115 Threat Detection Jobs - Page 4

HI, Job Description Develop and maintain security tooling, guidelines, and standards for the Security Engineering team. Participate in threat intelligence and forensic analysis exercises, with guidance from more senior engineers. Work closely with application and infrastructure teams on mitigation of vulnerabilities against all cloud hosted systems. Create and maintain thorough runbooks and incident response documentation for the Security Operations Center (SOC). Create and monitor correlated event dashboards in the SIEM, alerting against thresholds you develop. Research, implement, and configure security protections for email, hosts, and identities. Write scripts to automate manual tasks. Create and provide training to assist new staff and internal teams. Education Bachelor's degree in Information Systems, Computer Science, or related discipline. Or any combination of education and experience which would provide the required qualifications for the position. Experience 5+ years of experience in being a part of a security operations center, with focuses on threat intelligence, incident response, blue team operations and SIEM query/workflow creation. 5+ years of experience in systems administration, software engineering, software development, or related discipline. Licenses CEH, SANS, ISC2 (CISM, CISSP, CCSP, etc), AWS, GCP, Azure Knowledge Working knowledge of SOC operations and incident response procedures, such as EDR, SWG, CASB, email threat protection, SIEM and SOAR platforms, threat intelligence frameworks (like MITRE ATT&CK), vulnerability and identity management, network security tools (firewalls, IDS/IPS), Python or PowerShell scripting, cloud-native security services (AWS, Azure, GCP), forensic and log analysis, and documentation platforms for preserving security operations materials. Skill in: Analytical, critical thinking and problem-solving skills; troubleshooting and resolving architecture and application development issues; working as member of a team; communicating effectively; establishing and maintaining effective working relationships. Ability to: Determine how a system should work and how changes in conditions, operations, and the environment will affect outcomes; demonstrate presentation skills with a high degree of comfort with both large and small audiences; work in a fast- paced environment; plan, organize, and prioritize workload and multi-task, to meet deadlines; establish and maintain effective working relationships through collaboration and respect.

At least 3 years of relevant experience in IT Security or with Security Operations Center. Knowledge of various security methodologies and technical security solutions. Experience analyzing data from cybersecurity monitoring tools such as SIEM / SOAR platforms. Knowledge of commonly accepted information security principles and practices, as well as techniques attackers would use to identify vulnerabilities, gain unauthorized access, escalate privileges, and access restricted information. Strong understanding of security operations concepts: perimeter defense, endpoint management, data leak prevention, kill chain analysis and security metrics. Knowledge of the common attack vectors on various layers. Knowledge and experience working with the Cyber Kill Chain Model, MITER ATT&CK Matrix. Experience in transport/shipping/logistics is a plus.

Hi everyone. Open Positions in the SOC Lead Analyst Role Greetings from Tekaccel! This is an excellent opportunity with us. If you have that unique and unlimited passion for building world-class enterprise software products that turn into actionable intelligence, then we have the right opportunity for you and your career. What are we looking for? Job Title: SOC Lead Analyst Location: Hyderabad (Work from Office) Experience Required: 5 to 7 years Shift: Rotational shifts (24x7) Contract Key Responsibilities: Incident Response: Respond to alerts across the global technology environment to detect, analyze, contain, and mitigate security incidents. Work in collaboration with Cybersecurity Incident Response teams to manage serious security events. Threat Detection & Analysis: Develop, test, and implement new detection use cases and response playbooks. Conduct root cause analysis and participate in post-incident reviews. Stay current with emerging threats and vulnerabilities. Process & Tooling: Continuously improve analysis workflows, tools, and playbooks. Identify opportunities for automation to enhance operational efficiency. Ensure detection rules are optimized for maximum coverage and minimum false positives. Leadership & Collaboration: Provide expert-level guidance to team members and stakeholders. Mentor and coach junior analysts to improve overall team capability. Collaborate with IT and Cybersecurity teams to ensure effective security controls are in place. Support shift handovers and ensure seamless incident management coverage. Strategic Contribution: Promote a culture of continuous improvement and proactive risk management. Support broader cybersecurity awareness initiatives across the organization. Required Skills & Qualifications: 5+ years of technical experience in IT or IT Security (e.g., network/system administration, SOC analyst). Expertise in SIEM platforms, EDR solutions, log management, and cybersecurity tools. Strong knowledge of IDS/IPS, HIPS, anti-malware, firewalls, proxies, MSS. Experience with cloud platforms (AWS, Azure, Google Cloud). In-depth understanding of operating systems (Windows, Linux, UNIX, iOS, OSX, etc.). Proficiency in network protocols (TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc.). Hands-on experience in scripting/programming for automation and tool development. Familiarity with security frameworks and standards (OWASP, ISO 2700x, PCI DSS, NIST, etc.). Proven experience in incident response, threat containment, and remediation processes. Relevant certifications (CEH, EnCE, SANS GSEC, GCIH, GCIA, CISSP, or equivalent). Education: Bachelors or advanced degree in Computer Science, Cybersecurity, or equivalent experience. If interested, candidates, please share your updated resume at naveen@tekaccel.com or WhatsApp at +91 7997763537 Tekaccel Software Services India

Responsibilities: Lead and manage the Security Engineering team in India operations Attract, retain, and develop high-performing talent within the team Build and maintain a motivated and efficient team structure Identify operational inefficiencies and implement process improvements Define goals, objectives, and KPIs to measure team performance Collaborate with local and US-based leadership for scaling operations Oversee delivery of threat detection content using Agile methodologies (Scrum, Kanban) Review and enhance SOC Analyst documentation and investigation steps Support threat detection engineering efforts for the MDR Platform Ensure alignment of engineering output with business objectives Technical Responsibilities: Lead the creation and modification of threat detection rules and alerts Work with Microsoft Security technologies (Sentinel, Defender Suite) Work with EDR tools (CrowdStrike, SentinelOne, Palo Alto Cortex, etc.) Work with SIEM platforms (Splunk, Sumo Logic, Devo) Use GitHub, Jira, and Confluence for collaboration and documentation Apply the MITRE ATT&CK framework in detection engineering Requirements: 7+ years of experience leading or managing security teams 2+ years of hands-on experience as a Security Analyst 1+ year of experience in threat detection engineering Experience creating detection content and triaging security alerts Familiarity with Agile methodologies, including Scrum and Kanban Strong communication skills in English (verbal and written) Experience training others and creating documentation Ability to work independently and meet deadlines Understanding of incident response and SOC workflows Experience with performance measurement and team KPIs

Role & responsibilities Primary Skill: Threat Intelligence, Threat Hunting, Threat Detection Engineers with experience in writing SPL (Splunk Processing Language), Mitre Framework. Secondary Skill: DataBricks, MDE Threat Intelligence, Threat Hunting, Splunk Enterprise Security, Cyber Security SME, Splunk Power User, Mitre Framework JD: • In-depth knowledge of external attacks and detection techniques to be able to run analysis of the requirements provided by threat intelligence / SOC teams, generate list of rules that could be implemented (based on self analysis of a threat and avaiable log sources), work with SOC team to operationalize and Purple Team to test.. • Familiarity with MITRE ATT&CK framework and Tactics, Techniques, and Procedures (TTPs). • Experience with security tools such as Splunk, MDE , Databricks to be able to write custom detections to detect various threats (preferably MDE) So to give you better picture, I will give some examples. Person needs to be able to navigate through Mitre framework to be able to assign correct technique to the rule that is worked on. Must be able to tell what Beaconing does or CnC channel means, methods to detect, logs to use (ofc not limited to, in general must know common attach techniques and how to detect them - external threat attacks on prem / cloud). Must be familiar with Cobalt Strike meaning (generic knowledge what it does, not how to use it). Manually write SPL / KQL / SQL rules in one of our tools, generated alerts and get them validated by asking Purple team to run a simulation. Talk to CDC on operationalizing the rule

5+ years of experience with proactive threat detection using EDR, SIEM, and network forensics tools. 5+ years of experience investigating adversary tactics, techniques, and procedures (TTPs) based on frameworks like MITRE Telecommunication & CK. 5+ years of experience investigating indicators across endpoints, networks, cloud, and identity systems to uncover widespread malicious activity. Strong analytical skills for investigating advanced persistent threats (APT) and identifying sophisticated attack patterns. Experience conducting or participating in threat simulations and red team exercises to improve detection capabilities. Work Location given in ECMS ID

.Monitoring and analysis of cyber security events using Microsoft Sentinel SIEM. 2.Monitor internal and external threats, examine logs, events, and alerts generated by multiple platforms for anomalous activity. 3.Development and execution of SOC and standard operating procedures (SOP). 4.Triage security events and incidents, detect anomalies, and report/direct remediation actions. 5.Timely escalate security incidents whenever SLA's are not met. 6.Assist in incident detection and resolving incidents by following all phases of incident management lifecycle. 7.Integrate and collaborate threat information to improve incident detection capabilities. 8.Should be capable of report generation from security solutions and preparation of report for management or leadership review. 9.Collect evidence of security incidents, and other error conditions that may constitute a breach in security or a degradation of integrity or confidentiality of systems and data. Ability to coordinate and work with stakeholders to track security incidents till closure. Qualification Job Description: 1.Monitoring and analysis of cyber security events using Microsoft Sentinel SIEM. 2.Monitor internal and external threats, examine logs, events, and alerts generated by multiple platforms for anomalous activity. 3.Development and execution of SOC and standard operating procedures (SOP). 4.Triage security events and incidents, detect anomalies, and report/direct remediation actions. 5.Timely escalate security incidents whenever SLA's are not met. 6.Assist in incident detection and resolving incidents by following all phases of incident management lifecycle. 7.Integrate and collaborate threat information to improve incident detection capabilities. 8.Should be capable of report generation from security solutions and preparation of report for management or leadership review. 9.Collect evidence of security incidents, and other error conditions that may constitute a breach in security or a degradation of integrity or confidentiality of systems and data. Ability to coordinate and work with stakeholders to track security incidents till closure

Your role and responsibilities We are seeking a highly skilled SIEM Security Engineer to join our cybersecurity team. This role involves the administration, engineering, and optimization of Security Information and Event Management (SIEM) solutions, specifically focusing on QRadar SIEM, as well as developing and implementing security use cases based on frameworks like MITRE ATT&CK and NIST. Key Responsibilities: SIEM Administration & Engineering: Maintain, configure, and optimize SIEM platforms, ensuring high availability and efficiency. Use Case Development: Design, implement, and test correlation rules and threat detection methodologies based on industry best practices. Log Source Management: Integrate and troubleshoot various log sources including firewalls, endpoints, IAM, cloud, network devices, and more. Threat Hunting & Incident Response Support: Work closely with SOC analysts, threat hunters, and incident response teams to identify security incidents and optimize detections. False Positive Reduction & SIEM Optimization: Refine correlation logic to improve detection efficacy while minimizing false positives. Security Framework & Compliance: Implement security controls in alignment with MITRE ATT&CK, NIST, and ITIL frameworks. Documentation & Collaboration: Maintain use case catalogs, runbooks, and collaborate with internal teams for continuous improvements. Advanced Analysis: Lead investigations of complex cybersecurity threats, escalate critical findings, and contribute to SOC strategic planning. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 8+ years of experience in IT Cyber Security Industry 6+ years experience in SIEM Administration and Use Case Engineering Strong understanding of Networking, OSI, TCP/IP concepts Expertise in Cybersecurity controls, threat detection, and attack methodologies Knowledge of MITRE ATT&CK, NIST frameworks, and security best practices Hands-on experience with multiple SIEM solutions, preferably QRadar SIEM Experience with UBA solutions and SIEM tuning Familiarity with log source integration, parsing, correlation, and troubleshooting Coordination and communication skills to work with security, engineering, and service delivery teams Preferred technical and professional experience SIEM Use Case Engineering and Content Development Relevant cybersecurity certifications such as CEH, CompTIA Security+, CCNA Strong ability to analyze security trends, optimize existing rules, and recommend improvement

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Network Security Operations Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations. You will engage in discussions to align security strategies with organizational objectives, ensuring that all security measures are effectively integrated into the cloud environment. Your role will also require you to stay updated on the latest security trends and technologies to enhance the overall security posture of the organization. Roles & Responsibilities:- Expected to be an SME in design and implementation of Network security using multiple products.- Develop and execute robust security protocols to prevent security breaches.- Facilitate cross-departmental collaboration to ensure cohesive security policies across the organization- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Expected to provide solutions to problems that apply across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in security practices.- Conduct regular assessments of security measures to identify areas for improvement. Professional & Technical Skills: - Must To Have Skills: Proficiency in Network Security Operations and proven experience on Palo Alto and Cisco firewalls, Palo Alto Prisma Access, Cisco ISE- Good to have Skills: Network Load balancers preferably F5-BigIP, WAF- Strong understanding of cloud security principles and frameworks.- Experience with security incident response and management.- Knowledge of compliance standards and regulations related to cloud security.- Familiarity with security tools and technologies for threat detection and prevention. Additional Information:- The candidate should have minimum 10 years of continuous experience in Network Security Operations.- This position is based at our Bengaluru office.- 15 years full time education is required.- Willing to work in US Shift timings and WFH policy adherence. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Governance Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and overseeing the transition to cloud security-managed operations. You will engage in discussions to align security strategies with organizational objectives, ensuring that all security measures are effectively integrated into the cloud environment. Your role will also require you to stay updated on the latest security trends and technologies to enhance the overall security posture of the organization. Roles & Responsibilities:- Lead and mentor a team of Tier 1, Tier 2, and Tier 3 SOC analysts.- Define and enforce SOC processes, workflows, SLAs, and escalation protocols.- Provide regular performance feedback and conduct training to upskill the team.- Collaborate with IT, DevOps, Risk, and Compliance teams on security initiatives.- Oversee daily security monitoring, triage, and incident response activities.- Ensure timely detection, investigation, and resolution of security incidents.- Maintain incident tracking and reporting for internal stakeholders and audits.- Conduct root cause analysis and ensure lessons learned are documented and implemented.- Manage and optimize SIEM, SOAR, EDR, and other monitoring tools.- Define and tune detection rules, playbooks, and alerts to reduce false positives.- Evaluate and recommend new tools and technologies to improve SOC capabilities.- Ensure log sources and telemetry are complete and properly ingested.- Ensure SOC operations support compliance requirements (ISO 27001, NIST, PCI DSS, GDPR).- Prepare and deliver regular security metrics and executive reports.- Coordinate with internal and external auditors during assessments. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Governance.- Strong understanding of risk management frameworks and compliance standards.- Experience with cloud security architecture and implementation.- Ability to conduct security assessments and audits.- Familiarity with security tools and technologies for threat detection and response. Additional Information:- The candidate should have minimum 12 years of experience in Security Governance.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

The primary responsibility of this role is to provide advanced incident analysis and management within our SOC environment, while also leading the development and training of the L1 SOC team in incident analysis, parsers creation, rule views, and report management. The ideal candidate will have a strong background in cybersecurity, incident response, and leadership skills. Responsibilities: Advanced Incident Analysis: Utilize advanced tools and techniques to analyze and investigate security incidents detected within the organization's networks and systems. Incident Response: Lead incident response efforts, coordinating with internal and external stakeholders to mitigate and remediate security incidents promptly. Team Leadership: Provide mentorship and guidance to the L1 SOC team, assisting in the development of their skills in incident analysis, parser creation, rule views, and report management. Parser Creation: Develop and maintain parsers to enhance the capability of the SOC's security information and event management (SIEM) system in detecting and correlating security events. Rule View Management: Manage and optimize rule views within the SIEM platform to ensure accurate and timely detection of security threats. Report Management: Oversee the generation and distribution of security reports, including incident reports, trend analysis, and recommendations for improvement. Collaboration: Work closely with other teams within the organization, including IT operations, network engineering, and application development, to improve overall security posture and incident response capabilities. Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field. Equivalent work experience may be considered. Minimum of 3 years of experience in a SOC environment, with a focus on incident analysis and response. Strong understanding of cybersecurity principles, including threat detection, malware analysis, and vulnerability management. Experience with SIEM platforms (e.g., Securonix, QRadar) and familiarity with creating and managing parsers and rule views. Leadership experience, with the ability to mentor and motivate team members effectively. Excellent communication skills, both written and verbal, with the ability to convey complex technical concepts to non-technical stakeholders.

2 years of experience in endpoint security implementation and management. Hands-on experience with CrowdStrike Falcon, Trend Micro Apex One/Deep Security, and EDR solutions. Strong knowledge of endpoint security, malware analysis, and threat detection methodologies. Experience in PowerShell, Python, or Bash scripting for automation and security tasks. Familiarity with Windows, macOS, and Linux endpoint security best practices. Understanding of network security, firewalls, and SIEM platforms (Splunk, Sentinel, etc.). Security certifications such as CrowdStrike CCFA/CCFR, Trend Micro Certified Professional, CEH, or CISSP (preferred).

Skills: Cyber Threat,Threat Detection, Incident Response, Vulnerability Management, Infrastructure Security, Risk-based security, Network Security, Cloud Security

Greetings from Peoplefy Infosolutions !!! We are hiring for one of our reputed MNC client based in Pune. We are looking for candidates with 3 + years of experience in : Security operations center Global SOC Experience Threat Monitoring/ Threat Detection/ Threat Prevention Any SIEM tools Interested candidates for above position kindly share your updated CV to asha.ch@peoplefy.com with below details : Notice Period : Experience: CTC : ECTC : Current Location :

Job Summary: We are looking for a skilled Microsoft Sentinel SIEM Engineer to join our Cybersecurity Operations team. The ideal candidate will be responsible for the deployment, configuration, integration, and operational support of Microsoft Sentinel as a core SIEM platform, ensuring efficient threat detection, incident response, and security monitoring. Key Responsibilities: Design, implement, and manage Microsoft Sentinel for enterprise security monitoring. Develop and maintain analytic rules (KQL-based) and detection use cases aligned with MITRE ATT&CK. Integrate various log sources (on-prem and cloud) including Microsoft 365, Azure, AWS, endpoints, firewalls, etc. Create and manage playbooks using Azure Logic Apps for automated incident response. Monitor data connectors and ensure log ingestion health and optimization. Conduct threat hunting and deep dive analysis using Kusto Query Language (KQL). Optimize performance, cost, and retention policies in Sentinel and Log Analytics workspace. Collaborate with SOC analysts, incident responders, and threat intelligence teams. Participate in use case development, testing, and fine-tuning of alert rules to reduce false positives. Support compliance and audit requirements by producing relevant reports and documentation. Required Skills & Qualifications: 3+ years of experience working with Microsoft Sentinel SIEM. Strong hands-on experience with KQL (Kusto Query Language) . Solid understanding of log ingestion from different sources including Azure, O365, Defender, firewalls, and servers. Experience with Azure Logic Apps for playbook creation and automation. Familiarity with incident response workflows and threat detection methodologies. Knowledge of security frameworks such as MITRE ATT&CK, NIST, or ISO 27001 . Microsoft certifications such as SC-200 (Microsoft Security Operations Analyst) or AZ-500 are preferred. Good to Have: Experience with Defender for Endpoint, Defender for Cloud, Microsoft Purview. Knowledge of other SIEM platforms (e.g., Splunk, QRadar) for hybrid environments. Scripting experience (PowerShell, Python) for automation and integration. Certifications (Preferred but not mandatory): SC-200 : Microsoft Security Operations Analyst AZ-500 : Microsoft Azure Security Technologies CEH , CompTIA Security+ , or equivalent

Your key responsibilities Administration and management support of CrowdStrike Next-Gen SIEM/EDR Perform as the subject matter expert on any of the above solutions for the customer, use the capabilities of the solution in the daily operational work for the end customer. Advise customers on best practices and use cases on how to use this solution to achieve customer end state requirements. Content development (Use case development) which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Skills and attributes for success Customer Service oriented - Meets commitments to customers; Seeks feedback from customers to identify improvement opportunities. Experience in managing and administering security solution CrowdStrike Next-Gen SIEM/EDR Hands-on expertise in Security use case development and log source integration Good knowledge of SIEM technologies such as Splunk, Azure Sentinel from a Security Analysts point of view Exposure to IOT/OT monitoring (Claroty, Nozomi Networks etc.) is a plus Good knowledge and experience in Security Monitoring Good knowledge and experience in Cyber Incident Response Knowledge in ELK Stack Knowledge in Network monitoring technology platforms such as Fidelis XPS or others Knowledge in endpoint protection tools, techniques, and platforms such as Carbon Black, Tanium, CrowdStrike, Defender ATP or others To qualify for the role, you must have B. Tech./ B.E. with sound technical skills Strong command on verbal and written English language. Demonstrate both technical acumen and critical thinking abilities. Strong interpersonal and presentation skills. Minimum 4 years of Hands-on experience of operating/implementing the above security tools. Certification in any of the SIEM platforms is a plus Knowledge of RegEx, Perl scripting and SQL query language. Certification - CCSA, CEH, CISSP, GCIH, GIAC.

We are seeking a talented and highly motivated Microsoft Sentinel SIEM Engineer to join our Dedicated Defense group. As a key member of our team, you will be responsible for deploying and maintaining Microsoft Security technologies to enhance threat detection, response, and overall security posture. This is an exciting opportunity for an individual with expertise in major SIEM technologies, aiming to help safeguard critical systems and data from evolving cyber threats. Responsibilities: Architect, deploy, and maintain Microsoft Sentinel for SIEM use cases including log ingestion, data normalization, and incident correlation. Manage and optimize Microsoft Defender for Endpoint, Identity, Cloud, Office 365, and other Defender tools to maximize protection and visibility. Develop custom queries,detection rules, workbooks, and automation playbooks to improve threat detection and response efficiency. Lead the design and implementation of security monitoring, including data connectors, analytics rules, and incident automation. Collaborate with threat analysts and incident response teams to triage, investigate, and respond to security alerts and incidents. Provide technical guidance in security best practices, incident response procedures, and threat hunting using Microsoft security tools. Continuously assess the security landscape and recommend improvements to policies, tools, and configurations. In addition to strong technical acumen, the ideal candidate will bring excellent communication and client-facing skills to collaborate directly with customers, understand their security needs, and deliver tailored solutions that align with their risk posture and compliance requirements. Outcomes: Integration & Optimization: Integrate and optimize Microsoft Sentinel to improve visibility and automate threat detection workflows Threat Detection: Utilize Microsoft Sentinel AI-powered analytics to dashboard reports and automate critical reporting functions Automation & Playbook Development: Develop automated detection and response playbooks based on Microsoft data feeds, streamlining incident management and reducing time to resolution. Collaboration & Knowledge Sharing: Work closely with other security and IT teams to share threat intelligence, optimize SIEM use, and contribute to security strategy development. Reporting & Documentation: Develop and maintain dashboards, reports, and documentation related to Microsoft Sentinel deployment, performance, and incident metrics. Continuous Improvement: Continuously evaluate Microsoft Sentinel capabilities and other relevant security tools to recommend improvements and refine detection capabilities. Required Qualifications: 5 years of SIEM experience in Splunk, Qradar, Microsoft, and comparable SIEMS Hands-on experience with other SIEM platforms (Splunk, IBM QRadar, Microsoft Sentinel, etc.) and integrating them with endpoint security tools. Strong understanding of cybersecurity principles, threat detection, and SIEM management. Experience working with Sentinel One Core EDR technology Proficiency in scripting and automation (Python, PowerShell, etc.). Experience with cloud security (AWS, Azure, GCP) and cloud-native SIEM solutions is a plus. Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience). Preferred Qualifications: 5 years of experience in cybersecurity in a SOC or security engineering capacity. Proven hands-on expertise with Microsoft Sentinel and Microsoft Defender suite. Deep knowledge of Kusto Query Language (KQL) and building custom analytics rules and workbooks in Sentinel. Strong experience in customer-facing roles. Experience with incident response, threat detection, and threat hunting techniques. Strong understanding of cloud security, especially in Azure environments. Familiarity with MITRE ATT&CK, NIST, and other security frameworks. Experience integrating Sentinel with third-party solutions (e.g., threat intel feeds, ticketing systems).

ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it , our most valuable asset is our people. Here you’ll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning; bold ideas; courage an d passion to drive life-changing impact to ZS. Our most valuable asset is our people . At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systems—the ones that comprise us as individuals, shape who we are and make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about. Senior Security Operations Analyst We are seeking an experienced professional to join our Pune, India office as a Senior Security Operations Analyst with a strong background in Security Information and Event Management (SIEM) platforms, specifically in Microsoft Sentinel and Wiz. The ideal candidate will be responsible for leading advanced threat detection, response, and monitoring activities. This role will be critical in enhancing our cybersecurity posture and ensuring the ZS environment remains secure against emerging threats. What you’ll do: Manage the day-to-day operations of Microsoft Sentinel, including rule creation, log ingestion, data analytics, and alert triaging Develop and tune detection rules, use cases, and analytics within Sentinel to improve threat visibility and detection capabilities Leverage Wiz Defend to detect and respond to runtime threats across cloud workloads and Kubernetes environments in real-time Continuously monitor and investigate alerts generated by Wiz Defend to enhance threat detection, triage, and incident response capabilities Perform proactive threat hunting to identify and mitigate advanced threats Conduct in-depth incident investigations and coordinate response efforts to ensure swift remediation Collaborate with internal stakeholders and the Threat Intelligence team to identify and mitigate potential security threats Generate reports and dashboards to communicate SOC performance metrics and security posture to leadership Continuously improve SOC processes and playbooks to streamline operations and response efforts Mentor junior SOC analysts and provide guidance on security best practices This role requires participation in a rotational shift Flexibility and availability to respond to urgent incidents outside of assigned shifts, as needed What you’ll bring: Strong analytical and problem-solving abilities Excellent communication and interpersonal skills to effectively collaborate with cross-functional teams Proven ability to remain calm and efficient under a high-pressure environment Proficient in using SIEM tools, such as Microsoft Sentinel Experience with data migration strategies across SIEM platforms Experience on Cloud Security Operations and Incident Response platforms such as Wiz In-depth understanding of cyber threats, vulnerabilities, and attack vectors Proficient in creating KQL queries and custom alerts within Microsoft Sentinel Expertise in developing SIEM use cases and detection rules Skilled in incident response and management procedures Experienced in conducting deep-dive investigations and root cause analysis for incidents Adept at collaborating with stakeholders to resolve complex cybersecurity challenges Ability to automate routine SOC processes to enhance operational efficiency Experienced in mentoring and guiding junior analysts in security operations Knowledge of major cloud platforms (AWS, Azure, GCP), including their security models, IAM roles, virtual private cloud (VPC) configurations, and cloud-native security tools Good to have skills and abilities: Excellent interpersonal (self-motivational, organizational, personal project management) skills Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System Ability to analyze cyber threats to develop actionable intelligence Skill in using data visualization tools to convey complex security information Academic Qualifications: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience) 4+ years of experience in a Security Operations Center (SOC) environment, with a focus on SIEM management Strong hands-on experience with Microsoft Sentinel, including data connectors, KQL queries, analytics rules, and workbooks Experience with SIEM migration Expertise in incident response, threat detection, and security monitoring Solid understanding of Windows, Linux, and cloud security concepts Relevant certifications (e.g., CompTIA Security+, Microsoft CertifiedSecurity Operations Analyst, GCIA, GCIH, OSDA, GCFA) are preferred Preferred Security Cloud CertificationsAWS Security Specialty Perks & Benefits ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member. We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections. Travel Travel is a requirement at ZS for client facing ZSers; business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures. Considering applying At ZS, we're building a diverse and inclusive company where people bring their passions to inspire life-changing impact and deliver better outcomes for all. We are most interested in finding the best candidate for the job and recognize the value that candidates with all backgrounds, including non-traditional ones, bring. If you are interested in joining us, we encourage you to apply even if you don't meet 100% of the requirements listed above. ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law. To Complete Your Application Candidates must possess or be able to obtain work authorization for their intended country of employment.An on-line application, including a full set of transcripts (official or unofficial), is required to be considered. NO AGENCY CALLS, PLEASE. Find Out More At www.zs.com

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Oracle HCM Cloud Core HR Good to have skills : Oracle Applications Development, Security GovernanceMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build, and protect enterprise systems, applications, data, assets, and people. Your typical day will involve collaborating with various teams to implement security measures, conducting risk assessments, and ensuring compliance with security policies. You will engage in proactive monitoring of systems to identify vulnerabilities and respond to potential threats, all while maintaining a focus on safeguarding information and business processes against cyber threats. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Conduct regular security audits and assessments to identify areas for improvement.- Develop and implement security policies and procedures to enhance overall security posture. Professional & Technical Skills: - Must To Have Skills: Proficiency in Oracle HCM Cloud Core HR.- Good To Have Skills: Experience with Oracle Applications Development, Security Governance.- Strong understanding of security frameworks and compliance standards.- Experience with risk assessment and management methodologies.- Familiarity with incident response and threat detection tools. Additional Information:- The candidate should have minimum 5 years of experience in Oracle HCM Cloud Core HR.- This position is based at our Hyderabad office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : CyberArk Privileged Access Management Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build, and protect enterprise systems, applications, data, assets, and people. Your typical day will involve collaborating with various teams to implement security measures, conducting risk assessments, and ensuring compliance with security policies. You will also engage in proactive monitoring of security systems and respond to potential threats, all while maintaining a focus on safeguarding information and business processes against cyber threats. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Develop and implement security protocols and procedures to enhance the overall security posture.- Conduct regular security audits and assessments to identify vulnerabilities and recommend improvements. Professional & Technical Skills: - Must To Have Skills: Proficiency in CyberArk Privileged Access Management.- Experience with identity and access management solutions.- Strong understanding of security frameworks and compliance standards.- Familiarity with incident response and threat detection methodologies.- Knowledge of network security principles and practices. Additional Information:- The candidate should have minimum 7.5 years of experience in CyberArk Privileged Access Management.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Threat Hunting Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and transitioning to cloud security-managed operations. You will engage in strategic discussions to align security measures with organizational objectives, ensuring a robust security posture in the cloud environment. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in security practices.- Evaluate emerging security technologies and recommend improvements to existing security frameworks. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Threat Hunting.- Strong understanding of cloud security principles and best practices.- Experience with threat detection and incident response methodologies.- Familiarity with security compliance frameworks and regulations.- Ability to analyze security incidents and develop effective mitigation strategies. Additional Information:- The candidate should have minimum 7.5 years of experience in Security Threat Hunting.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

The Cyber Threat Detection and Development role involves working with relevant technologies, ensuring smooth operations, and contributing to business objectives. Responsibilities include analysis, development, implementation, and troubleshooting within the Cyber Threat Detection and Development domain.

Project Role : Technology Platform Engineer Project Role Description : Creates production and non-production cloud environments using the proper software tools such as a platform for a project or product. Deploys the automation pipeline and automates environment creation and configuration. Must have skills : Email Security Good to have skills : Microsoft 365 Security & ComplianceMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Technology Platform Engineer, you will be responsible for creating production and non-production cloud environments using the proper software tools. Your role involves deploying the automation pipeline and automating environment creation and configuration. Roles & Responsibilities:-Deploy and manage Proofpoint Email Security solutions to protect against phishing, malware, and other email threats.-Assist in configuring security policies tailored to individual user needs.-Configure recipient verification processes to ensure the authenticity of email communications.-Manage whitelisting and blacklisting of domains, IP addresses, and email addresses to strengthen security.-Develop and modify security rules based on service requests to address specific threats.-Analyze and refine quarantine policies to enhance threat detection and email filtering.-Diagnose and resolve inbound/outbound email delays and routing issues for seamless communication.-Categorize emails for whitelisting and blacklisting to maintain a secure email environment.-Continuously monitor and analyze email traffic to detect and mitigate potential threats.-Collaborate with Registration, DNS, and M365 teams to integrate new or acquired domains into the existing setup.-Configure external email banners and manage exceptions for vendors/partners.-Expertise in creating and modifying Regular Expressions based on security requirements.-Understand URL rewriting scenarios and manage exceptions as needed.-Hands-on experience in diagnosing and resolving URL isolation issues.-Define and implement email security policies to ensure compliance and protect sensitive data.-Conduct training sessions to educate employees on email security best practices and risk mitigation.-Experience in managing security awareness training platforms and initiate related training and take initiative to train users via email or assigning new training on ongoing threats.-Work closely with relevant teams to integrate email security measures with broader security strategies.-Generate reports on security incidents, trends, and the effectiveness of implemented measures.-Stay updated on emerging email security threats and recommend improvements to strengthen the security posture.-Deep understanding of SPF, DKIM, DMARC, and hands-on expertise with EFD to enhance domain security against phishing and malware threats.- Hands on Experience in TAP, TRAP, CTR, PhishAlarm, Email DLP- Experience in Proofpoint IMD for the protection from Phish, Malware, Spam etc. Professional & Technical Skills: - Must To Have Skills: Proficiency in Email Security.- Good To Have Skills: Experience with Microsoft 365 Security & Compliance.- Strong understanding of cloud security principles.- Knowledge of email security protocols and encryption methods.- Experience in configuring and managing email security solutions.- Ability to analyze and respond to email security incidents. Additional Information:- The candidate should have a minimum of 3 years of experience in Email Security.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Splunk Security Information and Event Management (SIEM) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and handling end to end SOC operations, all while ensuring compliance with industry standards and best practices. Roles & Responsibilities:- Expected to be an SME on SOC Operations, security monitoring and incident management activities.- Collaborate and manage the team to perform on operations, security stakeholders (Onshore & Client) engagement.- Responsible for team decisions on security incidents and Operational processes and enhancements.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Conduct regular assessments of cloud security measures and recommend improvements.- Facilitate training sessions for team members on cloud security best practices. Professional & Technical Skills: - Must To Have Skills: Proficiency in Splunk Security Information and Event Management (SIEM).- Strong understanding of cloud security principles and frameworks.- Experience with incident response and threat detection methodologies.- Familiarity with compliance standards such as ISO 27001, NIST, and GDPR.- Ability to analyze security incidents and provide actionable insights. Additional Information:- The candidate should have minimum 7.5 years of experience in Splunk Security Information and Event Management (SIEM).- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Introduction At IBM, work is more than a job - its a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things youve never thought possible. Are you ready to lead in this new era of technology and solve some of the worlds most challenging problems If so, lets talk. Your role and responsibilities We are seeking a highly skilled SIEM Security Engineer to join our cybersecurity team. This role involves the administration, engineering, and optimization of Security Information and Event Management (SIEM) solutions, specifically focusing on QRadar SIEM, as well as developing and implementing security use cases based on frameworks like MITRE ATT&CK and NIST. Key Responsibilities: SIEM Administration & Engineering: Maintain, configure, and optimize SIEM platforms, ensuring high availability and efficiency. Use Case Development: Design, implement, and test correlation rules and threat detection methodologies based on industry best practices. Log Source Management: Integrate and troubleshoot various log sources including firewalls, endpoints, IAM, cloud, network devices, and more. Threat Hunting & Incident Response Support: Work closely with SOC analysts, threat hunters, and incident response teams to identify security incidents and optimize detections. False Positive Reduction & SIEM Optimization: Refine correlation logic to improve detection efficacy while minimizing false positives. Security Framework & Compliance: Implement security controls in alignment with MITRE ATT&CK, NIST, and ITIL frameworks. Documentation & Collaboration: Maintain use case catalogs, runbooks, and collaborate with internal teams for continuous improvements. Advanced Analysis: Lead investigations of complex cybersecurity threats, escalate critical findings, and contribute to SOC strategic planning. Required education Bachelors Degree Preferred education Bachelors Degree Required technical and professional expertise 8+ years of experience in IT Cyber Security Industry 6+ years experience in SIEM Administration and Use Case Engineering Strong understanding of Networking, OSI, TCP/IP concepts Expertise in Cybersecurity controls, threat detection, and attack methodologies Knowledge of MITRE ATT&CK, NIST frameworks, and security best practices Hands-on experience with multiple SIEM solutions, preferably QRadar SIEM Experience with UBA solutions and SIEM tuning Familiarity with log source integration, parsing, correlation, and troubleshooting Coordination and communication skills to work with security, engineering, and service delivery teams Preferred technical and professional experience SIEM Use Case Engineering and Content Development Relevant cybersecurity certifications such as CEH, CompTIA Security+, CCNA Strong ability to analyze security trends, optimize existing rules, and recommend improvement