233 Threat Hunting Jobs

As a Senior Specialist in Cyber Security Operations at AB InBev GCC, you will have the exciting opportunity to be a part of a growing team of top professionals dedicated to protecting AB InBev from sophisticated threats. Your role will involve working as a Cyber threat hunter, investigating security alerts, and responding to incidents within defined timelines. You will collaborate with incident responders in a 24x7 shift model and utilize your deep knowledge of security tools and platforms to monitor threats and new attack techniques. Key tasks and accountabilities include monitoring, responding, and processing security alerts triggered from various SOC tools deployed across on-premises and cloud environments. You will investigate events, create incident storylines, and communicate necessary remediation steps. Additionally, you will co-relate different log sources, own incidents till completion, adhere to SLAs, and collaborate with internal teams for automation and process improvements. In this role, you will act as an Incident commander during critical incidents, prepare incident reports, create incident response SOPs, and seek opportunities to drive efficiencies. Your ability to effectively communicate complex technology to non-tech audiences, collaborate with stakeholders, and ensure client satisfaction will be crucial. Moreover, you will continuously enhance your threat hunting skills, stay updated on security standards, and work towards improving defensive controls. To qualify for this role, you should ideally have a Bachelor's degree in Computer Science or Information Systems, along with 6+ years of experience in incident response, CISRT, and SOC operations. You should possess expertise in EDR, SIEM, log analysis tools, and cloud security solutions. Security certifications such as CEH, CHFI, or CompTIA Security+ would be a plus. Your strong analytical skills, knowledge of operating systems, and networking concepts will be essential for success in this role. If you have a passion for cyber security, a desire to excel in a global team environment, and an undying love for beer, then this role at AB InBev GCC is the perfect opportunity for you to dream big and create a future with more cheers.,

The ideal candidate for this position will succeed if they possess both knowledge and technical depth about the company and the industry. This is crucial as they are expected to play a central role in the decision-making process, collaborating with various individuals from different teams as needed. Additionally, they will be responsible for supervising specific personnel. Responsibilities - Manage and mentor a team of SOC analysts (Tier 1-3) across multiple shifts - Oversee threat hunting, incident response, and security monitoring operations - Develop and refine SOC procedures, playbooks, and escalation processes Qualifications - Bachelor's degree or equivalent experience - Proficiency in Malware Analysis, Threat Hunting, Triage, Incident Response, SIEM, and SOAR - Strong leadership skills,

Work with MCX to enhance your career growth and excel in the field of Information Security. MCX values its employees" domain expertise and commitment, which have been pivotal in the company's success. If you are an ambitious and result-oriented professional, MCX offers exciting career opportunities for you to realize your potential in the cybersecurity domain. As a Manager - Information Security at MCX based in Mumbai, you will play a crucial role in ensuring the optimal performance of security technologies through operational oversight. With a Bachelor's degree in Cybersecurity, Information Technology, or related fields, along with 8-10 years of experience in cybersecurity (including 3+ years in managerial roles), you will be responsible for managing L2 activities and listed technologies hands-on. Your key responsibilities will include overseeing L2 activities, incident response, audits, and reviews of security operations. You will also be involved in developing and maintaining comprehensive documentation and SOPs for security technologies and processes, ensuring compliance and standardization. Additionally, you will configure, optimize, and maintain various security tools while evaluating their effectiveness and ensuring integration with the organization's IT infrastructure. In this role, you will lead threat hunting efforts, collaborate with stakeholders for risk mitigation, and manage security incidents promptly. You will generate security reports, communicate with stakeholders, and mentor junior team members to enhance their skills in security tools and best practices. If you are ready to climb the career ladder with MCX and have the necessary qualifications and experience in cybersecurity, this role offers you a platform to grow and excel in the dynamic field of Information Security. For further assistance or inquiries about this opportunity, please contact us at 022-67318888 / 66494000 or careers@mcxindia.com.,

As a Consultant working in a hybrid work mode with a shift from 1 PM to 10 PM, you will be responsible for various Cyber Security auditing tasks in locations like Bangalore, Pune, Noida, and Gurgaon. Your duties will involve understanding engagement objectives, preparing audit plans, and testing procedures to meet review objectives. You will gather detailed insights into IT and business processes, systems, and controls, and lead risk assessments and evaluations. Additionally, you will identify opportunities to leverage data analytics, track project status, and ensure high-quality work paper documentation according to client standards. You will drive discussions on audit findings with the team and management, formulate risk assessments on complex systems, and create Business Impact Analysis, Risk Assessment, and Corrective Action Plan documentation. Developing recommendations to enhance security posture and communicating these recommendations to stakeholders will be part of your responsibilities. You will also identify security deficiencies and vulnerabilities, participate in organizational projects, and contribute to the development of information security policies, standards, and procedures. Desired Qualifications: - Bachelor's degree in Computer Science, Engineering, Cyber Security, or related field - Cyber security certifications (CISSP, CISM, Security+, CEH, Azure Security Engineer, CSFA) - CISA certification required or willingness to obtain within 3 months of employment - 5+ years of experience in Cyber Security field - 2+ years of IT systems audit experience - Experience in Identity and Access Management, Infrastructure Security, Application Security, Data Governance, Cloud Security, and Third-Party Risk Management - Familiarity with standards and regulations such as PCI, SOX, ISO, NIST CSF, NIST 800-53, NIST RMF, PII, CCPA, COPPA, HIPAA, VCDPA, etc. - Proficiency in MS Office, Teams, and working knowledge of standard computer software - Ability to work in a fast-paced environment with attention to detail - Strong verbal and written communication skills, especially in explaining complex topics - Experience in regulated industries and familiarity with technology standards and compliance frameworks Bonus Points for: - ITIL Certification - Threat Hunting and DFIR experience - Security experience in GCP, Azure, and AWS - Knowledge of Zero Trust architectures and data analytics implementation - Penetration testing experience and expertise in multiple cyber security domains - Familiarity with network protection approaches and technologies,

We are seeking an experienced and proactive SOC Lead to drive the operations of our Security Operations Center. The ideal candidate will have strong expertise in cybersecurity monitoring, incident response, threat hunting, and stakeholder communication. This role involves leading a global 24x7 SOC team, coordinating with cross-functional teams, and enhancing our threat detection and response capabilities. You will act as the escalation point for complex incidents and play a key role in process improvement, automation, and mentoring the SOC team. Key Responsibilities: Lead and coordinate the 24x7 SOC operations, managing a distributed team of L1 and L2 analysts. Provide advanced triage and investigation of escalated security s and incidents from L1 analysts. Act as the primary escalation contact for high-priority incidents and security breaches. Ensure timely incident response and resolution within SLA while maintaining high-quality ticket documentation. Conduct Root Cause Analysis (RCA) and create detailed incident reports for high-severity cases. Continuously review and fine-tune security s, rules, and thresholds across SIEM and other monitoring tools. Design and propose new security use cases and playbooks to improve detection and response automation. Conduct training sessions for the team on new tools, updated processes, and emerging threats. Organize and lead governance meetings (weekly/biweekly/monthly) with internal stakeholders and clients. Stay informed on the latest threat intelligence, vulnerabilities, and security technologies to proactively enhance SOC capabilities. Maintain and enhance SOC documentation, including SOPs, incident runbooks, and knowledge bases. Collaborate with engineering, infrastructure, and compliance teams to align incident response with organizational risk management practices. Required Skills & Experience: Minimum 4 years of hands-on experience in a Security Operations Center, focusing on incident response, security analysis, and threat hunting. Deep technical expertise in: Email Security (Mimecast) EDR Tools (e.g., Threat Down / Malwarebytes) Secure Web Gateway (Netskope SWG) Cloud Security (Microsoft Azure, Microsoft Defender) SIEM Platforms (Azure Sentinel preferred) Threat analysis and phishing investigation Sound understanding of cybersecurity frameworks (MITRE ATT&CK, NIST, etc.) and incident response lifecycle. Working knowledge of enterprise infrastructure: networking, firewalls, operating systems (Windows/Linux), databases, and web applications. Excellent written and verbal communication skills; able to convey technical details to non-technical stakeholders. Strong organizational and prioritization skills; experience handling multiple concurrent incidents and tasks in high-pressure environments Preferred Certifications: Relevant security certifications such as: CEH (Certified Ethical Hacker) Microsoft SC-200 (Security Operations Analyst) AZ-500 (Azure Security Engineer Associate) CISSP, GCIH, or similar. Proficiency with Security Tools: Mimecast Email Security Threat Down (Malwarebytes) Microsoft Azure, Microsoft Defender for O365 Netskope SWG Azure Sentinel (SIEM) Open-source tools for phishing analysis Required Skills Email Security, EDR, Threat hunting, SIEM

Join us as a Senior Cyber Operations Analyst Cyber Threat Hunting at Barclays, responsible for supporting the successful delivery of Location Strategy projects to plan, budget, agreed quality and governance standards You'll spearhead the evolution of our digital landscape, driving innovation and excellence You will harness cutting-edge technology to revolutionise our digital offerings, ensuring unparalleled customer experiences, To be successful as a Senior Cyber Operations Analyst Cyber Threat Hunting you should have experience with: Strong analytic skills, Strong experience in cyber security, especially in threat hunting or incident response, Good knowledge of security toolsets, Prior experience with scripting languages & proficiency in data analysis, Excellent inter-personal skills with experience of briefing, de-briefing and presenting to senior executives and having effective listening skills, Able to communicate effectively, both orally and in writing, with clients, colleagues, and external vendors, Excellent time management and planning skills with experience of working under pressure, Ability to remain organised and able to prioritise multiple incident priorities, Highest standards of personal integrity, professional conduct, and ethics, Incident, problem and change management skills Some Other Highly Valued Skills May Include Familiarity with Financial Services regulatory landscape and related compliance issues Formal accreditation e-g CompTIA Security +, CISSP Incident response and change management skills You may be assessed on the key critical skills relevant for success in role, such as risk and controls, change and transformation, business acumen strategic thinking and digital and technology, as well as job-specific technical skills, This role is based in Pune, Purpose of the role To monitor the performance of operational controls, implement and manage security controls and consider lessons learnt in order to protect the bank from potential cyber-attacks and respond to threats, Accountabilities Management of security monitoring systems, including intrusive prevention and detection systems, to alert, detect and block potential cyber security incidents, and provide a prompt response to restore normal operations with minimised system damage, Identification of emerging cyber security threats, attack techniques and technologies to detect/prevent incidents, and collaborate with networks and conferences to gain industry knowledge and expertise, Management and analysis of security information and event management systems to collect, correlate and analyse security logs, events and alerts/potential threats, Triage of data loss prevention alerts to identify and prevent sensitive data for being exfiltrated from the banks network, Management of cyber security incidents including remediation & driving to closure, Assistant Vice President Expectations To advise and influence decision making, contribute to policy development and take responsibility for operational effectiveness Collaborate closely with other functions/ business divisions, Lead a team performing complex tasks, using well developed professional knowledge and skills to deliver on work that impacts the whole business function Set objectives and coach employees in pursuit of those objectives, appraisal of performance relative to objectives and determination of reward outcomes If the position has leadership responsibilities, People Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard The four LEAD behaviours are: L Listen and be authentic, E Energise and inspire, A Align across the enterprise, D Develop others, OR for an individual contributor, they will lead collaborative assignments and guide team members through structured assignments, identify the need for the inclusion of other areas of specialisation to complete assignments They will identify new directions for assignments and/ or projects, identifying a combination of cross functional methodologies or practices to meet required outcomes, Consult on complex issues; providing advice to People Leaders to support the resolution of escalated issues, Identify ways to mitigate risk and developing new policies/procedures in support of the control and governance agenda, Take ownership for managing risk and strengthening controls in relation to the work done, Perform work that is closely related to that of other areas, which requires understanding of how areas coordinate and contribute to the achievement of the objectives of the organisation sub-function, Collaborate with other areas of work, for business aligned support areas to keep up to speed with business activity and the business strategy, Engage in complex analysis of data from multiple sources of information, internal and external sources such as procedures and practises (in other areas, teams, companies, etc) to solve problems creatively and effectively, Communicate complex information 'Complex' information could include sensitive information or information that is difficult to communicate because of its content or its audience, Influence or convince stakeholders to achieve outcomes, All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship our moral compass, helping us do what we believe is right They will also be expected to demonstrate the Barclays Mindset to Empower, Challenge and Drive the operating manual for how we behave, Show

Good experience in SIEM tools, event logging and event analysis and experience in forensic analysis, Packet Analysis tools like Wireshark, TCP Dump etc. SIRT/SIEM/Threat Hunting Background/intel, netwitness, splunk, qRadar, RSA Netwitness, Linux/python understanding/Ethical hiking/programming background added advantage. Good knowledge in enterprise security products like SIEM tools, SOC, Security Incident Management, Threat Intel, Malware analysis, Firewalls, IPS, Web/content Filtering tools, AV, APT Tools, Wireshark, TCP Dump, Encase/Any other Forensic tool kit Very good understanding of security fundamentals and principles, attack techniques, Mitre, TTP, hacking tools etc Having experience of managing team of 24X7 team members across multiple locations. Red/Blue teaming activities Hands on experience on Threat Intel Management/Platform (TIM/TIP) Leveraging knowledge of the Cyber Kill Chain Framework and working familiarity of the MITRE ATT&CK Framework. Location: Noida. Must be willing to work in 24/7 shifts (including night shifts).

What is the Security Operations responsible for? Security Operations is responsible for continuous monitoring and improving organizations security posture while preventing, detecting, analyzing, and responding to Cyber Security incidents with the aid of both technology and well-defined processes and procedures. Security Operations is expected to possess extensive knowledge of incident response methodologies, a deep understanding of cybersecurity threats, and hands-on experience in managing and mitigating security incidents. What are the ongoing responsibilities of Analyst Security Operations? Lead and coordinate incident response activities, ensuring timely and effective resolution. Develop and maintain incident response playbooks and procedures. Perform threat hunting using SIEM, EDR, and threat intelligence. Conduct digital forensics and malware analysis to determine the scope and impact of incidents. Collaborate with IT, legal, and business teams to contain and remediate threats. Stay current with emerging threats, vulnerabilities, and security trends. Mentor and guide junior SOC analysts. Required Qualifications: Experience:6-8 years in cybersecurity, with a focus on SOC operations and incident response. Environment:Experience in a 24x7 operational environment, preferably across multiple geographies. Technical Skills: Good understanding of networking protocols, operating systems (Windows/Linux), and security technologies. Exposure to malware analysis and digital forensics. Familiarity with cybersecurity frameworks (e.g., NIST, MITRE ATT&CK, ISO 27001). Hands-on experience with tools such as: SIEM:Splunk, CrowdStrike, QRadar EDR:CrowdStrike, Carbon Black, SentinelOne SOAR:Palo Alto XSOAR, Splunk SOAR Forensics:FTK Imager, Autopsy, Wireshark, Procmon Preferred Certifications: GIAC Certified Incident Handler (GCIH) GIAC Certified Forensic Analyst (GCFA) Certified Ethical Hacker (CEH) Soft Skills & Attributes: Strong analytical and problem-solving mindset. Excellent communication and collaboration skills. Ability to work under pressure and manage multiple priorities. High integrity and a proactive, team-oriented attitude. Strategic and tactical thinking with attention to detail. Work Shift Timings - 6:00 AM 3:00 PM 2:00 PM - 11:00 PM IST

As a Blue Team Cybersecurity Engineer, your main responsibility will involve safeguarding an organization's systems, networks, and applications from cyber threats. You will be part of a team tasked with monitoring, analyzing, and responding to security incidents while also implementing measures to strengthen the organization's security posture. Your expertise is vital in ensuring that the organization's systems are secure, resilient, and capable of withstanding cyber-attacks. You will be responsible for Security Monitoring and Incident Response by monitoring systems, networks, and applications for security incidents, investigating and analyzing security alerts, developing incident response plans, and collaborating with other teams to contain and recover from security incidents promptly. In terms of Security Operations and Threat Hunting, you will develop and maintain security monitoring systems, perform security assessments and vulnerability scans, conduct proactive threat hunting activities, and stay updated with the latest threat intelligence to enhance security measures proactively. Security Infrastructure Management will also fall under your duties, involving managing security tools and technologies, monitoring and fine-tuning security configurations, implementing security policies aligned with industry best practices, and collaborating with other teams to ensure secure configurations are in place. You will also conduct Security Awareness and Training programs to educate employees about security threats and best practices, provide guidance on secure coding practices, and foster a culture of security awareness throughout the organization. Your responsibilities will include preparing detailed incident reports, maintaining documentation of security incidents and response activities, and collaborating with stakeholders for proper reporting and escalation of security incidents. Qualifications and Skills: - Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field. - Proven experience in security monitoring, incident response, and threat hunting. - Strong knowledge of networking protocols, operating systems, and security technologies. - Familiarity with security frameworks (e.g., NIST, CIS) and regulatory requirements (e.g., GDPR, HIPAA). - Experience with security tools such as SIEM solutions, firewalls, and endpoint protection systems. - Understanding of security concepts like encryption, access control, authentication, and vulnerability management. - Knowledge of scripting and automation for security operations tasks. - Excellent problem-solving and analytical skills. - Strong communication and collaboration skills. - Professional certifications such as CISSP, GIAC, CompTIA Security+, or Certified Incident Handler (GCIH) are desirable.,

Join us as a Senior Cyber Operations Analyst - Cyber Threat Hunting at Barclays, where you will be responsible for supporting the successful delivery of Location Strategy projects. Your role will involve planning, budgeting, ensuring agreed quality, and adhering to governance standards. As a key member of the team, you will lead the evolution of our digital landscape, driving innovation and excellence to provide unparalleled customer experiences. To excel in this role, you should possess the following experience: - Strong analytic skills. - Extensive experience in cyber security, particularly in threat hunting or incident response. - Proficiency in using security toolsets. - Previous exposure to scripting languages and data analysis. - Exceptional interpersonal skills, including the ability to brief, debrief, and present to senior executives effectively, along with active listening skills. - Strong communication skills, both verbal and written, enabling effective interactions with clients, colleagues, and external vendors. - Excellent time management and planning abilities, with experience working under pressure. - Capacity to stay organized and prioritize multiple incident priorities. - High standards of personal integrity, professional conduct, and ethics. - Skills in incident, problem, and change management. Additionally, the following skills are highly valued: - Familiarity with the Financial Services regulatory landscape and compliance issues. - Formal accreditations such as CompTIA Security+ or CISSP. - Proficiency in incident response and change management. Your performance may be evaluated based on critical skills relevant to the role, including risk and controls, change and transformation, business acumen, strategic thinking, digital and technology, as well as job-specific technical skills. The primary purpose of your role is to monitor operational controls" performance, implement and manage security controls, and apply lessons learned to safeguard the bank against cyber-attacks and respond to threats effectively. Key Accountabilities: - Manage security monitoring systems to alert, detect, and block potential cyber security incidents. - Identify emerging cyber security threats and collaborate with networks and conferences to enhance industry knowledge. - Analyze security information and event management systems to detect and prevent potential threats. - Triage data loss prevention alerts to prevent sensitive data exfiltration. - Manage cyber security incidents, including remediation and closure. As an Assistant Vice President, your responsibilities include advising on decision-making, contributing to policy development, and ensuring operational effectiveness. Collaborate with other functions and business divisions, lead a team, set objectives, coach employees, and appraise performance. If in a leadership role, demonstrate LEAD behaviors (Listen and be authentic, Energize and inspire, Align across the enterprise, Develop others). For individual contributors, lead collaborative assignments, guide team members, identify new project directions, consult on complex issues, mitigate risks, and strengthen controls. Collaborate with other areas to keep abreast of business activity and strategy. All colleagues are expected to embody Barclays Values of Respect, Integrity, Service, Excellence, and Stewardship, as well as the Barclays Mindset to Empower, Challenge, and Drive.,

A Cybersecurity Technical Manager is a leadership role within the cybersecurity field that blends technical expertise with managerial responsibilities, overseeing the design, implementation, and maintenance of IT security systems and networks while guiding technical teams and ensuring alignment with organizational security goals. Key Responsibilities & Duties: Technical Leadership: Providing expert advice on cybersecurity matters, often involving deep technical understanding of network security, architecture, and controls. Strategy and Planning: Developing and implementing cybersecurity strategies, frameworks, and policies tailored to client or organizational needs. Risk Management: Conducting risk assessments, identifying vulnerabilities, and recommending mitigation strategies. Project Management: Leading and managing cybersecurity projects, ensuring timely and successful delivery of technical solutions. Team Management: Mentoring and guiding technical teams, conducting performance reviews, and fostering professional development within the team. Compliance and Standards: Ensuring projects and services align with industry compliance standards such as GDPR, HIPAA, and SOC 2. Skills and Requirements: Technical Proficiency: A robust technical background in Cybersecurity ,network security, system diagrams, and cybersecurity principles. Leadership and Communication: Ability to lead and mentor technical teams, communicate effectively with stakeholders, and manage client relationships. Analytical Skills: Proficiency in risk analysis, vulnerability management, and threat hunting. Certifications: Common certifications like CISSP (Certified Information Systems Security Professional)

Our Company Were Hitachi Digital, a company at the forefront of digital transformation and the fastest growing division of Hitachi Group. Were crucial to the companys strategy and ambition to become a premier global player in the massive and fast-moving digital transformation market. The team: We are the Global Cyber team, part of Global Information Security at Hitachi Digital. Our mission is to protect the company's and its customers' vital information systems and data while responding to attacks, intrusions, and other security incidents. As passionate advocates of information security, we are a team of out-of-the-box thinkers, innovators, and collaborative problem-solvers. We continuously seek new and better ways to enhance our practices and strive for nothing less than excellence in our cybersecurity operations. We are looking for highly motivated individuals with a positive attitude who want to be part of something exceptional. The role: As a Sr. Security Engineer, you will be working as an individual contributor to work with a dynamic team of Threat hunters working 24x7. Your role will include: Responsible for working in a 247 Security Operation Centre (SOC) environment. Handle technical escalations from the L1 SOC team and resolve them within SLA. Create and manage the SOPs, runbooks and Asset inventory with risk classification Provide threat and vulnerability analysis as well as security advisory services Send and receive notifications to the SMEs about the vulnerabilities discovered along with remediation and also follow up on the closure within SLA. Administration of SIEM environment (e.g.deployment of the solution, user management, managing the licenses, upgrades and patch deployment, addition or deletion of log sources, configuration management, writing parsing rules with Regex, change management, report management, managing backup and recovery etc) Investigation, Triage, remediate and find RCA of Compromised accounts, e-mail threats, and abuse reports from various sources. Investigate, document, and report on information security issues and emerging trends. Contribute significantly to the development and delivery of a variety of written and visual documents for diverse audiences. Mentor, Guide and share information with other analysts and other teams Always be curious and keep growing your skills and capabilities and emerging trends. What youll bring: 7 years of experience in working in a 24x7 Security Operation Center (SOC) environment. Proficient in Incident Management and Response, handling escalations, SIEM Alerts, EDR alerts, DLP, WAF alerts; Knowledge of Cloud Infrastructure, and Cloud Security (GCP, AWS, Azure) Knowledge of MITRE ATT&Ck, Cyber Kill Chain, Threat Hunting & Attack Forensics. Knowledge of Email security, DMARC, SPF, DKIM, (Mimecast Email Security) Knowledge of various operating system flavors including but not limited to Windows, MacOS, Linux. CertificationsSecurity certifications such as GSEC, CEH, CySA, are advantageous. Strong problem-solving and troubleshooting skills include performing root cause analysis for preventative investigation. Communication and TeamworkStrong ability to articulate complex concepts clearly, be a collaborative team player, admit mistakes, support your statements with data and analysis, and continuously seek growth opportunities. About us Were a global, 1000-strong, diverse team of professional experts, promoting and delivering Social Innovation through our One Hitachi initiative (OT x IT x Product) and working on projects that have a real-world impact. Were curious, passionate and empowered, blending our legacy of 110 years of innovation with our shaping our future. Here youre not just another employee; youre part of a tradition of excellence and a community working towards creating a digital future. #LI-RR1 Championing diversity, equity, and inclusion Diversity, equity, and inclusion (DEI) are integral to our culture and identity. Diverse thinking, a commitment to allyship, and a culture of empowerment help us achieve powerful results. We want you to be you, with all the ideas, lived experience, and fresh perspective that brings. We support your uniqueness and encourage people from all backgrounds to apply and realize their full potential as part of our team. How we look after you We help take care of your today and tomorrow with industry-leading benefits, support, and services that look after your holistic health and wellbeing. Were also champions of life balance and offer flexible arrangements that work for you (role and location dependent). Were always looking for new ways of working that bring out our best, which leads to unexpected ideas. So here, youll experience a sense of belonging, and discover autonomy, freedom, and ownership as you work alongside talented people you enjoy sharing knowledge with.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Threat Hunting Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of the cloud security controls and transition to cloud security-managed operations. Roles & Responsibilities:- Expected to be an SME- Collaborate and manage the team to perform- Responsible for team decisions- Engage with multiple teams and contribute on key decisions- Provide solutions to problems for their immediate team and across multiple teams- Lead security threat hunting initiatives- Develop and implement threat detection strategies- Conduct security assessments and audits Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Threat Hunting- Strong understanding of threat intelligence analysis- Experience with security incident response- Knowledge of cloud security best practices- Hands-on experience with security tools and technologies Additional Information:- The candidate should have a minimum of 7.5 years of experience in Security Threat Hunting- This position is based at our Gurugram office- A 15 years full time education is required Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Operation Automation Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking an experienced and innovative SOAR Architect to lead the design, development, and implementation of advanced Security Orchestration, Automation, and Response (SOAR) solutions. The ideal candidate will leverage their expertise in platforms like Splunk Phantom, Chronicle SOAR, and Cortex XSOAR to optimize and automate incident response workflows, enhance threat detection, and improve overall security operations efficiency. Roles & Responsibilities:- SOAR Strategy and Architecture:Develop strategies for automation, playbook standardization, and process optimization.- Playbook Development:Create, test, and deploy playbooks for automated threat detection, investigation, and response. Collaborate with SOC teams to identify repetitive tasks for automation and translate them into SOAR workflows.- Integration and Customization:Integrate SOAR platforms with existing security tools, including SIEM, threat intelligence platforms, and endpoint protection. Customize connectors and APIs to enable seamless communication between security tools.- Collaboration and Leadership:Work closely with SOC analysts, threat hunters, and other stakeholders to align automation efforts with organizational goals. Provide technical mentorship to analysts on SOAR platform utilization.- Performance Optimization:Continuously evaluate SOAR platform performance and implement improvements for scalability and reliability. Monitor automation workflows and troubleshoot issues to ensure consistent operations.- Compliance and Best Practices:Ensure that all SOAR implementations align with industry standards, compliance regulations, and organizational policies. Stay up to date with the latest advancements in SOAR technology and incident response practices. Professional & Technical Skills: - Proficiency in scripting and programming Python to develop custom playbooks and integrations.- Strong understanding of security operations, incident response, and threat intelligence workflows.- Proven track record of integrating SOAR with SIEM solutions (e.g., Splunk, Chronicle), EDR, and other security tools.- Ability to troubleshoot complex integration and automation issues effectively. Additional Information:- Certifications such as Splunk Phantom Certified Admin, XSOAR Certified Engineer, or equivalent.- Experience with cloud-native SOAR deployments and hybrid environments.- Familiarity with frameworks like MITRE ATT&CK, NIST CSF, or ISO 27001.- A 15 year full-time education is required- 3.5 years of hands-on experience with SOAR platforms like Splunk Phantom (On-Prem and Cloud), Chronicle SOAR, and Cortex XSOAR. Qualification 15 years full time education

Job Description CyberSecOn is looking for a talented and dedicated Cyber Security Analyst who can work remotely. A Cyber Security Analyst is responsible for maintaining the security and integrity of data. The security analyst must possess knowledge of every aspect of information security to protect company assets from evolving threat vectors.The main responsibilities will include: Monitor and investigate security events and alerts from various sources, such as logs, network traffic, threat intelligence, and user reports. Conduct proactive and reactive threat hunting campaigns to uncover hidden or emerging threats on the cloud environment. Perform root cause analysis and incident response to contain and remediate cloud abuse incidents. Document and communicate findings, recommendations, and lessons learned to relevant stakeholders and management. Develop and update cloud abuse detection rules, indicators, and signatures. Research and stay updated on the latest cloud abuse trends, tactics, techniques, and procedures (TTPs) of threat actors. Provide guidance and training to other security teams and cloud users on best practices and standards for cloud security. Manage multiple client environment cyber security infrastructure and applications. Knowledge of ServiceNow, Zoho desk, Jira/Confluence, etc. Perform vulnerability risk reviews using Qualys, Rapid7 and/or Tenable. Responsible for managing and improving the defined patch management & configuration review process and activities. Proactively manage applications, infrastructure security & network risks; ensuring security infrastructure aligns with companys compliance requirements. Skills & Experience: 4 years + years of experience in a security analyst role, preferably in a SOC environment. Good knowledge on security analyst, engineering, and project management experience Experience in client management for security projects. Knowledge and hands-on experience with SIEM technologies such as Microsoft Sentinel, Rapid7 Insight IDR, Wazuh, etc. Create play books and automation on Microsoft sentinel is desirable. Strong experience in Virtualisation, Cloud (Azure, AWS, other service providers) design, configuration, and management. Ability to manage priorities, perform multiple tasks and work under dynamic environment and tight deadlines. Ability to perform vulnerability assessments, penetration testing using manual testing techniques, scripts, commercial and open-source tools. Experience and ability to perform Phishing campaign and/or similar social engineering exercise. Subject matter expert in one or multiple areas as Windows, Unix, Linux OS. Vendor or Security specific certifications is preferred. Demonstrated analytical, conceptual and problem-solving skills. Ability to work effectively with limited supervision on multiple concurrent operational activities. Ability to communicate effectively via email, report, procedures in a professional and succinct manner. Preferred : Candidates who can join immediately or within 15 days.

Responsibilities- Configure, and maintain the SIEM platform ( ELK) Develop and fine-tune correlation rules, alerts, and dashboards to support SOC use cases. Onboard log sources from various platforms (Windows, Linux, cloud, network devices, applications). Perform health checks, upgrades, and patch management of SIEM components. Work closely with SOC analysts to improve detection capabilities and reduce false positives. Collaborate with threat intel and incident response teams to create advanced detection logic. Automate log ingestion and alert tuning using scripting (Python, PowerShell, etc.). Develop and maintain documentation, runbooks, and standard operating procedures (SOPs ). Beneficial: Good Documentation skills Good at Incident Management. Personal Characteristics: Strong communication skills, ability to work comfortably with different regions Actively participate within internal project community Good team player, ability to work on a local, regional and global basis and as part of joint cross location initiative. Self-motivated, able to work independently and with a team.

Would you like to join a dynamic, sophisticated, and expanding Security team at a leading SaaS company Zendesk is seeking a dedicated Senior Threat Monitoring and Response Engineer with strong communication and analytical skills to contribute to their Threat Hunting and Incident Response initiatives. This role involves a combination of technical proficiency, attention to detail, ability to connect disparate data points, and collaboration within a distributed team environment. As part of Zendesk's Threat Monitoring & Response Team, you will be involved in the development and implementation of processes and tools to swiftly and effectively respond to identified threats targeting Zendesk and its customers. Collaboration with the Security Engineering teams is crucial to ensure the deployment of appropriate tools and techniques for monitoring and detecting threats to the Zendesk platform. Your responsibilities will include assisting in the development of Threat Hunting processes, participating in threat hunting exercises, staying informed about new threats, analyzing attacker tactics, managing cyber security investigations, contributing to automation and orchestration, partnering with the security engineering team, participating in an on-call rotation, engaging with the cyber security community, aiding in the design of Threat Monitoring & Response operations, mentoring junior staff, and embracing change and challenges. To be successful in this role, you should possess: - 3+ years of information security response and investigation experience - 2+ years of experience in a global cloud-based environment - Proficiency in a scripting language - Experience briefing customers on cyber threats Preferred qualifications include security certifications like CISSP or SANS, involvement in information sharing organizations or security user groups, automation skills with Python 3, and system engineering experience. Zendesk, known for building software to enhance customer relationships, serves over 100,000 paid customer accounts globally. With operations across various regions, Zendesk values community engagement through initiatives like the Zendesk Neighbor Foundation. Zendesk is committed to providing an inclusive and fulfilling work environment through a hybrid working model that combines onsite collaboration and remote flexibility. Candidates must be physically located in Karnataka or Maharashtra for this role. If you require accommodations due to a disability, Zendesk is dedicated to making reasonable arrangements in compliance with federal and state laws. For any accommodation needs during the application process, please contact peopleandplaces@zendesk.com. Join Zendesk's mission to bring peace to customer service chaos and become part of a team that values connection, collaboration, and innovation.,

You will be responsible for performing deep-dive investigations on security incidents using Securonix SIEM. Your role will involve correlating alerts and utilizing UEBA to detect anomalies and insider threats. Additionally, you will be expected to fine-tune detection rules to reduce false positives in Securonix and conduct threat hunting to identify unknown threats using behavioral analytics. Moreover, you will investigate security events such as ransomware, APTs, data exfiltration, and privilege escalations. Collaborating with L3 analysts, you will help develop playbooks and automation through SOAR integration. You will also provide guidance to L1 analysts and support security awareness training initiatives. Furthermore, your responsibilities will include generating reports on security trends and SOC performance to ensure effective monitoring and response to potential threats.,

As a global group of life-saving technology companies, Halma is dedicated to pushing the boundaries of science and technology. With headquarters in the UK and operations spanning 23 countries, including regional hubs in India, China, Brazil, and the US, we have a diverse portfolio of nearly 50 companies specializing in market-leading technologies. For over 42 years, our purpose-driven approach, strategic initiatives, talented workforce, unique DNA, and sustainable business model have consistently delivered remarkable long-term growth in revenues and profits. Halma stands out as an FTSE 100 company by annually increasing dividends by 5%, a feat unparalleled by any other company on the London Stock Exchange. Why Join Us Certified as a Great Place to Work, Halma fosters an employee-centric culture based on autonomy, trust, respect, humility, work-life balance, team spirit, and approachable leadership. We provide a safe and inclusive workplace where individuality is celebrated, and everyone is encouraged to leverage their unique talents and backgrounds to drive meaningful outcomes. Position Objective: We are currently looking for dedicated cyber security professionals to join our 24/7 security operations team. In this role, you will play a crucial part in monitoring Halma Group's centralized infrastructure for malicious activities, analyzing logs to detect attack patterns, and ensuring timely responses to infiltration attempts. Additionally, you will manage technical support requests related to security devices integrated into Halma's infrastructure. Responsibilities: - Lead a team of security analysts on an 8-hour rotational shift schedule. - Conduct real-time security monitoring and respond to incidents using various tools and methodologies. - Maintain the group's infrastructure to meet service level expectations. - Develop and manage Security Information and Event Management (SIEM) use cases. - Identify and document incidents through proactive threat hunting. - Perform vulnerability assessments within Halma's network infrastructure and collaborate with stakeholders to mitigate risks. - Design and refine the Incident Response Playbook for enhanced reaction protocols. - Conduct post-incident analyses to improve Halma's incident response processes. - Propose innovative security control measures and solutions. - Provide technical support for security infrastructure, including SIEM, VPN, Antivirus, EDR, and Endpoint Management systems. - Possess a strong understanding of Windows/macOS operating systems and related security measures. - Monitor and manage security incidents for Halma's headquarters and subsidiary companies. - Utilize problem-solving skills during security incidents and alerts investigations. - Perform additional tasks such as generating vulnerability reports and contributing to process improvements. Critical Success Factors: - Resolve security incidents, support issues, and service requests within SLAs. - Contribute to enhancing processes, systems, and services provided by Halma IT. Qualifications: - Bachelor's degree in computer science or IT. Preferred Certifications: - CompTIA Security+, CEH - Microsoft Security certifications like SC-200/SC-300/SC-400 Desirable Certifications: - Any SIEM certifications, any Network certifications Experience: - 5 to 8 years of total experience. - Knowledge of vendor firewall and Remote Access solutions. - Exposure to security technologies, including Incident Response and Microsoft Sentinel. - Familiarity with Active Directory, server virtualization, and Microsoft technologies. - Experience with Microsoft Defender, Microsoft Intune, Cato Networks (VPN and Firewall), Azure Sentinel, and KQL is advantageous.,

The Security Operations Centre (SOC) department is seeking a candidate with strong oral and written communication skills. Experience in managing global customers, particularly in the US and Canada, is an advantage. The ideal candidate should be proficient in Incident Management and Response, with in-depth knowledge of security concepts such as cyber-attacks, threat vectors, risk management, and incident management. Strong familiarity with EDR and XDR is preferred. A strong understanding of various security solutions including EDR, XDR, NDR, EPP, Web Security, Firewalls, Email Security, O365, SIEM, SSL, Packet Analysis, HIPS/NIPS, Network Monitoring tools, Remedy, Service Now Ticketing Toolset Web Security, AV, UBEA, and Advanced SOC is required. The role involves working in a 24x7 Security Operation Centre (SOC) environment and includes creating, performing, reviewing, and delivering Incident Response playbooks and procedures. The responsibilities also include providing analysis and trending of security log data, threat and vulnerability analysis, security advisory services, and experience with Security Information Event Management (SIEM) tools. Hands-on experience in creating advanced correlation rules and conducting Vulnerability Assessments is a must. The candidate should have experience in threat hunting and forensic investigations. Other tasks and responsibilities may be assigned, including creating and fine-tuning rules, playbooks, etc. Strong knowledge of various operating systems such as Windows, Linux, and Unix, as well as TCP/IP Protocols, network analysis, and common Internet protocols and applications, is essential. Effective communication skills are required for contributing to the development and delivery of various written and visual documents for diverse audiences. Location: Ahmedabad Experience: 3-6 yrs Essential Skills/Certifications: GCFA, GCFE, CISP, CISSP, CCNP, CCIE Security, CEH; CSA If you meet the requirements and possess the essential skills/certifications, please send your CV to careers@eventussecurity.com.,

As an experienced L3 SOC Analyst, you will play a crucial role in managing security incidents and ensuring the protection of our clients" data and systems. You will be responsible for utilizing your expertise in SIEM tools such as QRadar, Sentinel, or Splunk to detect and respond to security threats effectively. Your strong knowledge of attack patterns, Tools, Techniques, and Procedures (TTPs) will be essential in identifying and mitigating risks. Your primary responsibilities will include acting as an escalation point for high and critical severity security incidents, conducting thorough investigations to assess impact, and analyzing attack patterns to provide recommendations for security improvements. You will also be actively involved in proactive threat hunting, log analysis, and collaborating with IT and security teams to enhance security processes effectively. In addition to hands-on experience with system logs, network traffic analysis, and security tools, your ability to identify Indicators of Compromise (IOCs) and Advanced Persistent Threats (APTs) will be crucial in ensuring the detection of potential threats. You will be expected to document and update incident response processes, participate in team meetings and executive briefings, and train team members on security tools and incident resolution procedures. Your proficiency in setting up SIEM solutions, troubleshooting connectivity issues, and familiarity with security frameworks and best practices will be considered advantageous. Your role will require you to provide guidance on mitigating risks, improving security hygiene, and identifying gaps in security processes to propose enhancements effectively. Join us at UST, a global digital transformation solutions provider with a deep commitment to innovation and agility. With over 30,000 employees in 30 countries, we partner with the world's best companies to drive real impact through transformation. If you are passionate about cybersecurity and eager to make a difference, we welcome you to be a part of our team and help us build for boundless impact, touching billions of lives in the process.,

About Rippling Rippling, based in San Francisco, CA, has secured over $1.4B from renowned investors such as Kleiner Perkins, Founders Fund, Sequoia, Greenoaks, and Bedrock. The company has been recognized as one of America's best startup employers by Forbes. Rippling prioritizes candidate safety, ensuring that all official communications are exclusively sent from @Rippling.com addresses. About The Role Rippling is seeking an experienced Security Engineer to join the Detection and Response Team (DART). As a member of the team, you will play a crucial role in establishing a top-notch incident response function that effectively handles challenging security incidents. Your responsibilities will include driving process enhancements, fostering an open culture of learning from mistakes, and constructing the necessary tools and detection infrastructure to scale our threat response capabilities across both Production and Corporate environments. What You Will Do - Respond promptly to security events, conduct triage, investigations, and incident analysis, and communicate findings effectively to stakeholders. - Contribute to the enhancement of processes, procedures, and technologies for detection and response to ensure continual improvement post-incident. - Develop and manage tools for collecting security telemetry data from cloud-based production systems. - Automate workflows to streamline identification and response times for security events. - Create and refine detection rules to focus efforts on critical alerts. - Establish runbooks and incident playbooks for new and existing detections. - Lead Threat hunting practices, recommend signals for detecting attacks in product and infrastructure, and incorporate discoveries into security controls. What You Will Need - Minimum of 12 years of full-time experience as a security engineer, encompassing security monitoring, incident response, and threat hunting in a cloud environment. - Possess a defensive mindset while understanding offensive security and the scenarios leading to compromise. - Proven experience in managing complex investigations involving numerous stakeholders. - Excellent communication skills with a track record of effectively engaging with internal and external stakeholders of all levels. - Expertise in AWS security controls and services. - Proficiency in coding for automation, alert enrichment, and detections. - Familiarity with adversary tactics, techniques, and procedures (TTPs) and MITRE ATT&CK principles. - Hands-on experience in data analysis, modeling, and correlation at scale. - Strong background in operating systems internals and forensics for macOS, Windows, and Linux. - Domain expertise in handling current SIEM and SOAR platforms. - Experience in developing tools and automation using common DevOps toolsets and programming languages. - Understanding of malware functionality and persistence mechanisms. - Ability to analyze endpoint, network, and application logs for unusual events. Additional Information Rippling places significant value on having in-office employees to promote a collaborative work environment and company culture. For office-based employees residing within a specified radius of a Rippling office, working in the office for at least three days a week is considered an essential function of their role under the current policy.,

Experience Required: 4+ years in Cybersecurity, with 2+years hands-on any threat intelligence platform Reports To: Security Operations Lead / SOC Manager Location: Jaipur Job Type: Full-time, Customer locations Job Summary: We are seeking a skilled Threat IntelligenceEngineer/Analyst with hands-on experience in managing and operating a UnifiedThreat Intelligence Platform (UIP). The ideal candidate will be responsible forintegrating, enriching, analyzing, and disseminating threat intelligence acrosssecurity systems (SIEM, SOAR, EDR) to enhance threat detection, hunting, andresponse efforts. Key Responsibilities: Administer and maintain the Unified Threat Intelligence Platform (e.g., MISP, Anomali, ThreatConnect, EclecticIQ, TIP from commercial vendors). Should have worked on any of the TI platform. Experience in Recorded future preferred. Aggregate, normalize, and enrich threat intel feeds from internal, commercial, and open-source sources (OSINT). Map Indicators of Compromise (IOCs), TTPs, and threat actor profiles using frameworks such as MITRE ATT&CK and STIX/TAXII. Integrate UIP with SIEM, SOAR, and EDR platforms to enable automated threat correlation and alert enrichment. Analyze and prioritize threat intelligence based on relevance, risk level, and business impact. Coordinate with threat-hunting and SOC teams to enable actionable use of threat intelligence. Create and manage threat intelligence dashboards, reports, and alerts. Continuously improve threat ingestion, enrichment pipelines, and integration workflows. Required Skills and Qualifications: Solid understanding of Threat Intelligence lifecycle: collection, processing, analysis, dissemination. Experience with commercial or open-source TIP/UIP tools (e.g., MISP, ThreatConnect, Anomali, EclecticIQ). Strong knowledge of STIX/TAXII, OpenIOC, YARA, Sigma rules. Experience integrating threat intel into SIEM (e.g., Splunk, QRadar, Sentinel) and SOAR platforms. Familiarity with threat actor behavior, campaigns, malware families, and IOC tracking. Working knowledge of scripting (Python preferred) for automation and data transformation. Ability to analyze complex data and present threat intelligence in clear, actionable formats. Education Requirements : BE, B.Tech in IT/CS/ECE, BCA, BSc CS and MCA Certification : CEH/CSA/ NBAD certification

Experience Required: 4+ years in Cybersecurity, with 2+years hands-on Anti APT tool and in IR Reports To: Security Operations Lead / SOC Manager Job Summary: We are looking for a highly skilled Anti-APT and IncidentResponse Specialist to lead the detection, analysis, and remediation ofsophisticated cyber threats, including Advanced Persistent Threats (APTs). Thecandidate will work closely with threat intelligence, SOC, and forensic teamsto respond to incidents, contain threats, and fortify the environment againstfuture attacks. Key Responsibilities: Anti-APT Operations: Monitor for indicators of APT campaigns using threat intelligence feeds, SIEM, EDR, NBAD, and anomaly detection tools. Identify and analyze tactics, techniques, and procedures (TTPs) used by threat actors aligned with MITRE ATT&CK. Leverage threat intelligence to proactively hunt and neutralize stealthy threats. Incident Response (IR): Lead and execute all phases of incident response: identification, containment, eradication, recovery, and lessons learned. Perform forensic analysis on systems and logs to determine the root cause, scope, and impact of security incidents. Collaborate with IT, SOC, and legal/compliance teams during major incidents and breach investigations. Create and maintain IR playbooks, response workflows, and escalation procedures. Detection and Prevention: Work with SIEM and SOAR teams to improve alert fidelity and develop custom correlation rules. Coordinate with endpoint, network, and cloud teams to plug gaps and strengthen defenses post-incident. Assist in configuring anti-APT technologies like sandboxing, deception platforms, and EDR/XDR solutions. Required Skills and Qualifications: Strong knowledge of APT groups and attack frameworks (e.g., MITRE ATT&CK, Lockheed Martin Kill Chain). Hands-on experience in incident response, digital forensics, threat hunting, and malware analysis. Proficiency with tools such as: EDR (e.g., CrowdStrike, SentinelOne, Carbon Black) SIEM (e.g., Splunk, QRadar, ArcSight) Forensics tools (e.g., FTK, EnCase, Volatility) Threat intel platforms (MISP, Anomali, ThreatConnect) Strong understanding of Windows/Linux internals, memory/process analysis, and network forensics. Experience writing detection rules (Sigma, YARA) and incident reports. Preferred Qualifications: Certifications: GCIH, GCFA, GNFA, CHFI, OSCP, or similar. Experience with APT campaigns linked to sectors like government, BFSI, or critical infrastructure. Exposure to cloud incident response (Azure, AWS, GCP) and OT/ICS threat environments. Education Requirements : BE, B.Tech in IT/CS/ECE, BCA, BSc CS and MCA Certification : CEH/CSA/CHFI

Responsible for conducting all threat-hunting activities necessary for identifying threats including zero day. Hunt for security threats, identify threat actor groups and their techniques, tools, and processes. Strong knowledge of APT lifecycle, tactics, techniques, and procedures (TTPs). Familiarity with MITRE ATT&CK framework and mapping threats to techniques. Provide expert analytic investigative support to L1 and L2 analysts for complex security incidents. Proficiency in malware behavior analysis and sandboxing. Perform analysis of security incidents for further enhancement of rules, reports, AI/ML models. Perform analysis of network packet captures, DNS, proxy, NetFlow, malware, host-based security and application logs, as well as logs from various types of security sensors uncovering the unknown about internet threats and threat actors. Analyze logs, alerts, suspicious malware samples from all the SOC tools, other security tools deployed such as Anti-Virus, Anti APT solutions, EDR, IPS/IDS, Firewalls, Proxies, Active Directory, Vulnerability assessment tools, etc. Using knowledge of the current threat landscape, threat actor techniques, and the internal network, analyze log data to detect active threats within the network. Build, document, and maintain a comprehensive model of relevant threats to the customer. Proactively identify potential threat vectors and work with the team to improve prevention and detection methods. Identify and propose automated alerts for new and previously unknown threats. Incident Response for identified threats. Strong knowledge of APT lifecycle, tactics, techniques, and procedures (TTPs). Hands-on experience with Trellix (formerly McAfee) APT solutions, EDR, and Threat Intelligence. Proficiency in malware behavior analysis and sandboxing. Familiarity with MITRE ATT&CK framework and mapping threats to techniques. Experience with security monitoring tools such as SIEM, SOAR, EDR, and Threat Intelligence Platforms (TIPs). Solid understanding of network protocols, endpoint protection, and intrusion detection systems.,