482 Soar Jobs - Page 18

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Operation Automation Good to have skills : NA Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking an experienced and innovative SOAR Architect to lead the design, development, and implementation of advanced Security Orchestration, Automation, and Response (SOAR) solutions. The ideal candidate will leverage their expertise in platforms like Splunk Phantom, Chronicle SOAR, and Cortex XSOAR to optimize and automate incident response workflows, enhance threat detection, and improve overall security operations efficiency. Roles & Responsibilities: SOAR Strategy and Architecture:Develop strategies for automation, playbook standardization, and process optimization. Playbook Development:Create, test, and deploy playbooks for automated threat detection, investigation, and response. Collaborate with SOC teams to identify repetitive tasks for automation and translate them into SOAR workflows. Integration and Customization:Integrate SOAR platforms with existing security tools, including SIEM, threat intelligence platforms, and endpoint protection. Customize connectors and APIs to enable seamless communication between security tools. Collaboration and Leadership:Work closely with SOC analysts, threat hunters, and other stakeholders to align automation efforts with organizational goals. Provide technical mentorship to analysts on SOAR platform utilization. Performance Optimization:Continuously evaluate SOAR platform performance and implement improvements for scalability and reliability. Monitor automation workflows and troubleshoot issues to ensure consistent operations. Compliance and Best Practices:Ensure that all SOAR implementations align with industry standards, compliance regulations, and organizational policies. Stay up to date with the latest advancements in SOAR technology and incident response practices. Professional & Technical Skills: Proficiency in scripting and programming Python to develop custom playbooks and integrations. Strong understanding of security operations, incident response, and threat intelligence workflows. Proven track record of integrating SOAR with SIEM solutions (e.g., Splunk, Chronicle), EDR, and other security tools. Ability to troubleshoot complex integration and automation issues effectively. Additional Information: Certifications such as Splunk Phantom Certified Admin, XSOAR Certified Engineer, or equivalent. Experience with cloud-native SOAR deployments and hybrid environments. Familiarity with frameworks like MITRE ATT&CK, NIST CSF, or ISO 27001. A 15 year full-time education is required 3.5 years of hands-on experience with SOAR platforms like Splunk Phantom (On-Prem and Cloud), Chronicle SOAR, and Cortex XSOAR. Qualification 15 years full time education

Role & responsibilities 9+ years of experience in cybersecurity, specializing in Managed Security Services (MSS) and advanced operational environments. Familiarity with a wide range of cybersecurity solutions, including Threat Detection and Response technologies (e.g., SIEM, SOAR, EDR, XDR), Identity Management systems (e.g., IGA, PAM, SSO), and Data Protection tools. Strong understanding of the technology landscape and the cybersecurity challenges faced by organizations. Proven ability to build and maintain relationships with decision-makers, including C-suite stakeholders, to drive business growth. Skilled in managing the sales pipeline from lead generation to deal closure, ensuring accurate forecasting and alignment with client objectives. Excellent communication and presentation abilities to articulate complex security solutions effectively. Capable of independently driving sales opportunities through the full cycle, including product demonstrations and collaboration with internal teams (e.g., solution architects, delivery managers). Experienced in working with GCCs in India is highly preferred. Proficient in CRM tools, Microsoft Office, and industry best practices. Continuously monitors industry trends, competitor strategies, and market developments to identify and seize new opportunities. Willingness to travel to meet business needs.

About KPMG in India KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience Role & responsibilities: The candidate should be hands-on in managing Security Operations, SOC, Identify access management, Risk Management Should have worked on Blueprinting and Designing of SOC frameworks and implementation of SOC/SIEM solution and Enterprise Architecture Should be hands-on on security processes with good client and Market facing experience in India geography Should have worked on Designing, solutioning and Implementation of Cyber Security Frameworks - Security Operations Strategy, Vulnerability Management - Application & Infrastructure and Threat Intelligence and Analytics Preferred candidate profile : Should have worked on the below - M&A experience - Actively monitoring, analyzing & escalating SIEM alerts based on correlation rules, Active threat hunting on network flow, user behavior and threat intelligence Candidate should have expert level domain knowledge (Cyber Security), Threat Hunting, SIEM - Azure Sentinel, SIEM - (RSA / Splunk / LogRhythm/Qradar ), Ability to Comprehend Logs (HTTP, SMTP, Network), Operating systems and servers, Organizes Technical Sessions / Talks. Candidate should able to familiar with python Scripting & Windows Active Directory (Optional). Vulnerability Management Services - External & internal Vulnerability scanning, VMS tool Qualys & Kenna Administration, Application server & Vulnerability scanning Candidate should have expert level domain knowledge (Cyber Security), Vulnerability scans and recognizing vulnerabilities in security systems, Network analysis tools to identify vulnerabilities, Develop insights about the context of an organizations threat environment, Risk management processes, Network attack and a network attacks relationship to both threats and vulnerabilities. Candidate should have advance level understanding of Impact/risk assessments. Security Operations and Management experience - SOC Experience in Identity access, privilege access, vulnerability management Client facing - front end with the client- focused on engagements + Sales, BD + Capability Development Qualification: B.Tech / M.Tech/ MCA professional with 9-12 years of experience in the relevant role Should have strong hands on MS Power Point and MS Project Hands on experience and certification in any one SIEM (IBM QRadar, ArcSight, Azure Sentinel, Splunk) Security Certifications like CISSP, CISM, GIAC, Security+ etc Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.

Role & Responsibility: Azure Cloud Migration Expert: An Azure Cloud Migration Expert is responsible for planning, designing, and executing the migration of on-premises or other Public/Private Cloud Providers hosted applications and infrastructure to the Azure cloud. They ensure seamless transitions, optimization, integrity, and adhere to Azure Well-Architected Framework during and after the migration process. Key Responsibilities: Assessment and Planning: Evaluate existing systems (On-premises, AWS, GCP, etc.), and associated enabling capabilities (identity, security, HA/DR, monitoring, backup/restore, reporting, integrations, etc.). Design and develop comprehensive migration strategies and plans. Evaluate, recommend, and implement 7 Rs cloud migration strategies - rehost, replatform, refactor, repurchase, retire, retain, and relocate. Migration Execution: Manage and execute the migration process, ensuring minimal downtime and data integrity, and using tools like Azure Migrate. Cloud Infrastructure Management: Configure, optimize, and monitor Azure resources, including but not limited to virtual machines, AKS, storage, networking, and other services. Technical Expertise: Provide technical guidance to project teams, troubleshoot issues, and ensure compliance with cloud security best practices. Technical Leadership: Develop, train, and build internal teams with Azure skills and build a practice/Center of Excellence Post-Migration Support: Provide documentation, training, and ongoing support to internal teams and clients. Optimization and Cost Efficiency: Continuously monitor and optimize cloud infrastructure performance and cost-efficiency. Collaboration: Work with cross-functional teams (developers, IT, security, compliance) to ensure seamless integration and alignment. Required Skills: Azure expertise: Proficiency in Azure services, architecture, and best practices. AWS/Public Cloud awareness: Good working understanding of AWS or other public cloud providers. Cloud Architecture and Design: Good understanding of architecting cloud solutions cloud native design, micro services framework. Cloud Native Skills: In-depth knowledge and experience with technologies like Docker, Kubernetes, Packer Cloud migration tools: Experience with Azure Migrate, Site Recovery, and other relevant tools. Networking and security: Strong understanding of cloud networking, security protocols, and compliance. Scripting and automation: Proficiency in scripting languages (PowerShell, Python) for automating tasks and infrastructure management. Experience in Azure Automation, Azure DevOps. Problem-solving and analytical skills: Ability to diagnose issues, develop solutions, and analyze data. Communication and collaboration: Excellent communication skills for interacting with stakeholders and cross-functional teams. Experience: Minimum 2-3 years of experience in cloud migration projects with Azure or other cloud providers. Overall, 5-7 years of experience. Experience with cloud architecture and services, Azure migration, automation and DevOps tools. Experience in security and compliance, observability, monitoring, SIEM, SOAR, SRE. Preferred candidate profile

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: SOAR Tools. Experience: 5-8 Years.

Job Description: SOAR Playbook Expert- L2 Location: Mumbai (Santa Cruz) Client Site Work Mode: Work from Office Payroll: NTT Budget: 13 LPA (Including 5% variable) Notice Period: Immediate to 45 days only Requirement Brief : Total experience of 6+ years out of which minimum 5 years of experience in SOAR. Minimum experience of 4 years as L2 level. Only look for candidates who are expert on SOAR. Proposed OEM Level Certification - Splunk (SOAR certified automation developer) must. Key Responsibilities: Create and maintain security playbooks for automating incident response procedures. Analyse security incidents and determine automation opportunities. Continuously improve existing playbooks for efficiency and effectiveness. Conduct thorough testing and validation of playbooks to ensure accuracy. Develop integrations with various security tools, systems, and APIs. Map data flows between different systems and ensure data consistency. Create custom scripts and connectors to facilitate integrations. Implement robust error handling and troubleshooting mechanisms for integrations.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: SOAR Tools.Experience: 3-5 Years.

6+ yrs of hands-on experience in SecOps, Security Engineering, or Security Automation Expertise in Python programming for security automation &scripting SIEM, SOAR, and EDR tools to improve detection & response. Priyanka 9816787033

We are seeking a Cyber Security Specialist to join the Security Operations team. The specialist will serve on the front lines of Security team and will lead and support security investigations across the companys global infrastructure as well as respond to escalations from different entities. The specialist will leverage an armory of tools to investigate and respond to both external and internal security threats. Utilizing company's tooling, you will monitor security events in real-time, assess external and internal threats, and provide accurate and timely response. You will collaborate closely with multiple product team within the Tribe, with a diverse set of skills to tackle the array of security challenges that we encounter. Security Specialist, Incident Response Responsibilities includes: • Lead security incident response in a cross-functional environment and drive incident resolution. • Lead and develop Incident Response initiatives that improve company's capabilities to effectively respond and remediate security incidents. • Perform digital forensic investigations and analysis of a wide variety of assets including endpoints. • Perform log analysis from a variety of sources to identify potential threats. • Build automation for response and remediation of malicious activity. • Write complex search queries in the EDR as well as SIEM tools for hunting the adversaries. • Works on SOAR cases, automation, workflow & Playbooks. • Integrating and working on Identity solutions. • Developing SIEM use cases for new detections specifically on identity use cases. Minimum Qualifications: • 5-10 years of experience in Security Incident Response, Investigations • Working experience in Microsoft On-prem and Entra ID solutions • Good knowledge in Active Directories and Tier 0 concepts • Very good knowledge of operating systems, processes, registries, file systems, and memory structures and experience in host and memory forensics (including live response) on Windows, macOS and Linux. • Experience investigating and responding to both external and insider threats. • Experience with attacker tactics, techniques, and procedures (MITRE ATT&CK) • Experience analyzing network and host-based security events

Job Title: SOC Manager Location: Bangalore Department: Security Operations Center About Zybisys : At Zybisys, we are dedicated to providing top-tier cybersecurity services to our clients. We are looking for a skilled and experienced SOC Manager to lead our Security Operations Center (SOC) team in supporting customer onboarding, service implementation, continuous monitoring, and ensuring compliance with industry standards Role Overview: The SOC Manager will oversee the implementation, monitoring, and management of security operations for multiple clients. This role requires managing customer SOC services, ensuring timely onboarding, continuous monitoring, and compliance with security standards. You will lead the team in incident detection, response, and mitigation while ensuring the highest level of customer satisfaction. Key Responsibilities: SOC Operations Leadership: Lead and manage SOC operations for multiple client accounts, ensuring seamless service delivery, compliance, and performance. Client Onboarding & Implementation: Oversee the onboarding of new clients to the SOC service, ensuring smooth implementation of security protocols, tools, and monitoring systems. Incident Detection and Response : Supervise the detection, response, and remediation of security incidents for clients, providing detailed analysis and post-incident reviews. Continuous Monitoring & Threat Intelligence: Ensure the continuous monitoring of client systems for vulnerabilities, utilizing modern SIEM tools, intrusion detection/prevention systems (IDS/IPS), and other security technologies to proactively defend against emerging threats. Compliance & Reporting: Ensure SOC operations meet industry standards (e.g., GDPR, HIPAA, PCI-DSS) and regularly update clients on security posture through reports and executive briefings. Team Leadership & Mentorship: Lead, train, and mentor SOC team members, fostering continuous learning and certifications. Security Automation: Drive initiatives to automate security operations and reduce response time through SOAR tools and other technologies. Cross-Functional Collaboration: Work closely with clients, IT teams, and external vendors to ensure security is integrated into all systems, applications, and workflows. Key Skills and Qualifications: Certifications: CISSP, CISM, CEH, CTIA, CCSP or similar. Experience: Minimum 10+ years of experience in cybersecurity, with at least 5+ years in a leadership or managerial role within a SOC or security operations environment. Proven experience in client onboarding, security monitoring, and compliance. Technical Expertise: Hands-on experience with SIEM tools (Splunk, IBM QRadar), IDS/IPS, firewalls, EDR, and other security technologies. Leadership & Communication: Strong leadership, management, and communication skills, with the ability to present technical information to non-technical stakeholders. Analytical Skills: Strong problem-solving abilities and experience in conducting root cause analysis and developing action plans post-incident. Preferred Skills: Experience with cloud security (AWS, Azure, Google Cloud). Familiarity with security frameworks (ISO 27001, NIST, SOC 2 TYPE-2, PCI-DSS, GDPR). Experience with red teaming, penetration testing, and vulnerability assessments. Why Join Zybisys? Zybisys offers an exciting and dynamic work environment where you can contribute to innovative cybersecurity services. Join us to lead a team that supports clients with their security needs while growing your career in the cybersecurity industry.

Job Title: SOC Manager Location: Bangalore Department: Security Operations Center About Zybisys : At Zybisys, we are dedicated to providing top-tier cybersecurity services to our clients. We are looking for a skilled and experienced SOC Manager to lead our Security Operations Center (SOC) team in supporting customer onboarding, service implementation, continuous monitoring, and ensuring compliance with industry standards Role Overview: The SOC Manager will oversee the implementation, monitoring, and management of security operations for multiple clients. This role requires managing customer SOC services, ensuring timely onboarding, continuous monitoring, and compliance with security standards. You will lead the team in incident detection, response, and mitigation while ensuring the highest level of customer satisfaction. Key Responsibilities: SOC Operations Leadership: Lead and manage SOC operations for multiple client accounts, ensuring seamless service delivery, compliance, and performance. Client Onboarding & Implementation: Oversee the onboarding of new clients to the SOC service, ensuring smooth implementation of security protocols, tools, and monitoring systems. Incident Detection and Response : Supervise the detection, response, and remediation of security incidents for clients, providing detailed analysis and post-incident reviews. Continuous Monitoring & Threat Intelligence: Ensure the continuous monitoring of client systems for vulnerabilities, utilizing modern SIEM tools, intrusion detection/prevention systems (IDS/IPS), and other security technologies to proactively defend against emerging threats. Compliance & Reporting: Ensure SOC operations meet industry standards (e.g., GDPR, HIPAA, PCI-DSS) and regularly update clients on security posture through reports and executive briefings. Team Leadership & Mentorship: Lead, train, and mentor SOC team members, fostering continuous learning and certifications. Security Automation: Drive initiatives to automate security operations and reduce response time through SOAR tools and other technologies. Cross-Functional Collaboration: Work closely with clients, IT teams, and external vendors to ensure security is integrated into all systems, applications, and workflows. Key Skills and Qualifications: Certifications: CISSP, CISM, CEH, CTIA, CCSP or similar. Experience: Minimum 10+ years of experience in cybersecurity, with at least 5+ years in a leadership or managerial role within a SOC or security operations environment. Proven experience in client onboarding, security monitoring, and compliance. Technical Expertise: Hands-on experience with SIEM tools (Splunk, IBM QRadar), IDS/IPS, firewalls, EDR, and other security technologies. Leadership & Communication: Strong leadership, management, and communication skills, with the ability to present technical information to non-technical stakeholders. Analytical Skills: Strong problem-solving abilities and experience in conducting root cause analysis and developing action plans post-incident. Preferred Skills: Experience with cloud security (AWS, Azure, Google Cloud). Familiarity with security frameworks (ISO 27001, NIST, SOC 2 TYPE-2, PCI-DSS, GDPR). Experience with red teaming, penetration testing, and vulnerability assessments. Why Join Zybisys? Zybisys offers an exciting and dynamic work environment where you can contribute to innovative cybersecurity services. Join us to lead a team that supports clients with their security needs while growing your career in the cybersecurity industry.

SUMMARY Our client is IT MNC part of one of the major insurance groups based out of Germany and Europe. The Group is represented in around 30 countries worldwide, with Over 40,000 people worldwide, focusing mainly on Europe and Asia. Our client offers a comprehensive range of insurances, pensions, investments and services by focusing on all cutting edge technologies majorly on Could, Digital, Robotics Automation, IoT, Voice Recognition, Big Data science, advanced mobile solutions and much more to accommodate the customers future needs around the globe thru supporting millions of internal and external customers with state of-the-art IT solutions to everyday problems & dedicated to bringing digital innovations to every aspect of the landscape of insurance. Job Location: Hiranandani Gardens, Powai, Mumbai Mode: Work from Office Requirements Key Responsibilities: : Business-Cybersecurity Alignment: o Work closely with business stakeholders, IT security teams, and cross-functional teams to ensure cybersecurity initiatives align with the organization’s broader business goals. o Translate business needs into technical security requirements that can be effectively executed by the security and IT teams. Risk Analysis & Security Assessments: o Conduct risk assessments in the context of hybrid IT environments (cloud, on-premises, and edge) to identify security gaps and vulnerabilities. o Collaborate with security teams to evaluate existing security controls and recommend solutions to mitigate identified risks, balancing business needs with security requirements. Cybersecurity Frameworks & Compliance: o Ensure that all business and technical security requirements comply with relevant regulatory compliance frameworks (e.g., NIST CSF, ISO 27001, GDPR, HIPAA). o Support audits and compliance assessments, identifying any gaps between current practices and regulatory standards. (must have) Security Process Improvement: o Identify opportunities for process improvements within the cybersecurity function, including streamlining security incident response, access management processes, and threat detection workflows. o Develop business cases for proposed security improvements, including cost-benefit analyses and risk assessments. The Business Analyst will have comprehensive responsibilities spanning multiple cybersecurity domains, and should have expertise in at least 5 of the following areas o SIEM Sentinel & Security Operations: Manage and optimize SIEM solutions, particularly Sentinel, for effective monitoring, incident detection, and security event correlation across hybrid environments. Collaborate with security operations teams to ensure proper configuration, tuning, and reporting within SIEM platforms to support proactive threat management. o Security Tools & Technology Integration: Work with security teams to implement and optimize security tools such as SIEM (e.g., Splunk, Microsoft Sentinel), EDR (e.g., CrowdStrike, MS Purview/Defender), SOAR platforms, CASB (Cloud Access Security Broker), and Threat Intelligence systems. Help define and document requirements for the integration of cybersecurity tools into the broader security ecosystem. o User Access Management (UAM) & RBAC: Work closely with identity and access management teams to ensure the implementation of UAM and RBACsystems that align with the organization's security policy and business requirements. Support the development of processes for managing user roles, privileges, and access rights across enterprise systems. o Cloud & Encryption Security: Ensure that security policies and controls are applied across both on-premises and cloud environments(AWS, Azure, Google Cloud), addressing challenges related to cloud security, data encryption, and access management. Collaborate with technical teams to implement strong encryption methods for data - in - transit, data-at-rest, and data-in-use in line with organizational security policies. o AI & ML in Cybersecurity: (Good to have) Contribute to the use of AI/ML technologies to enhance threat detection, anomaly identification, and predictive analytics within the organization’s security operations. Collaborate with data scientists and security teams to define requirements for AI/ML-based security models and incident response automation. o SOAR Integration & Incident Response: Assist with the integration of Security Orchestration, Automation, and Response (SOAR) solutions into the incident response lifecycle to streamline response times and automate repetitive tasks. Support the continuous improvement of incident response procedures and playbooks, ensuring a consistent, rapid, and efficient approach to security incidents. Benefits

Your key responsibilities Administration and management support of CrowdStrike Perform as the subject matter expert on any of the above solutions for the customer, use the capabilities of the solution in the daily operational work for the end customer. Advise customers on best practices and use cases on how to use this solution to achieve customer end state requirements. Content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Skills and attributes for success Customer Service oriented - Meets commitments to customers; Seeks feedback from customers to identify improvement opportunities. Experience in managing CrowdStrike Good knowledge of SIEM technologies such as Splunk, Azure Sentinel from an Analysts point of view Exposure to IOT/OT monitoring (Claroty, Nozomi Networks etc.) is a plus Good knowledge and experience in Security Monitoring Good knowledge and experience in Cyber Incident Response Knowledge in Network monitoring technology platforms such as Fidelis XPS or others Knowledge in other endpoint protection tools, techniques, and platforms such as Carbon Black, Symantec, or others To qualify for the role, you must have B. Tech./ B.E. with sound technical skills Strong command on verbal and written English language. Demonstrate both technical acumen and critical thinking abilities. Strong interpersonal and presentation skills. Minimum 4 years of Hands-on experience of operating/implementing the above security tools. Certification in any of the SIEM platforms is a plus Knowledge of RegEx, Perl scripting and SQL query language. Certification - CCSA, CEH, CISSP, GCIH, GIAC.

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Managed Cloud Security Services Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are looking for an experienced and detail-oriented Security Delivery Associate Manager to support the planning, implementation, and delivery of cybersecurity services across Microsoft security technologies. will play a key role in delivering secure, scalable, and compliant security solutions for internal stakeholders or clients. Roles & responsibilities:The ideal candidate will have practical expertise in Microsoft Sentinel, Cribl, Logstash, Devops, Terraform, Logsource onboarding, ASIM Parsing .Deliver security solutions using Microsofts security stack, with a focus on Microsoft Sentinel Platform Management.Translate business and technical requirements into well-architected security solutions and support delivery from design to deployment.Managing Cluster with multiple clients .Lead and manage cross-functional teams, ensuring effective collaboration, communication, and alignment with business objectives. Responsible for team decisions.Engage with multiple teams and contribute on key decisions.Develop and implement security strategies.Conduct security assessments and audits.Stay updated on the latest security trends and technologies.Configure and fine-tune Microsoft Sentinel, develop analytics rules, workbooks, playbooks, and maintain alerting mechanisms.Coordinate with engineering, operations, and risk teams to ensure consistent and secure delivery of services.Create technical documentation, deployment guides, and knowledge transfer materials for clients or internal teams.Collaborate with project managers and stakeholders to ensure timely and successful delivery of security services.Contribute to continuous improvement initiatives and automation of delivery processes. Professional & Technical Skills: Strong client-facing and stakeholder engagement capabilities.Excellent organizational and project coordination skills.Ability to clearly communicate technical information to both technical and non-technical audiences.Proactive mindset with a focus on security service quality and consistency.Experience working in delivery frameworks such as Agile, ITIL.focus on review and gap analysis of VM playbooks as they compare to NBS. Microsoft Sentinel:Hands-on experience with SIEM/SOAR, including KQL query development, alert tuning, and automation with Logic Apps.Configure and fine-tune Microsoft Sentinel, develop analytics rules, workbooks, playbooks, and maintain alerting mechanisms.Able to manage key vault and secret rotation Required knowledge Entra ID management.Required knowledge in Log source optimizationASIM parsing and normalizationManaging Cribl and Logstash pipeline for log source onboarding.Strong understanding of incident response and threat management.Familiarity with scripting (PowerShell, KQL), infrastructure-as-code, and automation tools is a plus.Able to manage requests, incidents, and changes on ServiceNow as per service management process.Required active participation/contribution in team discussionsTo be a part of audits and service improvement activities within the teamExperience in designing and implementing security solutions. Deliver security solutions using Microsofts security stack, with a focus on Microsoft Defender for Cloud, Endpoint, Identity, Azure Firewall, and Microsoft Sentinel.Implement and operationalize MDC for cloud security posture management and workload protection.Support deployment and ongoing management of MDE for endpoint threat detection and response.Integrate MDI into customer environments to monitor identity-related threats and provide remediation recommendations.Knowledge of network security protocols and best practices.Hands-on experience with security tools and technologies. Additional Information:The candidate should have a minimum of 10+ years of experience in Managed Cloud Security Services.This position will be operated from Bengaluru location.A 15 years full time education is required. Qualification 15 years full time education

Proactively lead and support incident response team during an incident. * Experience in advance investigation, triaging, analysis and escalation of security incidents with recommendations * Hands-on basic experience with configurations and management of SIEM tools(Qradar) including log source integrations, custom parser built, fine tuning and optimizing the correlation rules and use cases recommendations Is MUST. * Proven Experience on any of the Security information and event management (SIEM) tools using Qradar * Data-driven threat hunting using SIEM, EDR and XDR tools * Basic Experience is SOAR tools such as Qradar Resilient, PaloAlto XSOAR * Identify quick defence techniques till permanent resolution. * Recognize successful intrusions and compromises through review and analysis of relevant event detail information. * Review incidents escalated by Level 1 analysts. * Launch and track investigations to resolution. Recognize attacks based on their signatures, differentiates false positives from true intrusion attempts. * Actively investigates the latest in security vulnerabilities, advisories, incidents, and penetration techniques and notifies end users when appropriate. * Identify the gaps in security environment & suggest the gap closure * Drive & Support Change Management * Performs and reviews tasks as identified in a daily task list. * Report Generation and Trend Analysis. Participate in the Weekly and Monthly governance calls to support the SOC metrics reporting * Good to have hands on experience with managing SIEM solutions on public/private clouds like Amazon AWS, Microsoft Azure, etc. * Willing to work in 24x7 rotational shift model including night shift. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise * 5+ Years Hands-on experience required in Qradar SIEM and SOAR. * Desired experience in Threat hunting, Threat intelligence. * Worked on tools belongs to Qradar, UEBA, UAX. * Bachelor’s degree in engineering/information security, or a related field. * Relevant certifications such as CEH, CISSP, CISM, CompTIA CASP+, or equivalent. * Proven experience to work in a SOC environment. Preferred technical and professional experience Proven experience in managing and responding to complex security incidents. * Strong analytical and problem-solving skills. * Excellent communication and collaboration abilities. * Ability to work in a fast-paced, dynamic environment. * Deep technical knowledge of security technologies and advanced threat landscapes.

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L1 Analyst has responsibility to closely track the incidents and support for closure. 10.Escalate more complex incidents to L2 analysts for deeper analysis. 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Handle XDR alerts and followup with customer team for agent updates Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.2 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques. Preferred technical and professional experience Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L2 Analyst has responsibility to closely track the incidents and support for closure. 10.Working with logsource and usecase management in integrating log sources and developing & testing usecase 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Developing SOP / instruction manual for L1 team 13.Guiding L1 team for triage/analysis and assist in clousure of cybersecurity alert and incidents 14.Handle XDR alerts and followup with customer team for agent updates 15.Escalate more complex incidents to L3 SME for deeper analysis. Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.3-7 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques. Preferred technical and professional experience Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications

Key Responsibilities: Act as the subject matter expert (SME) forPalo Alto Cortex XDR and endpoint security. Lead investigation and response for advanced endpoint threats and alerts using XDR. Develop and fine-tune detection rules, response playbooks, and behavioral indicators. Integrate Cortex XDR with other security tools (SIEM, SOAR, firewalls, etc.). Analyze complex threat patterns, perform root cause analysis, and recommend mitigation strategies. Collaborate with SOC teams to escalate, triage, and resolve endpoint incidents. Create and maintain technical documentation, runbooks, and training materials. Support compliance and audit requirements for endpoint security. Provide L3 support and mentor junior team members. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise 5+ years of experience in Cybersecurity or Information Security. Minimum 2+ years hands-on experience specifically with Palo Alto Cortex XDR (endpoint or extended detection and response). Strong knowledge of endpoint detection and response (EDR) technologies and incident handling. Experience in scripting (Python, PowerShell) for automation is a plus. Familiarity with security frameworks such as MITRE ATT&CK. Experience in working with SIEM and SOAR platforms. Excellent analytical, communication, and troubleshooting skills. Certifications like PCNSE, CISSP, CEH, or GCIA are advantageous.

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L1 Analyst has responsibility to closely track the incidents and support for closure. 10.Escalate more complex incidents to L2 analysts for deeper analysis. 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Handle XDR alerts and followup with customer team for agent updates Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Preferred technical and professional experience Required Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.2 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques.Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications"

About Us Our purpose at Avient Corporation is to be an innovator of materials solutions that help our customers succeed, while enabling a sustainable world. Innovation goes far beyond materials science; its powered by the passion, creativity, and diverse expertise of 9,000 professionals worldwide. Whether youre a finance wizard, a tech enthusiast, an operational powerhouse, an HR changemaker, or a trailblazer in materials development, youll find your place at Avient. Join our global team and help shape the future with sustainable solutions that transform possibilities into realities. Your unique perspective could be the key to our next breakthrough! Job Summary The Senior Manager of Security Operations and Identity Management is responsible for 24x7 security monitoring and the administration of identity management processes. This role includes overseeing the architectural design, deployment, execution, and optimization of solutions in alignment with risk requirements and compliance obligations. Essential Functions Ensure that SIEM and SOAR environments are fit for purpose” and continually enhanced to cover known and emerging MITRE ATT&CK techniques Manage the global SOC team responsible for 24x7 alerting, triage, investigation and Incident Response. Monitor and improve Key Performance Indicators (KPIs) Track SOC Maturity and partner with CISO to establish road map for growing SOC capabilities and automation Manage the Cyber Threat Intelligence program Oversee forensics, litigation support, and e-discovery capabilities in support of requests from Legal Lead the team responsible for identity lifecycle functions, identifying and implementing best practices to automate repetitive processes Oversee IAM architecture design, deployment and delivery of capabilities to achieve target levels of cyber maturity and efficiency, working with vendors, partners and other 3rd parties Ensure compliance with required regulations and frameworks across all divisions and markets, driving timely remediation of any IAM deficiencies Other duties as assigned Education and Experience Qualifications Bachelor’s degree in information technology, engineering, business management, operations management, or related field or discipline 15+ years' experience in cyber security with 5+ years in a management role Solid understanding of IAM principles, design and engineering, including Single sign-on (SSO), Multi-Factor Authentication (MFA), Privileged Access Management (PAM) Working knowledge of multiple IAM systems (traditional and cloud) Experience implementing Zero Trust capabilities in complex operating environments Additional Qualifications Security certifications (CISSP, CISM, GCIH, GSEC, etc) Experience with modern cloud detection and response tools and processes Operational Technology (OT) experience

Project Role :Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Senior Splunk Engineer for Content and Platform Development, you will be responsible for driving end-to-end SIEM engineering efforts, ranging from data onboarding and normalization to advanced detection rule creation and dashboard development. You will play a strategic role in maturing the organizations detection capability, operational visibility, and SOC automation efforts. This role involves significant collaboration with security analysts, threat hunters, compliance teams, and platform administrators to ensure the Splunk ecosystem is optimized, secure, and continuously evolving. Roles & Responsibilities:- overall experience in cybersecurity or IT infrastructure, with 3+ years hands-on Splunk engineering-Deep expertise in Splunk Search Processing Language (SPL) for creating complex queries, dashboards, alerts, and reports-Strong experience in creating, testing, and tuning detection content for security use cases-Experience in onboarding and parsing logs from various sources (e.g., firewalls, EDRs, cloud platforms, applications)-Expertise in data models (CIM), field extractions (regex), and knowledge objects (lookups, macros, tags)-Experience in designing and optimizing index structures, data retention policies, and storage performance-Ability to work with stakeholders from security operations, threat intel, and infrastructure teams-Strong documentation, version control, and lifecycle management for detection rules and dashboards-Experience integrating SOAR platforms with Splunk (e.g., Splunk SOAR, XSOAR)-Familiarity with Splunk Enterprise Security (ES) and its correlation framework-Exposure to MITRE ATT\&CK mapping for content standardization Professional & Technical Skills: -Design, implement, and maintain search queries, correlation rules, and dashboards aligned with business and threat requirements-Tune existing alerts and rules to reduce false positives and improve detection fidelity-Map detection content to frameworks such as MITRE ATT&CK and compliance standards-Onboard new log sources across endpoints, cloud, infrastructure, and applications-Monitor log sources reporting into Splunk SIEM and identify log sources that fail to report in accordance with the security operation runbooks-Log source parsing issues troubleshooting and resolution.-Write and maintain custom field extractions, transforms, and other configurations-Optimize searches, reduce duplication, and ensure compliance with search head clustering best practices-Build real-time and scheduled dashboards to support SOC, compliance, and leadership visibility-Use lookups, macros, and scheduled reports to enrich alerts and enable decision-making-Participate in use case governance processes and maintain runbooks/playbooks-Review and approve content changes submitted by junior team members-Strong foundational understanding of security operations, threat landscapes, and log analysis-Excellent written and verbal communication skills for working with both technical and business stakeholders-Provide Splunk SIEM and SOAR (Tines/ Palo Alto XSOAR) support along with coordinating with Vendor when required.-Splunk SIEM:Rule creation, anomaly detection, ATT&CK mapping-SOAR:Playbook customization, API integrations, dynamic playbook logic-Threat Intelligence:TTP mapping, behavioral correlation-Splunk SIEM:Parser creation, field extraction, correlation rule design-Scripting:Python, regex, shell scripting for ETL workflows-Data Handling:JSON, syslog, Windows Event Logs-Splunk SIEM Detection Engineering, Content development and platform support. Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role :Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Cyber Threat Intelligence Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Threat Intelligence Architect, you will be responsible for executing a comprehensive threat intelligence program. Collect, analyze, and disseminate timely and relevant threat intelligence to stakeholders.Reporting to the Threat Intelligence Lead you would develop and refine incident response plans based on threat intelligence insights. Collaborate with internal teams to integrate threat intelligence into security controls Roles & Responsibilities:Lead collection of information for different levels of cyber threat intelligence, ranging from strategic, tactical to operational.Dark Web Monitoring:Monitor and analyse activities on the Dark Web to identify potential cyber threats, emerging trends, and vulnerabilities.Threat Intelligence Analysis:Evaluate collected data to produce actionable threat intelligence reports, enabling proactive measures to defend against cyber threats.Monitor open-source intelligence (OSINT), dark web sources, and industry reports to stay informed of specific threats and trends.Collaboration:Work closely with cross-functional teams, sharing insights and contributing to the overall cybersecurity strategy.Evaluate and recommend threat intelligence tools, technologies, and platforms to enhance the capabilities.Stay current on emerging threats, attack techniques, and Cybersecurity trends relevant to the industry.Develop and maintain threat intelligence reports, briefings, and dashboards to inform security teams and leadership.Provide research and intelligence support with respect to internal and external ad-hoc requests.Collaborate with global teams for information exchange and joint research.Required Skills & Experience:Proven experience in Threat Intelligence, Threat Hunting, or Digital Risk Management.Strong knowledge of cyber threat intelligence frameworks (MITRE ATT&CK, Diamond Model, Cyber Kill Chain).Expertise in digital risk protection (brand monitoring, dark web intelligence, social media threats, fraud detection).Hands-on experience with Threat Intelligence Platforms (TIPs), SIEM, SOAR, and EDR solutions.Proficiency in OSINT, dark web monitoring, and third-party risk intelligence.Experience analyzing malware, exploits, and Indicators of Compromise (IOCs).Proficiency in scripting with Python, PowerShell, or similar languages for automation and threat analysis.Good knowledge of Operating Systems, Network and Cloud technologies.Understanding of AI/ML-driven threat detection techniques.Excellent analytical, communication, and report-writing skills. Able to communicate difficult technical concepts to a non-technical audience.Strong knowledge of threat hunting, forensics, and incident response processes is an added advantage.Certifications such as CEH, CTIA , GCTI or equivalent are preferred. Professional & Technical Skills: - Must To Have Skills: Proficiency in Cyber Threat Intelligence.- Strong understanding of cloud security principles and practices.- Experience with risk assessment and management frameworks.- Familiarity with security compliance standards such as ISO 27001 and NIST.- Ability to analyze and respond to security incidents effectively. Additional Information:- The candidate should have minimum 5 years of experience in Cyber Threat Intelligence.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role :Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and facilitating the transition to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud security challenges. Roles & Responsibilities:-Experience in cybersecurity or IT infrastructure, with 2+ years hands-on Splunk engineering-Good experience in Splunk Search Processing Language (SPL) for creating complex queries, dashboards, alerts, and reports-Good experience in creating, testing, and tuning detection content for security use cases-Experience in onboarding and parsing logs from various sources (e.g., firewalls, EDRs, cloud platforms, applications)-Experience in data models (CIM), field extractions (regex), and knowledge objects (lookups, macros, tags)-Experience in designing and optimizing index structures, data retention policies, and storage performance-Ability to work with stakeholders from security operations, threat intel, and infrastructure teams-Strong documentation, version control, and lifecycle management for detection rules and dashboards-Experience integrating SOAR platforms with Splunk (e.g., Splunk SOAR, XSOAR)-Familiarity with Splunk Enterprise Security (ES) and its correlation framework-Exposure to MITRE ATT\&CK mapping for content standardization Professional & Technical Skills: -Design, implement, and maintain search queries, correlation rules, and dashboards aligned with business and threat requirements-Tune existing alerts and rules to reduce false positives and improve detection fidelity-Map detection content to frameworks such as MITRE ATT&CK and compliance standards-Onboard new log sources across endpoints, cloud, infrastructure, and applications-Monitor log sources reporting into Splunk SIEM and identify log sources that fail to report in accordance with the security operation runbooks-Log source parsing issues troubleshooting and resolution.-Write and maintain custom field extractions, transforms, and other configurations-Optimize searches, reduce duplication, and ensure compliance with search head clustering best practices-Build real-time and scheduled dashboards to support SOC, compliance, and leadership visibility-Use lookups, macros, and scheduled reports to enrich alerts and enable decision-making-Participate in use case governance processes and maintain runbooks/playbooks-Review and approve content changes submitted by junior team members-Strong foundational understanding of security operations, threat landscapes, and log analysis-Excellent written and verbal communication skills for working with both technical and business stakeholders-Provide Splunk SIEM and SOAR (Tines/ Palo Alto XSOAR) support along with coordinating with Vendor when required.-Splunk SIEM:Rule creation, anomaly detection, ATT&CK mapping-SOAR:Playbook customization, API integrations, dynamic playbook logic-Threat Intelligence:TTP mapping, behavioral correlation-Splunk SIEM:Parser creation, field extraction, correlation rule design-Scripting:Python, regex, shell scripting for ETL workflows-Data Handling:JSON, syslog, Windows Event Logs-Splunk SIEM Detection Engineering, Content development and platform support-EXp in SOC including 2+ in SIEM Content Engineering /Platform Support. Additional Information:- The candidate should have minimum 3 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role :Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an L1 SOC Analyst you are the first line of defense in monitoring and triaging security alerts. You will work primarily with Splunk SIEM and Sentinal One EDR to identify potential security incidents, validate alerts, and escalate them according to the defined SOPs. You will ensure real-time visibility and log health while flagging suspicious activity promptly. This role is essential to ensuring timely detection and reduce noise from false positives. Roles & Responsibilities:-Basic Security Knowledge:Understanding of key concepts (malware, phishing, brute force, etc.)-SIEM Familiarity:Exposure to Splunk UI and understanding how to read/query logs-Exposure to CrowdStrike Falcon Console:Ability to view and interpret endpoint alerts-Alert Triage:Ability to differentiate between false positives and real threats-Alert Triage & Investigation:Experience investigating escalated alerts using SIEM or EDR-Hands-on experience with CrowdStrike EDR investigations-Communication Skills: Clear written documentation and verbal escalation--Ticketing Systems:Familiarity with platforms like JIRA, ServiceNow, or similar-Basic understanding of cybersecurity fundamentals-Good analytical and triage skills-Basic Scripting:Awareness of PowerShell or Python for log parsing-SOAR Exposure:Familiarity with automated triage workflows-Security Certifications:Security+, Microsoft SC-900, or similar certification-Operating System Basics:Windows and Linux process and file system awareness Professional & Technical Skills: -Monitor real-time alerts and dashboards in Splunk SIEM-Perform initial triage on alerts and determine severity/priority-Escalate validated security incidents to L2 analysts per defined SOPs-Follow pre-defined SOAR playbooks to document or assist in response-Ensure alert enrichment fields are populated (host info, user details, etc.)-Conduct basic log searches to support alert analysis-Perform daily health checks on log sources and ingestion pipelines-Maintain accurate ticket documentation for each alert handled-Participate in shift handovers and team sync-ups for awareness-SIEM:Basic log searching, correlation rule awareness-SOAR:Familiarity with playbook execution-Security Concepts:Basic understanding of malware, phishing, brute force-Tools:Sentinal One EDR, Splunk SIEM Additional Information:- The candidate should have minimum 2 years of experience in Security Information and Event Management (SIEM).- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role :Security Architect Project Role Description : Define the security architecture, ensuring that it meets the business requirements and performance goals. Must have skills : Operational Technology (OT) Security Good to have skills : Endpoint ProtectionMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Senior IT/ OT Endpoint Security engineer, you will focused to lead the design, implementation, and management of endpoint security controls across enterprise environments, will play a crucial role in protecting critical assets such as Server Work stations, and ICS equipments. Roles & Responsibilities:-Lead the deployment, management, and optimization of endpoint security tools. (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Trellix)-Monitor, detect, and respond to endpoint-related security incidents and vulnerabilities.-Using MITRE ATT&CK framework improve threat hunting.-Integrate EDR telemetry with SIEM/SOAR platforms and tune detection rules, policies, and behavioral indicators.-Perform real-time threat hunting and investigation using EDR consoles, log data, and forensic artifacts.-Implement host-based control policies, and privilege management solutions.-Monitor and analyze endpoint alerts, triage suspicious activity, and escalate incidents based on impact and severity. Professional & Technical Skills: -experience in endpoint security engineering or cybersecurity operations, with at least 2+ years in OT/ICS environments will be added advantage. -Experience with endpoint security scripting and automation using Python, Powershell Or API.-Familiarity with industrial protocols and vendor protocols (Modbus, DNP3, OPC, etc.) is added advantage.-Working experience with Patch and Vulnerability Management of end point device with coordination with IT team. Additional Information:- The candidate should have minimum years of experience in Operational Technology (OT) Security.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education