4 Soar Platform Jobs

You are invited to join LSEG as a Senior Cyber Threat Engineer, where you will play a crucial role in developing custom code to automate, orchestrate, and maintain innovative cybersecurity threat intelligence solutions. Your expertise will bridge the gap between the Cyber Threat Intelligence and Cyber Engineering teams, making you a valuable asset to the Security Operations automation team. **Key Responsibilities:** - Integrate cloud-based automation and orchestration platforms for cybersecurity operations and threat intelligence teams. - Serve as the technical authority on integrating multiple security products. - Utilize telemetry data across the LSEG environment to enhance security operations efficiency through automation. - Deploy and manage cloud and virtualized environments. **Qualifications Required:** - Solid understanding of Python. - Knowledge of cybersecurity concepts and secure coding practices. - Proficiency in DevOps practices and Terraform. - Interest and/or demonstrable experience in automating security operations processes. **Beneficial Skills and Experience:** - Experience with a SOAR (Security Orchestration and Automation Response) platform. - Proficiency with Splunk and AWS. - Background in working within a cybersecurity function, particularly in threat intelligence. In addition to your technical skills, LSEG values diversity and encourages your unique ideas and perspectives. By joining our team of 25,000 professionals in 65 countries, you will have the opportunity to contribute to our purpose of driving financial stability, empowering economies, and fostering sustainable growth. We prioritize integrity, partnership, excellence, and change in everything we do, ensuring a collaborative and inclusive work environment. LSEG offers a range of benefits, including healthcare, retirement planning, paid volunteering days, and wellbeing initiatives. If you are looking to be part of a dynamic organization with a commitment to sustainability and global impact, click the Apply button to explore career opportunities with us.,

KEY ACCOUNTABILITIES Develop and maintain SOC documentation, attack-based Standard Operating Procedures (SOP), SLAs and report templates to be used by Group Technology and regional Business Unit Technology teams. Supervise the team of SOC analysts and act as L2 specialist for the cases escalated by the monitoring team. Conduct threat-hunting activities using SIEM logs and other sources of intelligence to identify undetected threats. Leverage Threat Intelligence to build out and tune use cases for security monitoring and detection and develop security hunting tasks to detect suspicious activity. Work with different IT teams to troubleshoot and resolve security-related issues and assist in configuring the logs to be forwarded from their respective systems to the centralized logging system. Monitor the performance of security devices and take corrective actions for any threshold breaches. Assist the global and regional IT teams in project-related activities such as creating or reviewing the use cases for any new/existing systems and coordinate with vendors to add/update the use cases. Assist in reviewing deliverables from projects, implementation, and health check activities and introduce any potential changes required to IT security monitoring plans. Study vulnerabilities, identify relevant threats, corrective actions/recommendations, and report results. Stay up to date in current tools, techniques, and vulnerabilities to incorporate into monitoring plans. Conduct SOC Maturity Model assessment for the Group Technology and regional business units. OTHER Act as an ambassador for DP World at all times when working promoting and demonstrating positive behaviours in harmony with DP World's Principles, values and culture ensuring the highest level of safety is applied in all activities understanding and following DP World's Code of Conduct and Ethics policies. Perform other related duties as assigned. QUALIFICATIONS, EXPERIENCE AND SKILLS Knowledge and Experience Bachelor's Degree in Computer Science or equivalent. Should have 10+ years of experience in IT Security with at least 6 years of experience in an L2 role within a security operations center. In-depth technical and hands-on knowledge and experience across Cyber Security and Technology domains. Strong understanding of the Cyber Kill Chain, pervasive threats attack methods and remediation. Knowledge of current cyber threats, trends, attack lifecycle, and various Tactics, Techniques, and Procedures (TTPs). Detailed understanding of MITRE framework and common attack vectors. Industry recognized professional certifications such as GCIH, Security+, CEH are preferable. Good understanding in E-commerce, logistics, supply chain & port operations applications will be an added advantage. Experience in working with Multinational Companies (MNC) is preferable. Soft Skills Excellent analytical skills. Excellent verbal and written communication. Program and Project management skills. Time management skills. Team player and conflict management skills. Ability to adapt in a complex environment, loves challenges, with the will and drive to learn new things on his/her own. Cultural awareness. Technical Skills Hands-on experience with managing well known on-prem & cloud SIEM solutions on public/private clouds like AWS, Azure, etc. Experience of implementing and managing SOAR platform. Experience with two or more analysis tools used in a CIRT or similar investigative environment. Ability to build content in SIEM system. Ability to analyse and triage IoCs. Ability to perform in-depth research tasks and produce written summaries covering insights and predictions based on an analytical process. #LI-MP1

You are an experienced professional sought by the Security Operations Centre for the SOC Lead position in Pune (Baner). You should possess expertise in SIEM setup, operational knowledge, and cloud environments. The ideal candidate is highly motivated, inquisitive, and adept at problem-solving. A must-have is knowledge of Incident response and SOAR methodologies. Your primary responsibilities include security event monitoring, management, and response. You must have experience with Open Source SIEM Tools, implementation, and at least one Security Information and Event Management (SIEM) solution. Generating reports, dashboards, and metrics for SOC operations, along with presenting to Senior Management, is part of the role. It is essential to have a deep understanding of security threats, attack methods, and the current threat landscape. Proficiency in identifying common attacks and their SIEM signatures is required. Hands-on experience in security monitoring, Incident Response (IR), security tools configuration, and remediation is crucial. Excellent troubleshooting and analytical skills are a must, along with the ability to propose security solutions in business terms. You should be capable of multitasking in a fast-paced environment and have knowledge of containers, orchestration technologies, log parsing, network protocols, and AWS Services for security detection and mitigation. Understanding Operating Systems, Web Servers, databases, and Security devices (firewall/NIDS/NIPS) logs and formats is necessary. With an experience range of 3 - 7 years in IT Infrastructure and Security, you must have prior experience in Cybersecurity & SOC/SIEM, preferably in the Banking and Financial domain. Expertise in Endpoint Security, Network Security, SIEM, SOC Advanced security tools, SOAR platform, Vulnerability Management, SIEM, and building Threat Modeling practice is expected. Strong communication skills are essential for this role. The role offers an opportunity to work with a modern cloud-native security stack, learn and develop in an innovative FinTech environment, receive mentorship and training on advanced threat detection and response practices, be part of a team culture focused on collaboration and technical excellence, and receive a competitive salary and shift allowances.,

You have the opportunity to join as a Splunk Enterprise Security specialist with 5-8 years of experience in Hyderabad. You will be responsible for integrating Splunk with various security tools and technologies across different domains such as Process Control Domain/OT and Operations Domain/IT. Your role involves administering and managing the Splunk deployment to ensure optimal performance, implementing Role-Based Access Control (RBAC), and developing custom Splunk add-ons for log management. Collaboration with the SOC team is crucial as you will work together to understand security requirements and objectives, and implement Splunk solutions to enhance threat detection and incident response capabilities. Your tasks will include integrating different security controls and devices like firewalls, EDR systems, Proxy, Active Directory, and threat intelligence platforms. You will be responsible for developing custom correlation searches, dashboards, and reports to identify security incidents, investigate alerts, and provide actionable insights to SOC analysts. Additionally, creating efficient custom dashboards for various teams to support security risk investigations and conducting threat hunting exercises using Splunk will be part of your role. Furthermore, you will contribute to the development and refinement of SOC processes and procedures by leveraging Splunk to streamline workflows and enhance operational efficiency. Implementing Splunk for automations of SOC SOP workflows will also be within your responsibilities. To excel in this role, you should have experience in designing and implementing Splunk Enterprise Security architecture, integrating with security tools and technologies, security monitoring, incident response, security analytics, and reporting. Collaboration, communication, and the ability to manage Splunk Enterprise Security effectively are essential requirements. You will also be involved in migrating/scaling the Splunk Environment from Windows to Linux to improve performance, reliability, and availability. Moreover, you will implement and integrate the SOAR platform (Splunk Phantom) and User Behavior Analytics (Splunk UBA/UEBA) with the existing Splunk Infrastructure to enhance operations with automations.,