133 Soar Jobs - Page 5

Dear Candidate, We are looking for a skilled Cybersecurity Analyst to monitor, detect, and respond to security threats. If you have expertise in threat intelligence, SIEM tools, and incident response, wed love to hear from you! Key Responsibilities: Monitor network traffic and systems for potential security threats. Investigate and analyze security incidents to prevent breaches. Implement security controls and best practices for data protection. Manage security tools such as SIEM, IDS/IPS, and endpoint protection. Conduct vulnerability assessments and recommend mitigation strategies. Ensure compliance with security standards like ISO 27001, NIST, and GDPR. Required Skills & Qualifications: Strong knowledge of security frameworks and incident response. Experience with SIEM tools (Splunk, QRadar, ArcSight). Proficiency in scripting (Python, Bash, PowerShell) for security automation. Understanding of network protocols, firewalls, and VPN security. Knowledge of penetration testing and ethical hacking techniques. Soft Skills: Strong analytical and problem-solving skills. Excellent attention to detail and ability to work under pressure. Good communication and teamwork skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

Job Responsibility : Compliance, Regulatory, Risk assessments, SIEM, SOAR, Infra Security, Cyber Security Minimum Qualification : Education: Bachelors degree in computer science, Information Technology, Cybersecurity, or a related field. Advanced degrees or relevant certifications (e.g., CISSP, CISM, CISA, CRISC) are highly desirable. Job Duties: Develop, implement, and maintain comprehensive security strategies, policies, and procedures. • Lead the design and implementation of security architectures and solutions to protect company assets. • Perform risk assessments and vulnerability assessments to identify and mitigate security risks. • Manage security incident response, including investigation, resolution, and reporting. • Ensure data integrity, confidentiality, and availability through robust security controls. • Continuously monitor and evaluate the effectiveness of security measures and make necessary adjustments. • Conduct regular compliance audits and assessments to ensure ongoing adherence to relevant standards and regulations. • Collaborate with internal and external auditors to facilitate audits and address any findings or recommendations. • Maintain detailed documentation of compliance efforts, policies, and procedures. • Stay current with changes in laws, regulations, and industry standards that affect the organizations compliance requirements. • Manage and mentor a team of security and compliance professionals, providing guidance and support. • Assign tasks, monitor progress, and ensure the team meets project deadlines and objectives. • Foster a collaborative and high-performance team environment. • Provide training and development opportunities to enhance the team's skills and knowledge. • Collaborate with other departments to ensure security and compliance requirements are integrated into all projects and initiatives. • Communicate security and compliance risks, strategies, and status to senior management and stakeholders. • Develop and deliver security awareness training programs for all employees. • Continuously monitor and evaluate the effectiveness of security and compliance programs. • Recommend and implement improvements to security and compliance processes and tools. • Evaluate and integrate new security technologies to enhance the organization’s security posture. (ISO 27001, NIST, CIS Controls). • Strong understanding of regulatory requirements and standards (e.g., GDPR, HIPAA, SOX, PCI-DSS). • Experience with risk management practices, including risk assessments, mitigation strategies, and incident response. • Proficiency with security technologies such as firewalls, IDS/IPS, SIEM, XDR, SOAR, endpoint protection, and encryption. • Hands-on experience with Security Information and Event Management (SIEM) systems for centralized logging, monitoring, and analysis. • Expertise in Extended Detection and Response (XDR) solutions for integrated threat detection and response across multiple security layers. • Responsible for their team success, manage team, Form new offerings as per the market trend • Implementation and management of Security Orchestration, Automation, and Response (SOAR) platforms to enhance security operations efficiency. • Identity and Access Management: Expertise in identity and access management (IAM) solutions and best practices. • Cloud Security: Experience with cloud security practices and solutions (e.g., AWS, Azure, Google Cloud). • Network Security: Strong understanding of network security concepts, including VPNs, VLANs, and secure network architecture. • Application Security: Knowledge of application security best practices, including secure coding, application testing, and vulnerability management. Skills Preferred: Strong technical skills with a deep understanding of IT security and compliance. • Excellent leadership and team management abilities. • Strong problem-solving and analytical skills. • Excellent communication and interpersonal skills. • Ability to work independently and as part of a team. • Strong organizational skills and attention to detail. Interested candidates apply on Chirag.prajapati@atqor.com or call on +91 8980447790

Role & responsibilities : Person should have adequate knowledge of security devices like firewalls, IPS, Web Application Firewall, DDOS, EDR, Incident response, SOAR and other security devices. • Construction of SIEM content required to produce Content Outputs (e.g., filters, active lists, correlation rules, reports, report templates, queries, trends, variables) • Knowledge of packet level analysis • Knowledge of networking protocols and technologies and network security • Sound analytical and troubleshooting skills.

Dear Candidate, We are looking for a skilled Cyber Security Engineer to design, implement, and maintain security solutions that protect systems, networks, and data from cyber threats. You will be responsible for threat detection, vulnerability assessments, incident response, and security compliance . If you have expertise in network security, endpoint protection, cloud security, and risk management , we'd love to hear from you! Key Responsibilities: Design and implement cybersecurity frameworks to protect IT infrastructure and applications. Conduct risk assessments, vulnerability scans, and penetration testing to identify security weaknesses. Implement and maintain firewalls, intrusion detection/prevention systems (IDS/IPS), and SIEM solutions . Develop and enforce security policies, procedures, and best practices . Investigate and respond to security incidents, breaches, and cyber threats . Perform log analysis, threat intelligence, and forensic investigations . Manage identity and access management (IAM) , multi-factor authentication (MFA), and privilege access controls. Secure cloud environments (AWS, Azure, GCP) and implement cloud security best practices . Conduct security awareness training for employees to mitigate cyber risks. Collaborate with DevOps teams to ensure secure coding and DevSecOps practices . Stay up to date with emerging threats, vulnerabilities, and cybersecurity trends . Required Skills & Qualifications: Strong knowledge of network security, firewalls, VPNs, and IDS/IPS solutions . Experience with SIEM tools (Splunk, IBM QRadar, ArcSight, ELK Stack). Hands-on experience with endpoint security solutions (CrowdStrike, Symantec, Microsoft Defender). Proficiency in penetration testing tools (Burp Suite, Metasploit, Kali Linux, Nmap). Understanding of encryption, authentication protocols (TLS, SSL, AES, RSA, PKI, OAuth, SAML) . Familiarity with cloud security best practices (AWS Security Hub, Azure Security Center, GCP Security Command Center). Experience with compliance frameworks (NIST, ISO 27001, CIS, SOC 2, GDPR, HIPAA). Knowledge of identity and access management (IAM, MFA, SSO, LDAP, Active Directory) . Ability to analyze security logs, alerts, and forensic data for threat detection. Strong scripting and automation skills (Python, PowerShell, Bash). Soft Skills: Strong problem-solving and analytical skills. Excellent communication skills to work with cross-functional teams. Ability to work independently and as part of a team. Detail-oriented with a focus on delivering high-quality solutions Note: If you are interested, please share your updated resume and suggest the best number & time to connect with you. If your resume is shortlisted, one of the HR from my team will contact you as soon as possible. Srinivasa Reddy Kandi Delivery Manager Integra Technologies

Key Responsibilities: Cortex SOAR Implementation and Management : Deploy, configure, and maintain Cortex SOAR platform within the MSSP SOC environment to support client security operations. Integrate the SOAR platform with other security tools (SIEM, EDR, threat intelligence platforms, firewalls) to enable automated incident response. Ensure Cortex SOAR is properly connected to client environments, including ingestion of logs, alerts, and telemetry data from various sources. Playbook Development and Automation: Develop and optimize automated playbooks and workflows to handle common security incidents (e.g., phishing, malware detection, alert triage, log analysis). Work closely with SOC analysts to identify repetitive tasks and manual processes that can be automated using SOAR. Design custom playbooks tailored to client-specific security needs and response requirements. Continuously improve and tune playbooks based on feedback from SOC analysts and changes in the threat landscape. Security Tool Integration: Collaborate with security engineering and DevOps teams to integrate a wide range of security tools into Cortex SOAR, including SIEMs (e.g., Splunk, QRadar), firewalls, intrusion detection systems (IDS/IPS), EDR solutions, and threat intelligence platforms. Ensure seamless data flow between Cortex SOAR and other tools to automate response actions (e.g., quarantining hosts, blocking IPs, updating firewall rules). Test and validate integrations to ensure they are functioning correctly and that automation workflows are effective. Incident Response Automation: Work closely with incident response teams to automate the investigation, triage, and remediation of security incidents. Implement real-time automated responses (e.g., isolating compromised devices, disabling accounts) based on pre-defined incident types and severity levels. Ensure Cortex SOAR is configured to provide alerts, reports, and updates on incident status, response actions, and resolution times. Monitor the effectiveness of automated responses and adjust playbooks and workflows as needed to improve incident response quality. Workflow Optimization and Customization: Analyze existing SOC workflows and identify opportunities to enhance efficiency through automation. Customize and create new playbooks to address evolving threats, new attack techniques, and changes in client environments. Work with clients and SOC teams to implement custom use cases and integrations specific to individual client security requirements. Monitoring and Reporting: Monitor the performance of Cortex SOAR playbooks and workflows to ensure they are executing correctly and improving SOC efficiency. Generate reports and dashboards on automated incident handling metrics (e.g., time saved, incidents resolved via automation). Provide regular updates to SOC management on the effectiveness of automation efforts and recommend improvements. Ensure detailed logging and reporting of all automated actions taken by the SOAR platform to meet compliance and audit requirements. Collaboration with SOC Teams: Collaborate with SOC analysts, threat intelligence, and incident response teams to refine and develop automation strategies. Provide training to SOC analysts and incident responders on how to leverage Cortex SOAR effectively in day-to-day operations. Act as the technical point of contact for troubleshooting issues related to Cortex SOAR integrations, playbooks, and platform performance. Platform Maintenance and Upgrades: Ensure that Cortex SOAR is regularly updated with the latest software versions, patches, and features. Perform regular health checks and maintenance of the platform, ensuring it remains fully functional and responsive. Collaborate with vendor support to troubleshoot issues and apply best practices for SOAR performance. Compliance and Security: Ensure that SOAR processes and automations align with industry regulations and compliance requirements (e.g., GDPR, HIPAA, PCI-DSS). Work closely with the compliance team to ensure that automated workflows meet the necessary audit and documentation standards. Implement security controls and access management within the SOAR platform to prevent unauthorized use and ensure data privacy. Desired qualifications Education: Bachelors degree in Information Security, Computer Science, or related field. Experience: 4+ years of experience in cybersecurity, with at least 2 years working with SOAR platforms, preferably Palo Alto Cortex SOAR. Strong background in SOC operations, incident response, or security engineering. Experience working in a Managed Security Service Provider (MSSP) environment is preferred. Proven track record of developing, deploying, and managing security automation workflows and playbooks. Certifications: Palo Alto Networks Certified Security Automation Engineer (PCSAE) or equivalent. Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or other relevant certifications are a plus.

About The Role : Job TitleInformation Security Specialist LocationPune, India Role Description The Global Threat Detection & Response (TDR) team operates 24x7x365 in a follow-the-sun model with distributed teams across 3 regions (APAC, EMEA and AMER). The team is responsible for enabling the business of Deutsche Bank by providing agile, cost-effective and cutting edge threat response services to protect Deutsche Banks data, assets, customers and partners. This Threat Response (TR) Analyst role is part of the APAC TDR team, and requires a heavy focus on all areas of security monitoring, threat assessment and incident response, requiring a minimum 5 years of cyber experience. What we'll offer you As part of our flexible scheme, here are just some of the benefits that youll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities Responsible for monitoring and investigating alerts and events escalated from SIEM or other security channels. This role involves conducting in-depth log analysis, correlating IOCs, and implementing threat containment measures when necessary. Mitigate security risks and threats relating to cloud-based systems, applications, and data. This includes working closely with cross-functional teams to enhance our cloud security posture. The incumbent also assumes responsibility for overseeing and coordinating all facets of incident management like initial evaluation, stakeholder management, technical triage, and incident resolution. Proactively search and identify patterns of compromise, emerging threats, evidence of breach and anomalies by analysing historical data. Perform cyber risk assessment, and evaluate existing detections and controls to mitigate identified risks. The overarching goal is to enhance efficacy and proactively detect adversaries and malicious activities. Responsible for leading and coordinating operations and processes that are necessary for the smooth management of the security operations center Involved in managing various projects like detection use cases, security automation (SOAR), and threat hunting. Your skills and experience Minimum 5 years cyber security working experience in security operations, incident response, threat assessment etc, with at least 2 years working in an enterprise-grade security operations center (SOC). Working experience in network protocols, monitoring of logs and analysis, XDR, cloud infrastructure, and security controls in investigation and threats containment. Working experience investigating cloud security alerts and understanding of cloud infrastructure and operations Working experience in security tools such as SIEM, SOAR, XDR, and Cloud-based IR tools. Experience in blue/red/purple team techniques, adversary tactics, techniques, and procedures (TTPs), and cyber kill-chain. Possesses minimum a Bachelors degree in either Computer Science, Information Technology, or Science (Computer Studies). Analytical and critical thinking with an inquisitive mindset, collaboration, and conflict management with good communication skills. How we'll support you Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs

Role 1SOC Engineer (L1 / L2) About The Role Identifying, monitoring and responding to events and incidents that occur in the network Monitoring alerts from SIEM Creating and handling ticket related in security Ensuring SLAs are met; escalate the incident when SLAs are not met Investigating and analyzing network threats, and performing root cause analysis of incidents that occur in the network; Identifying and collecting data associated with initial security investigation finding. Collects data and context necessary to be relayed later to IR team. Hands on experience triaging security alerts, events, logs and artifacts Creates and maintains standard operating procedures and other similar documentation. Work in a team of 24/7 members 2 4 years experience as SOC Analyst At least 1 year hands on experience with SOAR platform, SIEM tools and log management tool In depth knowledge of security concepts such as security operations center (SOC), cyber attacks and techniques, threat vectors Hands on experience triaging security alerts, events, logs and artifacts Excellent analytical and problem solving skills as well as interpersonal skills to interact with team members, vendors and upper management Familiarity in malware and attack techniques Forensics experience is advantage Knowledge in Basic Linux is advantage Qualifications Experience of working within medium to large scale complex IT environments in telecommunication industry Strong oral and written communication skills Forensics experience is advantage Excellent attention to detail Resilient and approachable with the ability to work successfully in a dynamic, fast paced environment Ability to operate as a team player, with a flexible and positive attitude Strong analytical and problem solving skills Ability to work under pressure A self starter able to work independently but comfortable and effective working in a team environment. Commitment to accuracy and precision with all outcomes At least Bachelors degree in Network Engineering, Computer Science, Computer Information System or any equivalent degree/experiences. Ability to communicate written and verbally in English and Japanese (preferred). CertificationsPreferred Splunk, CEH, CompTIA+, Analyst Fundamentals Training, Security Analytics Training Acceptance Criteria for SelectionWith due selection process of Customer

Regular Shift Require experience in Administration 30% hike What you will do day to day: CyberSecurity Analyst (CA) has a wide variety of skills, including performing intrusion analysis, a deep understanding of the 18x5 security monitoring environment, and performing administrative tasks. The CA is an important role IT Security Department. The CA role requires defense against cyber threats by identifying and triaging security incidents. The ideal person in this role brings experience in investigating network and endpoint intrusions, as well as experience handling security incidents within the Security Operations Center (SOC). The SA will triage event, perform escalations and coordinate incident response procedures. This role must be able to solve complex problems independently and know when to escalate issues to senior IT Security Leads and Managers. This individual will work with multiple technology platforms and interface with other groups within IT Security Operations. The CyberSecurity Analyst (CA) for the SOC will be responsible for responding to critical threats that impact information security. This individual's role includes the following functions. Roles and Responsibilities: Hands-on experience of implementing EDR policies, Rules creation, and Incident/alert management. Good experience on security Incident response and investigation to identify the root cause of security breaches and gather evidence. Hands-on experience in log Ingestion, fine-tuning on reducing false positives, Event correlation, and analysis. Hands-on experience with Automation (SOAR) and Custom KQL queries. Develop and update incident response plans and playbooks to ensure effective handling of various types of incidents. Good experience in developing and implementing email security policies and best practices to safeguard against threats such as phishing, malware, and data breaches. Design and enforce DLP policies and rules to prevent unauthorized data access, sharing, and transmission. Deep technical knowledge of vulnerability management and administration Collect and analyze threat intelligence to stay informed about emerging threats and vulnerabilities relevant to the organization. In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, Malware investigation, web Proxy and network concepts etc. Engage in research and development of security solutions, testing new tools and methods for potential implementation. Knowledge on automation and scripting areas. Creating metrics for a Security Operations Center (SOC) measuring its effectiveness and identifying areas for improvement. Who we are looking for: Minimum Qualification: A university degree in Computer Science Engineering Information Security, or a related field is highly desirable Between 5 to 8 years of experience in the Information security domain along with Incident response, Threat analysis Additional Qualifications: Exceptional troubleshooting and problem-solving skills required. Security +, CEH or SANS GIAC certifications are preferred Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes Cyber Threat and Intelligence gathering and analysis Knowledge of Automation and AI (Artificial Intelligence) integration in Security Operations center. Should have worked in security operations and has a practical approach to analyzing incidents and security alerts from different security tools and platforms Strong communication skills Highly self-motivated

SIEM (Microsoft Sentinel, Wazuh, Splunk, QRadar multi-cloud environments (AWS, Azure, GCP) SOAR, Azure Sentinel Note: Sentinel One not required

Qualification: B.Tech./ BE/ MCA Experience: 8+ Years Essential Skills (technical): Must has SIEM, SOAR, EDR/XDR, NAC, Threat Intelligence Platform SOC ANYLST L3- Proficient in Incident Management and Response, handling escalations In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc. Provide analysis and trending of security log data from a large number of heterogeneous security devices Provide threat and vulnerability analysis as well as security advisory services Analyze and respond to previously undisclosed software and hardware vulnerabilities Investigate, document, and report on information security issues and emerging trends Guide and share information with other analysts and other teams; Knowledge of various operating system flavors including but not limited to Windows, Linux, Unix Knowledge of TCP/IP Protocols, network analysis, and network/security applications; Knowledge of common Internet protocols and applications Communicate effectively by contributing significantly to the development and delivery of a variety of written and visual documents for diverse audiences Knowledge about various tools like SIEM, SSL, Packet Analysis, HIPS/NIPS, Network Monitoring tools, Remedy, Service Now Ticketing Toolset Web Security, AV, UBEA, Advanced SOC

Description JD for Azure Security Engineer. Bachelors degree in Computer Science, Information Technology, or related field (or equivalent work experience). Minimum 6 years of industry experience. Proficiency in cloud services and tools Specific to Azure and strong understanding of Azure Cloud Security Services. Proven experience as Azure security Engineer with azure EntraID Identity and Access Management RBAC, ID governance, PIM/PAM, Conditional Access Policies, ID protection, MFA Access Reviews. Work under the guidance of security Architect team and help in Designing security Standards. Collaborate with engineering and architecture teams to identify security risks and recommend mitigating controls. Hands on Experience with Design/test/Implementation of Azure policies Covering infra/resource security. Hands on Experience with configuring Azure Security Services - MDC, Key Vault azure monitor and Log Analytics Workspace. Participate in creation and maintenance technical security policies, standards, configuration baselines, benchmarks, guidelines, and SOPs. Expertise in Azure technologies including CSPM, CWPP, EDR, SIEM/SOAR and CIEM with experience in Integration, Configuration and troubleshooting. Develop and execute information security plans, procedures, and policies Deep understanding of cloud security principles and best practices, with experience implementing security controls in Azure infrastructure services. Implement security best practices and ensure compliance with industry standards and regulations Such as MCSB, CIS, NIST, SOC in Azure infrastructure services. Collaborate with Enterprise Operations, Engineering, and IT teams to implement security standards and ensure standards are followed. Experience assessing and implementing security controls in all relevant areas (including access management, encryption methods, vulnerability management, network security, application security, etc.) Experience with security tools MDC , Wiz, CrowdStrike, Defender 365, Microsoft Entra, along with managing and troubleshooting issues in CrowdStrike, and Microsoft Defender. Excellent communication, collaboration interpersonal and relationship skills are required. Ability to work as a team player and as an individual contributor. Must be willing to learn, adapt, and work in fast paced, dynamic environment Azure certifications (e.g., Azure Security Engineer Associate AZ500, Security Operations Analyst Associate SC-200 and relevant certifications SC100 or Etc., are a plus. Advanced industry certification in relevant field (e.g., Ethical Hacker, CISM, CISSP). Named Job Posting? (if Yes - needs to be approved by SCSC) Additional Details Global Grade C Level To Be Defined Named Job Posting? (if Yes - needs to be approved by SCSC) No Remote work possibility No Global Role Family To be defined Local Role Name To be defined Local Skills Azure Cloud Services Languages RequiredENGLISH Role Rarity To Be Defined

Role 1: SOC Engineer (L1 / L2) Identifying, monitoring and responding to events and incidents that occur in the network Monitoring alerts from SIEM Creating and handling ticket related in security Ensuring SLAs are met; escalate the incident when SLAs are not met Investigating and analyzing network threats, and performing root cause analysis of incidents that occur in the network; Identifying and collecting data associated with initial security investigation finding. Collects data and context necessary to be relayed later to IR team. Hands on experience triaging security alerts, events, logs and artifacts Creates and maintains standard operating procedures and other similar documentation. Work in a team of 24/7 members 2- 4 years experience as SOC Analyst At least 1 year hands on experience with SOAR platform, SIEM tools and log management tool In depth knowledge of security concepts such as security operations center (SOC), cyber attacks and techniques, threat vectors Hands on experience triaging security alerts, events, logs and artifacts Excellent analytical and problem solving skills as well as interpersonal skills to interact with team members, vendors and upper management Familiarity in malware and attack techniques Forensics experience is advantage Knowledge in Basic Linux is advantage . Qualifications: Experience of working within medium to large scale complex IT environments in telecommunication industry Strong oral and written communication skills Forensics experience is advantage Excellent attention to detail Resilient and approachable with the ability to work successfully in a dynamic, fast paced environment Ability to operate as a team player, with a flexible and positive attitude Strong analytical and problem solving skills Ability to work under pressure A self starter able to work independently but comfortable and effective working in a team environment. Commitment to accuracy and precision with all outcomes At least Bachelors degree in Network Engineering, Computer Science, Computer Information System or any equivalent degree/experiences. Ability to communicate written and verbally in English and Japanese (preferred). Certifications: Preferred Splunk, CEH, CompTIA+, Analyst Fundamentals Training, Security Analytics Training Acceptance Criteria for Selection: With due selection process of Customer.

Experience : 3-4years in SOC Admin role, SIEM Administrator, SOAR Administrator. The Use-Cases Factory worker is responsible for : - Develop and deploy use-cases to detect security threats into our SIEM from the log collection to the incident handling playbook. Fine-tune detection rules to minimize false positives and false negatives. - Maintain detailed documentation of use-cases, ensuring transparency and accountability. - Manage execution of standard procedures for the content management, change management and lifecycle management of the use-cases. - Work closely with other IT and security teams to develop specific use cases and to enhance the overall security posture of the organization. Share insights and recommendations to improve overall cybersecurity posture. - Regularly review and update use-cases to adapt to the evolving threat landscape and incorporate new threat intelligence. - Manage reports, dashboards, metrics for CyberSOC KPIs and presentation to senior management & other stakeholders. Skills : - Bachelor's degree in Computer Science, Information Security, EXTC or related field. - Relevant certifications (e.g., CISSP, CCSP, CompTIA Security+) are highly desirable. - Proven experience (3+ years) working within the Cybersecurity field, with a focus on developing and managing use-cases. - Excellent understanding and proven hands-on experience in SIEM/SOAR concepts such as log collection, correlation, aggregation, normalization, parsing, playbooks, layouts. - Experience with Palo Alto XDR and/or other SIEM platforms like Sentinel, Qradar, Splunk, ArcSight, etc. - Experience with Palo Alto XSOAR and/or equivalent SOAR Platforms like Resilient, Phantom, etc. - Proficiency in scripting languages (e.g., Python, Bash) for automation and customization of security processes is highly desirable. - Deep understanding of various cyber threats, attack vectors, and defense mechanisms.

Responsibilities: • Monitor security logs and alerts using tools like Microsoft Defender for Office 365, Microsoft Defender for Endpoint, Azure Sentinel, and Cloud App Security. • Analyse security events and incidents to identify potential threats and vulnerabilities within the M365 environment. • Investigate security incidents, perform root cause analysis, and develop effective containment and eradication strategies. • Investigate and triage security alerts, escalating incidents as needed to senior analysts or incident response teams • Collaborate with other security teams and IT personnel to implement security best practices and improve the overall security posture. • Develop and maintain security documentation, including incident response plans, playbooks, and knowledge base articles. • Document security incidents and maintain accurate records of investigations and responses. • Develop and maintain security monitoring dashboards and reports. • Stay up-to-date with the latest security threats, vulnerabilities, and best practices. • Participate in security awareness training and promote a security-conscious culture. • Contribute to the continuous improvement of SOC processes and procedures. • Perform security assessments and vulnerability scans of the environment. • Automate security tasks and processes using scripting languages (e.g., PowerShell). • Generate security reports and metrics to track the effectiveness of security controls. • Should have working experience with SIEM platforms (e.g., Azure Sentinel) and SOAR tools. • Adhere to all company policies and procedures, including those related to security and compliance. Mandatory Skill - Must Have - SIEM + Sentinel Good to have - Sentinel

Project Role : Security Delivery Practitioner Project Role Description : Assist in defining requirements, designing and building security components, and testing efforts. Must have skills : Accenture MxDR Ops Security Threat Analysis Good to have skills : NA Minimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Key Responsibilities Work as part of analysis team that works 24x7 on a rotational shift Perform security monitoring by analyzing logs, traffic and alerts generated by variety of device technologies Timely response to customer requests like detection capabilities, tuning, etc. Research new threats and provide recommendations to enhance detection capabilities Strong desire for continuous learning on vulnerabilities, attacks and countermeasures Identify opportunities for process improvement Response activities on EDR based on client requirementsTechnical Experience Experience in an SOC operations with customer-facing responsibilities Deep understanding on cyber security fundamentals, security devices, network defense concepts and threat landscape Hands-on experience in SIEM, SOAR and threat hunting tools Desirable knowledge in any scripting language and EDR products Preferable GCIA, GCFA, CISSP Relevant experience required is 1 to 3 years.Professional Attributes Strong customer service and interpersonal skills Strong problem-solving skills Ability to communicate clearly at all levels, demonstrating strong verbal and written communication skills. Adaptability to accept changeEducational Qualification Minimum a bachelor's or a master's degree in addition to regular 15- year full time education Qualifications 15 years full time education

Role 1: SOC Engineer (L1 / L2) Job Description: Identifying, monitoring and responding to events and incidents that occur in the network Monitoring alerts from SIEM Creating and handling ticket related in security Ensuring SLAs are met; escalate the incident when SLAs are not met Investigating and analyzing network threats, and performing root cause analysis of incidents that occur in the network; Identifying and collecting data associated with initial security investigation finding. Collects data and context necessary to be relayed later to IR team. Hands on experience triaging security alerts, events, logs and artifacts Creates and maintains standard operating procedures and other similar documentation. Work in a team of 24/7 members 2 4 years experience as SOC Analyst At least 1 year hands on experience with SOAR platform, SIEM tools and log management tool In depth knowledge of security concepts such as security operations center (SOC), cyber attacks and techniques, threat vectors Hands on experience triaging security alerts, events, logs and artifacts Excellent analytical and problem solving skills as well as interpersonal skills to interact with team members, vendors and upper management Familiarity in malware and attack techniques Forensics experience is advantage Knowledge in Basic Linux is advantage Qualifications: Experience of working within medium to large scale complex IT environments in telecommunication industry Strong oral and written communication skills Forensics experience is advantage Excellent attention to detail Resilient and approachable with the ability to work successfully in a dynamic, fast paced environment Ability to operate as a team player, with a flexible and positive attitude Strong analytical and problem solving skills Ability to work under pressure A self starter able to work independently but comfortable and effective working in a team environment. Commitment to accuracy and precision with all outcomes At least Bachelors degree in Network Engineering, Computer Science, Computer Information System or any equivalent degree/experiences. Ability to communicate written and verbally in English and Japanese (preferred). Certifications: Preferred Splunk, CEH, CompTIA+, Analyst Fundamentals Training, Security Analytics Training Acceptance Criteria for Selection: With due selection process of Customer

Job Title: SOC Manager Location: Bangalore Department: Security Operations Center About Zybisys : At Zybisys, we are dedicated to providing top-tier cybersecurity services to our clients. We are looking for a skilled and experienced SOC Manager to lead our Security Operations Center (SOC) team in supporting customer onboarding, service implementation, continuous monitoring, and ensuring compliance with industry standards Role Overview: The SOC Manager will oversee the implementation, monitoring, and management of security operations for multiple clients. This role requires managing customer SOC services, ensuring timely onboarding, continuous monitoring, and compliance with security standards. You will lead the team in incident detection, response, and mitigation while ensuring the highest level of customer satisfaction. Key Responsibilities: SOC Operations Leadership: Lead and manage SOC operations for multiple client accounts, ensuring seamless service delivery, compliance, and performance. Client Onboarding & Implementation: Oversee the onboarding of new clients to the SOC service, ensuring smooth implementation of security protocols, tools, and monitoring systems. Incident Detection and Response : Supervise the detection, response, and remediation of security incidents for clients, providing detailed analysis and post-incident reviews. Continuous Monitoring & Threat Intelligence: Ensure the continuous monitoring of client systems for vulnerabilities, utilizing modern SIEM tools, intrusion detection/prevention systems (IDS/IPS), and other security technologies to proactively defend against emerging threats. Compliance & Reporting: Ensure SOC operations meet industry standards (e.g., GDPR, HIPAA, PCI-DSS) and regularly update clients on security posture through reports and executive briefings. Team Leadership & Mentorship: Lead, train, and mentor SOC team members, fostering continuous learning and certifications. Security Automation: Drive initiatives to automate security operations and reduce response time through SOAR tools and other technologies. Cross-Functional Collaboration: Work closely with clients, IT teams, and external vendors to ensure security is integrated into all systems, applications, and workflows. Key Skills and Qualifications: Certifications: CISSP, CISM, CEH, CTIA, CCSP or similar. Experience: Minimum 10+ years of experience in cybersecurity, with at least 5+ years in a leadership or managerial role within a SOC or security operations environment. Proven experience in client onboarding, security monitoring, and compliance. Technical Expertise: Hands-on experience with SIEM tools (Splunk, IBM QRadar), IDS/IPS, firewalls, EDR, and other security technologies. Leadership & Communication: Strong leadership, management, and communication skills, with the ability to present technical information to non-technical stakeholders. Analytical Skills: Strong problem-solving abilities and experience in conducting root cause analysis and developing action plans post-incident. Preferred Skills: Experience with cloud security (AWS, Azure, Google Cloud). Familiarity with security frameworks (ISO 27001, NIST, SOC 2 TYPE-2, PCI-DSS, GDPR). Experience with red teaming, penetration testing, and vulnerability assessments. Why Join Zybisys? Zybisys offers an exciting and dynamic work environment where you can contribute to innovative cybersecurity services. Join us to lead a team that supports clients with their security needs while growing your career in the cybersecurity industry.

SUMMARY About tsworks: tsworks is a leading technology innovator, providing transformative products and services designed for the digital-first world. Our mission is to provide domain expertise, innovative solutions and thought leadership to drive exceptional user and customer experiences. Demonstrating this commitment , we have a proven track record of championing digital transformation for industries such as Banking, Travel and Hospitality, and Retail (including e-commerce and omnichannel), as well as Distribution and Supply Chain, delivering impactful solutions that drive efficiency and growth. We take pride in fostering a workplace where your skills, ideas, and attitude shape meaningful customer engagements. Cloud Security & Compliance Specialist We are looking for an experienced Security & Compliance Specialist to oversee the organization's Cloud Security, ISO certifications, SOC 2 compliance, security audits, and governance. The candidate will ensure end-to-end security across cloud infrastructure, applications, and data, conducting penetration testing, IT risk assessments, and security monitoring while managing security tools and compliance frameworks. Requirements Responsibilities Oversee security for Azure Entra ID, AWS IAM, and Google IAM with a focus on identity security. Enforce multi-cloud security best practices, including encryption and data protection. Define and implement Zero Trust Architecture and secure cloud network segmentation. Establish and maintain IT security policies and standards aligned with industry best practices. Implement and manage CSPM and CWPP tools to enhance cloud security posture. Manage ISO 27001, ISO 42001, and SOC 2 certifications, ensuring compliance through audits. Conduct risk assessments and compliance reviews across multi-cloud environments. Ensure adherence to cloud security frameworks (ISO 27017, ISO 27018, CIS, NIST, CSA CCM). Drive security initiatives through GRC frameworks and governance models. Define and enhance IT security policies, conducting periodic audits for compliance and risk mitigation. Perform penetration testing and cloud-native security assessments, identifying misconfigurations and vulnerabilities. Integrate DevSecOps within CI/CD pipelines to fortify security in development workflows. Manage SIEM solutions (Azure Sentinel, Defender for Cloud) for real-time threat detection. Oversee Microsoft security tools (M365 Defender, Intune, SCCM) for endpoint security. Investigate security incidents, perform root cause analysis, and implement preventive measures. Automate security processes using Power Automate, Power BI, and scripting Secure cloud networking (Azure VNet, AWS VPC, GCP VPC) and enforce VPN & hybrid security. Implement Zero Trust principles and strengthen Identity & Access Management (IAM). Key Attributes and Qualifications 5+ years of experience in cybersecurity, compliance, or cloud security roles, with expertise in automating security workflows and managing multi-cloud security environments. Expertise in Cloud Security (Azure, AWS, GCP) and Microsoft Security Stack with hands-on experience in SIEM, SOAR, EDR/XDR, CASB, CSPM, and vulnerability management. Preferred certifications include ISO/IEC 27001:2022 Lead Auditor, ISO/IEC 42001:2023 Lead Auditor, SOC 2 Compliance Certification, Security Operations Analyst (SC-200), Microsoft Certified: Cybersecurity Architect Expert (SC-100), AWS Certified Security Specialty, and Azure Security Engineer Associate (AZ - 500). Strong understanding of Threat Intelligence, Risk Management, Compliance Audits, DevSecOps, Infrastructure as Code (IaC), and container security (Kubernetes, Docker, EKS, AKS, GKE). Experience securing API gateways, microservices, and serverless architectures while integrating security into CI/CD pipelines. Proven ability in security policy design, audits, compliance processes, penetration testing, vulnerability assessments, and cloud security governance.

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Manager, Managed Services Operations is a management role, responsible for operating within a Region/Country or Services function and is accountable for service delivery at the highest level thereby ensuring client satisfaction and the successful continuance of business operations within the organization. This role ensures managed service is provided to all clients, thereby ensuring that their IT infrastructure and systems remain operational. The primary objective of this role is to ensure contracted Managed Services outcomes are delivered to the client and assists with the planning, building and supporting of delivering managed services to meet business objectives. Experience: • Total experience of 10 years out of which minimum 8 years of experience in handling security related products & services in an organization of repute. • Minimum experience of 3 years as L3 level. Skills: • Experience in 5 or more areas of security like (Firewall, Anti- ATP, NIPS, WAF, Anti-DDoS, Web proxy, endpoint & web DLP, NAC, Privilege Identity Management, NBA, MDM, EPP, EDR, Anti-ATP and other security devices). • Person should have adequate knowledge of Security Orchestration Automation and Response (SOAR), Security Incident and Event Management (SIEM) solutions and Database Access Management (DAM) solutions. • Overall knowledge/experience of Architectural Design and Best practices on Network and Cyber Security. Mandatory Certification: At least one Security certifications PMP/ITIL expert/CISA/CISM/CISSP What you'll be doing Key Responsibilities: Proactively monitors and drives service delivery to clients. Manages client incidents by investigating and providing solutions that help solve client problems as escalated by team leaders and engineers. Works with client delivery teams to evaluate regional client reviews to ensure proactive incident management at client sites Ensures that the standard client information repository related to technology, operations manuals is current and accurate. Creates and maintains a comprehensive list of client requirements, the scope of deliverables, technology and the delivery model. Runs the managed services operations in alignment with the service management service operations (SMSO) process, delivering promised outcomes to clients. Provides operational support and continuous service improvement post client handover from Technical Services (or other) teams. Reviews training requirements for service operations teams. Engages with clients for technical operations as part of routine operations. Plans and implements key service improvement priorities based on a continual service improvement approach. Feeds continual service improvement priorities into the automation team. Ensures that tracking and monitoring of the performance of service delivery through all channels (human, digital, self-service, automated) is carried out, metrics and reports are analyzed, and issues are resolved. Responsible for the day to day running of the Managed Services Operations team in line with the performance established by the business. Ensures maximum uptime and the accurate and early response to client operational issues. Responsible for resource planning and work allocation to meet agreed service levels. Identifies opportunities for continuous service improvement. Knowledge and Attributes: Excellent organizational and team management skills. Excellent communication skills – both verbal and written coupled with excellent ability to collaborate with internal stakeholders and external clients. Advanced understanding of budgets and cost management. Excellent time management, prioritization and delegation abilities. Excellent focus on client centricity. Highly focused on business outcomes. Ability to guide the team through transformational objectives set out by the business. Excellent ability to work across different cultures and social groups. Ability to work well in a pressurized environment and adapt to changing circumstances. Academic Qualifications and Certifications: Bachelor’s degree or equivalent degree in Information Technology or Computing or related field. ITIL certification is desirable. Required Experience: Advanced experience in coaching and mentoring engineering team(s) gained within an information technology services organization. Advanced demonstrated experience implementing continual service improvement initiatives (through automation, process enhancements). Advanced demonstrated experience in organizational change management (transformational experience). Advanced demonstrated experience in domain towers such as Network, Collaboration/Customer Experience, Cloud, Security, Data Center. Workplace type : On-site Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Managed Services Information Security Analyst is a seasoned subject matter expert, responsible for working with security tools and other security teams to monitor, analyze, interpret and report on the incoming client data for the purpose of delivering security information and recommendations to the clients, enabling the organization to deliver the contracted security services. This role includes performing tasks such as security incident detection and response, security event reporting, threat hunting, content maintenance (tuning) and interacting with clients to ensure their understanding of the information generated, recommending client system changes as well as answering security related queries from the clients. What you'll be doing Key Responsibilities: Works as part of a global Cyber Defense Centre (CDC) team that works 24/7 on rotational shifts. Works with client stakeholders and relevant internal teams to tune the MSSP platform and client SIEM to enable more efficient detection, analysis and reporting. Monitors security tools to review and analyze security logs from client environments. Generates continuous improvement ideas for supported security tools/technologies, to enable improvements to the company services, employee experience and client experience. Adheres to SOPs, customer Run Books and standard processes to ensure a globally consistent delivery whilst also proposing changes and improvements to these standards. Utilizes and documents best practices and amends existing documentation as required. Identifies opportunities to make automations which will help the clients and security delivery teams. Performs security incident handling and response from several vectors including End Point Protection and Enterprise Detection and response tools, attack analysis, malware analysis, network forensics, computer forensics., Utilizes a broad range of skills in LAN technologies, Windows and Linux O/S’s, and general security infrastructure. Ensures usage of knowledge articles in incident diagnosis and resolution and assists with updating as and when required. Performs defined tasks to inform and monitor service delivery against service level agreements and maintain records of relevant information. Undertakes threat hunting activities across both individual client estates, as well as cross client hunting. Manages unresolved incidents and follows up until incidents are resolved. Works closely with client delivery teams to support their activities related to client delivery. Cooperates closely with colleagues to share knowledge and build a cohesive and effective team environment, benefiting the individual, the business and the client. Performs any other related task as required. Knowledge and Attributes: Seasoned knowledge on implementation and monitoring of a company supported SIEM or security tools/technologies/concepts. Seasoned knowledge on security architecture, worked across different security technologies. Seasoned knowledge and understanding of the operation of modern computer systems and networks and how they can be compromised. Displays excellent customer service orientation and pro-active thinking. Displays problem solving abilities and is highly driven and self-organized. Excellent attention to detail. Excellent analytical and logical thinking. Excellent spoken and written communication abilities. Team player with the ability to work well with others and in group with colleagues and stakeholders. Ability to remain calm in pressurized situations. Ability to keep current on emerging trends and new technologies in area of specialization. Academic Qualifications and Certifications: Bachelor's degree or relevant qualification in Information Technology or Computing or a related field. Security certifications such as (but not limited to) AZ-500, SC-200, Security+, CEH, CISSP, CISM or similar Certification in different networking technologies such as CCNA, JNCIA, ACCA, PCNSA, CCSA is advantageous. Required Experience: Seasoned experience in SOC Analysis Operations. Seasoned experience in SIEM usage for investigations. Seasoned experience in Security technologies such as (but not limited to) Firewall, IPS, IDS, Proxy. Seasoned experience in dealing with technical support to clients. Seasoned experience in handling security incidents end to end. Seasoned experience in configuring/managing security controls, such as SIEM, Firewall, IDS/IPS, EDR, NDR, UTM, Proxy, SOAR, Honeypots and other security tools. Seasoned experience in Security Analysis or Engineering preferably gained within a global services organization. Workplace type : Hybrid Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Responsibilities will include (But not limited to) Engineering leadership and support for existing and future SIEM and SOAR technology (Splunk ES, Phantom, etc.) Leading the continued technical enhancement of security platforms Supporting the identification, development and implementation of new detections (use cases) Leading the continued evolution of automation and orchestration across the platform Training and developing other members of the Logging and Operations team as well as other members of the engineering function. Supporting a culture of individual self-improvement, whereby staff are expected to maintain subject matter expertise within their area of focus and within the realm of cybersecurity more broadly, for example remaining up to date on the latest forensic techniques and tooling for strategically important platforms. Taking a leading role in the engagement of Global Businesses and Functions, driving global up-lift in cybersecurity awareness. Collaborating with various layers of management across Cybersecurity and other IT teams to develop solutions that protect the organisation. Designing and driving the implementation of new service offerings, capability uplifts and process improvements to protect the bank for a continuously changing threat landscape. Major Challenges What you will bring to the role To be successful in this role you should have proven experience within the Technology sector with knowledge of the following skills: Technical expertise of enterprise-level SIEM technology and logging frameworks. Extensive experience in deploying, configuring, upgrading and administering Splunk clusters at scale. An ability to perform installation, configuration management, capacity planning, license management, data integration, data transformation, field extraction, event parsing, data preview and application management of Splunk. Scripting/Programming experience with Python, Bash, Powershell. An ability to communicate complex and technical issues to diverse audiences. Self-motivated and possessing of a high sense of urgency and personal integrity. A team-focused mentality with the proven ability to work effectively with diverse stakeholders. Ability to orchestrate, manage and successfully implement major procedural and technological change within a complex, global organization. Formal education and advanced degree in Information Security, Cybersecurity, Computer Science or similar and/or commensurate demonstrated work experience in the same fields Bonus points for: Experience with Splunk deployment and management in AWS.

L4 - Cyber Defense Center (CDC) Manager Required Skills You are a thought leader and come with at least 7 years of Information Security experience handling diverse security domains and teams o You come with a strong knowledge and implementation experience in various areas of Security Operations Centers (SOC) from its conceptualization to build and operate 24x7 o You have extensive experience in conducting full lifecycle of incident investigation till its closure, including evidence chain of custody, conducting related interviews, stakeholder liaisoning, forensic investigations and report generation o You are well versed with the Lockheed Martin Cyber Kill Chain, MITRA ATT&CK Framework and Incident Response in alignment with ISO 27035 together with all relevant SOC Policies and Procedures o You are an expert in analysing CTI, performing Threat Hunting, Dark web monitoring, creating intelligent playbooks and handling SOC teams to help identify and respond to cyber threats as well as recover from the same o You are well versed with Security Orchestration, Automation and Response (SOAR) technologies to be able to assess SOC Analyst performance and investigation steps so they may be considered for appropriate playbook automation and drastically improve Analyst performance o You have a good understanding of various leading Information Security Standards and Frameworks such as, but not limited to, Information Security Management System (ISO 27001), NIST Cyber Security Framework (NIST), NIST 800-53, PCI DSS, HIPAA, SSAE-18 SOC1 or SOC2 and SoX controls, having directly or indirectly been part of such implementations over the years o You have a good understanding of essential security controls in one or more of the following Cloud platforms - Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP)

Job Responsibilities: Monitor, analyze, and interpret security/system logs for events, operational irregularities, and potential incidents, and escalate issues to the appropriate teams when necessary. Oversee the detection and analysis of security events through various input tools and systems (SIEM, IDS/IPS, Firewalls, EDR, etc.). Conduct Red Team exercises to test and evaluate the effectiveness of preventive and monitoring controls in a simulated real-world attack environment, providing actionable feedback to improve defense strategies. Provide expert-level support for complex system/network exploitation and defense techniques , including deterring, identifying, investigating, and responding to system and network intrusions. Support in-depth malware analysis , focusing on both host and network-based threats, conducting log analysis, and performing triage in support of incident response activities. Maintain and enhance security technologies deployed across the organization, including customizing and fine-tuning SIEM use cases, parsing rules, and security tool configurations based on evolving threat intelligence. Monitor and assess the threat and vulnerability landscape , staying informed on new security advisories, zero-day vulnerabilities, and emerging threats, taking appropriate action to mitigate risks. Continuously monitor and triage security alerts , managing the escalation queue to ensure swift and efficient incident resolution. Monitor and fine-tune SIEM systems , improving content, parsing, and overall system maintenance to ensure accurate event correlation and detection of complex threats. Oversee security-related events in Cloud infrastructure, including IaaS, PaaS, and SaaS environments, responding to and mitigating security incidents in cloud environments. Deliver scheduled and ad-hoc reports on security posture, incident response outcomes, and security metrics, highlighting key findings, trends, and areas of improvement. Provide mentorship and guidance to L1 and L2 analysts , helping them grow their skills and knowledge of advanced threat detection, incident response, and security technologies. Develop and update Standard Operating Procedures (SOPs) , incident response playbooks, and training documentation to ensure consistent, effective incident handling across all SOC tiers. Work through the full ticket lifecycle , from initial alert detection to final resolution, ensuring thorough documentation, follow-ups, and corrective actions as necessary. Generate end-of-shift reports , ensuring seamless knowledge transfer to subsequent shifts and maintaining continuity in incident management. Perform threat-intelligence research to stay up-to-date with emerging attack patterns, vulnerabilities, and threat actor tactics, techniques, and procedures (TTPs). Actively participate in security forums , contributing to the exchange of knowledge and best practices with the wider cybersecurity community. Job Specifications: Qualifications: Bachelors degree in Engineering, Computer Science, Cybersecurity, or closely related coursework in technology disciplines. Certifications such as CISSP, CEH, CISM, GCIH, GCIA, or other industry-recognized certifications are highly desirable. Extensive experience with the following tools and technologies: SIEM Tools : Splunk, IBM QRadar, SecureOnix, etc. Case Management Tools : Swimlane, Phantom, ServiceNow, etc. EDR Solutions : Crowdstrike, SentinelOne, VMware Carbon Black, McAfee, Microsoft Defender ATP, etc. Network Analysis Tools : Darktrace, FireEye, NetWitness, Panorama, etc. Cloud Security : AWS, Azure, Google Cloud Platform (GCP), and associated security monitoring tools. Experience: 4+ years of SOC experience in progressively responsible roles with expertise in security monitoring, incident response, and threat detection/mitigation. Hands-on experience in conducting threat-hunting activities and vulnerability assessments . Proven ability to handle complex security incidents and effectively collaborate with cross-functional teams to mitigate cyber risks. Desired Skills: In-depth knowledge of SOC L1 and L2 responsibilities , with the ability to take the lead in complex incident investigations and escalate issues as needed. Advanced understanding of TCP/IP protocols , event log analysis , and the ability to interpret logs from various devices and systems. Strong understanding of Windows , Linux , networking concepts , and the interaction between different operating systems and networks . Experience analyzing network traffic and utilizing tools like Wireshark , tcpdump , and other packet capture and analysis utilities. Advanced understanding of security solutions like SIEMs, web proxies, EDR, Firewalls, VPNs, multi-factor authentication (MFA), encryption, IPS/IDS, etc. Functional knowledge of Cloud environments , and the specific security risks associated with IaaS, PaaS, SaaS offerings. Ability to research IT security issues and products , staying up to date with new attack vectors, cybersecurity tools, and evolving threats. Solid experience working in a TAT-based security incident resolution environment , with knowledge of ITIL and incident response best practices. Experience with scripting (e.g., Python, PERL, PowerShell) for automation, tool customization, and analysis is highly preferred. Malware analysis and reverse engineering skills are an added advantage. Personal Attributes: Highly self-motivated and proactive, with the ability to independently manage multiple tasks while maintaining attention to detail. Strong communication skills , both written and verbal, with the ability to effectively document findings, present reports, and communicate complex technical details to non-technical stakeholders. Ability to effectively prioritize tasks in a high-pressure, time-sensitive environment, with a focus on rapid, efficient incident resolution. Strong problem-solving skills , and a natural inclination to investigate and understand the root cause of security incidents. Team player , with the ability to work collaboratively with peers, other IT teams, and external partners, ensuring cohesive incident management and response. Passion for cybersecurity , with a keen interest in staying at the forefront of emerging security trends and technologies.

About KPMG in India KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience Role & responsibilities: The candidate should be hands-on in managing Security Operations, SOC, Identify access management, Risk Management Should have worked on Blueprinting and Designing of SOC frameworks and implementation of SOC/SIEM solution and Enterprise Architecture Should be hands-on on security processes with good client and Market facing experience in India geography Should have worked on Designing, solutioning and Implementation of Cyber Security Frameworks - Security Operations Strategy, Vulnerability Management - Application & Infrastructure and Threat Intelligence and Analytics Preferred candidate profile : Should have worked on the below - M&A experience - Actively monitoring, analyzing & escalating SIEM alerts based on correlation rules, Active threat hunting on network flow, user behavior and threat intelligence Candidate should have expert level domain knowledge (Cyber Security), Threat Hunting, SIEM - Azure Sentinel, SIEM - (RSA / Splunk / LogRhythm), Ability to Comprehend Logs (HTTP, SMTP, Network), Operating systems and servers, Organizes Technical Sessions / Talks. Candidate should able to familiar with python Scripting & Windows Active Directory (Optional). Vulnerability Management Services - External & internal Vulnerability scanning, VMS tool Qualys & Kenna Administration, Application server & Vulnerability scanning Candidate should have expert level domain knowledge (Cyber Security), Vulnerability scans and recognizing vulnerabilities in security systems, Network analysis tools to identify vulnerabilities, Develop insights about the context of an organizations threat environment, Risk management processes, Network attack and a network attacks relationship to both threats and vulnerabilities. Candidate should have advance level understanding of Impact/risk assessments. Security Operations and Management experience - SOC Experience in Identity access, privilege access, vulnerability management Client facing - front end with the client- focused on engagements + Sales, BD + Capability Development Qualification: B.Tech / M.Tech/ MCA professional with 6-15 years of experience in the relevant role Should have strong hands on MS Power Point and MS Project Hands on experience and certification in any one SIEM (IBM QRadar, ArcSight, Azure Sentinel, Splunk) Security Certifications like CISSP, CISM, GIAC, Security+ etc Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.

RAS DRC - IT Security Engineer- Bangalore /Gurgaon Job summer: The Security Engineer is responsible for ensuring the BDOs network and information systems are protected from external and internal threats. In this role, the Security Engineer is charged with engineering solutions and systems and building policies and procedures. Job Duties : Recommends and implements changes to enhance network and open systems security for BDO Protects network resources against unauthorized access, modification, or destruction Performs day-to-day monitoring and management of security devices and applications Collaborates with IT partners to create and execute the Firms technical security strategy Partners with Infrastructure Services professionals to evaluate and recommend security patches for operating systems, network devices, and applications Coordinates with other departments inside BDO (such as Legal and Human Resources) to create and enforce policies and procedures related to information security Performs intrusion testing on corporate network, both external and internal, report findings back to upper management Provides assistance with establishing standards for hardware and software where there are implications to security (i.e., wireless access control) Reports security assessment metrics to upper management on a regular basis Collaborate with internal departments at BDO to communicate BDOs security program to customers and prospects. Adheres to BDO and department policies and procedures Other duties as required Technical Set and Education Details : Education: High school diploma/GED, required Bachelors degree, preferred Experience: Five (5) years of experience providing IT systems security support, required License/Certifications: CISSP certification, preferred Software: Demonstrated knowledge with one (1) or more of the following, preferred: Firewall technologies such as Cisco ASA, Cisco FTD, Palo Alto VPN administration Intrusion Prevention Systems / WAF Web proxy / Web Filtering solutions Endpoint protection products (application control, EDR, NGAV) Scripting experience (Powershell, Python) SOAR and automation technologies Vulnerability and patch management SIEM administration and log management Understanding of incident response concepts Understanding of attack frameworks and methodology Microsoft Azure and Cloud Security Posture Management Windows and Linux operating systems General understanding of network protocols Ticketing systems such as ServiceNow Other Knowledge, Skills & Abilities: Strong verbal and written communication skills Self-motivated to improve skills and functionality of assigned security systems Excellent interpersonal and customer relationship skills Capacity to work in a deadline-driven environment while handling multiple complex projects/tasks simultaneously with a focus on details