5 Suricata Jobs

Key Responsibilities: Monitor network traffic to detect malicious or anomalous activity using NDR solutions (e.g., Darktrace, Vectra, ExtraHop, Corelight). Configure, maintain, and fine-tune NDR tools to optimize detection capabilities and minimize false positives. Conduct deep-dive analysis of network events to identify indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs). Collaborate with SOC analysts, threat hunters, and other teams to contain and remediate threats. Perform forensic investigations of network packets and flows using tools such as Wireshark, Zeek, or Suricata. Develop detection rules, playbooks, and alerting mechanisms aligned with MITRE ATT&CK framework. Assist in threat intelligence enrichment and correlation with network-based alerts. Prepare root cause analyses, and recommendations for enhancing network security posture. Stay current on emerging threats, attack techniques, and NDR technologies. Bachelors degree in Computer Science, Cybersecurity, Information Technology, or related field (or equivalent experience). 3-5 years of experience in cybersecurity, with at least 2 years focused on NDR or network security.

We are seeking a Threat Researcher to join our Threat Research team and contribute to the identification of cyber threats, code dissection, and malware reverse engineering. As a Threat Researcher, you will be responsible for conducting research semi-autonomously, generating concise written analyses and visual presentations of findings, and collaborating with clients to deliver innovative detection and eradication solutions to mitigate risks to their networks and operations. The ideal candidate should exhibit technical expertise and a proactive mindset to understand and meet company and customer requirements effectively. Your responsibilities will include: - Analyzing malicious software to discover new techniques and potential targets for client intelligence requirements - Conducting Threat Hunting exercises using telemetry data - Documenting attack capabilities, understanding propagation characteristics, and defining detection signatures - Independently conducting data collection, developing solutions, and supporting intelligence production as per standard operating procedures - Analyzing malware to determine attack techniques and targets - Writing sigma rules for identified malware samples Key requirements for this role include: - A Bachelor's or Master's degree in Computer Science or a related field - Previous experience in threat research with a focus on malware analysis - Demonstrated expertise in advanced reverse engineering of file-based threats, exploits, and attack techniques - Familiarity with using the Pyramid of Pain alongside MITRE's ATT&CK Framework for developing threat hunting hypotheses - Knowledge of Advanced Persistent Threat (APT) tactics and targeted attacks - Strong understanding of mitigation strategies like Suricata, Snort, and YARA signatures - Proficiency in structured programming principles to disassemble code effectively - Expertise in at least one major Operating System to dissect behavior-based systems - Familiarity with malware-based automation workflows and techniques - Basic programming and scripting skills (e.g., .NET, Perl, Java, or Python) This position is based in Hyderabad, India, and requires a minimum of 2 years of relevant experience. It is a full-time role that offers the opportunity to work on challenging projects in the field of threat research and cybersecurity.,

You will be responsible for deploying various Open-Source Network Security Solutions and integrating relevant components to ensure system reliability and performance improvement. Your role will involve performance optimization, customization of event-driven process flows, and actions for IPC and enrichments. Additionally, you will be required to conduct research on new approaches and contribute to IP creation. To excel in this role, you must possess rich experience in working with Network Security Products such as IDS/IPS, Next Generation Firewall, and have a background in product development/solution engineering. Your expertise should include IP networking, IP networking protocols, computer system internals, and IPCs. A strong understanding and knowledge of TCP/IP networking, including L2/L3/L4/L7 protocols, is essential. Proficiency in PCAP, DPI (Deep Packet Inspection), and deployment and performance optimization of tools like Suricata/SNORT/Zeek are also required. You should have experience in creating and adopting rules for IDS/IPS, working with large networks, network clustering, parallel processing, virtual appliances, and have familiarity with Linux, Cloud Environment, Network Processing Cards (NICs), and various processing accelerations. The ideal candidate will hold a postgraduate degree in Computer Science Engineering with a specialization in IP Networking and possess programming skills in C/C++ and Python. Proficiency in Linux operating systems with 4-6 years of relevant experience is preferred. If you meet these qualifications and are looking to apply your expertise in a dynamic and challenging environment, we encourage you to apply for this position.,

Analyze network logs for insights Identify sessions, protocols & anomalies Perform DNS/HTTP/FTP/SMTP/SIP/VPN analysis Build Python/SQL scripts for data parsing Create structured investigative reports Ensure confidentiality & secure handling

Application Security Perform security reviews, code audits, and threat modeling of web and mobile applications. Work with DevOps and development teams to integrate secure coding practices and tools (e.g., SAST, DAST, SCA). Conduct penetration testing and vulnerability assessments on internal and external applications. Remediate OWASP Top 10 and other emerging threats. Infrastructure & Server Security Harden Linux and Windows servers following CIS/NIST benchmarks. Implement endpoint security solutions (AV, EDR, MDM). Monitor, detect, and respond to system anomalies and unauthorized access. Manage patching and update cycles in coordination with system teams. Network Security Secure network architecture, firewall policies, VPNs, NAT, and VLAN segmentation. Analyze and mitigate threats like DDoS, MITM, spoofing, etc. Configure and manage intrusion detection/prevention systems (IDS/IPS). Perform routine audits and packet-level analysis for suspicious activity. Cloud Security Secure cloud infrastructure (Alibaba Cloud/AWS/Azure/GCP). Manage IAM, WAF, Security Groups, and cloud-native threat detection tools. Audit and improve security configurations in containers, CI/CD pipelines, and serverless deployments. Monitoring, Audit, and Compliance Work closely with compliance teams to meet standards like SAMA-CSF, ISO 27001, and PCI-DSS. Implement and tune SIEM/SOAR systems for proactive monitoring and incident response. Maintain audit trails, security reports, and logs for investigations and audits. Qualifications & Requirements Bachelors degree in computer science, Cybersecurity, or a related field. 4+ years of experience in cybersecurity roles with exposure to infrastructure and application security. Proficiency in tools like Burp Suite, Nessus, Wireshark, Nmap, Suricata, OSSEC/Wazuh, etc. Strong knowledge of TCP/IP, Linux security, cloud security, and secure coding principles. Experience with at least one cloud platform (Alibaba Cloud preferred). Familiarity with regulatory and compliance standards in the GCC region is a plus. Security certifications such as CEH, OSCP, CISSP, or CISM are a plus. Preferred Strong problem-solving and analytical skills. Ability to work under pressure in a fast-paced environment. Excellent communication skills to interface with technical and non-technical stakeholders. Self-motivated and able to work independently or as part of a team.