115 Threat Detection Jobs - Page 2

Threat Protection Engineer | ACPL Must have Microsoft Threat Detection & Protection, Defender, and Cloud Security experience. Should be able to provide L3 support.its a 2 yrs bond with ACPL Company/Manesar location-Hybrid

As a Manager, Information Security Incident Response at NTT DATA, you will be responsible for leading the Information Security Incident Response Management team. Your role will involve ensuring that your team is well-equipped to detect and monitor threats and suspicious activities affecting the organization's technology domain. You will serve as the escalation point for incident workflows and actively participate in delivering security measures through analytics and threat hunting processes. Your primary responsibilities will include managing a team of security professionals while fostering a collaborative and innovative team culture focused on operational excellence. You will be expected to have at least 10 years of experience in SOC, with a minimum of 4 years as a SOC Manager. Additionally, you should have 4+ years of experience in SIEM (Splunk) and hold a CISM/CISSP certification. Your role will also involve troubleshooting technical issues to ensure project success, implementing changes to align with client demands, and providing guidance to the team to achieve specific objectives. You will be responsible for developing and executing a timeline for the team to achieve its goals, monitoring incident detection and closure, and presenting regular metrics and reports. Furthermore, you will be required to conduct periodic DR drills, design SIEM solutions to enhance security value, and conduct root-cause analysis for security incidents. It will be vital for you to ensure that the SIEM system is optimized for efficient performance, align reports SIEM rules and alerts with security policies, and compliance reports requirements. You will also collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. To qualify for this role, you should have a Bachelor's degree or equivalent in Information Technology, Computer Science, or a related field, along with industry certifications such as CISSP or CISM. You should possess advanced experience in the Technology Information Security industry, prior experience working in a SOC/CSIR, and advanced knowledge of tools, techniques, and processes used by threat actors. Additionally, you should have practical knowledge of indicators of compromise (IOCs), end-point protection, enterprise detention, response software, SIEM, and IPS technologies. This is an on-site working position at NTT DATA, where diversity and inclusion are embraced, and you will have the opportunity to continue growing, belonging, and thriving in a collaborative environment. NTT DATA is an Equal Opportunity Employer, and your career progression here will involve seizing new opportunities, expanding your skills, and preparing for future advancements within the global team.,

Tower Research Capital, a leading quantitative trading firm established in 1998, has earned a stellar reputation for its high-performance platform and independent trading teams. With over 25 years of innovation, the firm is renowned for its ability to identify unique market opportunities. Home to exceptional systematic trading and engineering talent, Tower empowers portfolio managers to develop their teams and strategies independently, while benefiting from the advantages of being part of a large, global organization. Engineers at Tower excel in developing electronic trading infrastructure at a world-class level, tackling complex challenges in low-latency programming, FPGA technology, hardware acceleration, and machine learning. The firm's continuous investment in top engineering talent and cutting-edge technology ensures that its platform remains unparalleled in terms of functionality, scalability, and performance. Every employee at Tower contributes to its success. The Business Support teams play a crucial role in constructing and maintaining the platform that drives the firm's operations, combining market access, data, compute, and research infrastructure with risk management, compliance, and a range of business services. These teams enable the trading and engineering teams to achieve their best performance. At Tower, employees thrive in a stimulating, results-driven environment where highly intelligent and motivated colleagues inspire each other to reach their full potential. As a member of the Global Cybersecurity team, you will work to enhance the security posture and services by monitoring, identifying, and addressing security gaps and countermeasures. Location: Gurgaon, India Team: Global Security Operations Shift Timing: 6:00 AM IST 3:00 PM IST with rotational weekend support as part of 24x7 operations Responsibilities: - Monitoring alerts for potential security incidents and information requests, utilizing real-time channels, tools, dashboards, reports, chat sessions, and tickets. - Following incident-specific procedures to conduct basic triage of potential security incidents, determining their nature, priority, and eliminating false positives. - Investigating and validating alerts to identify scope, impact, and root cause using available telemetry and threat intelligence. - Escalating confirmed incidents with comprehensive evidence, impact assessment, and recommended containment/remediation actions. - Collaborating with stakeholders and third-party security service providers to triage alerts, events, or incidents. - Monitoring and analyzing Security Information and Event Management (SIEM) to identify security issues for remediation. - Developing detection content, correlation rules, and queries in SIEM platforms to enhance threat detection capabilities. - Contributing to incident response playbooks, runbooks, and process enhancements. - Participating in threat hunting activities, adversary emulation exercises, and purple teaming efforts. - Maintaining accurate documentation of investigations, incidents, and actions in ticketing systems. - Staying informed of the current threat landscape, attacker tactics, and vulnerabilities relevant to Tower's environment. - Interacting with customers/users in a professional and positive manner. Requirements: - Bachelor's Degree in Computer Science, Information Security, or Information Technology. - 3+ years of hands-on experience in a Security Operations Center (SOC) or threat detection/incident response role in a mid to large-scale organization. - Proven track record in performing triage of potential security incidents and experience with various technologies including SIEM, EDR/NDR/XDR, web proxies, vulnerability assessment tools, IDS/IPS, firewalls, and data leakage prevention. - Strong understanding of various operating systems, network protocols, malware behavior, attacker techniques, and common attack vectors. - Willingness to work in early shifts and provide round-the-clock support, including weekend shifts. Soft Skills & Work Traits: - Strong analytical, investigative, and troubleshooting skills. - Effective written and verbal communication skills, with the ability to simplify complex security issues. - Organized, detail-oriented, and capable of managing multiple priorities under pressure. - Passion for security, continuous learning, and operational excellence. - Comfortable working in a rotating shift model, including weekend support. - Strong desire to understand security incidents thoroughly. Benefits: - Tower's headquarters are located in the historic Equitable Building in NYC's Financial District, with a global impact and offices worldwide. - The firm fosters a culture where smart, driven individuals thrive in a collaborative environment without egos. - Benefits include generous paid time off, financial wellness tools, hybrid working opportunities, daily meals and snacks, wellness experiences, volunteer opportunities, social events, continuous learning opportunities, and more. At Tower, you will find a welcoming and collaborative culture, a diverse team, and a workplace that values both performance and enjoyment. Join a team of great people doing great work together. Tower Research Capital is an equal opportunity employer.,

ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it, our most valuable asset is our people. Here you'll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning; bold ideas; courage and passion to drive life-changing impact to ZS. Our most valuable asset is our people. At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systemsthe ones that comprise us as individuals, shape who we are and make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about. Senior Security Operations Analyst We are seeking an experienced professional to join our Pune, India office as a Senior Security Operations Analyst with a strong background in Security Information and Event Management (SIEM) platforms, specifically in Microsoft Sentinel and Wiz. The ideal candidate will be responsible for leading advanced threat detection, response, and monitoring activities. This role will be critical in enhancing our cybersecurity posture and ensuring the ZS environment remains secure against emerging threats. What you'll do: - Manage the day-to-day operations of Microsoft Sentinel, including rule creation, log ingestion, data analytics, and alert triaging - Develop and tune detection rules, use cases, and analytics within Sentinel to improve threat visibility and detection capabilities - Leverage Wiz Defend to detect and respond to runtime threats across cloud workloads and Kubernetes environments in real-time - Continuously monitor and investigate alerts generated by Wiz Defend to enhance threat detection, triage, and incident response capabilities - Perform proactive threat hunting to identify and mitigate advanced threats - Conduct in-depth incident investigations and coordinate response efforts to ensure swift remediation - Collaborate with internal stakeholders and the Threat Intelligence team to identify and mitigate potential security threats - Generate reports and dashboards to communicate SOC performance metrics and security posture to leadership - Continuously improve SOC processes and playbooks to streamline operations and response efforts - Mentor junior SOC analysts and provide guidance on security best practices - This role requires participation in a rotational shift - Flexibility and availability to respond to urgent incidents outside of assigned shifts, as needed What you'll bring: - Strong analytical and problem-solving abilities - Excellent communication and interpersonal skills to effectively collaborate with cross-functional teams - Proven ability to remain calm and efficient under a high-pressure environment - Proficient in using SIEM tools, such as Microsoft Sentinel - Experience with data migration strategies across SIEM platforms - Experience on Cloud Security Operations and Incident Response platforms such as Wiz - In-depth understanding of cyber threats, vulnerabilities, and attack vectors - Proficient in creating KQL queries and custom alerts within Microsoft Sentinel - Expertise in developing SIEM use cases and detection rules - Skilled in incident response and management procedures - Experienced in conducting deep-dive investigations and root cause analysis for incidents - Adept at collaborating with stakeholders to resolve complex cybersecurity challenges - Ability to automate routine SOC processes to enhance operational efficiency - Experienced in mentoring and guiding junior analysts in security operations - Knowledge of major cloud platforms (AWS, Azure, GCP), including their security models, IAM roles, virtual private cloud (VPC) configurations, and cloud-native security tools Good to have skills and abilities: - Excellent interpersonal (self-motivational, organizational, personal project management) skills - Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System - Ability to analyze cyber threats to develop actionable intelligence - Skill in using data visualization tools to convey complex security information Academic Qualifications: - Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience) - 4+ years of experience in a Security Operations Center (SOC) environment, with a focus on SIEM management - Strong hands-on experience with Microsoft Sentinel, including data connectors, KQL queries, analytics rules, and workbooks - Experience with SIEM migration - Expertise in incident response, threat detection, and security monitoring - Solid understanding of Windows, Linux, and cloud security concepts - Relevant certifications (e.g., CompTIA Security+, Microsoft Certified: Security Operations Analyst, GCIA, GCIH, OSDA, GCFA) are preferred - Preferred Security Cloud Certifications: AWS Security Specialty Perks & Benefits: ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member. We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections. Travel: Travel is a requirement at ZS for client facing ZSers; business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures. Considering applying At ZS, we're building a diverse and inclusive company where people bring their passions to inspire life-changing impact and deliver better outcomes for all. We are most interested in finding the best candidate for the job and recognize the value that candidates with all backgrounds, including non-traditional ones, bring. If you are interested in joining us, we encourage you to apply even if you don't meet 100% of the requirements listed above. ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law. To Complete Your Application: Candidates must possess or be able to obtain work authorization for their intended country of employment. An online application, including a full set of transcripts (official or unofficial), is required to be considered. NO AGENCY CALLS, PLEASE. Find Out More At: www.zs.com,

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Competitor Analysis Good to have skills : Security Architecture DesignMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :To drive competitive intelligence initiatives focused exclusively on cybersecurity services. This role supports strategic stakeholders by delivering deep-dive insights on peer organizations in the cybersecurity services space. The analyst will research, track, and interpret competitor strategies, offerings, market moves, and client positioning to inform go-to-market actions and service differentiation. Roles & Responsibilities:Conduct in-depth competitive research on global and regional cybersecurity service providers, including consulting-led firms, MSSPs, and niche players.Develop and maintain competitor profiles that include service offerings (e.g., MxDR, Identity & Access Management, Cloud Security, OT Security), delivery models, alliances, certifications, and client segments.Monitor market movements such as deal wins/losses, acquisitions, leadership changes, analyst rankings, investments, and capability launches.Support the creation of battle cards, SWOT analyses, benchmarking reports, and win-loss summaries tailored to specific cybersecurity service lines.Track and interpret positioning of competitors across analyst reports (e.g., Gartner, IDC, Forrester, ISG, HFS, Everest Group) and translate these insights for sales, marketing, and delivery teams.Collaborate with internal stakeholders (e.g., Client account teams, Cyber industry leads, MU leads) to refine competitive narratives and validate field intel.Contribute to periodic competitive landscape reports and newsletters focused on trends in the cybersecurity services market.Maintain an internal repository of intelligence assets, including slides, transcripts, and data extracts for easy consumption and reuse. Professional & Technical Skills: -Basic understanding of cybersecurity domains such as threat detection, managed services, incident response, IAM, and zero trust.Proficiency in secondary research techniques and comfort with navigating open-source and premium databases (e.g., Gartner, IDC, LinkedIn, company filings).Strong analytical mindset with the ability to structure insights from fragmented data points.Excellent PowerPoint and business writing skills able to write succinct, executive-ready outputs.Comfort working in a fast-paced environment, balancing ad hoc requests with structured deliverables.A collaborative mindset with a willingness to learn from technical and business stakeholders. Additional Information:- The candidate should have minimum 3 years of experience in Competitor Analysis.- This position is based at our Bengaluru office.- A 15 years full time education is required.Exposure to market intelligence or strategy support functions within a services organization is a plus.Understanding of cybersecurity services value chain:advisory, implementation, and managed services.Familiarity with analyst frameworks like Gartner Magic Quadrants, Forrester Waves, and ISG Provider Lens in cybersecurity. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Competitor Analysis Good to have skills : Security Architecture Design, Jenkins, BambooMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :To drive competitive intelligence initiatives focused exclusively on cybersecurity services. This role supports strategic stakeholders by delivering deep-dive insights on peer organizations in the cybersecurity services space. The analyst will research, track, and interpret competitor strategies, offerings, market moves, and client positioning to inform go-to-market actions and service differentiation. Roles & Responsibilities:Conduct in-depth competitive research on global and regional cybersecurity service providers, including consulting-led firms, MSSPs, and niche players.Develop and maintain competitor profiles that include service offerings (e.g., MxDR, Identity & Access Management, Cloud Security, OT Security), delivery models, alliances, certifications, and client segments.Monitor market movements such as deal wins/losses, acquisitions, leadership changes, analyst rankings, investments, and capability launches.Support the creation of battle cards, SWOT analyses, benchmarking reports, and win-loss summaries tailored to specific cybersecurity service lines.Track and interpret positioning of competitors across analyst reports (e.g., Gartner, IDC, Forrester, ISG, HFS, Everest Group) and translate these insights for sales, marketing, and delivery teams.Collaborate with internal stakeholders (e.g., Client account teams, Cyber industry leads, MU leads) to refine competitive narratives and validate field intel.Contribute to periodic competitive landscape reports and newsletters focused on trends in the cybersecurity services market.Maintain an internal repository of intelligence assets, including slides, transcripts, and data extracts for easy consumption and reuse. Professional & Technical Skills: -Basic understanding of cybersecurity domains such as threat detection, managed services, incident response, IAM, and zero trust.Proficiency in secondary research techniques and comfort with navigating open-source and premium databases (e.g., Gartner, IDC, LinkedIn, company filings).Strong analytical mindset with the ability to structure insights from fragmented data points.Excellent PowerPoint and business writing skills able to write succinct, executive-ready outputs.Comfort working in a fast-paced environment, balancing ad hoc requests with structured deliverables.A collaborative mindset with a willingness to learn from technical and business stakeholders. Additional Information:- The candidate should have minimum 3 years of experience in Competitor Analysis.- This position is based at our Bengaluru office.- A 15 years full time education is required.Exposure to market intelligence or strategy support functions within a services organization is a plus.Understanding of cybersecurity services value chain:advisory, implementation, and managed services.Familiarity with analyst frameworks like Gartner Magic Quadrants, Forrester Waves, and ISG Provider Lens in cybersecurity. Qualification 15 years full time education

The Manager will lead and manage 24x7 cybersecurity and SOC operations, ensuring round-the-clock protection of the organization's critical infrastructure. This role demands deep expertise in network security, threat detection, and incident response , while also managing a team working in rotational shifts. Shift: 24x7 Rotational Previous exp in Team management important Requirements: 8+ years in cybersecurity, with 3+ years in a leadership role. Experience running or managing a 24x7 SOC . Strong expertise in SIEM tools , threat detection, and mitigation strategies. Relevant certifications: CISSP, CISM, CEH , or equivalent. Excellent leadership and communication skills.

This role is for one of Weekday's clients Salary range: Rs 1200000 - Rs 2200000 (ie INR 12-22 LPA) Min Experience: 7 years Location: Hyderabad, Telangana JobType: full-time About the role A minimum of 0810 years of experience in Information Security, with at least 05-06 years in a senior Offensive Security role, preferably within the financial or banking sector. Hands-on experience in conducting covert security assessments, including physical, network, application, and social engineering scenarios. Proficiency in exploiting vulnerabilities, bypassing security controls, lateral movement, privilege escalation, and exfiltration techniques. Strong understanding of operating systems, networking protocols, cloud platforms, and web applications. Analytical thinking, creativity, and adaptability in dynamic attack scenarios. Excellent communication skills to explain technical findings to non-technical audiences and work effectively within multi-disciplinary teams. Should have experience to performed Web Application, API (Rest & GraphQL), Infrastructure, Mobile Application (Android & iOS) Security Assessments. Regular Risk assessment Identifying and prioritizing protection resources for key assets in danger of exploitation Strengthening techniques making organization security stronger by knowing how to fix vulnerability weaknesses. Experience in monitoring and detection systems by using packet sniffing devices, SIEM systems, IDS, and IPS etc.. Threat Detection and Threat Hunting : Monitoring of indicators of compromise (IOCs) using SIEMs or EDRs and active threat search with SIEMs or EDRs Forensic analysis investigating and evaluating the impact and scale of a security incident Early threat detection to analyzing CVEs and 0-day vulnerabilities, the team will deploy decoys (deception)Excellent written, oral communication and presentation skills. Advanced Attack Simulations: Develop complex and realistic attack scenarios that mimic Advanced Persistent Threats (APTs) and other sophisticated tactics to test the resilience of security measures. Comprehensive Penetration Testing: Implement in-depth penetration testing modules that allow users to practice finding and exploiting vulnerabilities within a controlled environment. Operational Security (OpSec) Training: Create training modules focused on OpSec, teaching users how to avoid detection and maintain stealth during Red Team operations. Custom Exploits and Payloads: Develop and deploy custom exploits and payloads that can be used to test specific system vulnerabilities. Incident Response Testing: Simulate breaches to test and improve the incident response procedures of organizations, ensuring they can swiftly and effectively handle real-world attacks. Adversary Emulation Plans: Develop detailed adversary emulation plans that mirror the techniques, tactics, and procedures (TTPs) of known threat actors to provide a realistic training experience. Continuous Learning and Adaptation: Implement a system for continuously updating the platform with new tactics and vulnerabilities as they emerge, ensuring Red Team exercises remain relevant and challenging. Core Deliverables Advanced Penetration Testing: Conduct thorough penetration tests on simulated environments to identify and exploit vulnerabilities. Red Team Operations: Design, plan, and execute sophisticated red team exercises to assess organizational readiness against cyber threats. Threat Emulation: Develop and deploy threat emulation scenarios that mimic real-world adversaries tactics, techniques, and procedures (TTPs). Incident Response Simulation: Create and execute realistic incident response scenarios to test and enhance the response capabilities of blue teams Continuous Red Team Training: Train and mentor junior red team members and other IT staff on the latest security threats and tactics. Oversee the execution of automated vulnerability assessments Responsible and actively participate in Meetings to discuss assessment scope, requirements, deliverables, and client expectations. Responsible to authoring and presenting assessment reports to clients to discuss security findings and recommendations. Conduct simulated attacks on the organization's computer systems or physical locations Identify and exploit vulnerabilities, weaknesses, and gaps in the security systems and policies. Report findings and recommendations to the organization. Provide feedback and training to the blue team. Stay updated on the latest trends and developments in the security field. Plan and initiate Red Team activities based on realistic threats, by creating attack techniques and utilizing custom tooling to generate exploits. Platform-Specific Deliverables: Scenario Development: Design dynamic and scalable training scenarios tailored to the organization's needs, leveraging the capabilities of next-generation cyber range platforms like CYBER RANGES and others2. Automation and Scripting: Develop scripts and automation tools to enhance the efficiency and scalability of cyber range operations. Integration with Existing Tools: Ensure seamless integration of the cyber range platform with existing security tools and infrastructure. Comprehensive Reporting and Analysis: Deliver detailed reports on the findings from red team exercises, including risk assessments, detailed debriefs, and actionable recommendations. Data Analysis: Use data collected from exercises to provide insights into potential security improvements and adjustments. Continuous Improvement: Stay updated with the latest developments in cybersecurity and continuously improve the cyber range platforms and training scenarios. Emerging Threat Awareness: Identify and incorporate emerging threats into the training scenarios to keep defences robust and current. Certifications: Certified Red Team Professional (CRTP) - Mandatory CISA / CISM / CISSP / CEH / CRISC - Mandatory (atleast one certification). Offensive Security Certified Professional (OSCP) - Mandatory Offensive Security Certified Expert (OSCE) GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)CompTia Security+

Our purpose is to enable our customers to defend against the evolving threat landscape across on-premises, private cloud, public cloud and multi-cloud workloads. Our goal is to go beyond traditional security controls to deliver cloud-native, DevOps-centric and fully integrated 24x7x365 cyber defence capabilities that deliver a proactive , threat-informed , risk-based , intelligence-driven approach to detecting and responding to threats. Our mission is to help our customers: Defend against new and emerging risks that impact their business. Reduce their attack surface across private cloud, hybrid cloud, public cloud, and multi-cloud environments. Reduce their exposure to risks that impact their identity and brand. Develop operational resilience. Maintain compliance with legal, regulatory and compliance obligations. What were looking for To support our continued success and deliver a Fanatical Experience to our customers, Rackspace Cyber Defence is looking for an Indian based Security Engineer, with a specialism in Endpoint Security to support Rackspaces strategic customers. This role is particularly well-suited to a self-starting, experienced and motivated Sr. Security Engineer, who has a proven record of accomplishment in the design, delivery, management, operation and continuous improvement of enterprise-level Endpoint Security platforms or delivering Managed Endpoint Detection & Response (EDR) services to customers. The primary focus will be on the design, implementation, management, operation and continuous improvement of cloud-native Endpoint Detection & Response (EDR) platforms such as Crowdstrike Falcon or Microsoft Defender for Endpoint; used by the Rackspace Cyber Defence Center to deliver managed security services to our customers. You will also be required to liaise closely with the customers key stakeholders, which may include incident response and disaster recovery teams as well as information security. Skills & Experience Should have 8+ years experience in Security Engineering. Experience working in either large, enterprise environments or managed security services environments with a focus on Endpoint Detection & Response. Experience of working with cloud native Endpoint Security and Endpoint Detection & Response (EDR) tools such as Crowdstrike, Microsoft Defender for Endpoint and/or Microsoft Defender for Cloud. Experience of working in two (or more) of the following additional security domains: SIEM platforms such as Microsoft Sentinel (preferred), Google Chronicle, Splunk, QRadar, LogRhythm, Securonix etc. AWS (Amazon Web Services) Security Hub including AWS Guard Duty, AWS Macie, AWS Config and AWS CloudTrail . Experience of analysing malware and email headers, and has skills in network security, intrusion detection and prevention systems; operating systems; risk identification and analysis; threat identification and analysis and log analysis. Experience of security controls, such as network access controls; identity, authentication, and access management controls (IAAM); and intrusion detection and prevention controls. Knowledge of security standards (good practice) such as NIST, ISO27001, CIS (Center for Internet Security), OWASP and Cloud Controls Matrix (CCM) etc. Knowledge of scripting and coding with languages such as Terraform, python, javascript, golang, bash and/or powershell. Knowledge of Malware reverse engineering, threat detection and threat hunting. Computer science, engineering, or information technology related degree (although not a strict requirement) Holds one, or more, of the following certificates (or equivalent): - Microsoft Certified: Azure Security Engineer Associate (AZ500) Microsoft Certified: Security Operations Analyst Associate (SC-200) Systems Security Certified Practitioner (SSCP) Certified Cloud Security Professional (CCSP) GIAC Certified Incident Handler (GCIH) GIAC Security Operations Certified (GSOC) CrowdStrike admin Certified A highly self-motivated and proactive individual who wants to learn and grow and has an attention to detail. A great analyser, trouble-shooter and problem solver who understands security operations, programming languages and security architecture. Highly organised and detail oriented. Ability to prioritise, multitask and work under pressure. An individual who shows a willingness to go above and beyond in delighting the customer. A good communicator who can explain security concepts to both technical and non-technical audiences. Key Accountabilities Ensure the Customers operational and production environment remains healthy and secure at all the times. Assist with customer onboarding customer/device onboarding, policy configuration, platform configuration and service transition to security operations team(s). Advance platform administration. Critical platform incident handling & closure. As an SME, act as an L3 escalation and point of contact for SecOps Analysts during an incident response process As an SME, act as a champion and centre of enablement by delivering training, coaching and thought leadership across Endpoint Security and Endpoint Detection & Response. Develop and document runbooks, playbooks and knowledgebase articles that drive best practice across teams. Drive continuous improvement of Rackspace Managed EDR services through custom development, automation and integration; in collaboration with SecOps Engineering and other Security Engineering team(s) Maintain close working relationships with relevant teams and individual key stakeholders, such as incident response and disaster recovery teams as well as information security etc. Co-ordinate with vendor for issue resolution. Required to work flexible timings.

You have the opportunity to join as a Splunk Enterprise Security specialist with 5-8 years of experience in Hyderabad. You will be responsible for integrating Splunk with various security tools and technologies across different domains such as Process Control Domain/OT and Operations Domain/IT. Your role involves administering and managing the Splunk deployment to ensure optimal performance, implementing Role-Based Access Control (RBAC), and developing custom Splunk add-ons for log management. Collaboration with the SOC team is crucial as you will work together to understand security requirements and objectives, and implement Splunk solutions to enhance threat detection and incident response capabilities. Your tasks will include integrating different security controls and devices like firewalls, EDR systems, Proxy, Active Directory, and threat intelligence platforms. You will be responsible for developing custom correlation searches, dashboards, and reports to identify security incidents, investigate alerts, and provide actionable insights to SOC analysts. Additionally, creating efficient custom dashboards for various teams to support security risk investigations and conducting threat hunting exercises using Splunk will be part of your role. Furthermore, you will contribute to the development and refinement of SOC processes and procedures by leveraging Splunk to streamline workflows and enhance operational efficiency. Implementing Splunk for automations of SOC SOP workflows will also be within your responsibilities. To excel in this role, you should have experience in designing and implementing Splunk Enterprise Security architecture, integrating with security tools and technologies, security monitoring, incident response, security analytics, and reporting. Collaboration, communication, and the ability to manage Splunk Enterprise Security effectively are essential requirements. You will also be involved in migrating/scaling the Splunk Environment from Windows to Linux to improve performance, reliability, and availability. Moreover, you will implement and integrate the SOAR platform (Splunk Phantom) and User Behavior Analytics (Splunk UBA/UEBA) with the existing Splunk Infrastructure to enhance operations with automations.,

You are a Cybersecurity Implementation Engineer with at least 2 years of relevant experience, specializing in customer parser development, Yara rules creation, playbook implementation, and data ingestion techniques. In this role, you will be involved in designing and implementing cutting-edge cybersecurity solutions while collaborating with a team of skilled professionals. Your responsibilities will include developing custom parsers to extract and normalize data from various sources, designing and maintaining Yara rules for threat detection, creating playbook automation for incident response, and implementing data ingestion pipelines for analyzing security data. You will work closely with cross-functional teams to understand customer requirements, identify emerging threats, and provide technical support during security incident response activities. To qualify for this position, you should hold a Bachelor's degree in Computer Science, Information Security, or a related field. You must have hands-on experience in cybersecurity, data analysis, detection engineering, and implementing custom parsers for log and data normalization. Proficiency in creating and managing Yara rules, designing playbook automation, and utilizing tools like Demisto and Phantom is essential. Additionally, you should be familiar with data ingestion technologies, SIEM solutions such as Splunk and ELK, and possess excellent analytical, troubleshooting, and communication skills. If you are a dedicated cybersecurity professional with expertise in customer parser development, Yara rules creation, playbook implementation, and data ingestion techniques, we invite you to join our team. Help us in our mission to safeguard our organization and customers from cyber threats by sharing your updated profile at naveen.vemula@netenrich.com.,

Monitor SIEM alerts and conduct incident detection/response. Collaborate within SOC, automate remediation, refine detection blocks, and support cyber defense initiatives. Required Candidate profile 3–5 yrs in SIEM, incident response, log analysis. Bachelor's in CS/IT/Cybersecurity. Security certification preferred (Security+, SC200). Python/PowerShell automation experience a plus.

As an Azure SIEM Platform Lead at CyberProof, A UST Company, you will be responsible for managing and leading a cloud-based SIEM platform using Azure Data Explorer (ADX), Microsoft Sentinel, and Azure DevOps. Your role will involve developing and optimizing Kusto Query Language (KQL) queries for threat detection, reporting, and health monitoring, as well as onboarding and fine-tuning log sources and connectors for enhanced visibility and cost efficiency. Leading a small technical team, you will mentor engineers, drive automation and CI/CD practices, and ensure platform performance, scalability, and security. Key Responsibilities - Manage and lead the Azure SIEM platform utilizing ADX, Sentinel, and DevOps tools. - Develop and optimize KQL queries for threat detection, reporting, and health monitoring. - Onboard and fine-tune log sources and connectors for visibility and cost efficiency. - Lead and mentor a small team of engineers. - Act as the primary technical contact for customers. - Drive automation and CI/CD practices using Azure DevOps. - Ensure platform performance, scalability, and security. Mandatory Skills - Proficiency in Azure Data Explorer (ADX), Microsoft Sentinel, and KQL. - Experience with Azure DevOps for CI/CD and automation. - Strong background in cloud platform management and team leadership. - Excellent communication and customer-facing skills. - Knowledge of security operations, threat detection, and log optimization. Preferred Certifications - AZ-500, AZ-104, SC-200. - Familiarity with ARM, Bicep, or Terraform is considered a plus.,

As a member of the Product Security Engineering (PSE) team within the Cloud CISO organization at Google, you will have the opportunity to contribute to ensuring the security of every product shipped by Cloud and enhancing the security assurance levels of the underlying infrastructure. Your role will involve collaborating with product teams to develop more secure products by implementing security measures by design and default, providing tools, patterns, and frameworks, and enhancing the expertise of embedded security leads. Your responsibilities will include researching innovative detection techniques to prevent and mitigate abusive activities such as outbound security attacks, botnet, DDoS, and other malicious behaviors that breach Google Cloud Platform's (GCP) Terms of Service. You will be tasked with developing fidelity detection mechanisms to identify malicious activities based on raw network and host level telemetry, as well as analyzing logs and packets to enhance the accuracy of detections. Additionally, you will be involved in hunting for threats and abusers and responding effectively to safeguard Google and its users from potential attacks. The ideal candidate for this role should possess a Bachelor's degree or equivalent practical experience, with at least 5 years of experience in security analysis, network security, intrusion detection system, threat intelligence, or threat detection. A minimum of 2 years of experience as a technical security professional, particularly in digital forensics or systems administration, is required. Proficiency in executive or customer stakeholder management and communication, along with a data-driven approach to solving information security challenges, is essential. Preferred qualifications for this position include a Master's degree in Computer Science or a related field, knowledge of defensive security concepts such as adversity tactics and techniques, MITRE ATT&CK framework, and logging practices. Familiarity with networking and internet protocols (e.g., TCP/IP, HTTP, SSL) and experience in analyzing malicious network traffic will be advantageous. Strong organizational and multitasking skills are highly desirable for effectively managing responsibilities in a global and cross-functional environment. Join us in our mission to accelerate digital transformation for organizations worldwide through Google Cloud, where we offer enterprise-grade solutions leveraging cutting-edge technology and tools to help developers build sustainably. Become a part of a dynamic team dedicated to protecting Google and its users from potential threats, while maintaining trust and reputation for the brand and company globally.,

What we’re looking for In this dynamic Information Security Analyst III role, you'll be at the forefront of protecting SurveyMonkey by crafting sophisticated threat detections and staying ahead of emerging threats within the security operations team. You will be reporting to the Information Security Manager. Leveraging your expertise in SIEM query languages, you'll play a key role in identifying and mitigating risks, ensuring the company's security posture remains robust. We are looking for someone who has experience in automation and is constantly challenged to expand their knowledge of the latest security trends while contributing to the defense of a widely trusted service. What you’ll be working on Monitor and triage security events, identify vulnerabilities, and respond to security incidents. Develop and refine security automation playbooks. Expertise in creating threat detections and staying abreast of new and evolving threats. Ability to conduct research and log analysis into IT security issues and products as required. Deploy, manage and maintain all security tools and ensure strong security posture of corporate devices. We’d love to hear from people with Bachelor degree in Information Security, Cybersecurity, Information Technology, or a related field. 8+ years of hands-on experience in IT security, compliance or incident response. Strong familiarity with SIEMs, EDR, SOAR platforms (e.g.,CrowdStrike, LogScale, XSOAR) Working experience with MITRE ATT&CK and Cyber Kill Chain frameworks Experience with AWS cloud security monitor and detection tools. (e.g, AWS GuardDuty, AWS Cloudwatch or AWS CloudTrail or similar) Ability to effectively prioritize and execute tasks in a high-pressure environment. Certifications preferred: Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), CompTIA Security+, Certified Information Security Manager (CISM), or similar. SurveyMonkey believes in-person collaboration is valuable for building relationships, fostering community, and enhancing our speed and execution in problem-solving and decision-making. As such, this opportunity is hybrid and requires you to work from the SurveyMonkey office in Bengaluru 3 days per week. #LI - Hybrid

Overview We are looking for a Security Engineer III to join the Critical Start Technologies Private Ltd. team, operating under the Critical Start umbrella, supporting our India operations. This is an exciting opportunity for a skilled security professional with 5–8 years of hands-on experience in security engineering, threat detection, and investigation. We are looking for a curious, technically adept individual who thrives in a fast-paced, high-impact environment. You bring deep technical expertise, a proactive mindset, and a passion for solving complex security challenges using industry-leading tools and frameworks. The ideal candidate is a driven and resourceful security professional who thrives on diving deep into threat activity—whether it’s analyzing port scans or crafting custom detection queries. With a strong understanding of the MITRE ATT&CK framework, you’re capable of building your own detection content and conducting investigations independently, without relying solely on predefined rules. You take initiative, enjoy improving processes, and excel in autonomous, project-based environments. Your analytical mindset, technical curiosity, and collaborative spirit enable you to contribute meaningfully to both team goals and larger security objectives. Responsibilities Investigate and validate alerts generated by industry-standard EDR and SIEM platforms, ensuring data quality and investigative clarity for our Security Operations Center (SOC). Proactively identify opportunities to improve alert fidelity through detection tuning, custom rule development, and the creation of IOCs and IOAs. Author and maintain clear, user-centric investigation procedures to guide SOC analysts and drive consistency in alert handling. Collaborate cross-functionally with Engineering and Product teams to enhance security tools and improve platform efficacy. Conduct periodic quality assurance checks on alerts—especially during platform updates or vendor API changes—to maintain actionable fidelity. Design, write, and translate threat detection content across tools including but not limited to Splunk, Microsoft Sentinel, Devo, Microsoft 365 Defender, Palo Alto Cortex XDR, CrowdStrike, and SentinelOne. Lead internal knowledge-sharing sessions and mentor junior team members to foster a culture of collaboration and continuous learning. Operate effectively in a global, agile team spanning multiple time zones, balancing independence with team collaboration. Qualifications Required Qualifications: 5+ years of experience in cybersecurity with a focus on threat detection, security engineering, or incident investigation. Hands-on experience with multiple EDR and SIEM tools such as Splunk, Microsoft Sentinel, Devo, Microsoft 365 Defender, Palo Alto Cortex XDR, CrowdStrike, SentinelOne, Carbon Black, or Cylance. Proficiency in one or more query languages (e.g., SPL, KQL, Sumo Logic). Experience building use cases for SIEM platforms and a solid grasp of log source types including firewalls, operating systems, and proxies. Strong verbal and written communication skills with the ability to convey complex concepts to both technical and non-technical stakeholders. Ability to work independently while effectively collaborating with distributed teams. Familiarity with tools like GitHub, Jira, and Confluence. Preferred Qualifications: Professional certifications such as OSCP, CISSP, or equivalent. Experience creating parsers or custom log processing logic. Exposure to agile development environments and DevSecOps culture.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations, ensuring that all security measures align with organizational objectives and compliance standards. You will engage in discussions to refine security strategies and provide guidance on best practices, contributing to a secure cloud environment that supports the organization's growth and innovation. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Develop and maintain comprehensive documentation of security architecture and controls.- Conduct regular assessments of cloud security measures to ensure compliance with industry standards. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Information and Event Management (SIEM).- Strong understanding of cloud security principles and best practices.- Experience with security frameworks such as NIST, ISO 27001, or CIS.- Familiarity with incident response and threat detection methodologies.- Knowledge of regulatory requirements related to cloud security. Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Architecture Design Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : BE or MCA or MSc with Good Computer Science Background with good academic record of 65 and above Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations, ensuring that all security measures align with organizational objectives and compliance standards. You will engage in discussions to refine security strategies and provide guidance on best practices, contributing to a secure and efficient cloud environment. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Develop and maintain comprehensive documentation of security architecture and controls.- Conduct regular assessments of security measures to identify areas for improvement. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Architecture Design.- Strong understanding of cloud security principles and frameworks.- Experience with risk assessment and management methodologies.- Knowledge of compliance standards such as ISO 27001, NIST, or GDPR.- Familiarity with security tools and technologies for threat detection and response. Additional Information:- The candidate should have minimum 5 years of experience in Security Architecture Design.- This position is based in Coimbatore.- A BE or MCA or MSc with Good Computer Science Background with good academic record of 65 and above is required. Qualification BE or MCA or MSc with Good Computer Science Background with good academic record of 65 and above

Job Purpose/Summary : - Evaluate and enhance the performance of SIEM/SOAR systems to ensure optimal threat detection and incident response. - Develop and maintain automation scripts and playbooks to streamline incident detection, analysis, and response processes. Leverage SOAR capabilities to reduce manual intervention and improve response times. - Oversee the day-to-day administration of SIEM/SOAR platforms, ensuring their availability, reliability, and security. Perform regular updates, patches, and configuration changes. - Collaborate with the Incident Response team to ensure seamless integration of detection and response functions. Provide support during security incidents to ensure timely and effective remediation. - Work closely with other IT and security teams to develop specific use cases and to enhance the overall security posture of the organization. Share insights and recommendations to improve overall cybersecurity posture. - Maintain detailed documentation of automation, scripts, and improvement. - Manage execution of standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/SOAR platforms. - Manage technical documentation around the content deployed to the SIEM/SOAR. - Manage reports, dashboards, metrics for CyberSOC KPIs and presentation to senior management & other stakeholders. Qualification: - Bachelor's degree in Computer Science, Information Security, EXTC or related field. - Relevant certifications (e.g., CISSP, CCSP, CompTIA Security+) are highly desirable. - Proven experience (3+ years) working within the Cybersecurity field, with a focus on security platform implementation & administration. - Experience with deploying and managing a large SIEM/SOAR environment. - Experience with Palo Alto XDR and/or other SIEM platforms like Sentinel, Qradar, Splunk, ArcSight, etc. - Experience with Palo Alto XSOAR and/or equivalent SOAR Platforms like Resilient, Phantom, etc. - Proficiency in scripting languages (e.g., Python, Bash) for automation and customization of security processes is highly desirable.

As a seasoned Technology Leader specializing in Cybersecurity, you will be responsible for developing and executing a comprehensive technology roadmap for both Operational Technology (OT) and Information Technology (IT) cybersecurity solutions. Your role will involve aligning technology initiatives with business goals, industry standards, and market opportunities. You will lead the design and management of enterprise-grade cybersecurity platforms such as Splunk, QRadar, and similar systems, ensuring seamless integration across diverse OT and IT environments. Innovation is at the core of this role, where you will drive the design and development of advanced cybersecurity platforms and tools including Security Information and Event Management (SIEM), Extended Detection and Response (XDR), next-gen firewalls, and secure networking solutions. Your focus will be on addressing the unique challenges of OT/IT environments, encompassing threat detection, incident response, and compliance. You will define technology strategies for cybersecurity solutions, emphasizing scalability, efficiency, and future-readiness to support high-performance security operations globally. Building partnerships and collaborations will be key, as you foster relationships with technology providers, Original Equipment Manufacturers (OEMs), and other stakeholders to enhance the company's offerings. You will ensure seamless interoperability and integration of solutions across various platforms and ecosystems. Your role will also involve establishing and maintaining technology standards and best practices for OT/IT cybersecurity, along with monitoring and managing the adoption of emerging technologies to maintain a competitive edge and address evolving threats. Providing technical oversight for cybersecurity frameworks to ensure the protection of critical infrastructure will be crucial. Collaboration with delivery and operations teams will be essential to implement cutting-edge security measures effectively. To excel in this role, you should hold a Bachelor's or Master's degree in Engineering, Technology, or a related field, coupled with over 15 years of experience in technology leadership roles, particularly focusing on cybersecurity solutions. Expertise in platform development, such as Splunk, QRadar, and industrial control systems, is required. Strong leadership skills, innovative thinking, and a strategic mindset are essential to drive success in this dynamic and challenging environment.,

Responsibilities: • Track threats via OSINT tools (Maltego, Shodan) • Monitor SIEM alerts (Wazuh, ELK, Splunk) • Analyze logs & respond to incidents • Detect brand misuse, fake apps/sites • Remote role with growth-based pay

Dear Candidate, We at TATA Technologies looking for an experienced candidate for Threat Intelligence lead role for Pune location. Please check the below JD, if matches to your profile please share your resume on nikhil.rajuagale@tatatechnologies.com Job Title: Threat Intelligence Total Experience: 6-8 Years Location: Pune Notice Period : Immediate -30 Days Key Responsibilities: Real-time Security Monitoring: Continuously monitor security tools, systems, and network traffic for suspicious activity and potential threats. Threat Detection and Analysis: Identify potential security breaches by analyzing logs, network traffic, and data for anomalous patterns. Incident Response: Investigate and respond to security incidents, taking necessary step s to contain and mitigate damage. Collaboration and Communication: Work with other teams to address security concerns, share information, and implement preventative measures. Vulnerability Assessment: Identify anRd report vulnerabilities in systems and applications, recommending solutions for remediation. Staying Up to Date: Keep abreast of the latest cybersecurity threats, trends, and solutions. Essential Skills: Strong understanding of network security, operating systems, security tools (SIEM, ID S/IPS, etc.), and scripting/automation. Analytical and Problem-Solving Skills: Ability to analyze data, identify patterns, and develop solutions to security problems. Communication Skills: Ability to clearly communicate technical information to both technical and non-technical audiences. Communication and Interpersonal Skills: Ability to collaborate effectively with other teams and stakeholders. Incident Response and Forensics: Knowledge of incident response procedures, forensic analysis, and reporting.

You have an exciting opportunity to join our team as a Splunk Enterprise Security Specialist in Hyderabad. You should have 5-8 years of experience and expertise in Splunk ES architecture. Your responsibilities will include integrating Splunk with various security tools and technologies across different domains like Process control Domain/OT and Operations Domain/IT. You will be administering and managing the Splunk deployment for optimal performance, implementing RBAC, and developing custom Splunk add-ons for ingesting, parsing, and filtering incoming logs. Collaborating with SOC team members, you will understand security requirements and objectives, implementing Splunk solutions to enhance threat detection and incident response capabilities. You will integrate different security controls and devices such as firewalls, Endpoint Detection and Response (EDR) systems, Proxy, Active Directory (AD), and threat intelligence platforms. Your role will involve developing custom Splunk correlation searches, dashboards, and reports to identify security incidents, investigate alerts, and provide actionable insights to SOC analysts. You will also create highly efficient custom dashboards for different teams to facilitate security risks, threat, and vulnerability investigations. Additionally, you will conduct threat hunting exercises using Splunk to proactively identify and mitigate potential security threats and vulnerabilities. You will assist in the development and refinement of SOC processes and procedures, leveraging Splunk to streamline workflows and enhance operational efficiency. Your responsibilities will also include implementing Splunk for various automations of SOC SOP workflows. To be successful in this role, you should have experience in designing and implementing Splunk ES architecture, integration with security tools and technologies, security monitoring, incident response, security analytics, and reporting. You should also have strong collaboration and communication skills. Additionally, you will be responsible for the implementation and management of Splunk Enterprise Security, migration/scaling of the Splunk Environment from Windows to Linux, and enhancing the performance, reliability, and availability. You will also implement and integrate the SOAR platform (Splunk Phantom) and User Behavior Analytics (Splunk UBA/UEBA) with the existing Splunk Infrastructure, supporting and enhancing operations with automations wherever possible.,

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As the SOC L3 Analyst you will lead the technical handling of critical security incidents. Youll be responsible for deep-dive analysis, root cause investigation, forensics, and containment using tools such as CrowdStrike, Sumo Logic SIEM, and SOAR. You will be responsible for onboarding and managing log sources, building SIEM use cases (custom + in built), and developing automation in SOAR to support incident response and threat detection workflows Roles & Responsibilities:-End-to-End Incident Response Ownership:Ability to handle incident lifecycle (detect, contain, remediate)-Subject matter expert for handling the escalated critical or actual true positive incidents.-CrowdStrike Deep Dive:Using Real Time Response (RTR), Threat Graph, custom IOA rules-Strong command over Sumo Logic SIEM content engineering:Creating detection rules, dashboards, and field extractions-Threat Hunting:Behavior-based detection using TTPs-SOAR Automation:Designing playbooks, integrations with REST APIs, ServiceNow, CrowdStrike-Threat Intel Integration:Automation of IOC lookups and enrichment flows-Forensic Skills: Live host forensics, log correlation, malware behavioral analysis-Deep experience in advanced threat detection and incident response-Scripting Proficiency:Python, PowerShell, Bash for automation or ETL-Error Handling & Debugging:Identify and resolve failures in SOAR or data pipelines-Proficiency in CrowdStrike forensic and real-time response capabilities-Experience Sumo Logic SOAR for playbook optimization-Use case development in Sumo Logic SIEM Professional & Technical Skills: -Lead high-severity incident response, coordinating with stakeholders and IT teams-Perform endpoint forensic triage using CrowdStrike Real Time Response (RTR)-Conduct detailed log analysis and anomaly detection in Sumo Logic-Customize or create new detection rules and enrichments in SIEM-Develop/Tune SOAR playbooks for advanced scenarios, branching logic, and enrichment-Perform root cause analysis and support RCA documentation-Mentor L1 and L2 analysts through case walk-throughs and knowledge sharing-Generate post-incident reports and present findings to leadership-Lead investigations and coordinate response for major incidents-Perform root cause analysis and post-incident reviews-Develop advanced detection content in Sumo Logic-Optimize SOAR playbooks for complex use cases-Onboard and maintain data sources in Sumo Logic SIEM and ensure parsing accuracy-Build custom dashboards, alerts, and queries aligned with SOC use cases-Create and maintain field extractions, log normalization schemas, and alert suppression rules-Integrate external APIs into SOAR (e.g., VirusTotal, WHOIS, CrowdStrike)-Monitor log health and alert performance metrics; troubleshoot data quality issues-Collaborate with L3 IR and Threat Intel teams to translate threat use cases into detections-Participate in continuous improvement initiatives and tech upgrades-Conduct playbook testing, version control, and change documentation-CrowdStrike:Custom detections, forensic triage, threat graphs-SIEM:Rule creation, anomaly detection, ATT&CK mapping-SOAR:Playbook customization, API integrations, dynamic playbook logic-Threat Intelligence:TTP mapping, behavioral correlation-SIEM:Parser creation, field extraction, correlation rule design-Scripting:Python, regex, shell scripting for ETL workflows-Data Handling:JSON, syslog, Windows Event Logs-Tools:Sumologic SIEM, Sumo logic SOAR & Crowdstrike EDR-Exp in in SOC/IR including 4+ in L3 role (IR + SIEM Content Engineering & SOAR) Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Job Discription: Threat Intelligence Roles & Responsibilities: o Use various intelligence collection and reporting tools and frameworks to create customized threat Intelligence reports o Publish, present, and explain the reports to relevant stakeholders Collect, process, catalog, and document information using an all-source approach and various technical and human means on cyber-security topics as required based on defined intelligence requirements. Development of various tactical and strategic intelligence products including advisories and threat landscape reports Maintain a deep understanding of threat actor groups, campaigns and tactics, techniques, and procedures o Act as an escalation point for CTI analysis and investigation-related events Work with members of various teams, such as incident response and security monitoring, to carry out joint investigations or other threat management functions Identifies gaps in available intelligence information and engages with leadership on strategies to meet intelligence requirements through Intelligence collection processes. Aid in and participate in daily, weekly, quarterly, and yearly production reporting for clients, partners, and internal teams. Required Skillset: Should have hands on experience in various OSINT tools o Should be able to perform with dark and deep web scans Should have experience in deployment/management of various tools pertaining o Threat Intelligence including MISP, Recorded Future etc. Should have basic understanding vulnerability scanning solutions Must possess intermediate level of Cyber Security threats and various attack vectors