233 Threat Hunting Jobs - Page 2

You will play a crucial role as a Security Engineer at Tekion, a company revolutionizing the automotive industry with cutting-edge technology. Your responsibilities will include managing security incidents, identifying vulnerabilities, and implementing strategies to enhance our organization's security posture. If you possess a proven track record in incident response, vulnerability management, and are eager to contribute to a dynamic team, we invite you to apply for this position. In this role, you will: - **Incident Response:** Monitor security event logs and alerts, lead investigations for containment, eradication, and recovery. - **Root Cause Analysis:** Conduct in-depth analysis of security incidents and targeted attacks to identify root causes and prevent recurrence. - **Security Automation:** Enhance detection and response capabilities through automation, fine-tuning alerts, and automating responses. - **Playbook Creation:** Develop incident response playbooks for different security incidents aligned with current threats. - **Security Event Enrichment:** Utilize IOCs, threat intelligence, and data sources to enrich security events, improving detection accuracy. - **Collaboration:** Coordinate with security stakeholders and cross-functional teams to improve security initiatives. - **Threat Hunting:** Proactively identify potential malicious activities and mitigate emerging risks. - **Vulnerability Management:** Identify, assess, and prioritize vulnerabilities across systems, applications, and networks for effective remediation. - **Vulnerability Scanning & Testing:** Conduct regular scans, penetration tests, and risk assessments to identify weaknesses. - **Patch Management:** Collaborate with IT and development teams to ensure timely patching and remediation. You should possess: - **Education:** Bachelors/Master's degree in computer science, Information Technology, Cybersecurity, or related field. - **Experience:** Minimum of 3 years in a Security Operations Center (SOC) environment. - **Certifications:** Relevant certifications such as GCIA, GCIH, AWS Security Specialist, or similar in Security Operations or Incident Response. - **Coding Skills:** Proficiency in coding languages like Python or Go. - **Technical Skills:** Hands-on experience with security tools like SIEMs, EDR, WAFs, IDS, and vulnerability scanners. - **Hands-on Experience:** Proficiency in incident response processes. - **Cloud Experience:** Experience with cloud security services, preferably in AWS or Azure environments. - **Analytical Skills:** Strong analytical and problem-solving skills with attention to detail. - **Soft Skills:** Excellent verbal and written communication skills to convey complex security concepts. If you are ready to be part of a team driving innovation in the automotive industry and have the required expertise in security operations, we look forward to receiving your application.,

We are seeking an experienced QRadar Incident Forensic Specialist to manage the deployment, configuration, and day-to-day operations of the QRadar SIEM platform while supporting incident response and forensic investigations. The ideal candidate will play a critical role in enhancing security monitoring, investigating incidents, and ensuring seamless SIEM operations. This role requires a blend of expertise in QRadar deployment, incident handling, and forensic analysis to improve the organization’s security posture, Plan, design, and deploy QRadar SIEM environments including Incident forensic, ensuring proper integration with network devices, servers, and applications Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Develop and maintain documentation, including deployment guides, SOPs. Generate forensic reports and compliance dashboards for internal stakeholders and external audits. Proactively identify gaps in threat detection capabilities and recommend enhancements. Implement updates, patches, and upgrades to maintain system reliability and performance. Optimize architecture and storage allocation to ensure scalability and efficiency. Hands-on experience with QRadar architecture, deployment, and administration. Strong knowledge in Linux, unix, redhat OS. Strong knowledge in TCP/IP & networking. Proven track record in incident handling, forensic investigations, and log analysis. Expertise in QRadar features such as AQL queries, rule creation, offense management, and dashboards. Proficiency in forensic tools and methodologies for log analysis and evidence gathering Preferred technical and professional experience Support threat hunting activities by leveraging anomaly detection and root cause analysis. Research and implement emerging QRadar features, integrations, and third-party tools to enhance functionality. Perform daily health checks, ensure system availability, and resolve performance bottlenecks. Use the tools in IBM QRadar Incident Forensics in specific scenarios in the different types of investigations, such as network security, insider analysis, fraud and abuse, and evidence-gathering. Investigate security incidents by analyzing logs, offenses, and related data within QRadar. Manage and troubleshoot log ingestion, data flow, and parsing issues across multiple data sources. Extract and analyze digital evidence to support forensic investigations and incident response. Reconstruct attack scenarios and provide root cause analysis for post-incident reviews

Responsibilities: * Conduct threat analysis using SOC tools like QRadar & LogRhythm. * Collaborate with incident response team on security incidents. * Monitor network activity for suspicious behavior.

As an L2 SOC Analyst specializing in LogRhythm SIEM, your role will involve strengthening the Security Operations Center in Mumbai. With 2 to 5 years of hands-on experience in security monitoring and incident analysis, particularly focusing on LogRhythm SIEM, you will play a crucial part in the in-depth analysis, incident investigation, escalation, and coordination with response teams. Your key responsibilities will include monitoring, analyzing, and triaging security alerts from LogRhythm SIEM and other security platforms. You will be responsible for investigating and validating security incidents with detailed analysis and impact assessment, conducting threat hunting, and advanced log correlation as per SOC playbooks. Additionally, you will respond to incidents following defined escalation matrices, perform root cause analysis, recommend containment and mitigation actions, and provide guidance and mentorship to L1 SOC Analysts for escalated incidents. Moreover, you will prepare incident reports, analysis summaries, and dashboards for management, monitor and report SIEM health, log source integration issues, and tuning requirements. Your role will also involve participating in the continuous improvement of detection rules and SOC processes. Being ready to work in 24x7 rotational shifts with a constant readiness for critical incident handling is essential for this position. To excel in this role, you should possess 2 to 5 years of SOC operations experience, with a specific focus on SIEM monitoring and incident handling. Strong hands-on experience with LogRhythm SIEM is mandatory, in addition to a good understanding of security threats, attack vectors, malware behavior, and common vulnerabilities. Practical experience in analyzing logs from firewalls, IDS/IPS, endpoint security, and cloud platforms is required, along with familiarity with the MITRE ATT&CK framework and the usage of threat intelligence. Furthermore, you should exhibit strong analytical thinking, incident response capabilities, and problem-solving skills. Effective communication skills for incident reporting and escalation are essential for this role. Preferred certifications include LogRhythm Certified Deployment Engineer (LCDE) or LogRhythm Certified SOC Analyst (LCSA), while certifications such as CompTIA Security+, CEH, CySA+, or equivalent security certifications are optional. Any threat hunting or incident response certification would be considered a plus. This is a full-time role based at the Mumbai SOC facility, requiring you to work in 24x7 rotational shifts, including nights and weekends.,

Key Responsibilities: Incident Detection & Response: Monitor security alerts and events through SIEM tools to identify potential threats. Investigate security incidents and respond in a timely and effective manner. Leverage EDR (Endpoint Detection and Response) solutions for threat detection and incident analysis. Threat Analysis & Mitigation: Conduct thorough threat and malware analysis to identify and mitigate risks. Work closely with internal teams to investigate malware, viruses, and ransomware threats. Use CrowdStrike , Defender , and other endpoint security tools to prevent attacks. Email Security Management: Monitor and manage email security systems to prevent phishing, spam, and other malicious email threats. Respond to suspicious email alerts and work with other teams to resolve them. Continuous Monitoring & Alerting: Actively monitor systems, networks, and applications for any signs of suspicious activities. Utilize Endpoint Security solutions to continuously track and protect endpoints across the network. Collaboration & Reporting: Work closely with the IT and security teams to assess, analyze, and resolve security incidents. Maintain detailed documentation of incidents, findings, and responses for future reference. Regularly report on the status of ongoing security incidents and trends to senior management. Research & Knowledge Enhancement: Stay updated with the latest security threats, vulnerabilities, and trends. Participate in security training and development to improve skills in SIEM , EDR , and other security tools. Required Skills and Qualifications: Bachelors degree in Cybersecurity, Information Security, Computer Science, or a related field, or equivalent work experience. Strong experience with SIEM (e.g., Splunk, QRadar, ArcSight). Proficient in EDR and Endpoint Security tools (e.g., CrowdStrike, Microsoft Defender). Hands-on experience in threat and malware analysis . Familiarity with email security systems (e.g., Proofpoint, Mimecast). Strong understanding of network protocols, firewalls, and intrusion detection/prevention systems. Knowledge of security frameworks and industry standards (e.g., MITRE ATT&CK, NIST). Excellent analytical and problem-solving skills. Preferred Qualifications: Security certifications like CompTIA Security+ , CISSP , CEH , or GIAC are a plus. Experience with incident response and forensic investigation. Familiarity with cloud security in AWS, Azure, or Google Cloud.

Advanced knowledge in handling security incidents and leading investigations. Proficiency in managing and optimizing SOC operations. Experience in implementing security protocols and policies. Expertise in Malware Reverse Engineering, Required Candidate profile Certified Information Systems Security Professional (CISSP). Certified Information Security Manager (CISM). GIAC Certified Enterprise Defender (GCED). Certified Information Security Auditor (CISA),

Exp. in a SOC, incident detection and response,SIEM platform and EDR. understanding of networking principles, TCP/IP, WANs, LANs, and Internet protocols (SMTP, HTTP, FTP, POP, LDAP). cloud security concepts & platforms (e.g., AWS, Azure, GCP).

Our purpose is to enable our customers to defend against the evolving threat landscape across on-premises, private cloud, public cloud and multi-cloud workloads. Our goal is to go beyond traditional security controls to deliver cloud-native, DevOps-centric and fully integrated 24x7x365 cyber defence capabilities that deliver a proactive , threat-informed , risk-based , intelligence-driven approach to detecting and responding to threats. Our mission is to help our customers: Defend against new and emerging risks that impact their business. Reduce their attack surface across private cloud, hybrid cloud, public cloud, and multi-cloud environments. Reduce their exposure to risks that impact their identity and brand. Develop operational resilience. Maintain compliance with legal, regulatory and compliance obligations. What were looking for To support our continued success and deliver a Fanatical Experience to our customers, Rackspace Cyber Defence is looking for an Indian based Security Engineer, with a specialism in Endpoint Security to support Rackspaces strategic customers. This role is particularly well-suited to a self-starting, experienced and motivated Sr. Security Engineer, who has a proven record of accomplishment in the design, delivery, management, operation and continuous improvement of enterprise-level Endpoint Security platforms or delivering Managed Endpoint Detection & Response (EDR) services to customers. The primary focus will be on the design, implementation, management, operation and continuous improvement of cloud-native Endpoint Detection & Response (EDR) platforms such as Crowdstrike Falcon or Microsoft Defender for Endpoint; used by the Rackspace Cyber Defence Center to deliver managed security services to our customers. You will also be required to liaise closely with the customers key stakeholders, which may include incident response and disaster recovery teams as well as information security. Skills & Experience Should have 8+ years experience in Security Engineering. Experience working in either large, enterprise environments or managed security services environments with a focus on Endpoint Detection & Response. Experience of working with cloud native Endpoint Security and Endpoint Detection & Response (EDR) tools such as Crowdstrike, Microsoft Defender for Endpoint and/or Microsoft Defender for Cloud. Experience of working in two (or more) of the following additional security domains: SIEM platforms such as Microsoft Sentinel (preferred), Google Chronicle, Splunk, QRadar, LogRhythm, Securonix etc. AWS (Amazon Web Services) Security Hub including AWS Guard Duty, AWS Macie, AWS Config and AWS CloudTrail . Experience of analysing malware and email headers, and has skills in network security, intrusion detection and prevention systems; operating systems; risk identification and analysis; threat identification and analysis and log analysis. Experience of security controls, such as network access controls; identity, authentication, and access management controls (IAAM); and intrusion detection and prevention controls. Knowledge of security standards (good practice) such as NIST, ISO27001, CIS (Center for Internet Security), OWASP and Cloud Controls Matrix (CCM) etc. Knowledge of scripting and coding with languages such as Terraform, python, javascript, golang, bash and/or powershell. Knowledge of Malware reverse engineering, threat detection and threat hunting. Computer science, engineering, or information technology related degree (although not a strict requirement) Holds one, or more, of the following certificates (or equivalent): - Microsoft Certified: Azure Security Engineer Associate (AZ500) Microsoft Certified: Security Operations Analyst Associate (SC-200) Systems Security Certified Practitioner (SSCP) Certified Cloud Security Professional (CCSP) GIAC Certified Incident Handler (GCIH) GIAC Security Operations Certified (GSOC) CrowdStrike admin Certified A highly self-motivated and proactive individual who wants to learn and grow and has an attention to detail. A great analyser, trouble-shooter and problem solver who understands security operations, programming languages and security architecture. Highly organised and detail oriented. Ability to prioritise, multitask and work under pressure. An individual who shows a willingness to go above and beyond in delighting the customer. A good communicator who can explain security concepts to both technical and non-technical audiences. Key Accountabilities Ensure the Customers operational and production environment remains healthy and secure at all the times. Assist with customer onboarding customer/device onboarding, policy configuration, platform configuration and service transition to security operations team(s). Advance platform administration. Critical platform incident handling & closure. As an SME, act as an L3 escalation and point of contact for SecOps Analysts during an incident response process As an SME, act as a champion and centre of enablement by delivering training, coaching and thought leadership across Endpoint Security and Endpoint Detection & Response. Develop and document runbooks, playbooks and knowledgebase articles that drive best practice across teams. Drive continuous improvement of Rackspace Managed EDR services through custom development, automation and integration; in collaboration with SecOps Engineering and other Security Engineering team(s) Maintain close working relationships with relevant teams and individual key stakeholders, such as incident response and disaster recovery teams as well as information security etc. Co-ordinate with vendor for issue resolution. Required to work flexible timings.

Dear Cybersecurity Professionals, We are thrilled to invite you to our upcoming AI in Cybersecurity User Group activity , happening on 26th July in Chennai . This is an excellent opportunity to connect, learn, and exchange insights on how AI is revolutionizing the cybersecurity landscape. Highlights of the event: Expert talks on AI-driven cybersecurity solutions Real-world case studies and practical insights Networking with industry peers and thought leaders Interactive sessions to discuss challenges & best practices Please note: Seats are strictly limited , and registrations will be accepted on a first-come, first-served basis. Date: 26th July 2025 Time: 10:30 AM 12:30 PM Location: Chennai (venue details will be shared upon confirmation) If youre interested in joining, please reply to this email or register through below link at the earliest to secure your spot. https://forms.cloud.microsoft/r/Qc57BKrBmQ Looking forward to your participation in building a vibrant AI in cybersecurity community!

Evaluate alerts, evidence, and indicators from all relevant source (network, endpoint, SIEM, local logs, etc. ) to successfully triage, scope, and evaluate threats. • Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and implement rapid containment controls. • Collects and preserves digital evidence in an appropriate manner for the threat (up to and including a forensically sound manner according to best practices) • Evaluates artifacts (processes, services, drivers, libraries, binaries, scripts, memory, network traffic, file, email, and other objects) for malicious activity, exploitation, and/or unauthorized access • Identifies attack vectors, exploit methods, malicious code, C2 activity, and persistence mechanism • Performs analysis to determine full scope, risk, and impact of breach or exposure • Performs root cause analysis and recommend mitigation strategies • Properly and thoroughly document incident findings, evidence, analysis steps, and create status updates, findings reports, and recommendations • Focus on preserving uptime and minimize the impact on business and medical services • Collaborate with other teams to perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks. • Employ approved defence-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness). • Collect and analyze intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. • Coordinate with intelligence analysts to correlate threat assessment data. • Write, publish, and socialize after action reports and presentations. • Determine the extent of threats and recommend mitigation and/or remediation courses of action or countermeasures to manage risks.

You have the opportunity to join as a Splunk Enterprise Security specialist with 5-8 years of experience in Hyderabad. You will be responsible for integrating Splunk with various security tools and technologies across different domains such as Process Control Domain/OT and Operations Domain/IT. Your role involves administering and managing the Splunk deployment to ensure optimal performance, implementing Role-Based Access Control (RBAC), and developing custom Splunk add-ons for log management. Collaboration with the SOC team is crucial as you will work together to understand security requirements and objectives, and implement Splunk solutions to enhance threat detection and incident response capabilities. Your tasks will include integrating different security controls and devices like firewalls, EDR systems, Proxy, Active Directory, and threat intelligence platforms. You will be responsible for developing custom correlation searches, dashboards, and reports to identify security incidents, investigate alerts, and provide actionable insights to SOC analysts. Additionally, creating efficient custom dashboards for various teams to support security risk investigations and conducting threat hunting exercises using Splunk will be part of your role. Furthermore, you will contribute to the development and refinement of SOC processes and procedures by leveraging Splunk to streamline workflows and enhance operational efficiency. Implementing Splunk for automations of SOC SOP workflows will also be within your responsibilities. To excel in this role, you should have experience in designing and implementing Splunk Enterprise Security architecture, integrating with security tools and technologies, security monitoring, incident response, security analytics, and reporting. Collaboration, communication, and the ability to manage Splunk Enterprise Security effectively are essential requirements. You will also be involved in migrating/scaling the Splunk Environment from Windows to Linux to improve performance, reliability, and availability. Moreover, you will implement and integrate the SOAR platform (Splunk Phantom) and User Behavior Analytics (Splunk UBA/UEBA) with the existing Splunk Infrastructure to enhance operations with automations.,

As an L3 SOC Analyst at CyberProof, a UST Company, you will be a key member of our Security Operations Group, dedicated to helping enterprises react faster and smarter to security threats. With 5 to 7 years of experience under your belt, you will play a crucial role in maintaining secure digital ecosystems through automation, threat detection, and rapid incident response. Your must-have skills include expertise with SIEM vendors such as QRadar, Sentinel, and Splunk, incident response capabilities, and a strong understanding of attack patterns, Tools, Techniques, and Procedures (TTPs). You are experienced in writing procedures, runbooks, and playbooks, possess strong analytical and problem-solving skills, and have hands-on experience with system logs, network traffic analysis, and security tools. Proficiency in identifying Indicators of Compromise (IOCs) and Advanced Persistent Threats (APTs) is essential for this role. Additionally, good-to-have skills involve experience in setting up SIEM solutions, troubleshooting connectivity issues, familiarity with security frameworks and best practices, and the ability to collaborate effectively with IT and security teams. Your responsibilities will include acting as an escalation point for high and critical severity security incidents, conducting in-depth investigations to assess impact and understand the extent of compromise, analyzing attack patterns, and providing recommendations for security improvements. You will be responsible for proactive threat hunting, log analysis, providing guidance on risk mitigation, improving security hygiene, identifying gaps in security processes, and suggesting enhancements. Ensuring end-to-end management of security incidents, documenting incident response processes, defining future outcomes, participating in discussions, meetings, and briefings, as well as training team members on security tools and incident resolution procedures are also part of your role.,

Job Summary: We are seeking a highly skilled and motivated SOC Analyst / Detection Engineer to join our Security Operations Center. This role requires expertise in developing advanced KQL and Splunk queries, detection engineering, and incident response within complex enterprise environments. The ideal candidate will bring hands-on experience with SIEM, EDR, cloud security, incident playbooks, and OSINT tools, while also showing a passion for mentoring junior team members. Key Responsibilities: Develop and fine-tune detection rules and analytics using KQL (Microsoft Sentinel) and SPL (Splunk). Lead threat hunting activities leveraging EDR telemetry, SIEM logs, and threat intelligence sources. Design and implement detections based on behavioral patterns and MITRE ATT&CK mappings. Investigate security alerts and incidents, triage threats, and provide detailed incident reports and root cause analysis. Build and maintain incident response playbooks, SOPs, and runbooks to streamline SOC operations. Collaborate with internal teams to continuously improve detection logic and incident workflows. Mentor and train junior analysts, promote knowledge sharing, and support SOC skill development. Develop integrations and use cases with various log sources from on-prem, cloud, and hybrid environments. Utilize OSINT tools and frameworks (e.g., VirusTotal, Shodan, Censys, MISP, AbuseIPDB, Whois, etc.) during threat investigation and enrichment. Drive automation and orchestration where applicable using SOAR technologies. Stay up to date on threat intelligence, emerging tactics, techniques, and procedures (TTPs). Technical Skill Requirements: Detection Engineering: Strong expertise in writing detection queries (KQL/SPL), developing use cases, and tuning alerts. SIEM: Hands-on experience with Microsoft Sentinel and Splunk (Enterprise Security). EDR/XDR: CrowdStrike Falcon, Microsoft Defender for Endpoint. Cloud Security: Security monitoring in Azure, AWS, and GCP. Microsoft 365 Security: Defender for Office 365, Entra ID (Azure AD), Purview (compliance). Web Security Filtering: Experience or knowledge of Zscaler and similar solutions. Incident Response: Playbook development, SOPs, runbook creation, triage, and remediation. OSINT Tools: Practical usage of VirusTotal, URLScan.io, MISP, Shodan, Censys, GreyNoise, AbuseIPDB, Whois, etc. Log Analysis: Deep understanding of log formats from servers, network devices, cloud services, and applications. Automation/SOAR: Familiarity with automation frameworks (Logic Apps, Sentinel Playbooks, Splunk SOAR) is a plus. Scripting: PowerShell, Python, or equivalent scripting for enrichment and automation. Additional Expectations: Willingness to mentor and train junior SOC team members. Ability to work independently in a fast-paced SOC environment. Excellent analytical, communication, and problem-solving skills. Strong attention to detail and a proactive security mindset. Preferred Certifications (Nice to Have): SC-200: Microsoft Security Operations Analyst Splunk Core/Enterprise Security certifications CrowdStrike CCFR / CCFH Zscaler ZCCA/ZCCP Azure/AWS/GCP security certifications GIAC (GCIA, GCED, GCIH) or other relevant SANS certifications

Job Summary: We are seeking a proactive and technically skilled information security (SOC) Engineer/Analyst to monitor, detect, and respond to cybersecurity threats in real-time. The ideal candidate will have strong analytical skills, be detail-oriented, and possess a sound understanding of threat landscapes, SIEM tools, and incident response. The ideal candidate will possess a strong foundational understanding of cybersecurity governance, robust technical skills in security operations, and a commitment to staying abreast of the evolving threat landscape and internal security requirements. Key Responsibilities Monitor security events and alerts from SIEM and other security tools. Perform initial triage and investigation of potential threats or anomalous behavior. Escalate incidents according to severity and defined procedures. Document incidents, provide root cause analysis, and maintain detailed logs. Analyze threat intelligence feeds and correlate with internal data. Assist in threat hunting and vulnerability management activities. Support continuous improvement of SOC processes and playbooks. Collaborate with other IT and Security teams for incident resolution. Assist in developing and tuning SIEM rules, queries, and dashboards for threat detection. Contribute to vulnerability management and secure configuration of internal systems and cloud environments. Support the testing and execution of recovery plans for security systems and data. Document incident findings, remediation steps, and contribute to post-incident reviews. Required Skills & Qualifications: Bachelors degree in Computer Science, Cybersecurity, or related field. 13 years of experience in a SOC environment or similar security operations role. Familiarity with SIEM tools (e.g., Splunk, QRadar, Sentinel). Understanding of TCP/IP, firewalls, IDS/IPS, and common attack vectors. Knowledge of malware, phishing, ransomware, and social engineering tactics. Hands-on experience with endpoint protection, network monitoring, and forensic tools. Excellent communication and documentation skills. Preferred Certifications: CompTIA Security+ or CySA+ Vendor-specific SIEM certifications.

Role Overview: The OT Security Analyst – Level 2 (L2) plays a pivotal role in defending operational technology (OT) environments against evolving cyber threats. This role requires a deep understanding of security incident analysis, threat detection, and incident response, specifically tailored to Industrial Control Systems (ICS) and OT networks. The analyst will investigate complex security incidents within the OT infrastructure, collaborate with IT/OT teams, and enhance security posture through actionable insights. ________________________________________ Key Responsibilities: • Conduct in-depth analysis of security events and incidents within OT environments, leveraging SIEM and OT-specific monitoring tools. • Perform root cause analysis and develop incident timelines to support forensics and remediation efforts. • Apply standard incident response frameworks (e.g., NIST, MITRE ATT&CK for ICS, Cyber Kill Chain) for threat classification and response. • Use threat intelligence platforms and sandbox environments to investigate malware and suspicious artifacts in OT networks. • Analyze access logs, network traffic, and protocol behaviours across OT systems (e.g., SCADA, DCS, PLCs). • Support investigations related to unauthorized device communications, anomalous behaviours, or compromised industrial assets. • Collaborate with OT security engineers and external vendors to escalate and remediate incidents. • Refine alert rules and detection logic to reduce false positives and improve signal-to-noise ratio in OT SOC operations. • Document incident findings and support continuous improvement of the OT SOC playbooks and knowledgebase. • Liaise with the IT SOC and CIR (Cyber Incident Response) teams to align incident handling and cross-domain investigations. • Participate in threat hunting activities tailored for OT environments using behavioural analysis and attack-path simulation. ________________________________________ Technical Skills & Knowledge: • Strong understanding of OT/ICS protocols (Modbus, DNP3, OPC, etc.) and industrial network topologies. • Hands-on experience with OT cybersecurity tools and platforms (e.g., Nozomi Networks, Claroty, Dragos). • Familiar with ISA/IEC 62443, NIST SP 800-82, NIST CSF, and ISO 27001 compliance requirements for OT. • Proficiency in using SIEM systems (e.g., Microsoft Sentinel, Splunk, QRadar) for log correlation and event triage. • Understanding of firewalls, WAFs, proxies, and network segmentation principles in OT. • Working knowledge of tools such as THOR Scanner, VMRay, or Recorded Future is a plus. • Experience in vulnerability management and patch advisory for OT assets with limited patch cycles. ________________________________________ Nice to Have: • Exposure to Red Team/Blue Team exercises focused on OT/ICS. • Familiarity with GRC platforms and risk assessment tools tailored to OT.

RESG/GTS is the entity in charge of the entire IT infrastructure of Socit Gnrale. The RESG/GTS/SEC/SOC department, which corresponds to the Socit Gnrale SOC (SOC SG), is in charge of operational detection, incident response and prevention activities within the scope of GTS across the businesses. The mission of the SOC is to identify, protect, detect, respond and using the security platforms for the detection/reaction and prevention and resolution of security incidents. The SG SOC consists of Cyber Defense (incident management) Cyber Tools (management of SOC tools including the SIEM), Cyber Control (Prevention and Compliance) and Governance. This role is for a SOC L3(Lead Cyber Security Analyst) will be part of the GTS Security SOC team. In this role, you will involved in supporting India and global regional needs. The objectives of the Security Department (RESG/GTS/SEC) are to manage the strategy for all RESG/GTS in terms of security, technical standards, processes and tools, and thus to cover many cross-functional functions within the company and subsidiaries across all regions. Accountabilities Major Activities SOC Lead/L3 Lead and manage all high priority Critical Security Incidents including end to end incident mgmt. Support/help and guide the L1/L2 in managing complex issues/incidents Lead and engage in Study/POC of Tools and technologies aligning to the security roadmap Will be an expert in 1 or 2 key security technologies/tools globally and be part of the global SOC L3/Experts Example Areas: Threat Hunting, Forensic Analysis, IPS, EDR, DLP, etc. Contribution to the risk detection management approach, consistent with the SG MITRE Matrix approach and other industry standard relevant approaches Analysis support for complex investigations and improve reaction procedures/run book definitions/ enhancements Support for analyses on cybersecurity technical plans, analysis approach and incident management Identify different security tools and technologies to make security operations more effective. Identification of security gaps, mitigation strategy, implementation tracking till closure Work with various regional SOC and CERT teams on the security aspects an incidents where required Reporting to Function Head GTS SEC SOC

You have a fantastic opportunity to join our team as a SOC/Incident Management/Incident Response /Threat Detection Engineering/ Vulnerability Management/ SOC platform management/ Automation/Asset Integration/ Threat Intel Management /Threat Hunting professional with a minimum of 2 years of relevant experience. As a part of our team, you will be responsible for conducting Vulnerability assessment & Penetration testing (VAPT) as per the bank's regulatory and operational requirements. This includes External Penetration Testing of Bank's internet-facing Web, Mobile, Web services, Network, and Infrastructure on a periodic basis as per Bank's provided schedules. Your key roles and responsibilities will also include maintaining an up-to-date inventory of IT assets, regularly scanning and assessing systems for vulnerabilities, prioritizing vulnerabilities based on the risk and potential impact, conducting Continuous breach attack simulations, SCD (Secure Configuration Document) verifications, Anti-Malware & Malicious Content Scan, near real-time detection and monitoring of emerging vulnerabilities, and defining and measuring metrics to track the effectiveness of the VM program. To excel in this role, you are required to have a Professional Qualification and a certification such as Certified SOC Analyst (ECCouncil), Computer Hacking Forensic Investigator (ECCouncil), Certified Ethical Hacker (EC-Council), CompTIA Security+, CompTIA CySA+ (Cybersecurity Analyst), GIAC Certified Incident Handler (GCIH), or equivalent. Product Certifications on SOC Security Tools such as SIEM/Vulnerability Management/ DAM/UBA/ SOAR/NBA are preferred. If you have 2 to 5 years of experience in the field and are looking for a challenging opportunity in Navi Mumbai on a Fixed-Term Contract basis with a Face-to-Face interview type, then this role is perfect for you. Join us and be a part of a dynamic team dedicated to ensuring the security and integrity of our systems and data.,

You are a highly experienced Senior SOC Administrator (L4) who will be an integral part of our Security Operations Center (SOC) team. Your primary responsibilities will include serving as a key escalation point for complex security incidents, leading investigations, coordinating incident resolution with stakeholders, developing and implementing security policies and procedures, and identifying areas for improvement within SOC operations and processes. Additionally, you will be expected to conduct regular performance reviews of security systems, lead post-incident reviews to drive enhancements, and provide strategic insights and recommendations to strengthen our overall security posture. To excel in this role, you must hold a B.E./B.Tech in Computer Science, IT, Electronics, or a related field, or an M.Sc. IT/MCA from a recognized university. Your technical expertise should encompass advanced proficiency in handling security incidents, optimizing SOC operations, enforcing security protocols, and a deep understanding of Malware Reverse Engineering, Exploit Development, Security Breach Investigation, and Threat Hunting. Moreover, you should have proven experience with SIEM (preferably ArcSight), IDS/IPS, and other security tools, along with a solid grasp of security operations and advanced threat analysis. Familiarity with Cyber Forensics principles and strong leadership skills to drive security initiatives will be essential for success in this position. A certification in one of the following is preferred: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Certified Enterprise Defender (GCED), Certified Information Security Auditor (CISA), GIAC Enterprise Vulnerability Assessor (GEVA), Certified Incident Handler (ECIH), or CompTIA Cyber Security Analyst (CySA+). If you have 6+ years of experience in SOC administration and possess the requisite qualifications, skills, and certifications, we invite you to apply for this position located in Shastri Park, Delhi, India. Work mode is from the office with day shifts between 8 AM and 10 PM, offering a competitive budget of 18-22 LPA.,

Dear Candidate, We are looking for a skilled Cybersecurity Analyst to monitor, detect, and respond to security threats. If you have expertise in threat intelligence, SIEM tools, and incident response, wed love to hear from you! Key Responsibilities: Monitor network traffic and systems for potential security threats. Investigate and analyze security incidents to prevent breaches. Implement security controls and best practices for data protection. Manage security tools such as SIEM, IDS/IPS, and endpoint protection. Conduct vulnerability assessments and recommend mitigation strategies. Ensure compliance with security standards like ISO 27001, NIST, and GDPR. Required Skills & Qualifications: Strong knowledge of security frameworks and incident response. Experience with SIEM tools (Splunk, QRadar, ArcSight). Proficiency in scripting (Python, Bash, PowerShell) for security automation. Understanding of network protocols, firewalls, and VPN security. Knowledge of penetration testing and ethical hacking techniques. Soft Skills: Strong analytical and problem-solving skills. Excellent attention to detail and ability to work under pressure. Good communication and teamwork skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

Company Overview Incedo is a US-based consulting, data science and technology services firm with over 3000 people helping clients from our six offices across US, Mexico and India. We help our clients achieve competitive advantage through end-to-end digital transformation. Our uniqueness lies in bringing together strong engineering, data science, and design capabilities coupled with deep domain understanding. We combine services and products to maximize business impact for our clients in telecom, Banking, Wealth Management, product engineering and life science & healthcare industries. Working at Incedo will provide you an opportunity to work with industry leading client organizations, deep technology and domain experts, and global teams. Incedo University, our learning platform, provides ample learning opportunities starting with a structured onboarding program and carrying throughout various stages of your career. A variety of fun activities is also an integral part of our friendly work environment. Our flexible career paths allow you to grow into a program manager, a technical architect or a domain expert based on your skills and interests. Our Mission is to enable our clients to maximize business impact from technology by Harnessing the transformational impact of emerging technologies Bridging the gap between business and technology Role Description Position Description: Incedo is seeking a SOC Analyst (L3/Tier 3/Threat Hunter) to join our rapidly growing cybersecurity team! Role and responsibilities: Participate in a rotating SOC on-call; rotation is based on the number of team members. Provide first-line SOC support with timely triage, routing and analysis of SOC tasks. Researches, develops, and monitors custom visualizations. Researches, analyzes, and writes documents such as cybersecurity briefings for all levels of stakeholders from Tier 1-3 SOC, security engineering, and executives. Tunes and develops SIEM correlation logic for threat detection. Ensures documentation is accurate and complete, meets editorial and government specifications, and adheres to standards for quality, graphics, coverage, format, and style. Develop scripts using Python to automate IR functions, including (but not limited to) IOC ingestion and SIEM integration via REST APIs to minimize repetition of duties and automate tasks. Produce and review aggregated performance metrics. Perform Cyber Threat Assessment and Remediation Analysis Processing, organizing, and analyzing incident indicators retrieved from the client environment and correlating said indicators to various intelligence data. Assisting in the coordination with internal teams as well as in the creation of engagement deliverables for a multitude of activities, including but not limited to Insider Threats, Rule of Engagement (ROE), Threat Hunting, After Action Reports, and other artifacts to support testing, monitoring and protecting the enterprise. Investigate network and host detection and monitoring systems to advise engagement processes.Develop and Execute bash and python scripts to process discrete log files and extract specific incident indicators; develop tools to aid in Tier 1 and Tier 2 functions. Participate in on-call rotation for after-hours security and/or engineering issues. Participate in the increase of effectiveness and efficiency of the SOC, through improvements to each function as well as coordination and communication between support and business functions. Think critically and creatively while analyzing security events, network traffic, and logs to engineer new detection methods. Work directly with Security and SOC leadership on cyber threat intelligence reports to convert intelligence into useful detection. Technical Skills Required Experience / Skills: Minimum of nine (9) years technical experience 7+ years of experience in SOC, security operations, cyber technical analysis, threat hunting, and threat attribution assessment with increasing responsibilities. 3+ years of rule development and tuning experience 1+ years of Incident response Deep understanding of Cyber Threat TTPs, Threat Hunt, and the application of the MITRE Attack Framework Knowledge of security operations and attacker tactics Ability to identify cyber-attacks and develop monitoring logic Experience supporting 24x7x365 SOC operations including but not limited to Alert and notification activities- analysis/triage/response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported alerts and Incidents. Support alert and notification triage, review/analysis through resolution / close Manage multiple tickets/alerts in parallel, including end-user coordination. Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response. Solid understanding and experience analyzing security events generated from security tools and devices not limited to QRadar, MS Sentinel, FireEye, Elastic, SourceFire, Malware Bytes, CarbonBlack/Bit9, Splunk, Prisma Cloud/Compute, Cisco IronPort, BlueCoat Experience and solid understanding of Malware analysis Demonstrated proficiencies with one or more toolsets such as QRadar, MS Sentinel, Bit9/CarbonBlack, Endgame, FireEye HX / CM / ETP, Elastic Kibana Experience and ability to use, contribute, develop and follow Standard Operating Procedures (SOPs) Nice-to-have skills In-depth experience with processing and triage of Security Alerts from multiple sources but not limited to: Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources Experience with scripting languages applied to SOC operations; for example, automating investigations with tools, automating IOC reviews, support SOAR development. Experience with bash, python, and Windows PowerShell scripting Demonstrated experience with triage and resolution of SOC tasks, including but not limited to vulnerability announcements, phishing email review, Tier 1 IR support, SIEM/Security Tools - alert analysis. Demonstrated experience and understanding of event timeline analysis and correlation of events between logs sources. Demonstrated experience with the underlying logs generated by operating systems (Linux/Windows), Network Security Devices, and other enterprise tools. Demonstrated proficiencies with an enterprise SIEM or security analytics solution, including the Elastic Stack or Splunk. Solid understanding and experience analyzing security events generated from security tools and devices not limited to: QRadar, MS Sentinel, Carbon Black, FireEye, Palo Alto, Cylance, and OSSEC Experience and solid understanding of Malware analysis Understanding of security incident response processes Qualifications Qualifications : Bachelors degree in computer science, Information Technology, or a related field. Experience of 5 years or 3 years relevant experience. Strong troubleshooting and problem-solving skills. Excellent communication and interpersonal skills. Ability to work independently and as part of a team. Strong organizational and time management skills. Willingness to work after hours and provide on-call support. Company Value

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do T hreat Intelligence platforms Proactive threat hunting Define hypothesis to test Analyze available logs to test hypothesis Identify potential patterns of malicious behaviour Provide feedback on IOCs/Use cases for real time detection Creating IoC databases for threat hunting 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails

Your role We are looking for an experienced and strategic Detection Engineer across India. The ideal candidate will have a strong background in cybersecurity, detection and Splunk Enterprise Security. Develop and maintain cyber threat detection and hunting capabilities for Organization. Actively research, innovate and uplift in the areas of threat detection and hunting. Develop and maintain attack & use case models against Organizations environment and systems for the purposes of detection and monitoring use cases. Build and maintain continuous validation and assurance of the detection and hunting pipeline. Maximise detection visibility, coverage, and return-on-investment to maintain a defensible architecture across the business. Develop threat/attack models to depict and model detection of known attack vectors. Work with Threat Intelligence, Incident Response and Cyber Orchestration teams to prioritise and develop detection and orchestration capability. Work with the Red Team to actively test and validate detection capabilities Your Profile 5+ years of experience in a CSOC, Cyber detection, Threat Hunting and/or SOAR development role. 5+ years developing detections within a SIEM environment. Experience working with security tools such as endpoint detection and response systems, network anomaly detection, etc. Designing and implementing threat/attack modelling to derive abuse cases, detection logic and automation course of actions. Well versed in the development of detection and hunting strategies for a broad range of cyber threats, including malware, DDOS, hacking, phishing, lateral movement and data exfiltration in the Financial Services sector or similar. Knowledge of the frameworks like NIST Cybersecurity framework, MITRE ATT&CK, Lockheed Martin Cyber Kill Chain or similar methodologies is required What you"ll love about working here You can shape yourcareerwith us. We offer a range of career paths and internal opportunities within Capgemini group. You will also get personalized career guidance from our leaders. You will get comprehensive wellness benefits including health checks, telemedicine, insurance with top-ups, elder care, partner coverage or new parent support via flexible work. At Capgemini, you can work on cutting-edge projectsin tech and engineering with industry leaders or createsolutionsto overcome societal and environmental challenges

We are seeking an experienced and proactive Senior Cyber Security Specialist (SOC Analyst L3) to strengthen our Security Operations Center (SOC) capabilities. This role demands deep expertise in threat hunting , incident response , and digital forensics , with a proven ability to operate independently while confidently engaging with clients. The ideal candidate will play a critical role in identifying, analyzing, and mitigating cyber threats to ensure enterprise security posture. Key Responsibilities: Conduct proactive threat hunting across network and endpoint environments using SIEM, EDR, and threat intelligence platforms. Identify and analyze Indicators of Compromise (IOCs) and adversary Tactics, Techniques, and Procedures (TTPs) . Perform incident response activities , including triage, containment, investigation, remediation, and recovery. Execute forensic analysis on compromised Windows and Linux systems to determine root cause and impact. Coordinate with SOC, IT, and business teams during high-severity security events and ensure effective communication. Develop and fine-tune detection rules, correlation logic, and incident response playbooks . Leverage frameworks such as MITRE ATT&CK and integrate threat intelligence to enhance detection and defense capabilities. Generate detailed incident reports, RCA documentation , and post-incident recommendations. Act as a subject matter expert (SME) for security operations and mentor junior analysts. Required Skills & Qualifications: 4 - 6 years of hands-on experience in SOC operations , threat hunting , and incident response . Proven ability to work independently and handle client interactions with professionalism and confidence. Strong knowledge of networking concepts , Windows OS , and Linux OS internals. Proficiency in using SIEM tools (e.g., Splunk, QRadar, Sentinel) and EDR solutions (e.g., CrowdStrike, Carbon Black, Defender). Deep understanding of cyberattack lifecycles , threat vectors, and advanced persistence mechanisms. Solid grasp of MITRE ATT&CK , cyber kill chain , and threat modeling methodologies. Experience in forensic tools and techniques for memory, disk, and network forensics. Excellent analytical , problem-solving , and communication skills (both verbal and written). Certifications: Mandatory: CEH, E|CIH, or equivalent Preferred: GCFA, CHFI, GCIH, or other advanced cybersecurity certification

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Threat Hunting Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. A typical day involves collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud security threats and solutions. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in security practices.- Evaluate and recommend new security technologies and tools to improve the overall security posture. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Threat Hunting.- Strong understanding of cloud security principles and frameworks.- Experience with incident response and threat intelligence.- Familiarity with security compliance standards such as ISO 27001 and NIST.- Ability to analyze security incidents and develop mitigation strategies. Additional Information:- The candidate should have minimum 7.5 years of experience in Security Threat Hunting.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

As a member of the F5 Bot Defense Tactical Security team, your role will encompass driving the advancement of cutting-edge bot defense technology offered as a service. Collaborating seamlessly with counterparts in both product and engineering groups, you will play a pivotal role in fortifying F5s proactive stance against emerging threats. Your journey will involve immersing yourself in a comprehensive grasp of the diverse OWASP Automated Threats to Web Applications across industries, and actively tracking the dynamic evolution of attacker tools, tactics and procedures throughout their campaigns. Join us in shaping the future of security and ensuring F5 remains at the forefront of safeguarding Web applications. Job Duties and Responsibilities Responsible for the real-time mitigation and analysis of threats on F5s customer applications and platforms Configure and maintain current iterations of monitoring and alerting tools and participate in the development process to improve their performance and effectiveness Create and review documentation and process regarding recurring incidents, new standard operating procedures/runbooks, knowledge transfer material, etc. Recommend and drive process improvements to enhance operational efficiency Work closely with Research, Engineering, Technical Account Managers and other teams cross-functionally within the company Assist, mentor and train analysts regarding detecting, monitoring and escalating security incidents Work firsthand with F5 customers to handle escalations and recommend strategies for on-going threats to improve security posture Qualifications: B.S. or equivalent experience in the technology or security field (coding, sql or any database querying, threat hunting) Technical background, with demonstrable experience in web and mobile application technologies, networking, and cybersecurity Working knowledge of the various components of a modern, scalable web application, including CDNs, proxies, load balancers, application servers, WAFs, etc. Familiar with querying and data analysis of large data sets (SQL, Python, ElasticSearch, Splunk, excel) Ability to thrive in a fast-paced environment; Self-motivated and proactive, with demonstrated creative and critical thinking capabilities. 3+ years of experience.