482 Soar Jobs - Page 20

About the Role: Gruve Technologies is seeking a highly skilled Security Consultant-Splunk with deep hands-on experience in designing, deploying, and configuring Splunk SIEM and SOAR solutions . The ideal candidate will lead end-to-end implementations—from architecture planning to log source onboarding, security use case creation, and tool integrations. This role also includes the deployment and configuration of Cribl for data routing and enrichment. You’ll work closely with security analysts and engineering teams to ensure robust threat visibility, operational efficiency, and high-quality delivery. Key Responsibilities: 1. SIEM Design & Implementation Architect and deploy Splunk environments (single/multi-site, indexer/search head clustering). Define and implement data ingestion strategies. Configure Splunk components: UF/HF, indexers, deployment servers, apps, etc. Deploy and manage Cribl for log stream processing and transformation. 2. Log Source Onboarding Identify and prioritize IT, cloud, network, and application log sources. Develop onboarding playbooks and custom parsing logic. Configure props.conf, transforms.conf, and onboard into CIM-compliant structure. 3. Use Case Development & Configuration Collaborate with SOC to translate detection requirements into correlation rules and alerts. Build dashboards, reports, and alerting mechanisms in Splunk Enterprise Security (ES) . Optimize SPL queries and tune alerts to reduce noise and false positives. 4. Tool Integration Integrate Splunk with platforms including: SOAR solutions: Splunk SOAR, Palo Alto XSOAR TIPs: Anomali, open-source feeds Ticketing tools: ServiceNow, JIRA EDR/NDR solutions: CrowdStrike, Fortinet, Cisco, etc. Develop and manage APIs and automation scripts for bi-directional integration. 5. Documentation & Knowledge Transfer Prepare HLDs/LLDs, operational SOPs, and architecture diagrams. Create runbooks and ensure configuration backups. Conduct KT sessions and operational training for SOC teams. Required Skills & Experience: 5+ years in SIEM implementation (3+ years focused on Splunk) Strong expertise in Splunk SIEM, Splunk SOAR, and Cribl deployment/configuration Skilled in SPL (Search Processing Language), CIM compliance, and log enrichment Hands-on with onboarding data from varied sources and environments Experience integrating tools and building automation with Python, Bash, etc. Preferred Certifications: Splunk Core Certified Power User Splunk Certified Admin / Architect Splunk Enterprise Security Certified Admin (preferred) CompTIA Security+, GCIA, or CISSP (nice to have)

Your key responsibilities Monitor and analyze ICS/OT alerts generated by IDS tools (Nozomi, Claroty, D4IoT, etc.). Identify any unusual or suspicious activity, security breaches, or indicators of compromise. Triage and prioritize alerts based on severity and potential impact. Collaborate with other SOC analysts and incident response teams to address and mitigate security incidents, including the analysis of network traffic, logs, and system configurations to determine the root cause and scope of security incidents. Perform pcap analysis to investigate and validate OT alerts and experience in analysing OT protocol and OT device behaviours. Develop and maintain standard operating procedures (SOPs) for OT alert analysis and triage. Conduct regular security assessments and use cases validations to assure evolving threat coverage and remediation controls in OT systems. Conduct threat hunting activities to identify potential security threats within the OT environment. Provide expert guidance on ICS/OT security best practices and contribute to the continuous improvement of SOC processes. Document all security incidents comprehensively, providing detailed analysis and subsequent recommendations to prevent future occurrences. Design and maintain incident response plans and recovery procedures specific to OT incidents. Collaborate closely with IT security counterparts to ensure a cohesive security posture across both IT and OT domains. Stay updated with the latest trends and developments in ICS/OT security. Develop and deliver OT cybersecurity awareness training programs for operational staff. Skills and attributes for success Strong knowledge of industrial control systems (ICS), SCADA systems, and other OT technologies. Good understanding of how OT and IT devices interact with each other and how OT devices work. Experience with SIEM tools and log management. Good to have knowledge of regulatory requirements and standards related to ICS/OT security (e.g., NERC CIP, IEC 62443) but not mandatory. Experience with network security solutions, including firewalls, intrusion detection systems (IDS) etc. Analytical skills to screen through data and logs to identify the patterns indicative of cyber threats or threat actor methods. Effective communication skills for interacting with technical and non-technical colleagues and stakeholders. Problem-solving attitude, with the ability to manage incidents under pressure (OT infra is generally noise, need to stay focussed and capable of handling large volume of alert and logs). Prevailing knowledge of OT-specific malware, Mitre ICS tactics & techniques, and procedures used by threat actors. Relevant certifications are desirable.

Train and manage the team of consultants to perform application penetration testing, vulnerability assessments for thick client – base application, source code reviews, and configuration reviews. Required Candidate profile Strong understanding of OWASP top 10 and SANS top 25 programming errors. Threat Hunting, attack identification, investigation, correlation and suggesting mitigation measures, Vulnerability Assessment.

Role & responsibilities Key Skills: Work with development and operations teams to create, build, deploy applications/scripts to automate routine manual processes. • Is good with developing python scripts to automate routine tasks using cron jobs and scheduler services or any workflow management tools. • Should be able to work closely with operations team, understand, support and resolve all technical challenges in routine operations. • Identifying areas for improvement in existing programs and subsequently developing these modifications. • Should possess strong analytical and debugging skills • Should have good knowledge of the REST API framework and be able to integrate with third party applications. • Knowledge of DevOps tools like Jenkins, Terraform, AWS CloudFormation and Kubernetes • Should have hands on experience working with DBMS like MySql, PostgreSQL, NoSQL • Should be comfortable working with Linux OS • Keen interest and proven track record in automation on premise and in the cloud • Expertise in Git, Jenkins and JIRA is plus Primary Skills : Understanding of security concepts, ability to work with security analysts and implement automation requirements • Scripting Python (Mandatory), JavaScript/Shell scripting • Web application framework (Flask) • Jenkins, GitHub Actions - CI/CD • Containerized infrastructure management docker, podman, K8s • AWS, Azure ability to provision and manage infrastructure • Version control systems - git Good to have : Entry level security certification (CompTIA Security+ or similar) • Ansible knowledge • Understanding of reporting tools e.g. Grafana • Initial exposure for Google Security Operations (SIEM+SOAR) suite

Role & responsibilities 1. Ensure optimal operation of MDR solution, including software and applications. 2. Ensure effectiveness of security solutions in scope 3. Develop use cases and playbooks for SIEM and SOAR for effective and automated incident detection and handing. 4. Test SIEM SOAR and other solutions in scope to explore the right technical defense/remedy and provide performance statistics and reports. 5. Ensure adequate controls are in place to protect critical assets against any incidents or threats from the internal or external environment. 6. Co-ordinate with vendors/partners & internal teams to manage the lifecycle of security platforms including deployments, maintenance and operations. Develop plans for maintaining the infrastructure in newly implemented security solutions to operational environment. 7. Lead Cybersecurity incident management and manage related process, tools and resources 8. Work with identified partner and govern them for effective execution of organizational requirements for Security operations and incident handling 9. Conduct periodic threat hunting independently and with partners to ensure effective detection of any threats. 10. Ensure preventive maintenance of critical infrastructure, to increase performance and minimize disruption. 11. Manage SLAs for solutions and processes in scope. 12. Record all incidents/events leading to infrastructure downtime, analyze root cause and suggest workarounds. 13. Monitor performance reviews, corrective action, routine equipment checks and preventative maintenance for security systems to reduce the down time of the systems. 14. Perform integration of all tools and services for access, authentication, authorization, data security, vulnerability management, policy management, auditing, and compliance to ensure company's security policy and procedures are applied. 15.Define, gather and report on metric regarding security systems within ASL environments. Prepare status reports and other management metrics as needed. Preferred candidate profile 1. Demonstrable experience within a Security Operations Center, coordinating responses to security incidents. 2. Experience leading the implementation and development of MDR tooling, infrastructure and processes 3. Experience On popular SIEM, SOAR, and threat hunting platforms is mandatory. 4. Experience in security incident handling is mandatory. 5. Exposure to threat hunting is mandatory. 6. Security related professional certifications preferred. Examples of certifications include but are not limited to CISSP, CIH (ec council), CND, infosec institute, etc. 7. Strong analytical & problem-solving skills with ability to translate ideas into practical implementation. 8. Ability to manage stakeholder relationships including team members, vendors and partners. 9. Excellent leadership and communication skills with ability to present and communicate effectively with both technical and non-technical audience. 10. Ability to provide technical and professional leadership, guidance, and training to others.

Warm Greetings from SP Staffing!! Role :SOC Analyst Experience Required :8 to 12 yrs Work Location :Bangalore Required Skills, L3 Incident Management Edr SIEM Threat intelligence Interested candidates can send resumes to nandhini.spstaffing@gmail.com

About The Role Minimum 2-4 years of experience in Security Operations Centre Experience across SOC domains use case creation, incident management, threat hunting, threat intelligence etc. Solid understanding of cyber security, network security, end point security concepts Good understanding of recent cyber threats, latest attack vectors Must have experience in any one SIEM (Splunk), EDR and SOAR solution Must have experience in leading/managing SOC shifts Experience in shift roster creation, resource management etc. Will be responsible for critical incident investigation, use case review, mentoring Shift Leads, SLA management etc.