482 Soar Jobs - Page 9

Synax seeks an experienced SOC Leader (10+ years) to address global customers' cybersecurity needs and empower our partner network to achieve next-level service cyber-Security excellence. Why Join Synax Technologies Lead and pioneer a strategic cybersecurity initiative from inception. Thrive in a collaborative, innovative environment with ambitious growth objectives. Gain exposure and influence at a global, enterprise scale. Enjoy competitive compensation, career advancement, and executive visibility. What You&aposll Own: Design the Blueprint. Architect and scale a global SOC from the ground upset the strategy, define the roadmap, and own the outcome. Build the Dream Team. Recruit, lead, and inspire top-tier cybersecurity prosfrom threat hunters to incident responders. Set the Standard. Create world-class frameworks, playbooks, and metrics aligned with global best practices. Outsmart Threats. Lead the charge on cutting-edge detection and response using the full tech arsenal: SIEM, SOAR, EDR, XDR, UEBA, threat intel, and automation. Innovate Relentlessly. Drive a culture of continuous evolution, powered by AI, machine learning driven automation. You&aposre the Perfect Fit If You Have: Deep Roots in Cybersecurity: Minimum 10 years of experience navigating the world of security products and solutions, including 6 years in leading SOC/CSOC teams on a global scale. A Track Record of Building Greatness: You&aposve successfully built and rapidly scaled SOC/CSOC teams from scratch, turning vision into realityand you&aposre eager to do it again. Technical Mastery: Your expertise runs deep in cybersecurity operations, threat intelligence, incident response, and cutting-edge endpoint security technologies. Certifications That Count: Industry-recognized credentials like CISSP, CISM, or CISA showcase your professional commitment and credibility. Industry Savvy: Bonus points if you have experience working in highly regulated sectorslike BFSI, Healthcare, Government, or Telecomwhere cybersecurity truly matters. Solid Academic Grounding: You hold a Bachelors degree in Information Security, Cybersecurity, Computer Science Engineering, or related fields (a Masters degree makes you shine even brighter). Note: Preference will be given to candidates with current experience at Tier-1 SOC providers, who are locally available and can join immediately. This role requires international travel as and when needed. Show more Show less

Colt provides network, voice and data centre services to thousands of businesses around the world, allowing them to focus on delivering their business goals instead of the underlying infrastructure. Why we need this role This role is critical to protecting both internal telecom infrastructure and customer-facing security services. It ensures the secure deployment and management of technologies across backbone, edge, and cloud environments, while supporting the delivery and integration of managed security solutions for customers. The role plays a key part in incident response, vulnerability management, and maintaining robust security standards. By collaborating across engineering, operations, and product teams, it helps embed security into every layer of the network and service lifecycle, ensuring resilience, compliance, and customer trust. What You Will Do Security Product Engineering (Customer-Facing Focus) Support deployment and integration of customer security products such as managed firewalls, SD-WAN, SASE platforms, and DDoS mitigation solutions. Perform configuration, troubleshooting, and tuning of security services in customer environments. Assist in onboarding, proof-of-concept testing, and support transitions to operations for customer security services. Work with solution architects to operationalize and maintain secure design patterns and templates. Infrastructure Security (Internal Focus) Deploy and manage security technologies across the telecom backbone, edge, and data centre infrastructure (e.g., firewalls, IDS/IPS, SIEM, PAM, NAC). Collaborate with network and systems teams to secure IP/MPLS transport, SDN platforms, automation tools, and cloud workloads. Monitor and analyse security events and alerts, responding to incidents and escalating as appropriate. Assist with vulnerability assessments, patch management validation, and configuration hardening. Document and maintain infrastructure security standards, configurations, and runbooks. Support & Collaboration Participate in security incident response, root cause analysis, and remediation efforts. Provide input on threat modelling, security testing, and design reviews for internal and external services. Stay current on security threats, tooling, and telecom-relevant vulnerabilities. Collaborate cross-functionally with engineering, operations, product, and customer support teams. What We&aposre Looking For Must haves 37 years of experience in security engineering and/or network engineering Solid understanding of TCP/IP, routing, firewalls, VPN, and network segmentation principles. Hands-on experience with security tools such as firewalls (Fortinet, Palo Alto, etc.), SIEM/SOAR, IDS/IPS, EDR, or vulnerability scanners. Familiarity with Linux, scripting (Python, Bash), and infrastructure-as-code concepts. Knowledge of secure configuration standards (e.g., CIS benchmarks) and common protocols (e.g., BGP, DNS, SNMP). Might haves Experience supporting or delivering telecom or ISP infrastructure. Exposure to customer-facing security services or managed security environments. Familiarity with regulatory and industry standards (e.g., NIST, ISO 27001, UK TSA). Certifications such as Security+, GSEC, GCIA, or equivalent are a plus. Telecom or carrier experience strongly preferred Skills Cyber Security Architecture IT Architecture Methodologies Cyber Security Tools/Products Cyber Security Planning Security Compliance Education A Masters of Bachelors degree such as Computer Science, Information Security or related field What We Offer You Looking to make a mark At Colt, youll make a difference. Because around here, we empower people. We dont tell you what to do. Instead, we employ people we trust, who come together across the globe to create intelligent solutions. Our global teams are full of ambitious, driven people, all working together towards one shared purpose: to put the power of the digital universe in the hands of our customers wherever, whenever and however they want. We give our people the opportunity to inspire and lead teams, and work on projects that connect people, cities, businesses, and ideas. We want you to help us change the world, for the better. Diversity and inclusion Inclusion and valuing diversity of thought and experience are at the heart of our culture here at Colt. From day one, youll be encouraged to be yourself because we believe thats what helps our people to thrive. We welcome people with diverse backgrounds and experiences, regardless of their gender identity or expression, sexual orientation, race, religion, disability, neurodiversity, age, marital status, pregnancy status, or place of birth. Most Recently We Have Signed the UN Women Empowerment Principles which guide our Gender Action Plan Trained 60 (and growing) Colties to be Mental Health First Aiders Please speak with a member of our recruitment team if you require adjustments to our recruitment process to support you. For more information about our Inclusion and Diversity agenda, visit our DEI pages. Benefits Our benefits support you through all parts of life, for both physical and mental health. Flexible working hours and the option to work from home. Extensive induction program with experienced mentors and buddies. Opportunities for further development and educational opportunities. Global Family Leave Policy. Employee Assistance Program. Internal inclusion & diversity employee networks. A global network When you join Colt you become part of our global network. We are proud of our colleagues and the stories and experience they bring take a look at Our People site including our Empowered Women in Tech. Show more Show less

You will be responsible for planning, implementing, managing, and maintaining security systems such as antimalware solutions, vulnerability management solutions, and SIEM solutions. Your role will involve monitoring and investigating security alerts from various sources, providing incident response, and identifying potential weaknesses within the organization's network and systems to recommend solutions. You will also be required to take up security initiatives to enhance the overall security posture of the organization and document SOPs, metrics, and reports as necessary. Additionally, providing Root Cause Analysis (RCAs) for security incidents and collaborating with different teams and departments to address vulnerabilities, security incidents, and drive initiatives will be part of your responsibilities. To be successful in this role, you should possess industry-recognized professional certifications such as CISSP, GCSA, CND, or similar. Your experience in computer security, risk analysis, audit, and compliance objectives will be crucial. Familiarity with Network and Web Security tools like Palo Alto, ForeScout, and Zscaler, as well as experience with AWS Cloud Environment and Terraform, will be advantageous. Moreover, expertise in Privileged Access Management solutions, SIEM/SOAR, NDR, EDR, VM, and Data Security solutions is desired. You must have a proven ability to make decisions and perform complex problem-solving activities under pressure. Creativity, out-of-the-box thinking, and the ability to work on multiple projects simultaneously in fast-paced environments are essential. Strong communication, presentation, and writing skills are required, along with the ability to share knowledge and collaborate with team members, managers, and customers. Your organizational skills, results-oriented approach, and capability to work in a fast-paced global environment will be critical to your success in this role.,

Your tasks Real-time monitoring, analysis, triage of security events and alarms based on relevant security threats and risks Perform in-depth analyzes of security incidents to understand root cause as well as impact to derive recommendations for handling and elimination Support of our cybersecurity engineers for continuous improvement in the CDRC (e.g. through creation or optimization of monitoring or alarm rules) Timely addressing of security incidents in cooperation with the whole team Monitoring of the current threat level and starting of accompanying proactive analyzes / threat hunting Creating and expanding documentation for the global CDRC team (such as SOPs, reference standards, architecture charts) Conducting training courses on security incidents and best practices for our employees Possibility of working in a shift model in the future Your qualifications Engineering degree in Computer Science, Information Security from reputed college/ University Min. 2-5 years of professional experience in the cybersecurity in a multinational company Experience in using security tools and technologies such as SIEM systems, SOAR, firewalls, intrusion detection systems and anti-virus software Good analysis knowledge of various common logs formats Experience with cloud security and technologies such as AWS, Azure, M365 Knowledge of security frameworks and standards such as MITRE ATT&CK, NIST, ISO 27001 Experience in the following fields is desirable vulnerability analysis, threat intelligence, threat hunting or incident response Ideally you have an interest in the topics of machine learning and algorithms Experience in IT service management (e.g. ITIL) and existing security certifications are an advantage Capabilities to analyze and eliminate complex issues Experience with Windows and Linux operating systems Team Player, Excellent communication skills with fluency in speaking & writing English; German is added advantage

The ideal candidate for this position will succeed if they possess both knowledge and technical depth about the company and the industry. This is crucial as they are expected to play a central role in the decision-making process, collaborating with various individuals from different teams as needed. Additionally, they will be responsible for supervising specific personnel. Responsibilities - Manage and mentor a team of SOC analysts (Tier 1-3) across multiple shifts - Oversee threat hunting, incident response, and security monitoring operations - Develop and refine SOC procedures, playbooks, and escalation processes Qualifications - Bachelor's degree or equivalent experience - Proficiency in Malware Analysis, Threat Hunting, Triage, Incident Response, SIEM, and SOAR - Strong leadership skills,

Work with MCX to enhance your career growth and excel in the field of Information Security. MCX values its employees" domain expertise and commitment, which have been pivotal in the company's success. If you are an ambitious and result-oriented professional, MCX offers exciting career opportunities for you to realize your potential in the cybersecurity domain. As a Manager - Information Security at MCX based in Mumbai, you will play a crucial role in ensuring the optimal performance of security technologies through operational oversight. With a Bachelor's degree in Cybersecurity, Information Technology, or related fields, along with 8-10 years of experience in cybersecurity (including 3+ years in managerial roles), you will be responsible for managing L2 activities and listed technologies hands-on. Your key responsibilities will include overseeing L2 activities, incident response, audits, and reviews of security operations. You will also be involved in developing and maintaining comprehensive documentation and SOPs for security technologies and processes, ensuring compliance and standardization. Additionally, you will configure, optimize, and maintain various security tools while evaluating their effectiveness and ensuring integration with the organization's IT infrastructure. In this role, you will lead threat hunting efforts, collaborate with stakeholders for risk mitigation, and manage security incidents promptly. You will generate security reports, communicate with stakeholders, and mentor junior team members to enhance their skills in security tools and best practices. If you are ready to climb the career ladder with MCX and have the necessary qualifications and experience in cybersecurity, this role offers you a platform to grow and excel in the dynamic field of Information Security. For further assistance or inquiries about this opportunity, please contact us at 022-67318888 / 66494000 or careers@mcxindia.com.,

Organization: At CommBank, we never lose sight of the role we play in other peoples financial wellbeing. Our focus is to help people and businesses move forward to progress. To make the right financial decisions and achieve their dreams, targets, and aspirations. Regardless of where you work within our organisation, your initiative, talent, ideas, and energy all contribute to the impact that we can make with our work. Together we can achieve great things. Job Title: Senior Platform Engineer Location: Bangalore, Manyata Tech Park Business & Team: The role of Platform Engineers is to Design, Build, Run & Evolve tools, infrastructure, templates and capabilities that our other engineers use to deliver business value, and to write code that automates running our infrastructure and environments. The Cybersecurity Engineering group safeguards the organization by delivering secure, scalable, and high-performing systems that protect critical infrastructure and sensitive data. Our mission is to support cybersecurity objectives through innovative engineering solutions and secure operational practices. This exciting opportunity is for someone that can bring strong full cycle platform engineering expertise with a focus on learning and developing new skills across cyber security and security engineering. Impact & Contribution: As a Senior Platform Engineer, youll be reporting directly to the Engineering Chapter Lead, a part of our wider Cyber Engineering Chapter, developing the scalability, reliability, and security of our various platforms. Your work will involve the delivery of complex security initiatives across the groups platforms and systems. Our mandate is to protect the business platforms, systems, data, digital assets, and reputation across our cloud and datacentre infrastructure. You will work in a DevSecOps environment, with a strong focus on automation, IaC, observability, and automated cyber defense security tools. Roles & Responsibilities: Bring hands on experience working with Infrastructure as Code using tools such as Terraform, CloudFormation, CDK etc. In depth experience using scripting/programming languages such as PowerShell, Bash & Python, as well as good Windows & Linux Server experience. Strong knowledge of CI/CD and automation tools like GitHub, GitHub Actions, TeamCity, CI/CD pipeline desirable. Automation of observability logs and metrices, including dashboard, monitoring and alerting. Incident management, post incident reviews, problem management. Demonstratable experience in solving complex problems. Essential Skills: We use a broad range of tools, languages, and frameworks. We dont expect you to know them all but experience or exposure with some of these (or equivalents) will set you up for success in this team. Cyber Defense Tools (SOAR, EDR, Atlassian products like JIRA, Confluence etc) AWS infrastructure 8-12 years of IT experience Python, PowerShell, Bash - optional Experience with and knowledge of CI/CD and automation tools like GitHub, GitHub Action, TeamCity, CI/CD pipeline desirable Exposure to GenAI models, agents, MCP. Automation tools such as Terraform, Ansible. Source control, and CI/CD tooling such as GitHub, GitHub actions, Jenkins, Octopus Python and scripting languages such as Bash & PowerShell. Infrastructure as code pipelines and automation. Observability with Grafana and Prometheus. Devops / decsecops Education Qualification: Bachelors degree or masters degree in engineering in Computer Science/Information Technology If you&aposre already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you&aposll need to apply through Sidekick to submit a valid application. Were keen to support you with the next step in your career. We&aposre aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696. Advertising End Date: 30/08/2025 Show more Show less

You should have at least 7 years of experience in the Information Security field, specifically with direct experience in SOAR or other automation solutions. Your expertise should include Palo Alto XSOAR with SOC Operations understanding, with a focus on resolving Security Incidents and automating related tasks. A minimum of 5 years of hands-on experience in SOC / Incident Response is required. Additionally, you should possess experience with SOAR or other automation solutions (e.g., IT automation, SIEM, case management) and have a strong background in triaging security events using various tools like SIEM, SOAR, and XDR in a security operations environment. Proficiency in scripting and development skills (e.g., BASH, Perl, Python, or Java) along with a solid understanding of regular expressions is crucial for this role. This position falls under the Others category and is a Full-Time role located in Bangalore/Pune. The ideal candidate should have 7-10 years of relevant experience and be available to start immediately.,

You should be highly proficient in Microsoft Sentinel and Azure Log Analytics, with at least 5-8 years of experience. You will be responsible for connecting any type of logs from various sources to Sentinel Log Analytic work space. Your role will involve creating playbook analytic rule workbooks, notebooks, incidents, and threat hunting. Additionally, you should have experience in developing KQL queries for data normalization and parsing capability for Log Analytics data ingestion pipeline. As part of your responsibilities, you will automate and integrate developed use cases into DevOps CI/CD pipeline and develop incident response capabilities using Azure Logic Apps. You should also be able to develop Jupyter notebooks using scripts in Python and integrate them with Microsoft Sentinel. Knowledge of different Microsoft Defender products, implementation and integration of defender for cloud services, as well as experience in cloud computing and cloud security roles are required. The ideal candidate should have a minimum of 5 years of experience in Microsoft Sentinel and Azure log analytics, with a strong background in developing Kusto Query Language. Experience in SIEM and SOAR implementation, along with working on automation scripts, will be beneficial for this role. The position is based in Mumbai, Pune, Chennai, Hyderabad, Bangalore, Kolkata, Delhi, or Coimbatore.,

You will be joining a leading Indian telecom company operating in 18 countries and serving over 300 million customers and 1 million+ businesses. The company values a customer-first mindset and a user-centric approach. Your role will require you to be experienced in SIEM platforms such as QRadar, Splunk, and ArcSight, with knowledge of UEBA, NBAD, and SOAR. You should be skilled in incident management, network troubleshooting, and comfortable working in 24x7 SOC environments. Your responsibilities will include having a technical understanding and working knowledge of SIEM platforms, along with exposure to UEBA, NBA, NBAD, and SOAR. It is essential to have experience with industry-standard SIEM platforms like QRadar, Splunk, RSA, Seceon, Arcsight, etc. You will need to adhere to processes and procedures, possess general network knowledge, and be proficient in TCP/IP troubleshooting. Additionally, you should be able to trace down an endpoint on the network based on ticket information. Good customer communication skills are essential, along with working knowledge of SIEM incident management and providing customer updates. Experience in Managed SOC Services is a must, and you should be prepared to work across 24x7 shifts. Hands-on experience in SIEM platforms and the mentioned technologies is required for this role. It would be beneficial to have industry certifications on SIEM Platform, CCNA, CEH, MCSE, and others as preferred skills.,

As an experienced Information Security professional with 8+ years of experience, you will be responsible for planning, implementing, managing, and maintaining security systems such as antimalware solutions, vulnerability management solutions, and SIEM solutions. Your role will involve monitoring and investigating security alerts from various sources, providing incident response, and identifying potential weaknesses within the organization's network and systems to recommend effective solutions. Additionally, you will take up security initiatives to enhance the overall security posture of the organization. You will be required to document Standard Operating Procedures (SOPs), metrics, and reports as necessary, provide Root Cause Analyses (RCAs) for security incidents, and collaborate with different teams and departments to address vulnerabilities, security incidents, and drive security initiatives. Moreover, researching and monitoring emerging threats and vulnerabilities, understanding current industry and technology trends, and assessing their impact on applications will be crucial aspects of your role. Your qualifications should include industry-recognized professional certifications such as CISSP, GCSA, CND, or similar certifications. Demonstrated experience in computer security with a focus on risk analysis, audit, and compliance objectives is essential. Proficiency in Network and Web Security tools like Palo Alto, ForeScout, and Zscaler, as well as experience in AWS Cloud Environment and Privileged Access Management solutions, will be advantageous. Familiarity with SIEM/SOAR, NDR, EDR, VM, and Data Security solutions and concepts is desired. The ideal candidate will possess strong decision-making and complex problem-solving skills under pressure, along with a high degree of creativity and "out-of-the-box" thinking. The ability to manage multiple projects simultaneously in fast-paced environments, a service-oriented approach, and excellent communication, presentation, and writing skills are key requirements for this role. You should also be adept at sharing knowledge, collaborating with team members and customers, and adapting to a fast-paced, ever-changing global environment. Strong organization, time management, and priority-setting skills are essential, along with a proactive approach to achieving results. In summary, this role offers an exciting opportunity for an experienced Information Security professional to contribute to the enhancement of the organization's security posture, collaborate with diverse teams, and stay abreast of emerging threats and industry trends.,

Position Summary: The SOC Engineering and Operational Lead Engineer is responsible for the engineering and administration activities of SOC tools, such as SIEM, SOAR, and deception technology. Continuously focus on enabling Automations to Support SOC Tools Administrations & Security Incident Detections and response activities. Roles & Responsibilities: Daily Operational management of SOC Tools. (Including SIEM, SOAR..etc Components Infra Maintenance). Log, Alert & Enrichment sources integrations with SOC Tools. Co-ordinate with different stakeholders to understand the Integration sources to ensure appropriate baseline created and maintained as per industry standards. Ensure appropriate correlation rules are in place against the log source types for threat/anomaly detections. Ensure proper Incident types, fields, playbooks are defined for Automations in SOAR. Continuous touch base with Incident Detection and Response team to fine tune the rules with adequate threshold based on their feedback. Evaluate New SOAR/SIEM/Log analytics/big data forensic technologies products to maintain our tools base per industry standard and Olam requirements. (including Open source) Interface with stakeholders in different parts of the globe to ensure systems are deployed to the appropriate configuration. Develop metrics dashboard to identify trends, anomalies, and opportunities for improvement. Ensure adequate change management and documents maintained for SIEM related Changes. Periodical review of SOC Tools Architecture, Log Baseline, Rules, Assets health, Automations, Playbooks..etc. Ensure high quality of Industry standards and brand consistency in all IT projects. Ensure to work with technology stakeholders to enable the deception decoys. Profile Description: Must have 4+ years of experience in Splunk On Prem & Cloud SIEM Engineering and Administration. Should have hands on experience in Implementation, configuration, and management of SIEM & SOAR technologies. (Prefer Splunk, Elk, Qradar,Securonix, Demisto, google secops, servicenow secops) Should have hands on experience in creating custom correlation rules/alerts, searches, and data analytics in Splunk or similar Log analytics tool. Should have hands on experience in creating custom playbooks, automation scripts in SOAR. Must have strong working knowledge of Linux-flavored OS environments. Strong knowledge in Broad infrastructure and technology background including demonstrable understanding of security operations in critical environment. Have sound analytical and problem-solving skills. Should have some experience with cloud infrastructure like Microsoft Azure, AWS & GCP. Prefer Splunk or Similar log analytics certified Professional. Must have strong scripting & Programming language knowledge. (Python,Powershell Vbscript,cc++,.net..etc) We are Mindsprint! A leading-edge technology and business services firm that provides impact driven solutions to businesses, enabling them to outpace speed of change. For over three decades we have been accelerating technology transformation for the Olam Group and their large base of global clients. Working with leading technologies and empowered with the freedom to create new solutions and better existing ones, we have been inspiring businesses with pioneering initiatives. Awards bagged in the recent years: Best Shared Services in India Award by Shared Services Forum 2019 Asias No.1 Shared Services in Process Improvement and Value Creation by Shared Services and Outsourcing Network Forum 2019 International Innovation Award for Best Services and Solutions 2019 Kincentric Best Employer India 2020 Creative Talent Management Impact Award SSON Impact Awards 2021 The Economic Times Best Workplaces for Women 2021 & 2022 #SSFExcellenceAward for Delivering Business Impact through Innovative People Practices 2022 For more info: https://www.mindsprint.org/ Follow us in LinkedIn: Mindsprint Show more Show less

Saint-Gobain group through its group company Grindwell Norton Limited has established INDEC - an International Delivery Center in Mumbai to provide IT solutions and services to the groups businesses Globally. INDEC is currently organized into INDEC Application Development, INDEC Infrastructure Management and Cyber Security Management. While INDEC Apps specializes in Software application development and maintenance services (ADM), INDEC Infra specializes in monitoring and managing the key IT infrastructure assets of the group deployed globally across 70 countries worldwide. INDEC provides IT Services and Solutions to the Saint-Gobain group through its state-of-the-art delivery centers based at Andheri East in Mumbai. There are approximately 1200+ associates working in INDEC currently. INDEC Apps provides software application development and maintenance services across a wide spectrum covering SAP, Java, PHP, .Net, CRM, Mobility, Digital, Artificial Intelligence (AI), and Robotic Automation. INDEC Infra on the other hand operates the following service lines: Network Coordination Center (NCC/NOC), Data Center Infrastructure Support, IT Standards, Tools Engineering and Reporting Automation. INDEC Cybersecurity provides 24/7 Security monitoring to detect & react on any suspicious activity in Saint- Gobain. It provides services on vulnerability scanning, web application firewall, endpoint protection, strong authentication, digital certificate, Win 10 MBAM and SFTS support . Key Responsibiities: Evaluate and enhance the performance of SIEM/SOAR systems to ensure optimal threat detection and incident response. Develop and maintain automation scripts and playbooks to streamline incident detection, analysis, and response processes. Leverage SOAR capabilities to reduce manual intervention and improve response times. Oversee the day-to-day administration of SIEM/SOAR platforms, ensuring their availability, reliability, and security. Perform regular updates, patches, and configuration changes. Collaborate with the Incident Response team to ensure seamless integration of detection and response functions. Provide support during security incidents to ensure timely and effective remediation. Work closely with other IT and security teams to develop specific use cases and to enhance the overall security posture of the organization. Share insights and recommendations to improve overall cybersecurity posture. Maintain detailed documentation of automation, scripts, and improvement. Manage execution of standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/SOAR platforms. Manage technical documentation around the content deployed to the SIEM/SOAR. Manage reports, dashboards, metrics for CyberSOC KPIs and presentation to senior management & other stakeholders Qualificaton: Bachelor&aposs degree in Computer Science, Information Security, EXTC or related field. Relevant certifications (e.g., CISSP, CCSP, CompTIA Security+) are highly desirable. Proven experience (3+ years) working within the Cybersecurity field, with a focus on security platform implementation & administration. Experience with deploying and managing a large SIEM/SOAR environment. Experience with Palo Alto XDR and/or other SIEM platforms like Sentinel, Qradar, Splunk, ArcSight, etc. Experience with Palo Alto XSOAR and/or equivalent SOAR Platforms like Resilient, Phantom, etc. Proficiency in scripting languages (e.g., Python, Bash) for automation and customization of security processes is highly desirable. Functional Skills/Competencies: Has a systematic, disciplined, and analytical approach to problem solving. Excellent ability to think critically under pressure. Strong communication skills to convey technical concepts clearly to both technical and non- technical stakeholders. Willingness to stay updated with evolving cyber threats, technologies, and industry trends. Capacity to work collaboratively with cross-functional teams, developers, and management to implement robust security measures. SELECTION PROCESS: Interested Candidates are mandatorily required to apply through this listing on Jigya. Only applications received through Jigya will be evaluated further. Shortlisted candidates may be required to appear in an Online Assessment administered by Jigya on behalf of Saint-Gobain INDEC Candidates selected after the screening test will be interviewed by Saint-Gobain INDEC Show more Show less

Job Description Manage all aspects of cloud computing (including networking, compute, storage, and services), ensuring that the appropriate technology and methodologies are applied when translating business requirements into technical and functional solutions. Collaborating internally and across the organization in driving cloud adoption of security technologies. Stay current with industry trends, best practices, and emerging technologies related to DevOps and cloud computing. Extensive collaboration with technical and business facing stakeholders to engineer solutions which exceed customer expectations and drive significant business value. Implement and monitor security standards across development, testing, and production environments. Design solutions and processes to monitor, test for, and strategically deploy product updates. Identify opportunities for automation and efficiency improvements, implement from end-end. Utilize futuristic tools, technology, and frameworks for enhancing business experience. Participate in the development of a healthy product backlog, ensuring agile practices are followed. Proactively identify opportunities to improve and automate existing technologies. Support strategic vision for new infrastructure and systems by providing input on roadmaps/value maps in partnership with business stakeholders that aligns with the overall corporate strategy. Support organizational wide Disaster Recovery and Business Continuity plans and strategy so the organization is prepared for potential events. Support 24x7 security operations as needed. Responsibilities Basic Qualifications: Bachelors degree in Computer Science, Cyber Security, or Information Systems. 2+ years of proven hands-on experience with IT security and Devops cloud engineering. Microsoft Azure certifications such as: AZ-104, AZ-305, or AZ-400 Strong knowledge of Azure DevOps tools and services, including Azure Pipelines, Repos, Artifacts, and Boards. 2+ years with engineering expertise with Full stack, hands-on expertise with infrastructure including IaC such as Terraform or ARM templates. 2+ years of experience developing end-end using APIs and/or scripting languages such as Powershell, Python, YAML, JSON, NodeJS, etc. 1+ years leading projects and implementations. Preferred Qualifications: Technical Skills: Understanding, with hands-on experience, of IT Security and Security Engineering technologies such as CASB, CSPM, Email Security Gateways, SIEM/SOAR, Endpoint Protection, EDR/XDR, DLP, etc. Strong technical backgrounds (ideally building highly scalable platforms, products, or services) with the ability to proactively identify and mitigate technical risks throughout delivery life-cycle Hands-on experience solving security technical challenges. Deep technical knowledge of cloud platforms: Azure is strongly preferred. Experience engineering reusable tools and self-service capabilities with automated infrastructure operations Experience in creating frontend components that support accessibility Proven experience in engineering solutions that improve the developer or user experience and productivity. Hands-on experience setting up CI/CD pipelines. OpenShift Tekton, or GitHub Actions, or alike Knowledge of secure coding practices Experience setting up serverless functions using GCP Cloud Run or Cloud functions, and configuring the respective cloud provider for scaling Robust knowledge of system design principles including reliability, availability, and scalability Understanding of security frameworks Experience setting up logging and monitoring services (Dynatrace, GCP Ops Suites) Proven ability to implement and prove out POCs with speed, vision and quality Strong consulting and analytical skills and a risk management mindset. Qualifications Other Skills: Demonstrates the ability to be highly collaborative with peers across the organization. Possess a high tolerance for ambiguity and ever-changing technology environment. Possess a strong bias for action. Naturally curious and stays on top of emerging trends and threats. interpersonal skills, with the ability to communicate effectively at all levels of the organization. Familiarization with agile concepts. Ability to thrive in working in a fast-paced, technologically forward-leaning environment and are not afraid to push the boundaries of security capabilities. A sense of intellectual curiosity and a burning desire to learn. You may not check every box, or your experience may look a little different from what we&aposve outlined, but if you think you can bring value to Ford Motor Company, we encourage you to apply! Show more Show less

Role : WAF Engineer (F5/ Radware) Experience : 3 to 6 years in Network Security Location : Navi Mumbai, Noida The WAF - L2 Engineer is a critical role within our Network Security team, responsible for managing and optimizing Web Application Firewall (WAF) solutions. The ideal candidate will bring 3 to 6 years of network security experience, with a specific focus on WAF management. This position is based in Mumbai and requires a strong technical background, excellent problem-solving skills, and the ability to work in a dynamic, fast-paced environment. The WAF - L2 Engineer will ensure the security and integrity of our network infrastructure, support incident response efforts, and collaborate with various teams to maintain high service levels. Responsibilities : Manage and optimize Web Application Firewall (WAF) solutions. Integrate WAF solutions with various management and authentication tools such as email, AD, IAM, and SIEM. Automate processes using scripting and SOAR tools. Manage policies, exceptions, and perform packet capture, analysis, and troubleshooting. Oversee incident, problem, service request, change, configuration, and capacity management of WAF setups. Proactively use network monitoring tools to isolate events before service degradation. Support incident monitoring and analysis/response initiatives. Troubleshoot network issues across OSI Model layers 1, 2, and 3. Conduct daily performance checks, periodic audits, and ensure compliance. Perform immediate troubleshooting for network outages. Implement and maintain network security policies, standards, and procedures. Deploy and maintain access and security policies for WAF solutions. Maintain service levels and oversee the 24/7 configuration, administration, and monitoring of network security infrastructure. Coordinate with OEMs for TAC support, RMA, replacement, and reconfiguration of WAF. Create technical documentation, network diagrams, inventory control, and security documentation. Collaborate with helpdesk, IT support, and application support teams for high-priority incident resolution. Investigate, isolate, and resolve WAF incidents, providing Root Cause Analysis (RCA). Design and implement WAF solutions for Data Centers (DC), Disaster Recovery (DR), Cloud, and Branch office environments. Develop SOPs, Run books, and update knowledgebase in ITSM tools. Automate and integrate tools with REST API/SDK for security dashboards and InfoSec tools (AD, IDAM, PAM, SIEM, SOAR). Ensure compliance with audit points and timelines. Perform patch updates and upgrades per compliance and audit requirements. Lead and mentor L1 & L2 engineers. Analyze packet captures using tools like Wireshark/Pcap. Ensure timely closure of tickets within SLA and follow up on escalated tickets. Prepare SLA reports for respective technology. Required Skills: Proficiency in managing WAF solutions. Experience in Windows, Linux, Unix environments. Hands-on experience in commissioning, implementation, and integrating WAF solutions. Strong scripting and process automation skills. Experience in policy and exception management. Proficiency in packet capture, analysis, and troubleshooting tools. Incident and problem management skills. Strong verbal and written communication skills. Demonstrated ability to manage, analyze, and solve complex issues. Ability to lead and mentor a team of engineers. If you are a dedicated network security professional with a passion for ensuring the safety and integrity of web applications, we encourage you to apply for this challenging and rewarding role.

Function Goal : To support the organization's information security efforts by assisting with the monitoring and initial analysis of security threats, providing support in risk management activities, and helping ensure compliance with security policies to protect the organization's information assets. Key Result Areas : Assist in the development, review, and maintenance of security policies and procedures and provide support for security-related documentation to ensure robust security frameworks are in place. Ensure compliance with relevant security standards and regulatory requirements and participate in internal and external security audits to ensure the organization meets all necessary guidelines. Assist in the development and implementation of new security initiatives and technologies. Provide support for security-related projects, including planning, execution, and monitoring. Coordinate with project teams to ensure security requirements are met. Monitor and assess the effectiveness of security training programs. Promote best practices and educate staff on security policies and procedures. Create and distribute security awareness materials, such as security bulletins, phishing simulations and posters to ensure all employees are well-informed and vigilant and have a high level of security awareness. Assist in identifying potential security risks and vulnerabilities within the organization's systems and processes. Participate in the evaluation of risks by analyzing the likelihood and potential impact of security threats. Use tools and techniques to document identified risks and share findings with senior team members for further analysis to ensure proactive risk management. Participate in training and development opportunities to enhance security skills and knowledge. Provide feedback on existing security processes and suggest improvements to enhance effectiveness and to ensure continuous improvement of security measures.

As a Senior Associate / Manager in the cyber security domain, you will be required to have a B.E / B.Tech/ M.CA/M.Sc (IT/CSE) or equivalent with 6-8 years of experience. Your role will involve utilizing your strong technical background in networking/system administration, security administration & testing, as well as hands-on experience in IT security auditing, vulnerability assessment, and penetration testing. You should possess in-depth knowledge of TCP/IP, Networking technologies, LAN Switching, IP Routing, and WAN protocols. An understanding of Data Center architectures and the three pillars of data center infrastructure is essential. Additionally, you should have experience in Perl, Python, Bash, or C Configuration and Security of Operating Systems such as Windows, HP-UX, Linux, Solaris, AIX, etc. Your responsibilities will include working with major networking and security solutions like Next Gen Firewalls, UTMs, IPSs, AFW, VPN, DDoS, Antivirus, Patch Management, DLP, IAM, SIEM, and SOC management tools. You will need to follow best practices in cyber security and adhere to security standards such as NISPG guidelines, NSCS prescribed security audit guidelines, CERT-In guidelines, and more. Furthermore, you should be proficient in security testing techniques like threat modeling, vulnerability scanning, penetration testing, social engineering, wireless penetration testing, and password cracking. Experience in utilizing commercial network and application Security tools and open-source tools is required. Possessing certifications like CEH, GPEN, OSCP, CISSP, CISA, CISM, or equivalent will be an added advantage. Strong leadership, communication skills, and the ability to write quality reports are essential for this role. In your role, you will define the scope of security audit, assess assets, analyze and test client IT environments, perform Internet penetration testing, network architecture reviews, and other security testing tasks. You will provide remediation recommendations and suggestions to enhance the security of IT infrastructure. Collaboration with clients and internal teams to meet client expectations and ensure compliance with high-quality standards will also be part of your responsibilities. This is a full-time position located in Hyderabad.,

The Threat Response Analyst position at Applied Systems, Inc. within the Corporate IT team requires a skilled professional with a background in security threat response activities. As a Threat Response Analyst, you will be responsible for conducting threat response activities, leveraging SIEM tools for security event analysis, and utilizing endpoint detection and response solutions. To qualify for this role, you must hold a BE or BTech degree and have a minimum of 5-6 years of experience, with at least 3 years specifically focused on threat response activities. You should possess a strong working knowledge of security log parsing, networking fundamentals, and information security incident investigation and response skillset. Key responsibilities include using a logging platform for security analytics, contributing to the creation of threat and incident response runbooks, and automating detection, analysis, and response actions using SOAR and platform integrations. Additionally, you will participate in the Security Incident Response Team on-call rotation, collect and analyze threat intelligence reports, and assist in the development of project plans and process documentation. The ideal candidate will be able to author threat intelligence reports based on our security operations team's incidents, analysis, and adversary engagements, as well as analyze event feeds and collected malware for trends and correlations. You will also be responsible for triaging and handling/escalating security events and issues as needed. If you are a proactive individual with a passion for cybersecurity and a desire to contribute to a high-energy, fast-paced environment in Bengaluru, we encourage you to apply for the Threat Response Analyst position at Applied Systems, Inc.,

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Operation Automation Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking an experienced and innovative SOAR Architect to lead the design, development, and implementation of advanced Security Orchestration, Automation, and Response (SOAR) solutions. The ideal candidate will leverage their expertise in platforms like Splunk Phantom, Chronicle SOAR, and Cortex XSOAR to optimize and automate incident response workflows, enhance threat detection, and improve overall security operations efficiency. Roles & Responsibilities:- SOAR Strategy and Architecture:Develop strategies for automation, playbook standardization, and process optimization.- Playbook Development:Create, test, and deploy playbooks for automated threat detection, investigation, and response. Collaborate with SOC teams to identify repetitive tasks for automation and translate them into SOAR workflows.- Integration and Customization:Integrate SOAR platforms with existing security tools, including SIEM, threat intelligence platforms, and endpoint protection. Customize connectors and APIs to enable seamless communication between security tools.- Collaboration and Leadership:Work closely with SOC analysts, threat hunters, and other stakeholders to align automation efforts with organizational goals. Provide technical mentorship to analysts on SOAR platform utilization.- Performance Optimization:Continuously evaluate SOAR platform performance and implement improvements for scalability and reliability. Monitor automation workflows and troubleshoot issues to ensure consistent operations.- Compliance and Best Practices:Ensure that all SOAR implementations align with industry standards, compliance regulations, and organizational policies. Stay up to date with the latest advancements in SOAR technology and incident response practices. Professional & Technical Skills: - Proficiency in scripting and programming Python to develop custom playbooks and integrations.- Strong understanding of security operations, incident response, and threat intelligence workflows.- Proven track record of integrating SOAR with SIEM solutions (e.g., Splunk, Chronicle), EDR, and other security tools.- Ability to troubleshoot complex integration and automation issues effectively. Additional Information:- Certifications such as Splunk Phantom Certified Admin, XSOAR Certified Engineer, or equivalent.- Experience with cloud-native SOAR deployments and hybrid environments.- Familiarity with frameworks like MITRE ATT&CK, NIST CSF, or ISO 27001.- A 15 year full-time education is required- 3.5 years of hands-on experience with SOAR platforms like Splunk Phantom (On-Prem and Cloud), Chronicle SOAR, and Cortex XSOAR. Qualification 15 years full time education

We are seeking a highly experienced and technically proficient Lead to serve as a Subject Matter Expert (SME) on SOAR (Security Orchestration, Automation, and Response) for implementation, playbook creation, and platform management at Inspira Enterprise India. In this critical role, you will take end-to-end responsibility for managing and resolving L3 level incidents, addressing customer concerns, and overseeing SOC (Security Operations Center) operations for our clients, while also mentoring junior team members. Roles and Responsibilities: Serve as the Subject Matter Expert (SME) on SOAR for implementation, playbook creation, and platform management. Address any technical questions from clients and drive the implementation and operations BAUs (Business As Usual) for SOAR. Take end-to-end responsibility to manage/resolve L3 level incidents, customer concerns, and SOC operations for customers. Take full accountability for incidents related to SOAR and pertaining to SOC operations. Work on documentation of Standard Operating Procedures (SOPs) and Root Cause Analyses (RCAs). Act as a coach and mentor to junior Operations/Implementation Engineers and Technicians. Coordinate with Specialists/Sr. Specialists to resolve complex problems. Take ownership of at least two technologies according to domain or specialization. Support Specialists/Sr. Specialists in the effective execution of projects. Perform skills gap analysis and upskill team members wherever needed. Maintain strong relationships with all project stakeholders. Be the immediate contact person for the client. Create and maintain SOP documents. Deliver technical tasks of complex nature as per assigned timelines. Maintain activity logs, SLA details, and other critical information necessary for the smoother execution of projects. Resolve all technical issues/queries which are assigned/escalated. Partner with other cross-functional teams and client teams to provide effective resolution. Guide and share information with other analysts and teams. Develop use cases, content, playbooks, and automation with APIs. Drive automation of all L1 & L2 activities. Serve as the single point of contact to the client stakeholders. Improvise threat hunting capabilities of the technology using automation. Drive continuous development of analytical, statistical, mathematical models leveraging AI/ML capabilities of the technology to enhance threat detection and prediction, and implement advanced use cases. Conduct continuous fine-tuning of configuration, rules, and policies. Drive continuous innovation and automations in intuitive dashboards, reports, and queries. Optimize response time to fetch data and logs in advanced queries, reports, and dashboards. Provide on-the-job training to the client and the team. Participate in client meetings, discussions, etc. Interface with senior management. Establish communications with appropriate team members and business units, providing status updates. Manage reporting, tracking, monitoring, and closing out incident response issues with proper RCA. Interact with internal business units to address incidents and support investigations. Be the focal point for critical security events and incidents, serving as an SME while providing recommendations and guidance to the respective business units and to the SOC lead for escalation and remediation. Handle, respond to, and document all events or incidents that require escalation from Level 2 or Level 1 analysts. Lead efforts in monitoring, reporting, and responding to information security incidents. Recommend controls and process improvements based upon external threat indicators, industry trends, and lessons learned. Be responsible for facilitating incident management team exercises and events. Skills Requirement: Deep knowledge of SOAR (Security Orchestration, Automation, and Response) for implementation, playbook creation, and platform management. Proficiency in Python for SOAR-related tasks. Experience in managing/resolving L3 level incidents. Strong accountability for incidents related to SOAR and SOC operations. Good knowledge of IOAs, Incident Response processes, and Playbooks. Experience in scripting is a plus. Proven ability to coach and mentor junior Operations/Implementation Engineers and Technicians. Experience in coordinating with Specialists/Sr. Specialists to resolve complex problems. Ability to take ownership of at least two technologies according to domain or specialization. Strong relationship management skills with project stakeholders. Experience in creating and maintaining SOP documents. Ability to deliver complex technical tasks within timelines. Proficiency in maintaining activity logs, SLA details, and other critical project information. Experience in resolving technical issues/queries, assigned or escalated. Ability to partner with other cross-functional and client teams for effective resolution. Experience in guiding and sharing information with other analysts and teams. Strong skills in use case creation, content development, playbook creation, and automation with APIs. Experience in automating L1 & L2 activities. Ability to improvise threat hunting capabilities using automation. Experience in continuous development of analytical, statistical, mathematical models leveraging AI/ML capabilities for threat detection and prediction. Experience in continuous fine-tuning of configuration, rules, and policies. Proven ability to drive continuous innovation and automations in intuitive dashboards, reports, and queries. Experience in optimizing response time to fetch data and logs in advanced queries, reports, and dashboards. Ability to provide on-the-job training to clients and the team. Strong communication and interpersonal skills for client meetings and senior management interfacing. Experience in establishing communications with appropriate team members and business units, providing status updates, and reporting/tracking incident response issues with proper RCA. Proven ability to lead efforts in monitoring, reporting, and responding to information security incidents. Experience in facilitating incident management team exercises and events. QUALIFICATION: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

The position available at Novamesh Ltd (TATA Communications Ltd) in Jaipur is for an L2/L3 Threat Hunter/TIP Admin. As a Threat Hunter, your primary responsibility will be to conduct threat-hunting activities to identify security threats, including zero-day threats. You must possess strong skills in network forensic analysis, packet capture, and reconstruction, along with knowledge of Threat Intelligence Platform (TIP), Anti APT, and EDR. To excel in this role, you should be certified in any threat hunting certification or its equivalent. Your duties will include hunting for security threats, identifying threat actor groups and their techniques, and understanding the APT lifecycle, tactics, techniques, and procedures (TTPs). Familiarity with the MITRE ATT&CK framework and mapping threats to techniques is essential. You will provide expert analytic investigative support to L1 and L2 analysts for complex security incidents and analyze security incidents to enhance rules, reports, and AI/ML models. Proficiency in malware behavior analysis, sandboxing, and the analysis of various security logs and sensors is crucial for this role. Additionally, you will be responsible for incident response for identified threats and proactively identifying potential threat vectors to enhance prevention and detection methods. Hands-on experience with Trellix (formerly McAfee) APT solutions, EDR, and Threat Intelligence, along with familiarity with security monitoring tools like SIEM, SOAR, and Threat Intelligence Platforms (TIPs), is required. The ideal candidate should hold a degree in B.E./B.Tech/MCA/M.Sc. in Computer Science or Information Technology and have a minimum of 6+ years of relevant experience in Security Operations, Threat Detection, or Incident Response. Certification in CSA/CEH would be an added advantage.,

Job Role : Cyber Security Engineer--Work From Office Experience : 5 to 10 Yrs Key Skills: Security tools integration and management, Onboarding, Log integration, writing rules and polices in Cloud Security/SIEM/EDR/Antivirus/XDR/MDR/SOAR tool/IPS & IDS Notice Period : 0 to 15 days(Must) Should be willing to work in Second shift Company: Cyber Towers, Quadrant 3, 3rd floor, Madhapur, Hyderabad -- 500081. Job Overview: They plan, implement, and maintain security measures, respond to security incidents, and identify vulnerabilities. Their roles vary depending on the specific area of security, such as network, application, or cloud security. Here's a more detailed breakdown of their responsibilities: Security Planning and Implementation: Designing and implementing security controls: This includes firewalls, intrusion detection systems, and access control mechanisms. Developing security policies and procedures: Establishing guidelines for secure operations and data handling. Performing risk assessments: Identifying potential vulnerabilities and threats. Implementing security tools and technologies: Integrating security software and hardware into the organization's infrastructure. Analyze and recommend improvements to network, system, and application architectures to enhance security. Research, design, and implement cybersecurity solutions that protect the organizations systems and products. Collaborate with DevOps, Platform Engineering, and Architecture teams to ensure security is embedded in the design and development of applications and systems. Actively participate in the change management process, ensuring security considerations are prioritized in system upgrades and modifications. Design and deploy automated security controls to improve efficiency in risk identification, configuration management, and security assessments. Develop and refine security policies to address cloud security misconfigurations, leveraging cloud-native security technologies. Implement logging and monitoring solutions for cloud environments to enhance SOC team capabilities in detecting and responding to security incidents. Assess and review emerging technologies to identify potential security risks and implement mitigation strategies. Design and deploy innovative security technologies to address evolving security challenges. Conduct vulnerability scanning, anomaly detection, and risk assessment to enhance the security posture. Work closely with security architects to develop and deploy security solutions that address cloud-specific risks. Take ownership of security posture improvements, ensuring strict security policies and controls align with business objectives. Research and stay up to date on emerging security threats and provide strategic recommendations to strengthen security defenses. Qualifications & experience: Hands-on experience with implementing security controls, including Database security, Web content filtering, Anomaly detection & response, Vulnerability scanning & management Proficiency in at least one scripting language (e.g., Perl, Python, PowerShell, Bash) for automation and security tooling. Expertise in at least one of the following security domains: Cloud-native security (e.g., IAM, security groups, encryption), Endpoint security (e.g., EDR/XDR, mobile security) Strong familiarity with industry security frameworks and regulations, including: NIST Cybersecurity Framework (CSF) , CIS Controls, HIPAA, GDPR compliance Ability to assess compliance requirements and implement security controls to ensure adherence. Strong problem-solving and analytical skills, with the ability to assess complex security risks and develop mitigation strategies. Excellent communication and interpersonal skills, with the ability to engage both technical and non-technical stakeholders. Proven ability to work independently, manage projects, and contribute as an integral part of a high-performing security team.

We are reaching out regarding an exciting opportunity in Cybersecurity Operations Leadership with a global organization known for innovation and resilience in cyber defense. In this role, you'll lead a 24x7 global Security Operations Center (SOC) and drive strategy and execution across threat detection, incident response, forensics, and automation using tools like Splunk, Phantom, CrowdStrike, and Tanium. Youll work closely with audit and compliance teams and ensure security operations are aligned with regulatory and industry best practices (NIST, MITRE ATT&CK, ISO 27001). Key Highlights: Lead SOC teams and security incident response globally Enhance SIEM/SOAR platforms, automate detection & response Hands-on experience with forensic tools, cloud security (AWS/Azure), and vulnerability management Strategic reporting, playbook creation, and regulatory compliance Preferred certifications: CISSP, CISM, GCIH, GCFA, CEH, or equivalent Experience: 10–15 years with at least 3–5 years in Cybersecurity Operations If you’re passionate about building world-class cybersecurity defense mechanisms and enjoy leading high-performing teams, we’d love to speak with you!

Shift : 9x5 Job Description for Threat Hunter/TIP admin Skillset Must : Network forensic (Packet Capture andRe-Construction Capability), Knowledge on Threat Intelligence Platform (TIP)/Anti APT/ EDR Certified with any threat hunting certification,or equivalent . Responsible for conducting all threat-huntingactivities necessary for identifying the threats including zero day. Hunt for security threats, identify threat actorgroups and their techniques, tools and processes. Strong knowledge of APT lifecycle, tactics,techniques, and procedures (TTPs). Familiarity with MITRE ATT&CK framework andmapping threats to techniques. Provide expert analytic investigative support toL1 and L2 analysts for complex security incidents. Proficiency in malware behavior analysis andsandboxing. Perform analysis of security incidents forfurther enhancement of rules, reports, AI/ML models. Perform analysis of network packet captures,DNS, proxy, NetFlow, malware, host-based security and application logs, as wellas logs from various types of security sensors uncovering the unknown aboutinternet threats and threat actors. Analyse logs, alerts, suspicious malwaressamples from all the SOC tools, other security tools deployed such asAnti-Virus, Anti APT solutions, EDR, IPS/IDS, Firewalls, Proxies, ActiveDirectory, Vulnerability assessment tools etc. Using knowledge of the current threat landscape,threat actor techniques, and the internal network, analyze log data to detectactive threats within the network. Build, document and maintain a comprehensivemodel of relevant threats to customer. Proactively identify potential threat vectorsand work with team to improve prevention and detection methods. Identify and propose automated alerts for newand previously unknown threats. Incident Response for identified threats. Strong knowledgeof APT lifecycle, tactics, techniques, and procedures (TTPs). Hands-onexperience with Trellix (formerly McAfee) APT solutions, EDR, and ThreatIntelligence. Proficiency inmalware behavior analysis and sandboxing. Familiarity withMITRE ATT&CK framework and mapping threats to techniques. Experience withsecurity monitoring tools such as SIEM, SOAR, EDR, and Threat IntelligencePlatforms (TIPs). Solidunderstanding of network protocols, endpoint protection, and intrusiondetection systems. Required Qualifications: Education: B.E./B.Tech/MCA/M.Sc. in Computer Science or Information Technology. Experience: Minimum 6+ years of relevant experience in Security Operations, Threat Detection, or Incident Response. Certification : CSA/CEH

Responsible for conducting all threat-hunting activities necessary for identifying threats including zero day. Hunt for security threats, identify threat actor groups and their techniques, tools, and processes. Strong knowledge of APT lifecycle, tactics, techniques, and procedures (TTPs). Familiarity with MITRE ATT&CK framework and mapping threats to techniques. Provide expert analytic investigative support to L1 and L2 analysts for complex security incidents. Proficiency in malware behavior analysis and sandboxing. Perform analysis of security incidents for further enhancement of rules, reports, AI/ML models. Perform analysis of network packet captures, DNS, proxy, NetFlow, malware, host-based security and application logs, as well as logs from various types of security sensors uncovering the unknown about internet threats and threat actors. Analyze logs, alerts, suspicious malware samples from all the SOC tools, other security tools deployed such as Anti-Virus, Anti APT solutions, EDR, IPS/IDS, Firewalls, Proxies, Active Directory, Vulnerability assessment tools, etc. Using knowledge of the current threat landscape, threat actor techniques, and the internal network, analyze log data to detect active threats within the network. Build, document, and maintain a comprehensive model of relevant threats to the customer. Proactively identify potential threat vectors and work with the team to improve prevention and detection methods. Identify and propose automated alerts for new and previously unknown threats. Incident Response for identified threats. Strong knowledge of APT lifecycle, tactics, techniques, and procedures (TTPs). Hands-on experience with Trellix (formerly McAfee) APT solutions, EDR, and Threat Intelligence. Proficiency in malware behavior analysis and sandboxing. Familiarity with MITRE ATT&CK framework and mapping threats to techniques. Experience with security monitoring tools such as SIEM, SOAR, EDR, and Threat Intelligence Platforms (TIPs). Solid understanding of network protocols, endpoint protection, and intrusion detection systems.,