482 Soar Jobs - Page 19

Project Role :Security Architect Project Role Description : Define the security architecture, ensuring that it meets the business requirements and performance goals. Must have skills : Operational Technology (OT) Security Good to have skills : Network Security ImplementationMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Senior IT/ OT Endpoint Security engineer, you will be focused to lead the design, implementation, and management of endpoint security controls across enterprise environments. You will play a crucial role in protecting critical assets such as Server Work stations, and ICS equipments. Roles & Responsibilities:-Lead the deployment, management, and optimization of endpoint security tools. (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Trellix)-Monitor, detect, and respond to endpoint-related security incidents and vulnerabilities.-Using MITRE ATT&CK framework improve threat hunting.-Integrate EDR telemetry with SIEM/SOAR platforms and tune detection rules, policies, and behavioral indicators.-Perform real-time threat hunting and investigation using EDR consoles, log data, and forensic artifacts.-Implement host-based control policies, and privilege management solutions.-Monitor and analyze endpoint alerts, triage suspicious activity, and escalate incidents based on impact and severity. Professional & Technical Skills: -experience in endpoint security engineering or cybersecurity operations, with experience in OT/ICS environments will be added advantage. -Experience with endpoint security scripting and automation using Python, Powershell Or API.-Familiarity with industrial protocols and vendor protocols (Modbus, DNP3, OPC, etc.) is added advantage.-Working experience with Patch and Vulnerability Management of end point device with coordination with IT team. Additional Information:- The candidate should have minimum 5 years of experience in Operational Technology (OT) Security.- This position is based at our Pune office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role :Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Senior Splunk Engineer for Content and Platform Development, you will be responsible for driving end-to-end SIEM engineering efforts, ranging from data onboarding and normalization to advanced detection rule creation and dashboard development. You will play a strategic role in maturing the organizations detection capability, operational visibility, and SOC automation efforts. This role involves significant collaboration with security analysts, threat hunters, compliance teams, and platform administrators to ensure the Splunk ecosystem is optimized, secure, and continuously evolving. Roles & Responsibilities:- overall experience in cybersecurity or IT infrastructure, with 3+ years hands-on Splunk engineering-Deep expertise in Splunk Search Processing Language (SPL) for creating complex queries, dashboards, alerts, and reports-Strong experience in creating, testing, and tuning detection content for security use cases-Experience in onboarding and parsing logs from various sources (e.g., firewalls, EDRs, cloud platforms, applications)-Expertise in data models (CIM), field extractions (regex), and knowledge objects (lookups, macros, tags)-Experience in designing and optimizing index structures, data retention policies, and storage performance-Ability to work with stakeholders from security operations, threat intel, and infrastructure teams-Strong documentation, version control, and lifecycle management for detection rules and dashboards-Experience integrating SOAR platforms with Splunk (e.g., Splunk SOAR, XSOAR)-Familiarity with Splunk Enterprise Security (ES) and its correlation framework-Exposure to MITRE ATT\&CK mapping for content standardization Professional & Technical Skills: -Design, implement, and maintain search queries, correlation rules, and dashboards aligned with business and threat requirements-Tune existing alerts and rules to reduce false positives and improve detection fidelity-Map detection content to frameworks such as MITRE ATT&CK and compliance standards-Onboard new log sources across endpoints, cloud, infrastructure, and applications-Monitor log sources reporting into Splunk SIEM and identify log sources that fail to report in accordance with the security operation runbooks-Log source parsing issues troubleshooting and resolution.-Write and maintain custom field extractions, transforms, and other configurations-Optimize searches, reduce duplication, and ensure compliance with search head clustering best practices-Build real-time and scheduled dashboards to support SOC, compliance, and leadership visibility-Use lookups, macros, and scheduled reports to enrich alerts and enable decision-making-Participate in use case governance processes and maintain runbooks/playbooks-Review and approve content changes submitted by junior team members-Strong foundational understanding of security operations, threat landscapes, and log analysis-Excellent written and verbal communication skills for working with both technical and business stakeholders-Provide Splunk SIEM and SOAR (Tines/ Palo Alto XSOAR) support along with coordinating with Vendor when required.-Splunk SIEM:Rule creation, anomaly detection, ATT&CK mapping-SOAR:Playbook customization, API integrations, dynamic playbook logic-Threat Intelligence:TTP mapping, behavioral correlation-Splunk SIEM:Parser creation, field extraction, correlation rule design-Scripting:Python, regex, shell scripting for ETL workflows-Data Handling:JSON, syslog, Windows Event Logs-Splunk SIEM Detection Engineering, Content development and platform support. Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role :Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Operational Technology (OT) Security Good to have skills : Security Information and Event Management (SIEM)Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an experienced Level 3 SOC Analyst, will lead advanced security incident investigations, develop detection use cases, improve security monitoring, and provide deep technical support to L1 and L2 SOC analysts, act as a technical escalation point for critical incidents, threat hunting, and cyber threat intelligence integration. Roles & Responsibilities:-Lead in-depth investigation of security incidents (e.g., malware outbreaks, phishing, data exfiltration, insider threats).-Perform root cause analysis and attack vector tracing for complex security incidents which involve OT system and IT systems.-Monitor OT network and security logs via SIEM and other monitoring tools to identify potential threats and anomalies. Also Design and tune detection rules and correlation logic in SIEM platforms. -Proactively hunt for threats using IOC, behavioural analytics, and threat intelligence feeds.-Correlate internal security data with threat intel to identify attacker TTPs using frameworks like MITRE ATT&CK.-Serve as Tier 3 escalation for complex security alerts and incidents. Also mentor and guide L1 and L2 analysts on investigation techniques, triage steps, and reporting standards.-Technical Expertise in SIEM, EDR, Threat Intel, Forensics Tools.-Strong knowledge of MITRE ATT&CK, Cyber Kill Chain, and TTP-based detection Professional & Technical Skills: -experience in SOC operations, cybersecurity analysis, or incident response.- experience in OT/ICS environments or critical infrastructure cybersecurity will be added advantage.-Proficient in SIEM platforms (e.g., Splunk, QRadar, LogRhythm, Securonix) and security monitoring tools.- Act as SME for security tools including SIEM, EDR, SOAR, IDS/IPS, threat intel platforms, and sandbox environment Additional Information:- The candidate should have a minimum of 5 years of experience in Operational Technology (OT) Security.- This position is based at our Bengaluru office.- A 15 years full-time education is required. Qualification 15 years full time education

Project Role :Security Architect Project Role Description : Define the security architecture, ensuring that it meets the business requirements and performance goals. Must have skills : Operational Technology (OT) Security Good to have skills : Endpoint ProtectionMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Senior IT/ OT Endpoint Security engineer, you will focused to lead the design, implementation, and management of endpoint security controls across enterprise environments, will play a crucial role in protecting critical assets such as Server Work stations, and ICS equipments. Roles & Responsibilities:-Lead the deployment, management, and optimization of endpoint security tools. (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Trellix)-Monitor, detect, and respond to endpoint-related security incidents and vulnerabilities.-Using MITRE ATT&CK framework improve threat hunting.-Integrate EDR telemetry with SIEM/SOAR platforms and tune detection rules, policies, and behavioral indicators.-Perform real-time threat hunting and investigation using EDR consoles, log data, and forensic artifacts.-Implement host-based control policies, and privilege management solutions.-Monitor and analyze endpoint alerts, triage suspicious activity, and escalate incidents based on impact and severity. Professional & Technical Skills: -experience in endpoint security engineering or cybersecurity operations, with at least 2+ years in OT/ICS environments will be added advantage. -Experience with endpoint security scripting and automation using Python, Powershell Or API.-Familiarity with industrial protocols and vendor protocols (Modbus, DNP3, OPC, etc.) is added advantage.-Working experience with Patch and Vulnerability Management of end point device with coordination with IT team. Additional Information:- The candidate should have minimum years of experience in Operational Technology (OT) Security.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role :Security Architect Project Role Description : Define the security architecture, ensuring that it meets the business requirements and performance goals. Must have skills : Operational Technology (OT) Security Good to have skills : Security Information and Event Management (SIEM)Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a experienced Level 3 SOC Analyst, wll lead advanced security incident investigations, develop detection use cases, improve security monitoring, and provide deep technical support to L1 and L2 SOC analysts, act as a technical escalation point for critical incidents, threat hunting, and cyber threat intelligence integration. Roles & Responsibilities:-Lead in-depth investigation of security incidents (e.g., malware outbreaks, phishing, data exfiltration, insider threats).-Perform root cause analysis and attack vector tracing for complex security incidents which involve OT system and IT systems.-Monitor OT network and security logs via SIEM and other monitoring tools to identify potential threats and anomalies. Also Design and tune detection rules and correlation logic in SIEM platforms. -Proactively hunt for threats using IOC, behavioural analytics, and threat intelligence feeds.-Correlate internal security data with threat intel to identify attacker TTPs using frameworks like MITRE ATT&CK.-Serve as Tier 3 escalation for complex security alerts and incidents. Also mentor and guide L1 and L2 analysts on investigation techniques, triage steps, and reporting standards.-Technical Expertise in SIEM, EDR, Threat Intel, Forensics Tools.-Strong knowledge of MITRE ATT&CK, Cyber Kill Chain, and TTP-based detection Professional & Technical Skills: -experience in SOC operations, cybersecurity analysis, or incident response.- experience in OT/ICS environments or critical infrastructure cybersecurity will be added advantage.-Proficient in SIEM platforms (e.g., Splunk, QRadar, LogRhythm, Securonix) and security monitoring tools.- Act as SME for security tools including SIEM, EDR, SOAR, IDS/IPS, threat intel platforms, and sandbox environment Additional Information:- The candidate should have a minimum of 5 years of experience in Operational Technology (OT) Security.- This position is based at our Bengaluru office.- A 15 years full-time education is required. Qualification 15 years full time education

Job Summary: The SOC Engineering and Operational Lead Engineer is responsible for the engineering and administration activities of SOC tools, such as SIEM, SOAR, and deception technology. Continuously focus on enabling Automations to Support SOC Tools Administrations & Security Incident Detections and response activities. Job Description: Daily Operational management of SOC Tools. (Including SIEM, SOAR..etc Components Infra Maintenance). Log, Alert & Enrichment sources integrations with SOC Tools. Co-ordinate with different stakeholders to understand the Integration sources to ensure appropriate baseline created and maintained as per industry standards. Ensure appropriate correlation rules are in place against the log source types for threat/anomaly detections. Ensure proper Incident types, fields, playbooks are defined for Automations in SOAR. Continuous touch base with Incident Detection and Response team to fine tune the rules with adequate threshold based on their feedback. Evaluate New SOAR/SIEM/Log analytics/big data forensic technologies products to maintain our tools base per industry standard and Olam requirements. (including Open source) Interface with stakeholders in different parts of the globe to ensure systems are deployed to the appropriate configuration. Develop metrics dashboard to identify trends, anomalies, and opportunities for improvement. Ensure adequate change management and documents maintained for SIEM related Changes. Periodical review of SOC Tools Architecture, Log Baseline, Rules, Assets health, Automations, Playbooks..etc. Ensure high quality of Industry standards and brand consistency in all IT projects. Ensure to work with technology stakeholders to enable the deception decoys. Profile Description: Must have 4+ years of experience in Splunk On Prem & Cloud SIEM Engineering and Administration. Should have hands on experience in Implementation, configuration, and management of SIEM & SOAR technologies. (Prefer Splunk, Elk, Qradar, Securonix, Demisto, google secops, servicenow secops) Should have hands on experience in creating custom correlation rules/alerts, searches, and data analytics in Splunk or similar Log analytics tool. Should have hands on experience in creating custom playbooks, automation scripts in SOAR. Must have strong working knowledge of Linux-flavored OS environments. Strong knowledge in Broad infrastructure and technology background including demonstrable understanding of security operations in critical environment. Have sound analytical and problem-solving skills. Should have some experience with cloud infrastructure like Microsoft Azure, AWS & GCP. Prefer Splunk or Similar log analytics certified Professional. Must have strong scripting & Programming language knowledge. (Python,Powershell Vbscript,cc++,.net..etc)

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Senior Splunk Engineer for Content and Platform Development, you will be responsible for driving end-to-end SIEM engineering efforts, ranging from data onboarding and normalization to advanced detection rule creation and dashboard development. You will play a strategic role in maturing the organizations detection capability, operational visibility, and SOC automation efforts. This role involves significant collaboration with security analysts, threat hunters, compliance teams, and platform administrators to ensure the Splunk ecosystem is optimized, secure, and continuously evolving Roles & Responsibilities:-Experience in cybersecurity or IT infrastructure, with 3+ years hands-on Splunk engineering-Deep expertise in Splunk Search Processing Language (SPL) for creating complex queries, dashboards, alerts, and reports-Strong experience in creating, testing, and tuning detection content for security use cases-Experience in onboarding and parsing logs from various sources (e.g., firewalls, EDRs, cloud platforms, applications)-Expertise in data models (CIM), field extractions (regex), and knowledge objects (lookups, macros, tags)-Experience in designing and optimizing index structures, data retention policies, and storage performance-Ability to work with stakeholders from security operations, threat intel, and infrastructure teams-Strong documentation, version control, and lifecycle management for detection rules and dashboards-Experience integrating SOAR platforms with Splunk (e.g., Splunk SOAR, XSOAR)-Familiarity with Splunk Enterprise Security (ES) and its correlation framework-Exposure to MITRE ATT\&CK mapping for content standardization-Splunk SIEM:Rule creation, anomaly detection, ATT&CK mapping-SOAR:Playbook customization, API integrations, dynamic playbook logic-Threat Intelligence:TTP mapping, behavioral correlation-Splunk SIEM:Parser creation, field extraction, correlation rule design-Scripting:Python, regex, shell scripting for ETL workflows-Data Handling:JSON, syslog, Windows Event Logs-Splunk SIEM Detection Engineering, Content development and platform support. Professional & Technical Skills: -Design, implement, and maintain search queries, correlation rules, and dashboards aligned with business and threat requirements-Tune existing alerts and rules to reduce false positives and improve detection fidelity-Map detection content to frameworks such as MITRE ATT&CK and compliance standards-Onboard new log sources across endpoints, cloud, infrastructure, and applications-Monitor log sources reporting into Splunk SIEM and identify log sources that fail to report in accordance with the security operation runbooks-Log source parsing issues troubleshooting and resolution.-Write and maintain custom field extractions, transforms, and other configurations-Optimize searches, reduce duplication, and ensure compliance with search head clustering best practices-Build real-time and scheduled dashboards to support SOC, compliance, and leadership visibility-Use lookups, macros, and scheduled reports to enrich alerts and enable decision-making-Participate in use case governance processes and maintain runbooks/playbooks-Review and approve content changes submitted by junior team members-Strong foundational understanding of security operations, threat landscapes, and log analysis-Excellent written and verbal communication skills for working with both technical and business stakeholders-Provide Splunk SIEM and SOAR (Tines/ Palo Alto XSOAR) support along with coordinating with Vendor when required. Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the security architecture, ensuring that it meets the business requirements and performance goals. Must have skills : Operational Technology (OT) Security Good to have skills : Network Security ImplementationMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Senior IT/ OT Endpoint Security engineer, you will be focused to lead the design, implementation, and management of endpoint security controls across enterprise environments. You will play a crucial role in protecting critical assets such as Server Work stations, and ICS equipments. Roles & Responsibilities:-Lead the deployment, management, and optimization of endpoint security tools. (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Trellix)-Monitor, detect, and respond to endpoint-related security incidents and vulnerabilities.-Using MITRE ATT&CK framework improve threat hunting.-Integrate EDR telemetry with SIEM/SOAR platforms and tune detection rules, policies, and behavioral indicators.-Perform real-time threat hunting and investigation using EDR consoles, log data, and forensic artifacts.-Implement host-based control policies, and privilege management solutions.-Monitor and analyze endpoint alerts, triage suspicious activity, and escalate incidents based on impact and severity. Professional & Technical Skills: -experience in endpoint security engineering or cybersecurity operations, with experience in OT/ICS environments will be added advantage. -Experience with endpoint security scripting and automation using Python, Powershell Or API.-Familiarity with industrial protocols and vendor protocols (Modbus, DNP3, OPC, etc.) is added advantage.-Working experience with Patch and Vulnerability Management of end point device with coordination with IT team. Additional Information:- The candidate should have minimum 5 years of experience in Operational Technology (OT) Security.- This position is based at our Pune office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a seasoned cybersecurity expert with deep hands-on expertise in Microsoft Sentinel to build, optimize, and automate enterprise-wide detection and response strategies. The role involves advanced threat hunting, analytics rule tuning, SOAR development using Logic Apps, and integration of rich threat intelligence. You will drive architecture for scalable detection pipelines, lead SIEM content management, mentor SOC teams, and actively defend against advanced threats using the MITRE ATT&CK framework. Roles & Responsibilities:-Architect and maintain scalable Microsoft Sentinel environments, including workspaces, data ingestion pipelines (e.g., Syslog, Azure AD, MDE, custom logs), and data connectors.-Design and implement Sentinel Analytics Rules, perform fine-tuning for detection fidelity, and maintain effective rule lifecycle management.-Build Sentinel Workbooks for advanced visualization, dashboarding, and incident reporting.-Lead normalization and parsing of custom log sources, and support log source onboarding across hybrid and cloud-native environments.-Oversee SIEM content management, ensuring high-quality detections, queries, watchlists, and response mechanisms are consistently updated.-Write and optimize complex KQL (Kusto Query Language) queries for threat hunting, anomaly detection, and analytics rule logic.-Develop and manage SOAR workflows using Microsoft Sentinel Playbooks (Logic Apps) for automated incident response and enrichment.-Conduct deep forensic and threat investigations using Microsoft Defender for Endpoint (MDE) including Advanced Hunting and Live Response.-Integrate third-party tools and threat intel feeds using custom connectors, REST APIs, and Azure-native services.-Analyze attacker TTPs and align detection strategy with MITRE ATT&CK.-Mentor and upskill SOC analysts and security engineers in best practices for Sentinel, MDE, KQL, and automation techniques.-Collaborate closely with detection engineers, cloud security architects, and incident responders.-Participate in red and blue team exercises to continually enhance detection maturity and coverage Professional & Technical Skills: -Experience in Security Operations, Incident Response, Threat Detection, or SIEM Engineering.-Proven hands-on expertise in Microsoft Sentinel, including:-Analytics Rule Creation & Fine-tuning-Workbook Creation-Normalization and Parsing-Log Source Onboarding-Data Connectors Management-SIEM Content Development and Maintenance-Advanced proficiency in KQL (Kusto Query Language) for detection engineering and hunting.-Strong experience in Logic Apps-based automation (Sentinel Playbooks) and SOAR frameworks.-Deep understanding of MITRE ATT&CK and threat modeling.-Familiarity with PowerShell, JSON, REST APIs, Azure Resource Manager (ARM), Azure Monitor, and Event Hub integrations.-Experience with integrating custom and third-party telemetry sources into Sentinel-SC-200:Microsoft Security Operations Analyst-SC-100:Microsoft Cybersecurity Architect-AZ-500:Microsoft Azure Security Technologies-GCFA / GCIA (SANS) for forensic/network detection expertise-MITRE ATT&CK Defender (MAD) certifications-CISSP, CEH, or equivalent industry-recognized credentials Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Pune office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an L1 SOC Analyst you are the first line of defense in monitoring and triaging security alerts. You will work primarily with Splunk SIEM and Sentinal One EDR to identify potential security incidents, validate alerts, and escalate them according to the defined SOPs. You will ensure real-time visibility and log health while flagging suspicious activity promptly. This role is essential to ensuring timely detection and reduce noise from false positives. Roles & Responsibilities:--Basic Security Knowledge:Understanding of key concepts (malware, phishing, brute force, etc.)-SIEM Familiarity:Exposure to Splunk UI and understanding how to read/query logs-Exposure to CrowdStrike Falcon Console:Ability to view and interpret endpoint alerts-Alert Triage:Ability to differentiate between false positives and real threats-Alert Triage & Investigation:Experience investigating escalated alerts using SIEM or EDR-Hands-on experience with CrowdStrike EDR investigations-Ticketing Systems:Familiarity with platforms like JIRA, ServiceNow, or similar-Basic understanding of cybersecurity fundamentals-Good analytical and triage skills-Basic Scripting:Awareness of PowerShell or Python for log parsing-SOAR Exposure:Familiarity with automated triage workflows-Security Certifications:Security+, Microsoft SC-900, or similar certification-Operating System Basics:Windows and Linux process and file system awareness-Monitor real-time alerts and dashboards in Splunk SIEM-Perform initial triage on alerts and determine severity/priority-Escalate validated security incidents to L2 analysts per defined SOPs-Follow pre-defined SOAR playbooks to document or assist in response-Ensure alert enrichment fields are populated (host info, user details, etc.)-Conduct basic log searches to support alert analysis-Perform daily health checks on log sources and ingestion pipelines-Maintain accurate ticket documentation for each alert handled-Participate in shift handovers and team sync-ups for awareness Professional & Technical Skills: -SIEM:Basic log searching, correlation rule awareness-SOAR:Familiarity with playbook execution--Security Concepts:Basic understanding of malware, phishing, brute force-Tools:Sentinal One EDR, Splunk SIEM Additional Information:- The candidate should have minimum 2 years of experience in Security Information and Event Management (SIEM).- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an L1 SOC Analyst you are the first line of defense in monitoring and triaging security alerts. You will work primarily with Splunk SIEM and Sentinal One EDR to identify potential security incidents, validate alerts, and escalate them according to the defined SOPs. You will ensure real-time visibility and log health while flagging suspicious activity promptly. This role is essential to ensuring timely detection and reduce noise from false positives. Roles & Responsibilities:--Basic Security Knowledge:Understanding of key concepts (malware, phishing, brute force, etc.)-SIEM Familiarity:Exposure to Splunk UI and understanding how to read/query logs-Exposure to CrowdStrike Falcon Console:Ability to view and interpret endpoint alerts-Alert Triage:Ability to differentiate between false positives and real threats-Alert Triage & Investigation:Experience investigating escalated alerts using SIEM or EDR-Hands-on experience with CrowdStrike EDR investigations-Ticketing Systems:Familiarity with platforms like JIRA, ServiceNow, or similar-Basic understanding of cybersecurity fundamentals-Good analytical and triage skills-Basic Scripting:Awareness of PowerShell or Python for log parsing-SOAR Exposure:Familiarity with automated triage workflows-Security Certifications:Security+, Microsoft SC-900, or similar certification-Operating System Basics:Windows and Linux process and file system awareness-Monitor real-time alerts and dashboards in Splunk SIEM-Perform initial triage on alerts and determine severity/priority-Escalate validated security incidents to L2 analysts per defined SOPs-Follow pre-defined SOAR playbooks to document or assist in response-Ensure alert enrichment fields are populated (host info, user details, etc.)-Conduct basic log searches to support alert analysis-Perform daily health checks on log sources and ingestion pipelines-Maintain accurate ticket documentation for each alert handled-Participate in shift handovers and team sync-ups for awareness Professional & Technical Skills: -SIEM:Basic log searching, correlation rule awareness-SOAR:Familiarity with playbook execution--Security Concepts:Basic understanding of malware, phishing, brute force-Tools:Sentinal One EDR, Splunk SIEM Additional Information:- The candidate should have minimum 2 years of experience in Security Information and Event Management (SIEM).- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an L1 SOC Analyst you are the first line of defense in monitoring and triaging security alerts. You will work primarily with Splunk SIEM and Sentinal One EDR to identify potential security incidents, validate alerts, and escalate them according to the defined SOPs. You will ensure real-time visibility and log health while flagging suspicious activity promptly. This role is essential to ensuring timely detection and reduce noise from false positives. Roles & Responsibilities:--Basic Security Knowledge:Understanding of key concepts (malware, phishing, brute force, etc.)-SIEM Familiarity:Exposure to Splunk UI and understanding how to read/query logs-Exposure to CrowdStrike Falcon Console:Ability to view and interpret endpoint alerts-Alert Triage:Ability to differentiate between false positives and real threats-Alert Triage & Investigation:Experience investigating escalated alerts using SIEM or EDR-Hands-on experience with CrowdStrike EDR investigations-Ticketing Systems:Familiarity with platforms like JIRA, ServiceNow, or similar-Basic understanding of cybersecurity fundamentals-Good analytical and triage skills-Basic Scripting:Awareness of PowerShell or Python for log parsing-SOAR Exposure:Familiarity with automated triage workflows-Security Certifications:Security+, Microsoft SC-900, or similar certification-Operating System Basics:Windows and Linux process and file system awareness-Monitor real-time alerts and dashboards in Splunk SIEM-Perform initial triage on alerts and determine severity/priority-Escalate validated security incidents to L2 analysts per defined SOPs-Follow pre-defined SOAR playbooks to document or assist in response-Ensure alert enrichment fields are populated (host info, user details, etc.)-Conduct basic log searches to support alert analysis-Perform daily health checks on log sources and ingestion pipelines-Maintain accurate ticket documentation for each alert handled-Participate in shift handovers and team sync-ups for awareness Professional & Technical Skills: -SIEM:Basic log searching, correlation rule awareness-SOAR:Familiarity with playbook execution--Security Concepts:Basic understanding of malware, phishing, brute force-Tools:Sentinal One EDR, Splunk SIEM Additional Information:- The candidate should have minimum 2 years of experience in Security Information and Event Management (SIEM).- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an L1 SOC Analyst you are the first line of defense in monitoring and triaging security alerts. You will work primarily with Splunk SIEM and Sentinal One EDR to identify potential security incidents, validate alerts, and escalate them according to the defined SOPs. You will ensure real-time visibility and log health while flagging suspicious activity promptly. This role is essential to ensuring timely detection and reduce noise from false positives. Roles & Responsibilities:--Basic Security Knowledge:Understanding of key concepts (malware, phishing, brute force, etc.)-SIEM Familiarity:Exposure to Splunk UI and understanding how to read/query logs-Exposure to CrowdStrike Falcon Console:Ability to view and interpret endpoint alerts-Alert Triage:Ability to differentiate between false positives and real threats-Alert Triage & Investigation:Experience investigating escalated alerts using SIEM or EDR-Hands-on experience with CrowdStrike EDR investigations-Ticketing Systems:Familiarity with platforms like JIRA, ServiceNow, or similar-Basic understanding of cybersecurity fundamentals-Good analytical and triage skills-Basic Scripting:Awareness of PowerShell or Python for log parsing-SOAR Exposure:Familiarity with automated triage workflows-Security Certifications:Security+, Microsoft SC-900, or similar certification-Operating System Basics:Windows and Linux process and file system awareness-Monitor real-time alerts and dashboards in Splunk SIEM-Perform initial triage on alerts and determine severity/priority-Escalate validated security incidents to L2 analysts per defined SOPs-Follow pre-defined SOAR playbooks to document or assist in response-Ensure alert enrichment fields are populated (host info, user details, etc.)-Conduct basic log searches to support alert analysis-Perform daily health checks on log sources and ingestion pipelines-Maintain accurate ticket documentation for each alert handled-Participate in shift handovers and team sync-ups for awareness Professional & Technical Skills: -SIEM:Basic log searching, correlation rule awareness-SOAR:Familiarity with playbook execution--Security Concepts:Basic understanding of malware, phishing, brute force-Tools:Sentinal One EDR, Splunk SIEM Additional Information:- The candidate should have minimum 2 years of experience in Security Information and Event Management (SIEM).- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Role: SOC Analyst - L3 Job Type: Full Time, Permanent Location: Pune (Onsite) Experience Required: 5+ years of experience in network and IT security field, managing SOC systems and operations (defining strategy around security monitoring, incident management, regulatory compliance, process improvement etc.) Qualification: Certifications in Cyber security/Information Security/Networking, Degree in Computer Science / Applications. CTC: 16 LPA to 20 LPA Primary Abilities SIEM SOAR UEBA NBAD/NDR Endpoint Security Threat Hunting Threat Analysis Team Leading Client Interaction Responsibilities: Lead and mentor junior SOC analysts Conduct in-depth investigations into complex security incidents Identify and analyses emerging threats and vulnerabilities Develop and implement security incident response plans Participate in vulnerability assessments and penetration tests Provide technical guidance and support to other security teams Stay up to date on the latest security threats and trends Communicate effectively with technical and non-technical audiences Represent the SOC in meetings with stakeholders Drive end-to-end implementation of the SIEM and SOAR Solutions. Expertise in SOC team building. Any other responsibility area as identified necessary for execution of required SOC services. Drive customer monthly governance meetings Drive the technical discussion with new or existing customers. About Company Innspark is the fastest-growing Deep-tech Solutions company that provides next-generation products and services in Cybersecurity and Telematics. The Cybersecurity segment provides out-of-the-box solutions to detect and respond to sophisticated cyber incidents, threats, and attacks. The solutions are powered by advanced Threat Intelligence, Machine Learning, and Artificial Intelligence that provides deep visibility of the enterprises security. We have developed and implemented solutions for a wide range of customers with highly complex environments including Government Organizations, Banks & Financial institutes, PSU, Healthcare Providers, Private Enterprises. Website : https://innspark.in/

Phantom/SOAR & Python experience with Good Development skills Good in ITIS and Understanding and building playbooks with On-prem multi-site clustering Splunk environment Practical experience in monitoring and tuning Playbooks & Use cases Good knowledge of creating custom apps with dashboards / reports / alerts and demonstrate Understanding of Splunk apps Ownership of delivery for small to large Splunk onboarding projects Ability to automate repetitive tasks and reduce noise Implementing and supporting Phantom with good Python, Red Hat and Windows experience

As a GCP Security Command Center Specialist you will be responsible for configuring, managing, and optimizing Google Cloud Platforms Security Command Center (SCC) to proactively identify, assess, and remediate security risks across cloud resources. Responsibilities: Deploy, configure, and maintain GCP Security Command Center across cloud projects and organizations. Monitor security findings, vulnerabilities, and threats detected by SCC and integrated security tools. Analyse and triage SCC alerts, prioritizing remediation of critical security issues. Integrate SCC with other security solutions (SIEM, SOAR, DLP) for enhanced threat detection and response. Develop and enforce security policies and controls based on SCC insights. Collaborate with cloud architects, DevOps, and compliance teams to ensure security best practices are followed. Conduct regular security posture assessments using SCC reports and dashboards.

As a GCP Security Command Center Specialist you will be responsible for configuring, managing, and optimizing Google Cloud Platforms Security Command Center (SCC) to proactively identify, assess, and remediate security risks across cloud resources. Responsibilities: Deploy, configure, and maintain GCP Security Command Center across cloud projects and organizations. Monitor security findings, vulnerabilities, and threats detected by SCC and integrated security tools. Analyse and triage SCC alerts, prioritizing remediation of critical security issues. Integrate SCC with other security solutions (SIEM, SOAR, DLP) for enhanced threat detection and response. Develop and enforce security policies and controls based on SCC insights. Collaborate with cloud architects, DevOps, and compliance teams to ensure security best practices are followed. Conduct regular security posture assessments using SCC reports and dashboards.

As a GCP Security Command Center Specialist you will be responsible for configuring, managing, and optimizing Google Cloud Platforms Security Command Center (SCC) to proactively identify, assess, and remediate security risks across cloud resources. Responsibilities: Deploy, configure, and maintain GCP Security Command Center across cloud projects and organizations. Monitor security findings, vulnerabilities, and threats detected by SCC and integrated security tools. Analyse and triage SCC alerts, prioritizing remediation of critical security issues. Integrate SCC with other security solutions (SIEM, SOAR, DLP) for enhanced threat detection and response. Develop and enforce security policies and controls based on SCC insights. Collaborate with cloud architects, DevOps, and compliance teams to ensure security best practices are followed. Conduct regular security posture assessments using SCC reports and dashboards.

As a GCP Security Command Center Specialist you will be responsible for configuring, managing, and optimizing Google Cloud Platforms Security Command Center (SCC) to proactively identify, assess, and remediate security risks across cloud resources. Responsibilities: Deploy, configure, and maintain GCP Security Command Center across cloud projects and organizations. Monitor security findings, vulnerabilities, and threats detected by SCC and integrated security tools. Analyse and triage SCC alerts, prioritizing remediation of critical security issues. Integrate SCC with other security solutions (SIEM, SOAR, DLP) for enhanced threat detection and response. Develop and enforce security policies and controls based on SCC insights. Collaborate with cloud architects, DevOps, and compliance teams to ensure security best practices are followed. Conduct regular security posture assessments using SCC reports and dashboards.

As a GCP Security Command Center Specialist you will be responsible for configuring, managing, and optimizing Google Cloud Platforms Security Command Center (SCC) to proactively identify, assess, and remediate security risks across cloud resources. Responsibilities: Deploy, configure, and maintain GCP Security Command Center across cloud projects and organizations. Monitor security findings, vulnerabilities, and threats detected by SCC and integrated security tools. Analyse and triage SCC alerts, prioritizing remediation of critical security issues. Integrate SCC with other security solutions (SIEM, SOAR, DLP) for enhanced threat detection and response. Develop and enforce security policies and controls based on SCC insights. Collaborate with cloud architects, DevOps, and compliance teams to ensure security best practices are followed. Conduct regular security posture assessments using SCC reports and dashboards.

As a GCP Security Command Center Specialist you will be responsible for configuring, managing, and optimizing Google Cloud Platforms Security Command Center (SCC) to proactively identify, assess, and remediate security risks across cloud resources. Responsibilities: Deploy, configure, and maintain GCP Security Command Center across cloud projects and organizations. Monitor security findings, vulnerabilities, and threats detected by SCC and integrated security tools. Analyse and triage SCC alerts, prioritizing remediation of critical security issues. Integrate SCC with other security solutions (SIEM, SOAR, DLP) for enhanced threat detection and response. Develop and enforce security policies and controls based on SCC insights. Collaborate with cloud architects, DevOps, and compliance teams to ensure security best practices are followed. Conduct regular security posture assessments using SCC reports and dashboards.

We are hiring an experienced Cybersecurity Threat Detection Engineer for a contract-to-hire role based in Hyderabad. The ideal candidate will have 6+ years of hands-on experience in threat detection, incident response, and SIEM platforms such as Splunk, QRadar, or Azure Sentinel. The role focuses on developing high-fidelity detection content, integrating diverse log sources, and enhancing cloud and on-premise threat visibility. Strong knowledge of MITRE ATT&CK, adversary TTPs, and scripting for playbook automation is essential. The position is full-time onsite with a cab facility provided.

Position Overview: We are seeking a dynamic and experienced Head of Security Operations Center to lead and manage security operations across multiple SOCs. This role requires strategic leadership with deep expertise in cybersecurity operations, team management, customer engagement, and service delivery. The candidate will be responsible for driving operational excellence, governing SLAs and ensuring high customer satisfaction while maintaining a strong security posture and complaince. Key Responsibilities: 1. Strategic Leadership & Operations Management Oversee and manage multiple SOC, ensuring 24x7 operations, driving efficiency, and resilience. Develop and execute security strategies to enhance SOC capabilities and effectiveness. Define and implement standard operating procedures and best practices across all SOCs. Align SOC operations with business objectives, regulatory requirements, and industry best practices. Drive continuous improvement in threat detection, incident response, and operational processes. 2. Team Management & Leadership Build, mentor, and lead high-performing SOC teams across multiple locations. Establish structured training programs to enhance analysts' skills in threat analysis, forensics, and incident response. Foster a culture of collaboration, accountability, and continuous learning within SOC teams. Ensure proper workload distribution, resource allocation, and performance tracking. Minimise resource penalty by forecasting resource requirements for each account. 3. Customer Handling & Relationship Management Act as the primary point of contact for key customers, ensuring high levels of satisfaction and engagement. Help get CSAT score and positive review for TCL Manage customer escalations effectively and ensure timely resolution of security concerns. Conduct regular customer meetings, security briefings, and reporting to build trust and transparency. Work closely with account management and sales teams to align SOC services with customer needs. 4. SLA Governance & Compliance Define, monitor, and ensure adherence to SLAs for all SOC operations as per RFP. Implement robust processes to meet and exceed KPI targets for threat detection, response times, and resolution. Validate and submit monthly/quarterly/half yearly SLA and ensure timely payment from customer 5. Revenue & Business Growth Identify opportunities to optimize SOC revenue through service enhancements and upselling. Collaborate with business leaders to develop new security service offerings. Ensure cost-efficient SOC operations while maintaining high service quality. Support the sales and pre-sales teams in customer engagements, RFPs, and proposal development. 6. Threat Management & Incident Response Lead proactive threat-hunting, intelligence-sharing, and security monitoring efforts. Establish and maintain a robust incident response framework for rapid threat detection and mitigation. Collaborate with internal and external stakeholders to strengthen threat intelligence capabilities. Ensure minimal business impact by streamlining response and recovery processes. 7. Stakeholder & Executive Reporting Provide regular reports and insights to senior leadership on SOC performance, threats, and risk posture. Act as the key security advisor to C-level executives, clients, and internal stakeholders. Collaborate with IT, network, and business teams to align security strategies with organizational goals. Qualifications & Experience: Must-Have: Education: Bachelors or Masters degree. Experience: 15+ years in Cloud and cybersecurity, with at least 5 years leading large teams in CCSS Domain. Certifications: CISSP, CISM, CISA, CEH, or equivalent preferred. Good to have Technical Skills: Expertise in SIEM, SOAR, EDR, and other security monitoring tools. Strong understanding of cyber threat intelligence, malware analysis, and digital forensics. Soft Skills: Strong leadership, People management skills, decision-making, and problem-solving abilities. Excellent verbal and written communication and interpersonal skills for managing both internal teams and external customers. Ability to handle high-pressure situations and make critical security decisions. Experience in stakeholder management and executive reporting.

We are hiring an experienced Cybersecurity Threat Detection Engineer for a contract-to-hire role based in Hyderabad. The ideal candidate will have 6+ years of hands-on experience in threat detection, incident response, and SIEM platforms such as Splunk, QRadar, or Azure Sentinel. The role focuses on developing high-fidelity detection content, integrating diverse log sources, and enhancing cloud and on-premise threat visibility. Strong knowledge of MITRE ATT&CK, adversary TTPs, and scripting for playbook automation is essential. The position is full-time onsite with a cab facility provided.

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Accenture MxDR Ops Security Threat Analysis Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your security skills to design, build, and protect enterprise systems, applications, data, assets, and people. A typical day involves collaborating with various teams to implement security measures, conducting assessments to identify vulnerabilities, and ensuring that all systems are fortified against potential cyber threats. You will engage in proactive monitoring and response activities, contributing to the overall security posture of the organization while staying updated on the latest security trends and technologies. Roles & Responsibilities:Perform security monitoring by analyzing logs, traffic and alerts generated by variety of device technologiesTimely response to customer requests like detection capabilities, tuning, etc.Research new threats and provide recommendations to enhance detection capabilitiesStrong desire for continuous learning on vulnerabilities, attacks and countermeasures Identify opportunities for process improvement Professional & Technical Skills: Experience in SOC operations with customer-facing responsibilitiesDeep understanding on cyber security fundamentals, security devices, network defense concepts and threat landscapeHands-on experience in SIEM and threat hunting tools Added advantage in working with any SOAR platformDesirable knowledge in any scripting language and EDR productsPreferable GCIA, GCFA, CISSPStrong customer service and interpersonal skillsStrong problem-solving skillsAbility to communicate clearly at all levels, demonstrating strong verbal and written communication skills.Adaptability to accept change Additional Information:Work as part of analysis team that works 24x7 on a rotational shift Minimum a bachelors or a masters degree in addition to regular 15- year full time educationThe candidate should have minimum 2 years of experience This position is based at our Chennai office. Qualification 15 years full time education