical knowledge of indicators of compromise (IOCs). Advanced experience with End Point Protection and Enterprise Detention and Response Software. Advanced experience or knowledge of SIEM and IPS technologies. Advanced experience with Wireshark, tcpdump, Remnux, decoders for conducting payload analysis. Knowledge of malware analysis, hacking techniques, latest vulnerabilities, and security trends. Preferably an interest, or knowledge of, or experience with SIEM and IPS technologies. Advanced knowledge of network technologies including routers, switches, firewalls Advanced prior demonstrated experience managing and leading a team in a related field. Workplace type On-site Working

Key Responsibilities: Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources.Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD,PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis.Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities.Identify log sources and examine system logs to reconstruct event histories using forensic techniques.Align SIEM rules and alerts with the LICs security policies and compliance requirements.Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging.Maintain and support the operational integrity of SOC toolsets.Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness.Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans.Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner.Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively.Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits.Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive.Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency.

Key Responsibilities: Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD, PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities. Identify log sources and examine system logs to reconstruct event histories using forensic techniques. Align SIEM rules and alerts with the LICs security policies and compliance requirements. Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans. Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively. Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits. Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive. Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). CEH certification is Must.

Key Responsibilities: Min 4+ Years exp in Soc along with SIEM (Splunk). Min 2 years Hands on exp in Splunk. Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD, PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities. Identify log sources and examine system logs to reconstruct event histories using forensic techniques. Align SIEM rules and alerts with the LICs security policies and compliance requirements. Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans. Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively. Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits. Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive. Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Knowledge and Attributes: Ability to communicate and work across different cultures and social groups. Ability to plan activities and projects well in advance, and takes into account possible changing circumstances. Ability to maintain a positive outlook at work. Ability to work well in a pressurized environment. Ability to work hard and put in longer hours when it is necessary. Ability to apply active listening techniques such as paraphrasing the message to confirm understanding, probing for further relevant information, and refraining from interrupting. Ability to adapt to changing circumstances. Ability to place clients at the forefront of all interactions, understanding their requirements, and creating a positive client experience throughout the total client journey. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). Active CEH certification is Must. Required Experience: Moderate level of relevant managed services experience handling Security Infrastructure. Moderate level of knowledge in ticketing tools preferably Service Now. Moderate level of working knowledge of ITIL processes. Moderate level of experience working with vendors and/or 3rd parties.

Key Responsibilities: Review daily operational activities and timely mentor Jr. AnalystsFurther detailed analysis on the escalated events and handover the call to Incident Response team along with appropriate evidence.100 % incidents validation and closure. Manage shifts and knowledge transfer within shift (shift handover) Study Attack types & methods while monitoring HDFC environment for threatsPerforms deep-dive incident analysis by correlating data from various sources. Documentation and archiving artefacts for future reference Defining criticality of the behaviour alert events with respect to experience and information security understandingLead operations with example and manage operate as a security consultant for incidents and alerts observedLead Jr. Analysts in investigations, analysis, and alert categorizationMonitoring various technology dashboards and identify any suspicious anomalies Ensuring quality check for all alerts, incidents raised by L1sInvestigating closing on Testing incidents and defining the steps and processPreparation of Daily summary report Raise control related concerns e.g., SOAR & SIEM. Define operations related activitiesIRC Review, SOP Review and managing all other process documents. Audit Data SubmissionEscalation to seniors before the TAT breachTAT responsibilitiesValidation of SOC incidents by Bank L2 team. Knowledge and Attributes: Ability to communicate and work across different cultures and social groups. Ability to plan activities and projects well in advance, and takes into account possible changing circumstances. Ability to maintain a positive outlook at work. Ability to work well in a pressurized environment. Ability to work hard and put in longer hours when it is necessary. Ability to apply active listening techniques such as paraphrasing the message to confirm understanding, probing for further relevant information, and refraining from interrupting. Ability to adapt to changing circumstances. Ability to place clients at the forefront of all interactions, understanding their requirements, and creating a positive client experience throughout the total client journey. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). Certifications relevant to services supported. Certifications carry additional weightage on the candidates qualification for the role. Required Experience: Moderate level of relevant managed services experience handling Security Infrastructure. Moderate level of knowledge in ticketing tools preferably Service Now. Moderate level of working knowledge of ITIL processes. Moderate level of experience working with vendors and/or 3rd parties.

The Associate Managed Services Information Security Analyst is an entry level subject matter expert, responsible for monitoring, analyzing, interpreting and reporting on the incoming client data for the purpose of delivering security information and recommendations to the clients, enabling the organization to deliver the contracted security services. This role includes performing tasks such as security incident detection and response, security event reporting, threat hunting, content maintenance (tuning) and interacting with clients to ensure their understanding of the information generated, recommending client system changes as well as answering security related queries from the clients. This is an entry level role within the Managed Services Information Security Analyst team and works under guidance of more experienced analysts within the team. What you'll be doing Key Responsibilities: Works as part of a global Cyber Defense Centre (CDC) team that works 24/7 on rotational shifts. Works with client stakeholders and relevant internal teams to tune the MSSP platform and client SIEM to enable more efficient detection, analysis and reporting. Under guidance, generates continuous improvement ideas for supported security tools/technologies, to enable improvements to the company services, employee experience and client experience. Adheres to SOPs, customer Run Books and standard processes to ensure a globally consistent delivery whilst also proposing changes and improvements to these standards. Utilizes and document best practices and amend existing documentation as required. Support with security incident handling and response from several vectors including End Point Protection and Enterprise Detection and response tools, attack analysis, malware analysis, network forensics, computer forensics. Learns and utilizes a broad range of skills in LAN technologies, Windows and Linux O/Ss, and general security infrastructure. Ensures usage of knowledge articles in incident diagnosis and resolution. Under guidance, perform defined tasks to inform and monitor service delivery against service level agreements and maintain records of relevant information. Cooperates closely with colleagues to share knowledge and build a cohesive and effective team environment, benefiting the individual, the business and the client. Performs any other related task as required. Knowledge and Attributes: Knowledge on implementation and monitoring of a company supported SIEM or security tools/technologies/concepts. Knowledge on security architecture, worked across different security technologies. Knowledge and understanding of the operation of modern computer systems and networks and how they can be compromised. Displays excellent customer service orientation and pro-active thinking. Displays problem solving abilities and is highly driven and self-organized. Good attention to detail. Displays analytical and logical thinking. Well spoken and written communication abilities. Ability to remain calm in pressurized situations. Ability to keep current on emerging trends and new technologies in area of specialization. Academic Qualifications and Certifications: Bachelor's degree or relevant qualification in Information Technology or Computing or a related field. Security certifications such as (but not limited to) AZ-500, SC-200, Security+, CEH, CISSP, CISM or similar Certification in different networking technologies such as CCNA, JNCIA, ACCA, PCNSA, CCSA is advantageous. Required Experience: Entry level experience in SOC Analysis Operations. Entry level experience in SIEM usage for investigations. Entry level experience in Security technologies such as (but not limited to) Firewall, IPS, IDS, Proxy. Entry level experience in dealing with technical support to clients. Entry level experience in handling security incidents end to end. Entry level experience in configuring/managing security controls, such as SIEM, Firewall, IDS/IPS, EDR, NDR, UTM, Proxy, SOAR, Honeypots and other security tools. Entry level experience in Security Analysis or Engineering preferably gained within a global services organization.

Your day at NTT DATA The Security Platform Engineer is a seasoned subject matter expert, responsible for facilitating problem resolution and mentoring for the overall team. This role performs operational security tasks such as performance and availability monitoring, log monitoring, security incident detection and response, security event reporting, and content maintenance (tuning). The Security Platform Engineer is responsible for detecting and monitoring escalated threats and suspicious activity affecting the organization's technology domain (servers, networks, appliances and all infrastructure supporting production applications for the enterprise, as well as development environments). What you'll be doing Key Responsibilities: Works as part of a 24/7 team working on rotational shifts. Works as part of Platform and Content Engineering handling tunings, stake holder requests, escalations, reporting, trainings. Administers the organization's security tools to gather security logs from environment. Performs lifecycle management of the supported security tools/technologies, Break-fix, Patching, Live update. Adheres to SOPs and notify stake holders on log flow/log format issues. Documents best practices. Identifies opportunities to make automations which will help the incident response team. Performs security incident handling and response from several vectors including End Point Protection and Enterprise Detection and response tools, attack analysis, malware analysis, network forensics, computer forensics, and a broad range of skills in LAN technologies, Windows and Linux O/Ss, and general security infrastructure. Carries out agreed maintenance tasks. Ensures usage of knowledge articles in incident diagnosis and resolution and assist with updating as and when required. Performs defined tasks to monitor service delivery against service level agreements and maintains records of relevant information. Investigates causes of incidents and seeks resolution. Escalates unresolved incidents and follow up until incident is resolved. Provides service recovery, following resolution of incidents. Documents and closes resolved incidents according to agreed procedures. Investigates and identifies root cause of incidents and assist with the implementation of agreed remedies and preventative measures. Maintains knowledge of specific specialisms, provides detailed advice regarding their application. Ensures efficient and comprehensive resolution of incidents, including ensuring that repairs are carried out by coordinating product requests, working with other team members. Logs all such incidents in a timely manner with the required level of detail with all the necessary. Cooperates with all stakeholders including client IT environments, vendors and carriers to expedite diagnosis of errors and problems and to identify a resolution. Knowledge and Attributes: Seasoned working knowledge on implementation and monitoring of any SIEM or security tools/technologies. Seasoned knowledge on security architecture, worked across different security technologies. Customer service orientated and pro-active thinking. Problem solver who is highly driven and self-organized. Great attention to detail. Good analytical and logical thinking. Excellent spoken and written communication skills. Team player with the ability to work well with others and in group with colleagues and stakeholders. Academic Qualifications and Certifications: Bachelor's degree or equivalent in Information Technology or related field. Relevant level of Networking certifications such as CCNA, JNCIA, ACCA, PCNSA, CCSA etc. preferred. Relevant level of Security certifications such as AZ-500, SC-200, Security+, CEH, CISSP, CISM etc. will be added advantage. Required Experience: Seasoned experience in Security technologies like (Firewall, IPS, IDS, Proxy etc.). Seasoned experience in technical support to clients. Seasoned experience in diagnosis and troubleshooting. Seasoned experience providing remote support in Security Technologies. Seasoned experience in SOC/CSIRT Operations. Seasoned experience in handling security incidents end to end. Knowledge on networking, Linux and security concepts. Seasoned experience in configuring/managing security controls such as Firewall, IDS/IPS, EDR, NDR, UTM, Proxy, SOAR, HoneyPots and other security tools. Knowledge on log collection mechanism such as Syslog, Log file, DB API. Knowledge in security architecture. Seasoned experience in Security engineering.

Required technical and professional expertise Minimum 2+ years experience in SIEM. Proven expertise in handling the daily monitoring of Information Security events on the QRadar / ArcSight / Splunk console platform Proficient in monitoring security events from various SOC channels (SIEM, Tickets, Email and Phone), based on the security event severity to handle the service support teams, tier2 information security specialists Expertise in threat modelling and Use case development and ability to review policies of security monitoring tools based on security concepts and logical approach. Preferred technical and professional experience Preferred OEM Certified SOAR specialist + CEH Ambitious individual who can work under their own direction towards agreed targets/goals and with creative approach to work Intuitive individual with an ability to manage change and proven time management Proven interpersonal skills while contributing to team effort by accomplishing related results as needed Up-to-date technical knowledge by attending educational workshops, reviewing publications

Minimum 2+ years experience in SIEM Proven expertise in handling the daily monitoring of Information Security events on the QRadar / ArcSight / Splunk console platform Proficient in monitoring security events from various SOC channels (SIEM, Tickets, Email, and Phone), based on the security event severity to handle the service support teams and tier 2 information security specialists Expertise in threat modelling and use case development Ability to review policies of security monitoring tools based on security concepts and logical approach Preferred technical and professional experience Preferred OEM Certified SOAR specialist + CEH Ambitious individual who can work under their own direction towards agreed targets/goals with a creative approach to work Intuitive individual with an ability to manage change and proven time management Proven interpersonal skills while contributing to team effort by accomplishing related results as needed Up-to-date technical knowledge by attending educational workshops and reviewing publications

Role- Splunk SOAR Job Description: Experience in SIEM SOAR implementation and administration Experience in Playbook creation Demonstrated proficiency in the daily monitoring of Information Security events ensuring prompt detection and response to potential threats Proficient in performing 24x7 monitoring of security logs conducting detailed analysis and escalating detected events based on agreed runbooks and SLAs Knowledgeable in malware analysis techniques aiding in the identification and mitigation of malicious software Experience in SIEM SOC operations for very large enterprises ensuring security posture and compliance Proficiency in reviewing security monitoring tool policies using a logical and security focused approach aligning them with the latest security concepts to enhance the overall security posture of the organization Possess expertise in threat modeling and the development of use cases enabling the creation of effective strategies for identifying and mitigating security threats Proficient in working with SOAR tools particularly XSOAR Skilled in playbook development and integrating third party solutions with SOAR Experienced in security automation using scripting languages like Python and Shell Hands on experience in Managing and maintaining existing SOAR solution ensuring its optimal performance and functionality Successfully on boarded new customers to the platform ensuring a smooth transition and adoption of the platform Managed the entire customer onboarding process starting from host building firewall requests and tenant on boarding Integrated third party solutions with the SOAR platform including SIEM email and ITSM Troubleshot errors related to playbook execution and third party integrations ensuring smooth operation of the SOAR system Assisted in SOAR platform upgrades including testing deployment and configuration to maintain up to date and secure infrastructure Gathered playbook development requirements from customers or suggested new playbook development requirements to enhance the SOAR systems capabilities

• Proficiency with management PROXY • Experience in working with Windows, Linux, Unix environments • Hands-on experience in commissioning and Implementation of PROXY solutions