243 Threat Detection Jobs - Page 4

About the Role: Duration: 6 months Timings: Full Time (As per company timings) Shift: General Shift, Cab facility is available. 5 days work from the office. Notice Period: (Immediate Joiner - Only) Responsibilities: Design and develop detection rules and policies to identify cybersecurity threats across various platforms and technologies. Lead the design, development, and deployment of high-fidelity threat detection mechanisms across our diverse technology stack, including on-premise, cloud (AWS, Azure, GCP), and SaaS environments. Collaborate with security analysts, threat hunters, and intelligence to understand emerging threats and devise effective detection strategies. Validate and tune detection content to minimize false positives and ensure high accuracy and efficiency. Stay updated on the latest cybersecurity trends, tools, and technologies to continuously improve detection methodologies. Work directly with clients to onboard their environments onto our platform and integrate data sources, guiding them through the process. Document detection processes, create reports on security metrics, and communicate findings to stakeholders Good understanding of network infrastructure, security, and devices, i.e,. Firewalls, EDR, Email Security, Proxy, DLP, and IDS/IPS Qualifications: Bachelors degree in Computer Science, Information Security, or a related field. At least 5 years of experience in cybersecurity, with a focus on threat detection, analysis, and incident response Strong knowledge of security information and event management (SIEM) systems, log management solutions, and detection platforms. Familiarity with attack patterns, tactics, techniques, and procedures (TTPs) used by cyber adversaries - MITRE ATT@CK and Cyber Kill Chain Experience with cloud security and understanding of cloud-based threat detection strategies. Strong communication and collaboration skills, with the ability to work effectively in a team environment and interact with clients Collaborate with the Security Operations team on developing and automating alert response processes and playbooks Knowledge of security tools and technologies, such as SIEM, CSPM, EDR/XDR, SOAR, WAF, and IDS/IPS. Professional security certifications such as OSCP, GIAC (e.g., GCIH, GCIA), CISSP, or other relevant certifications are highly valued. Hands-on experience with SIEM platforms for log management and alerting. Ex: Splunk, Elastic Stack (ELK/Security Onion), IBM QRadar, Securonix, Wazu,h or Azure Sentinel. Ability to create SIEM queries, dashboards, and integrate new data sources

At ABB, we help industries outrun - leaner and cleaner. Here, progress is an expectation - for you, your team, and the world. As a global market leader, we'll give you what you need to make it happen. It won't always be easy, growing takes grit. But at ABB, you'll never run alone. Run what runs the world. This Position reports to: Global Service Owner for Network Service Your roles and responsibilities: The IT Network Connectivity Automation Engineer will be responsible for designing, implementing, and optimizing advanced network connectivity solutions to support the organization's global IT infrastructure. This role focuses on leveraging Software-Defined Networking (SDN), automation, and programming to deliver scalable, secure, and efficient network architectures. The ideal candidate will have deep technical expertise in SDN technologies, network automation frameworks, and programming, combined with the ability to align solutions with business objectives in a complex, multi-vendor environment. The work model for the role is #LI-Hybrid This role is contributing to the IS Services in Bangalore Location. You will be mainly accountable for: Design and architect end-to-end network solutions incorporating SDN technologies (SD-WAN, NFV, intent-based networking) for LAN/WLAN, WAN, hybrid, and cloud environments. Develop and implement automation workflows using tools like Ansible, Puppet, Python build orchestration pipelines integrate network systems with ITSM platforms (e.g., ServiceNow). Proficiency in Python, Go, JavaScript for writing clean, maintainable code to support network automation, monitoring, and integration with DevOps CI/CD pipelines. Deep understanding of protocols such as BGP, OSPF, etc and security models including zero-trust architecture, network segmentation, and threat detection. Automate monitoring and capacity planning using tools like SolarWinds, Splunk, Cisco DNA Center, etc Lead technical teams, collaborate cross-functionally (cybersecurity, cloud ops), provide technical guidance, and stay updated on emerging trends (AI-driven networking, zero-trust). Qualifications: Bachelor's degree in Computer Science, Information Security, or related field. 7-10 years in network engineering with 3-5 years in SDN/automation preferred certifications include CCIE (Data Center/Enterprise), Cisco DevNet, Python. Good Communication skills. Team handling experience. More about us Our mission in ABB IS (Information Systems) is to harness the power of information technology to deliver valuable, reliable, and competitive IS services for ABB. If you have a strong technical skills, analytical mind, and the drive to help us stay ahead of the competition, you are the one we are looking for. We value people from different backgrounds. Could this be your story Apply today or visit www.abb.com to read more about us and learn about the impact of our solutions across the globe. Fraud Warning: Any genuine offer from ABB will always be preceded by a formal application and interview process. We never ask for money from job applicants. For current open positions you can visit our career website and apply. Please refer to detailed recruitment fraud caution notice using the link .

Role: L2 SOC Location: Hyderabad Shift Timings: Rotational about alliantgroup alliantgroup is a professional services firm that provides tax consulting and compliance services to businesses in the United States. The company was founded in 2002 and is headquartered in Houston, Texas. alliantgroup services are focused on helping businesses claim tax credits and incentives that they are entitled to under various federal and state programs. These credits and incentives are designed to encourage businesses to invest in certain types of activities, such as research and development, energy efficiency, and hiring employees from certain disadvantaged groups. alliantgroup services include helping businesses identify and claim these credits and incentives, as well as providing guidance on compliance with the relevant regulations. alliantgroup is headquartered in Houston, Texas with additional offices located in Austin, Boston, Chicago, Indianapolis, New York, Irvine, Sacramento, Washington, D.C.; and Bristol and London in the U.K. More about our culture and why we love alliantgroup https://youtu.be/nM_9fXXwyrg https://youtu.be/erJobvthqRw alliantgroup India Talent Pvt. Ltd: alliantgroup started its operations in India in the year 2020 with a world-class office in Hyderabad to provide Tax, Advisory, Audit and Accounting services. alliantgroup India Talent comprises a team of skilled professionals who address the most pressing needs of U.S CPA Firms. We work with the best talent and ensure our clients get top quality services they need. We are currently a family of 1000+ employees. Our people and culture set us apart as a firm, and our team includes professionals from a diverse array of fields, including business, engineering, software development, law, and accounting. Alliant Cybersecurity Alliant Cybersecurity created a full-service cybersecurity consultancy for American businesses. We are technology and vendor agnostic and have a customizable security plan that can be made to fit any businesss needs. Our team has seasoned penetration testers, auditors, technologists, and security analysts to help with client’s needs whether it’s a one-time project or permanent outsourced cybersecurity to our Managed Security Operations Center. We are here as an extension of client’s team, offering straightforward solutions to everyday cybersecurity challenges especially in the moments that matter most. Role Overview Alliant Cybersecurity is seeking an experienced Level 2 analyst based in Hyderabad to help expand its Cybersecurity and Risk Advisory practice. This position primarily supports US-based customers and requires flexibility to work during US business hours. What You'll Do: Security Operations & Investigation: Lead deep-dive investigations of escalated L1 incidents Analyze data from multiple security tools and sources Participates to crisis management by providing support to the incident handler and the SOC Level 3 analysts Create reports and visualizations of security attacks Use Case Fine tuning, New Use case creation Tracks trends for metrics and reporting Works on the decrease of false positives Maintain the detection rules database Trending and correlation of monitored events to build new Indicators of Compromise (IOC), attack attribution and helping establish countermeasures increasing cyber resiliency Customer Engagement: Participates to recurring meeting with the customer as the technical referent. Provides recommendations or workarounds to the customer in order to reduce business impact Leads and participates to the continuous improvement of the service (detection level, process, operational procedures, service efficiency, service reporting) Supports the customer for the remediation of incidents Supports the SOC manager for the reporting of the activity. Continuous Improvement: Drive improvement plans and documentation Mentor L1 analysts Work independently on complex analyses Maintain process/procedure documentation Support CISO, CIO, and Head of SOC during incidents Lead continuous service improvement initiatives Coordination with ISMS core team to support ISMS activities and implantation strategies at the company. Education: Bachelor’s degree in computer science, Engineering, or other related discipline. Certifications: Professional Security certifications are a plus (CISSP preferred.) What are we looking for: Minimum 4 years of SOC experience Expert knowledge in: Computer Forensics Reverse Engineering IDS/SIEM/Log Management Threat Intelligence Malware Analysis EDR & Incident Response Vulnerability Management Essential Skills: Rigorous process adherence and attention to detail Strong time management and multitasking abilities Information security mindset Team leadership capabilities Excellent analytical and problem-solving skills Outstanding communication and documentation abilities Autonomous and self-organized Experience in tactical coordination during incidents What we offer: With us, there are always opportunities to break new ground. We empower you to take the organization to the next level with the versatile experience that you bring in. We trust you with responsibility early on and support you in all ways to make this organization as trusted partner to the customers and a great place to work for the employees. Join us and bring your curiosity to life!

About the role As a SOC Analyst - Detection Engineering in the banks security operations center (SOC), the individual will be responsible to strengthen the creation and optimization of Analytical rules and alerts configured in the banks SIEM platform. You will be responsible to build analytical correlational rules in the banks SIEM platform covering network, systems and endpoints, cloud (SAAS, IAAS and PAAS) and applications (both COTS and internally developed). You will be responsible to provide expert guidance and support to the security operations team in the use of for threat hunting and incident investigation and analysing the detected incidents to identify lessons learned to improve response processes and make recommendations for enhancing security posture. You will be also responsible for developing and maintaining documentation for Analytical rules processes and procedures. Key Responsibilities Business Understanding Accountable to ensure all security anomalous activities are detected by the banks SIEM platform and false positives are kept to a minimum. Collaborate Verify the ingested logs and ensure log parsing to normalize the events. Implement a testing methodology to test the alerts configured and obtain sign off before releasing into production. Reporting Stay Up to date with the latest trends and developments in cybersecurity and SIEM technologies and recommend improvements to the organization security posture. Qualifications & Skills Educational Qualification Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent with experience in cloud security with any of the following - Microsoft Azure, Google cloud, Ability to develop and implement security policies, procedures and best practices. Experience At least 5 years of experience working as a SOC analysts responsible to create SIEM rules/alerts. Hands-on experience in creation of security alerts in any of the commonly used SIEM solutions is a must. Certifications SIEM Certification from any of the leading SIEM OEMs Splunk, Palo Alto, Securonix, LogRhythm, etc,. CEH or CISSP CCNA Security and/or any of the Cloud security certifications (AWS, GCP, Azure, OCI). Compliance Knowledge of Networking components, Servers (RHEL, Windows, etc.) and Endpoints, cloud infrastructure along with Machine learning models used for detection of security alerts. Knowledge of various log types, event parsing and ingestion mechanisms across Systems, networks, cloud and commonly used applications in banks. Communication Skills Excellent communication and interpersonal skills. Synergize with the Team Working with the designated bank personnel to ensure alignment with RBI guidelines on detection of security alerts applicable to banks. Should have strong understanding of cybersecurity principles, threat detection and incident response.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Managed Cloud Security Services Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Platform engineering lead you will design, implement, and manage Microsoft Sentinel security solutions including analytics rules and automation workflows. Collaborate across teams to align threat detection and response with compliance, while ensuring integration with Microsoft and third-party security tools. Roles & Responsibilities:-Design and implement Microsoft Sentinel solutions including workspace configuration, data ingestion, and role-based access control.-Develop and tune analytics rules, workbooks, and hunting queries using KQL (Kusto Query Language).-Integrate various log sources (Azure, Microsoft 365, on-premise systems, third-party security tools) using built-in and custom connectors.-Create custom workbooks and dashboards for security visibility, KPIs, and executive reporting.-Build and maintain automation workflows using Logic Apps for incident enrichment, notification, and response.-Collaborate with SOC teams, cloud architects, and compliance teams to align monitoring with threat models and regulatory requirements.-Participate in incident response by investigating and analyzing alerts and security events within Sentinel.-Ensure integration with Microsoft Defender Suite (MDE, MDI, MDC, O365) and third-party SIEM/SOAR tools as needed.-Provide documentation, knowledge transfer, and ongoing Sentinel tuning and support. Professional & Technical Skills: - Must Have Skills: Proficiency in Microsoft Azure Security, including Microsoft sentinel, Microsoft Defender XDR and KQL and have a good understanding of Microsoft Defender solution platform for MDE, MDI, XDR, MDA and MDO. Must have capability to develop sentinel bases solutions with KQL queries.- Good to have Skills: Google SecOps MxDR solution.- Strong understanding of cloud security principles and best practices.- Experience with security tools and technologies on Microsoft Azure. Multi-Cloud experience will be additional.- Knowledge of security frameworks like MITRE.- Ability to analyze and develop use cases L3 perspective as well as developing effective response strategies. Additional Information:- The candidate should have minimum 5 years of experience in Microsoft Azure Security suite.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations, ensuring that all security measures align with organizational objectives and compliance standards. You will engage in discussions to refine security strategies and provide guidance on best practices, contributing to a secure cloud environment that supports the organization's growth and innovation. Roles & Responsibilities:- Design, develop, and maintain advanced playbooks and integrations in Cortex XSOAR.- Automate incident response workflows and repetitive SOC tasks.- Integrate XSOAR with SIEMs, EDRs, threat intelligence platforms, and ticketing systems.- Collaborate with SOC teams to identify automation opportunities and improve operational efficiency.- Troubleshoot and optimize playbook performance and platform stability.- Maintain documentation for playbooks, integrations, and automation processes.- Stay current with threat trends and SOAR capabilities to drive innovation.- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Develop and maintain comprehensive documentation of security architecture and controls.- Conduct regular assessments of cloud security measures to ensure compliance with industry standards. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Information and Event Management (SIEM).- Strong understanding of cloud security principles and practices.- Experience with security frameworks such as NIST, ISO 27001, or CIS.- Knowledge of incident response and threat detection methodologies.- Familiarity with regulatory requirements related to cloud security. Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a highly skilled and experienced Senior Threat Hunter with deep expertise in Microsoft Sentinel and Microsoft Defender for Endpoint (MDE). The ideal candidate will excel in advanced KQL query writing, hypothesis-driven hunting, detection engineering, and data visualization using Sentinel Notebooks and Workbooks. This role plays a critical part in proactively identifying threats, tuning detection logic, and enhancing our overall threat hunting capabilities.Key Responsibilities:- Write and optimize advanced KQL queries to detect malicious activities in Sentinel and MDE logs.- Conduct proactive threat hunting by forming hypotheses and correlating data across M365 Defender, Sentinel, and other sources.- Use Sentinel Notebooks (Azure ML/Log Analytics) and Workbooks to visualize hunt data and share findings with stakeholders.- Leverage MDE Advanced Hunting for in-depth endpoint telemetry analysis.- Integrate threat hunting with the MITRE ATT&CK framework, mapping TTPs and identifying gaps in coverage.- Collaborate with L3 analysts and detection engineers to fine-tune existing analytics rules and hunting queries.- Create and manage Sentinel Playbooks (Logic Apps) to automate threat response and investigation workflows.- Support continuous improvement of the threat detection lifecycle by contributing to new detection use cases and threat models.- Assist in Purple Team exercises and post-incident retrospectives by contributing hunt-driven insights. Professional & Technical Skills: - 5+ years of experience in cyber threat hunting, SOC operations, or detection engineering.- Strong proficiency in Kusto Query Language (KQL) with hands-on experience in Microsoft Sentinel and MDE.- In-depth knowledge of endpoint, network, and cloud telemetry (especially Microsoft ecosystem).- Experience using Sentinel Workbooks, Notebooks, and custom analytics rule creation.- Practical experience in hypothesis-driven threat hunting and developing custom detection rules.- Familiarity with MITRE ATT&CK framework and its use in mapping attacker TTPs.- Hands-on experience with Sentinel automation workflows using Logic Apps.- Microsoft SC-200:Microsoft Security Operations Analyst- Microsoft SC-100:Microsoft Cybersecurity Architect- GIAC GCFA/GCIA/GCED (or equivalent)- AZ-500:Microsoft Azure Security Technologies- OSCP (for offensive knowledge is a plus) Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations, ensuring that all security measures align with organizational objectives and compliance standards. You will engage in discussions to refine security strategies and provide guidance on best practices, contributing to a secure cloud environment that supports the organization's growth and innovation. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in cloud security.- Evaluate and recommend security tools and technologies to improve the security posture. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Information and Event Management (SIEM).- Strong understanding of cloud security principles and practices.- Experience with security compliance frameworks such as ISO 27001, NIST, or CIS.- Knowledge of incident response and threat detection methodologies.- Familiarity with network security protocols and technologies. Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Kolkata office.- A 15 years full time education is required. Qualification 15 years full time education

Roles and Responsibilities: Serve as an escalation point for all Threat Analysts on shift for complex/unusual alerts/cases/requests/incidents. Daily review of security alerts/logs with follow-up on any suspicious activity. Basic understanding of Forensics / hands on experience of sandboxing Hands on experience and rule revisions of security solutions on phishing emails Review cases escalated by Threat Analysts to investigate, respond and remediate; Ensure an effective flow of escalated cases; and Conduct quality assurance of cases. Mentoring associate team members and contribute to streamlining SOC operations for continuous improvement. To ensure an escalate flow of Incident Management System; Assist the team in developing the incident response strategy and then creating and assigning response actions to Threat Analysts as needed. Perform investigation of network and hosts/endpoints for malicious activity, to include analysis of packet captures, and assist in efforts to detect, confirm, contain, remediate, and recover from attacks. Proactively monitor, identify, and analyze complex internal and external threats, including viruses, targeted attacks and unauthorized access, and mitigate risk to IT systems. Work in concert with team members, Information Security engineering, and relevant Subject Matter Experts to process, analyze and drive the remediation of identified IT related vulnerabilities Responsible to follow the IT Security Incident Response policies and tools. Contribute to Information Security policies, standards, and supporting documentation. Root cause analysis, troubleshoot complex issues with existing security and privacy protection protocols. Responding to inbound security monitoring alerts, emails, and inquiries from the organization. Providing support for Incident Response, including evidence collection, documentation, communications, and reporting. Maintaining and improving standard operating procedures and processes Responsible for onboarding the clients; both in cloud and on-prem. Mandatory Skills required for the role: Proven work experience as a Technical Support Engineer, Operation, System Admin or similar role. Hands on working Experience on any SIEM tool (Qradar /Alien Vault/ McAfee ESM/DNIF). 6 months to 1 year of L3 experience and team management is required. Team Management and Network Management / Operations Management. Good understanding of database, security products (Firewall, IDS/IPS, AV, WAF) and other security products. Desired Skills: Networking concepts Information security concepts Windows and troubleshooting and domain knowledge Linux and troubleshooting and domain knowledge Data Analysis Data Analytics for Security

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and facilitating the transition to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud security challenges. Roles & Responsibilities:1. Develop and implement Splunk use cases to drive business value and improve security operations.2. Design and configure Splunk solutions to meet business requirements and improve data analysis.3. Collaborate with stakeholders to understand business needs and identify opportunities for Splunk adoption.4. Analyze data and generate insights to inform business decisions and improve security operations.5. Continuously improving Splunk solutions through data analysis, reporting, and process optimization6. Develop and implement Splunk use cases for security, IT operations, and business analytics.7. Design and configure Splunk solutions, including data ingestion, processing, and visualization.8. Collaborate with stakeholders to understand business requirements and identify opportunities for Splunk adoption.9. Analyze data and generate insights to inform business decisions and improve security operations.10. Develop and maintain Splunk dashboards, reports, and alerts.11. Troubleshoot and resolve technical issues with Splunk solutions.12. Stay up to date with new Splunk features and best practices.Requirements:- Strong technical background in Splunk, including data ingestion, processing, and visualization.- Experience with Splunk Enterprise, Splunk Cloud, or Splunk Security.- Excellent analytical and problem-solving skills.- Strong communication and collaboration skills.- Ability to work in a fast-paced environment and prioritize multiple projects. Professional & Technical Skills: - Must To Have Skills: Proficiency in Splunk, including data ingestion, processing, and visualization.- Tool Proficiency:Splunk- Strong understanding of cloud security principles and best practices.- Experience with security frameworks such as NIST, ISO 27001, or CIS.- Familiarity with incident response and threat detection methodologies.- Knowledge of regulatory requirements related to cloud security. Additional Information:- The candidate should have minimum 3 years of experience in Security Information and Event Management (SIEM).- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitate the transition to cloud security-managed operations, ensuring that all security measures align with organizational objectives and compliance standards. You will engage in discussions to refine security strategies and provide insights that enhance the overall security posture of the organization. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Develop and maintain comprehensive documentation of cloud security architecture and controls.- Conduct regular assessments of cloud security measures to identify areas for improvement. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Information and Event Management (SIEM).- Experience with cloud security frameworks and best practices.- Strong understanding of risk management and compliance requirements.- Familiarity with incident response and threat detection methodologies.- Knowledge of security tools and technologies relevant to cloud environments. Additional Information:- The candidate should have minimum 3 years of experience in Security Information and Event Management (SIEM).- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

About the role This position is a member of the STRM - Security Threat and Response Management team which is responsible for security monitoring and response functions for Mastercard, accounting for both physical and cyber security events. Engineer would build new software capabilities, support existing solutions, provide technical oversight and lend its expertise to the program. * Develop and fine-tune detection content in SIEM platform to improve threat detection and response capabilities. * Design and build automated playbooks in SOAR platform for common incident response use cases. * Lead and mentor analysts on detection logic, search optimization, and investigation best practices. * Integrate data sources into Splunk and ensure normalization using CIM (Common Information Model). * Write custom scripts (primarily in Python) for integrations, automation, and enrichment tasks. * Create and maintain documentation for detections, use cases, and automation processes. * Collaborate with Threat Intelligence, Incident Response, and DevSecOps teams to align detection and response efforts. * Continuously assess and improve security posture through automation and process refinement. * Stay current on threat trends, emerging technologies, and advancements in detection and SOAR use cases. All about you * Strong proficiency in Python for scripting, development, and automation. * Solid understanding of security operations, SIEM, and incident response workflows. * Experience in designing detection rules, risk-based alerting, and notable event tuning. * Ability to mentor and guide junior team members on detection logic and investigation strategy. * Familiarity with MITRE ATT&CK framework and applying it to detection development. * Experience integrating various security tools and data sources with Splunk. * Knowledge of REST APIs and building integrations with third-party tools. * Prior experience in Security Engineering, SOC, or Threat Detection roles is plus. * Deep expertise in Splunk Enterprise Security (ES) and Splunk SOAR (formerly Phantom) is plus.

We are seeking dynamic candidate for the role of Security Engineer, proficient in Triage and respond to security incidents and alert,knowledge in cybersecurity principles,threat detection and incident response.Comfortable with 2:30 PM-11:30 PM(SHIFT) Required Candidate profile Security certifications such as CISSP, CISM, CEH. Previous experience in security automation, scripting and working in a SOC or security operations environment and cloud security best practices.

Job Title: Security Analyst (SOC) Level 2 Timings: Rotational Location: Kolshet, Thane West (Work from office) Total Experience: 3 + years About the Company AMSYS Group , We pride ourselves on 23 Years of excellence based on the principles of integrity, honor, and mutual gain. As future decisions are made, we are always keeping in mind the prosperity of the AMSYS Family. Amsys IT Services Pvt Ltd is part of this group based in Mumbai. Website:http://www.amsysis.com Role Description This is a full-time on-site role for a Security Operations Center Analyst at AMSYS in Thane. As a Security Operations Center Analyst, you will be responsible for cyber threat hunting, cyber threat intelligence, utilizing analytical skills, and managing cybersecurity operation on a day-to-day basis. Qualifications Cyber Threat Hunting (CTH) and Cyber Threat Intelligence (CTI) skills. Analytical Skills and expertise in Security Operations Center operations. Strong problem-solving abilities and attention to detail Understanding of network security principles and technologies Relevant certifications such as CISSP, CompTIA, Security +, or CEH Experience with Incident response and threat detection Excellent communication and teamwork skills. Show more Show less

This role is responsible for analyzing activities relating to monitoring and responding to security events. This role receives, researches, triages and documents all security events and alerts as they are received. This individual supports multiple security-related platforms and technologies, interfacing with others within the IT organization, as well as other internal business units and external customers/partners. Events will be generated from endpoints, networks, security information and event management (SIEM) systems, threat intelligence platforms, employees, third-parties and other sources. This role also receives information sharing and analysis center (ISAC) information and is expected to hunt for potential compromise across the infrastructure. Additionally, personnel in this role serve across all areas of threat intelligence to help inform and defend the business, and protect brand reputation. The analyst monitors application, host and network threats, including external threat actors and rogue insiders. As a trusted member of the cybersecurity team and industry community, the candidate works closely with internal technical teams, business units and external entities aligned with the business, including private intelligence-sharing groups, law enforcement, government agencies and public affiliation peers. Candidates for this role must display an in-depth understanding of new trends and technologies related to IT security and compliance, and contribute to the company IT security strategy and roadmap. Responsibilities : Analyze security events: Investigate and assess security incidents promptly. Threat detection: Hunt for potential compromises across the infrastructure. Threat intelligence: Stay informed about emerging threats and trends. Complex detections: Develop sophisticated detection rules across security products. Collaboration: Work closely with technical teams, business units, and external entities. Brand protection: Defend the business reputation by ensuring robust security practices.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Network Security Operations Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations. You will engage in discussions to align security strategies with organizational objectives, ensuring that all security measures are effectively integrated into the cloud environment. Your role will also require you to stay updated on the latest security trends and technologies to enhance the overall security posture of the organization. Roles & Responsibilities:- Expected to be an SME in design and implementation of Network security using multiple products.- Develop and execute robust security protocols to prevent security breaches.- Facilitate cross-departmental collaboration to ensure cohesive security policies across the organization- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Expected to provide solutions to problems that apply across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in security practices.- Conduct regular assessments of security measures to identify areas for improvement. Professional & Technical Skills: - Must To Have Skills: Proficiency in Network Security Operations and proven experience on Palo Alto and Cisco firewalls, Palo Alto Prisma Access, Cisco ISE- Good to have Skills: Network Load balancers preferably F5-BigIP, WAF- Strong understanding of cloud security principles and frameworks.- Experience with security incident response and management.- Knowledge of compliance standards and regulations related to cloud security.- Familiarity with security tools and technologies for threat detection and prevention. Additional Information:- The candidate should have minimum 10 years of continuous experience in Network Security Operations.- This position is based at our Bengaluru office.- 15 years full time education is required.- Willing to work in US Shift timings and WFH policy adherence. Qualification 15 years full time education

Your Role Configure and customize FortiSOAR to automate and orchestrate security workflows across enterprise environments. Develop and maintain automation playbooks using Python and scripting languages aligned with security use cases. Integrate various security tools and platforms using APIs, Ansible, and custom scripts to enhance SOC capabilities. Monitor, analyze, and troubleshoot automated security processes to proactively address threats and improve response times. Collaborate with IT and security teams to align FortiSOAR configurations with organizational goals and compliance needs. Your Profile 9 to 12 years of experience in security automation and orchestration using FortiSOAR. Experience in Python and scripting languages with integration of security tools and platforms. Develop, create, and maintain automation playbooks based on security use cases. Integration expertise using APIs, Ansible, and Python for security software and toolsets. Basic understanding of networking and security concepts to support automation workflows. What you will love working at Capgemini Work on enterprise-scale security automation and orchestration using Forti SOAR, Python, and Ansible. Collaborate with global teams to develop and maintain playbooks and integrate security tools via APIs and scripts. Clear career progression paths from engineering roles to security architecture and consulting. Be part of mission-critical projects that enhance threat detection, response automation, and compliance for Fortune 500 clients.

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud technologies and security threats. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Develop and maintain comprehensive documentation of security architecture and frameworks.- Conduct regular assessments of security controls and recommend improvements. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Information and Event Management (SIEM).- Strong understanding of cloud security principles and best practices.- Experience with security compliance frameworks such as ISO 27001, NIST, or CIS.- Familiarity with incident response and threat detection methodologies.- Knowledge of network security protocols and technologies. Additional Information:- The candidate should have minimum 7.5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Noida office.- A 15 years full time education is required. Qualification 15 years full time education

Hiring: Threat Detection & Response Engineer (8-10 Years)** for a Japanese investment bank in Bangalore! Seeking an experienced cybersecurity professional skilled in threat detection, incident response, and security frameworks like MITRE ATT&CK and Cyber Kill Chain. Responsibilities include developing advanced use cases, proactive threat hunting, forensic investigations, and collaborating with Threat Intelligence and Security Ops teams. Must have hands-on experience with SIEM tools (Splunk), forensic tools (EnCase, FTK), network security controls, and cloud security in the banking/financial sector. Strong analytical, problem-solving, and leadership skills required, with certifications like CISSP, GIAC, or SANS preferred. Share your updated profile at **babita.raut@talentnetworks.co.in** to join a leading global financial institution committed to cybersecurity excellence!

As the Head of Information Security and Data Privacy, you will be responsible for leading and overseeing various aspects of information security and data privacy within the enterprise. Your key responsibilities will include: - Managing information security at the enterprise level, covering both Application security and Cloud security. - Ensuring Certification Compliance for standards such as ISO, SOC, and PCI DSS. - Overseeing Data Privacy initiatives, including GDPR and CCPA readiness and compliance. In this role, you will design, implement, and manage security measures for cloud-based infrastructure to ensure the confidentiality, integrity, and availability of data. Conducting regular security assessments and audits of cloud environments will be essential to identify and address vulnerabilities effectively. Collaboration with cross-functional teams is crucial to integrating security best practices into cloud-based solutions. You will also be responsible for developing and implementing strategies to secure applications throughout the software development lifecycle. This includes conducting code reviews, providing guidance on secure coding practices, and performing application security assessments, penetration testing, and vulnerability assessments. Furthermore, you will lead incident response and threat detection efforts by developing and implementing response plans for cloud environments and applications. Monitoring and analyzing security logs to detect and respond to security incidents promptly will be part of your routine tasks. Ensuring compliance with industry standards and regulations related to cloud security and application security is a key aspect of this role. Working closely with internal and external auditors to demonstrate compliance with security policies and procedures will be necessary. Implementing and maintaining security automation tools and scripts to streamline security processes is another critical responsibility. Identifying opportunities for automation to enhance the efficiency and effectiveness of security operations will be essential for success in this role. Regarding Data Privacy, you will lead and oversee the implementation and maintenance of GDPR and CCPA compliance programs. Conducting thorough assessments to ensure alignment with regulatory requirements, addressing any gaps, and providing recommendations for mitigating privacy risks are vital aspects of this responsibility. To qualify for this role, you should have 18+ years of experience, including experience with a global footprint. Proven expertise in developing and implementing enterprise strategies and programs for managing information and technology risks is essential. Familiarity with common information security management frameworks, such as ISO/IEC 27001 and NIST, will be beneficial in fulfilling the responsibilities of this position.,

As a Cyber Security Operations Analyst, your primary responsibility is to protect the day-to-day operations of the organization by understanding and monitoring cybersecurity risks and threats. You will help ensure the correct protective, detective, and monitoring controls are in place while also playing a key role in cyber incident response activities. You will be a critical part of the Cyber Security Operations team, working closely with internal stakeholders and external partners (e.g., SOC MSSP) to safeguard the organisation's critical systems and data. Your key responsibilities will include responding to alerts and escalations from the Managed Security Service Provider (SOC MSSP) and internal systems, investigating, triaging, and resolving security incidents in a timely and effective manner, developing and maintaining documentation to improve investigation and response efficiency, supporting the Cyber Security Operations Manager with analysis and reporting, monitoring the effectiveness of implemented security controls, ensuring compliance with internal policies and industry standards, recommending improvements in information security monitoring and controls, maintaining up-to-date knowledge of the cybersecurity threat landscape, participating in incident response activities, contributing to post-incident reviews and lessons learned, and assisting in improving cybersecurity policies and standards across the business. To be successful in this role, you should have an undergraduate degree in Cyber Security, Computer Science, Engineering, or a related field, or equivalent practical experience. You must demonstrate understanding of security operations, threat detection, and incident response, as well as familiarity with IT system and network architecture. Experience working in a Security Operations Centre (SOC) or similar environment, hands-on experience in investigating and responding to security incidents, understanding of key IT service management and change management processes, and working knowledge of cybersecurity monitoring tools, SIEM platforms, and investigation techniques are preferred. Key skills and attributes for this role include strong analytical and problem-solving skills, ability to adapt quickly to changing priorities and emerging threats, excellent verbal and written communication skills for technical and non-technical audiences, ability to work independently and collaboratively in a hybrid (remote/on-site) environment, and high attention to detail and commitment to maintaining confidentiality and integrity. You will build key relationships with the Cyber Security Team, wider IT and Infrastructure Teams, Business Managers and Senior Leaders, as well as external vendors and MSSP partners. Encora, the preferred digital engineering and modernization partner of leading enterprises and digital native companies, is where you will be a part of a global team of experts driving innovation in Product Engineering & Development, Cloud Services, Quality Engineering, DevSecOps, Data & Analytics, Digital Experience, Cybersecurity, and AI & LLM Engineering.,

As a SOC Analyst at our organization based in Cochin, you will be responsible for kickstarting your career in Cybersecurity by efficiently triaging alerts and escalating them when needed. We are seeking a dynamic individual in the early stages of their career, who exhibits a strong passion for Technology and Cybersecurity, to be a part of our expanding IT Security team. Your main responsibilities will include triaging the most recent SIEM and monitoring alerts, evaluating their importance and urgency, investigating, documenting, and reporting any information security issues, as well as staying updated on emerging trends. Additionally, you will be conducting threat and vulnerability analysis using the tools provided to identify potential attacks and suspicious activities. Your role will also involve utilizing your interpersonal and technical skills to effectively engage with management, colleagues, and internal teams. You will be accountable for owning and ensuring the resolution of pending issues promptly. The ideal candidate for this position should possess excellent verbal and written communication skills. It is essential to have familiarity with industry-standard SIEM, Anti-Virus, Email/Spam Filtering, and Asset Monitoring tools. Working knowledge with tools such as Rapid7, Palo Alto Panorama, SentinelOne, Nagios, or Proofpoint TAP will be considered advantageous. A good understanding of malware prevention, threat detection, incident response, reporting, and general IT infrastructure is crucial. Familiarity with Microsoft products such as Office365 & Azure, Citrix technologies like XenApp, and Windows operating systems is also required. Experience in navigating and utilizing a ticketing system, with knowledge of ConnectWise being a plus, is desirable. The ability to perform effectively under pressure, in a fast-paced environment with tight deadlines, is a key requirement for this role. Holding a Microsoft Certified (MCSE) or equivalent certification will be beneficial. Possessing a Security Certification such as CompTIA Security+, CySA, Network+, ISC-2 CC (current or to be obtained within 6 months of hiring) is highly preferred. If you are excited about this opportunity to grow in the field of Cybersecurity and possess the required skills and qualifications, we encourage you to apply for this position by sending your resume to recruit@panapps.co. For any queries, you can contact us at 9287292870.,

As a Technical Implementation Engineer, you will play a crucial role in the onboarding process of customers to various Qualys products, with a primary focus on Enterprise TruRisk Management (ETM). Your responsibilities will revolve around acting as a trusted advisor to customers, guiding them through the integration of Qualys solutions into their environments, aligning these implementations with their security objectives, and ensuring their success with the platform. This position emphasizes expertise in DevOps, cloud security, and enabling customers to fully leverage Qualys solutions to achieve their security goals. Your key responsibilities will include managing the onboarding process for enterprise customers, conducting product demos, onboarding meetings, and hands-on configurations to facilitate a seamless adoption of Qualys products, particularly ETM. You will collaborate closely with customers to tailor implementations to their specific goals and security requirements. In the realm of technical implementation, you will assist customers in deploying Qualys solutions within containerized and cloud environments. Your expertise will be pivotal in configuring integrations with major public cloud providers such as AWS, Azure, GCP, and OCI. Proficiency in technologies like Kubernetes, Docker, CRI-o, and related tools will be essential to your success in this role. Furthermore, you will act as the primary point of contact for customers during the implementation phase, designing and executing personalized onboarding plans to help customers achieve their objectives effectively. Your role will also involve educating customers on the optimal utilization of Qualys tools to advance their security objectives. Effective collaboration with internal teams will be vital in addressing customer challenges and enhancing onboarding processes. You will be responsible for collecting and conveying customer feedback to drive improvements in product functionality and user experience. To excel in this role, you should possess a minimum of 5 years of experience in customer-facing positions, with hands-on experience in Enterprise environments, Windows, Linux, and networking. Exposure to cloud platforms and container environments is essential, along with a strong background in cybersecurity, networking, or related technologies. Excellent communication skills, both verbal and written, are crucial, as well as the ability to engage effectively with enterprise and global customers. Moreover, you should demonstrate a strong analytical mindset, project management skills, adaptability to fast-paced environments, and the capability to resolve complex challenges. Emotional intelligence and interpersonal skills are key in building positive and lasting relationships with customers. Preferred qualifications for this role include prior experience with Qualys products, familiarity with CI/CD pipelines and DevOps practices, and an understanding of asset management, patching, and configuration management.,

As a Cyber Security Engineer at our company, you will play a crucial role in collaborating with various departments including the Engineering Organization, IT, Information Security, Software Engineers, and DevOps teams to ensure the security of our back-end and front-end services, cloud infrastructure, DevOps pipelines, data pipelines, software, and embedded platforms. Your primary responsibility will be to develop and implement efficient security measures to safeguard our systems against potential threats. You will be expected to stay updated on the latest attack trends and technologies while working closely with your team to counteract threat vectors within our cloud and embedded environments. Key Responsibilities: - Cloud Security Posture Management: Contribute to the planning, development, implementation, and management of security measures across multiple cloud platforms to ensure robust security. - Threat Detection and Analysis: Utilize advanced security tools such as Wiz, BurpSuite, Sumologic, and Sonarqube to identify, analyze, validate, and prevent vulnerabilities from compromising the environment. Conduct regular penetration testing and vulnerability assessments. - Data Analysis and Security Monitoring: Perform comprehensive analysis of security data from various sources including microservice architectures, content distribution networks, data lakes, serverless functions, and databases. Utilize SIEM tools to correlate security events and detect anomalies. - Incident Response and Management: Participate in incident response efforts, conduct root cause analysis, and implement corrective actions to mitigate security breaches. Develop and maintain incident response playbooks. - Supply Chain Security: Assess and mitigate security risks associated with the supply chain, such as open source libraries, to ensure end-to-end security. - Software Security Flaws Mitigation: Identify and rectify software security flaws and misconfigurations to enhance overall security. Conduct code reviews, static/dynamic analysis, and work with languages including Python, C++, C#, JS, and HCL. - Security Solutions Development: Create and implement custom security solutions to reduce reliance on paid services. Develop security automation scripts and integrate security tools into CI/CD pipelines. - Automating Security Test Functions: Establish and execute automated security testing functions to continuously validate security. What we offer: At GlobalLogic, we prioritize a culture of caring, continuous learning and development, interesting and meaningful work, balance and flexibility, and being a high-trust organization. Join us to experience an inclusive culture, opportunities for growth, engaging projects, work-life balance, and a safe, ethical global company. About GlobalLogic: GlobalLogic, a Hitachi Group Company, is a digital engineering partner to leading companies worldwide. With a focus on creating innovative digital products and experiences, we collaborate with clients to transform businesses and redefine industries through intelligent solutions.,

Role Overview: We are looking for a skilled EDR Security Researcher. Your primary responsibility will be to evaluate and improve our EDR product's detection capabilities by identifying detection coverage gaps and developing signatures to address these gaps effectively. About the role: Reverse engineer malware to identify malicious code, obfuscation techniques, and communication protocols. Author detection rules for behavior-based detection engines. Conduct deep research on attacker campaigns and techniques to support detection investments and improve customer experience. Write generic threat detections based on static and dynamic detection engines. Demonstrate a strong understanding of cybersecurity threats, attack techniques, and the MITRE ATT&CK framework. Conduct proactive and reactive threat hunting and identify detection issues such as misses or misclassifications from a large-scale dataset. Respond to escalations to resolve detection effectiveness issues (misclassifications, false positives, and false negatives). Engage and collaborate with diverse partner teams to drive great customer experiences and ensure holistic protection. Develop alerting, reporting, and automated detection solutions. Build tools and automation to improve productivity. About you: 3+ years of experience writing detection using Snort, Yara, Sandbox, or proprietary detection engines. 2+ years of experience performing threat hunting or deep familiarity with incident response procedures, processes, and tools. 2+ years of experience querying and analyzing (for malware/TTPs) large datasets. Experience in programming or scripting languages (e.g., Python, PowerShell). Experience in utilizing various malware analysis tools and frameworks (e.g., IDA Pro). Experience performing detection engineering across multiple operating systems, including Windows, Linux, and macOS. Excellent verbal and written communication skills in English