234 Threat Hunting Jobs - Page 7

Cyber & Information Security team is seeking a Third-Party Security Analyst. Reporting to the Director of Cyber & Information Security, the analyst will perform third-party security assessments. You will work with a team of professional Security Analysts leveraging Next Gen security tools to perform the full lifecycle of third-party reviews from onboarding to real-time monitoring of vendors and suppliers. Responsibilities, Functions and Duties : - Conduct technical security assessments of third-party vendors, suppliers and partners by reviewing their security controls, adherence to regulations, compliance and contracts. - Analyze third-party security assessment findings and document security risks within the management software for tracking of risk reporting. - Coordinate with various stakeholders to verify and remediate security risk findings. - Develop KRIs and KPIs around third-party risk assessments and the remediation of key findings. - Develop, Update, and Publish Policies and Standard Operating Procedures for third-party risk management. - Continuously monitor for active vulnerabilities and cyber events against our vendors and suppliers. - Participate in third-party cyber incident response by reaching out to impacted vendors and tracking remediation. - Be an ambassador for Cyber & Information Security within Crum & Forster. Requirements Knowledge and Requirements : - Previous experience performing technical security audits or third-party assessments. - Understanding of current Cyber Vulnerabilities & threats. - Knowledge of security assessments (SOC reports, ISO/NIST, vulnerability and pen testing assessments). - Fundamental understanding of system and network security principles and technology. - Ability to interface with a wide audience of technical and non-technical personnel. Cyber 3rd Party Risk Analyst - Ability to prioritize and manage workloads and deadlines. - Excellent written and verbal communication skills. - Self-starter who is motivated and driven to learn. - Bachelors degree in a technical discipline or equivalent experience Preferred Qualifications : - Prior experience and/or certifications in AWS, Azure, and/or GCP. - Experience in performing third-party assessments of SaaS providers and vendors operating in cloud environments. - Experience performing risk assessments. - Any Security focused Certifications. - 3-5 year Cybersecurity related experience.

SOC Analyst / Security Engineer - Vacancies for FRESHERS (Level-1 / Those who completed the courses or learnt on their own) & EXPERIENCED (Level-1 & Level-2 / Those who have experienced in Cyber Security Domain only) SOC Analyst / Security Engineer who is familiar or interested to work with Windows, Linux, and cloud environments technical skills. Any courses/certification like CompTIA Security+, GSEC, EC-Council Certified SOC Analyst (CSA), Microsoft SC-200(Security Operations Analyst Associate), Cisco Cyber Ops Associate, Splunk Core Certified User / Analyst are preferable. Responsibilities Capable of understanding the training & Nature of works on Job Responsibilities. Monitor and assess alerts generated by security monitoring systems such as SIEMs and EDR platforms. Analyze logs, network activity, and endpoint behavior to detect suspicious or malicious activity. Execute initial incident triage and escalate complex threats to senior teams as needed. Collaborate with internal teams on containment, eradication, and recovery processes. Maintain detailed records of security events and actions taken in internal tracking systems. Continuously fine-tune detection rules and alert thresholds to improve incident accuracy. Stay informed on the latest tactics, techniques, and procedures (TTPs) used by threat actors. Support proactive initiatives like threat hunting and vulnerability assessments. Contribute to red/blue team simulations and post-incident reviews. Help develop and refine operational playbooks and standard response workflows. Capable for Rotational shifts (Morning / Forenoon / Evening / Night) as its 24 X 7 organization & Adoptable for the working environment & Night Shifts. Maintain the System Security, identify threats and install / configure Software. Solid grasp of network protocols, endpoint defenses, and common attack vectors. Familiar with one or more SIEM solutions (e.g., Splunk, Sentinel, QRadar). Comfortable navigating both Windows and Linux environment. knowledge of cloud platforms & Malware analysis is a plus. Understanding of TCP/IP, DNS, HTTP, and common attack vectors Understanding of cybersecurity frameworks such as MITRE ATT&CK or NIST. Strong Interpersonal and Oral/Non-Oral English Communication skills to Handle Chats & Mails if needed. 1 to 3 years of experience in a SOC or technical security role is an added advantage. To be Sincere and Honest towards the Job Responsibilities. Perks and Benefits Other Allowances Negotiable Based on Availability & Experience. For clarification Contact - HR +91 87543 01002 jobs@oryon.in

Role & responsibilities Position Summary: We are seeking an experienced and proactive Threat Intelligence & IR Lead to oversee our SOC threat intelligence and ensure the security of our organizations assets. The ideal candidate will have a minimum of 7 years of experience in cybersecurity, with a strong focus on threat intelligence, threat hunting, analysis & incident response. You will be responsible for identifying, analyzing, and mitigating threats to protect the organization's infrastructure, data, and operations. Key Responsibilities: Threat Intelligence & Incident Response : Develop, implement, and manage the organizations threat intelligence strategy and program. Lead a team of threat SOC analysts and ensure timely identification of emerging threats. Threat Identification and Analysis: Monitor and analyze cyber threat data, including data banks , data lakes , API access controls , threat feeds, and intelligence platforms. Identify trends, techniques, tactics, and procedures (TTPs) of threat actors and provide actionable insights. Collaboration and Reporting: Collaborate with internal teams (e.g., SOC, incident response, and risk management) to share threat intelligence insights. Prepare detailed threat reports and brief senior management on the organizations threat landscape. Threat Hunting and Mitigation: Conduct proactive threat-hunting activities to identify vulnerabilities and weaknesses in the organization’s systems. Recommend and implement mitigation strategies to address identified threats. Tool and Technology Management: Evaluate, implement, and maintain tools and technologies to support the threat intelligence program. Automate threat detection processes and maintain integrations with security operations platforms. Industry Engagement: Participate in threat intelligence sharing forums and build relationships with external organizations to stay updated on evolving threats. Qualifications and Experience: Minimum of 7 years of experience in cybersecurity, with at least 3 years in a threat intelligence or similar role. Strong knowledge of cyber threat landscapes, attack vectors, and defensive strategies. Hands-on experience with threat intelligence platforms (TIPs), SIEMs, and other security tools. Familiarity with frameworks such as MITRE ATT&CK, NIST, and Cyber Kill Chain. Experience in analyzing threat data, including malware, indicators of compromise (IoCs), and vulnerabilities. Excellent analytical, communication, and problem-solving skills. Relevant certifications (e.g., CISSP, CEH, GIAC, GCTI) are preferred. Educational Requirements: Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field. Master’s degree preferred. Key Competencies: Strong leadership and team management skills. Ability to work under pressure in fast-paced, high-stakes environments. Detail-oriented with a focus on continuous learning and staying ahead of emerging threats. This role offers the opportunity to lead a critical function within our cybersecurity operations and make a tangible impact on the organization's security posture. If you are passionate about staying ahead of cyber threats and have a proven track record in threat intelligence, we encourage you to apply.

JD 1. Hands-on experience on Insider Threat/Risk Tools like Microsoft Purview Insider Risk Management or its competitors (like Proofpoint Insider Threat Management, Splunk User Behavior Analytics, Securonix UEBA, QRadar User Behavior Analytics) 2. Experience in triaging Insider Threat/Risk alerts 3. Working in the Insider Threat team of the Security department. 4. Experience producing Insider Threat reports for C-level leaders. 5. Experience in setting up IRM policies and monitoring them. 6. Understanding of AI, Large Language models, prompt engineering is a plus.

Reporting Structure Reports to Chief Manager - Security Operations Cyber Security Designation Program Lead Threat hunting Education: University degree in the field of computer science Or IT is preferable. However, any graduate with relevant experience and technical certifications in the domain can be considered for the Vacancy. Desired Experience/Exposure Minimum 10 years of experience in a technical role in the areas of Security Operations, Cyber Incident Response with extensive experience performing Threat hunting on IT Systems, Network and Endpoints. With at least 7 years in threat hunting, incident response, or SOC roles. Proficiency in SIEM platforms (Splunk, Sentinel, QRadar, etc.) XDR and EDR tools (CrowdStrike, Carbon Black, etc.). Experience with scripting (Python, PowerShell, etc.) and automating threat detection or hunting tasks. Strong understanding of Windows, Linux, and network protocols. Familiarity with threat intelligence sources and frameworks (MITRE ATT&CK, Diamond Model, Cyber Kill Chain). Ability to proactively find cybersecurity threats and mitigate them. Knowledge about Advanced persistent threats and treat actors, their TTPs. Ability to recognize attack patterns and corelate them with specific threat actors. Ability to obtain as much information on threat behaviour, goals and methods as possible. Knowledge of Analytics platforms for carrying out detailed analytics of obtained telemetry. Industry Financial Domain (Banking / NBFC experience is desirable) Responsibilities Use Various available Security controls and the telemetry data within to conduct proactive threat hunts using a hypothesis-based approach. Coordinate with various stakeholders to obtain the data as required. Conduct proactive threat hunting across systems, networks, and endpoints using a variety of tools and data sources. Analyse large datasets (logs, packet captures, alerts) to identify anomalies, malicious activity, and Indicators of Compromise (IOCs). Develop and test hunting hypotheses based on threat intelligence, adversary emulation, and red team activities. Collaborate with SOC analysts, incident responders, and threat intelligence teams to improve detection rules and response strategies. Create custom detection logic and fine-tune SIEM/EDR alerts. Provide detailed reports and briefings to stakeholders about findings and mitigation strategies. Continuously improve hunting methodologies, automation, and use of threat hunting frameworks (e.g., MITRE ATT&CK). Stay current on emerging threats, vulnerabilities, and cyber-attack techniques. Identify Risks and Threats based on threat hunts undertaken. Communicate with Senior Management and other stakeholders about the findings and to take necessary actions. Work with Security Operations to take the identified anomalies to a conclusion. Prepare monthly reports on threat hunts and able to showcase ROI of the overall threat hunting program. Certifications Security certifications such as GCFA, GCTI, GCIA, OSCP, CEH, or similar. Experience using threat hunting platforms or custom-built hunting environments.

Managed Services SOC Manager Job Summary: The Security Operations Center (SOC) Security L-2 Analyst serves in a SOC team, is responsible for conducting information security investigations as a result of security incidents identified by the Level-1 security analysts who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone). The L2 SOC Security Analyst is expected to have a solid understanding of information security and computer systems concepts and should be ready to work in shifts. An engineer in this position act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques. Job Description : Responsible for conducting information security investigations as a result of security incidents identified by the Level 1 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone), Act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques. Should have experience in Developing new correlation rules & Parser writing Experience in Log source integration Act as the lead coordinator to individual information security incidents. Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Center. Document incidents from initial detection through final resolution. Participate in security incident management and vulnerability management processes. Coordinate with IT teams on escalations, tracking, performance issues, and outages. Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats. Communicate effectively with customers, teammates, and management. Prepare Monthly Executive Summary Reports for managed clients and continuously improve their content and presentation. Provide recommendations in tuning and optimization of security systems, SOC security process, procedures and policies. Define, create and maintain SIEM correlation rules, customer build documents, security process and procedures. Follow ITIL practices regarding incident, problem and change management. Staying up-to-date with emerging security threats including applicable regulatory security requirements. Maintain an inventory of the procedures used by the SOC and regularly evaluate the SOC procedures and add, remove, and update the procedures as appropriate Publish weekly reports to applicable teams Generate monthly reports on SOC activity Secondary skills like AV, HIPS, DCS, VA/ PT desirable Required Technical Expertise Must have experience in SIEM Management tool (QRADAR) Should have certifications like, ITIL, CCNA, CEH, VA (Product) Certification, CISM Process and Procedure adherence General network knowledge and TCP/IP Troubleshooting Ability to trace down an endpoint on the network, based on ticket information Familiarity with system log information and what it means Understanding of common network services (web, mail, DNS, authentication) Knowledge of host based firewalls, Anti-Malware, HIDS General Desktop OS and Server OS knowledge TCP/IP, Internet Routing, UNIX / LINUX & Windows NT

Warm Greetings from SP Staffing!! Role :SOC Analyst Experience Required :3 to 8 yrs Work Location :Bangalore Required Skills, Security operations SOC1, SOC2 , FFIEC , GDPR Interested candidates can send resumes to nandhini.spstaffing@gmail.com

Why you'll LOVE Sagent: You could work anywhere. We know you are talented and looking for something inspiring and impactful. A place where you will make a difference and have a great time doing it! By choosing Sagent, you can be part of our mission to make loans and homeownership simpler and safer for all US consumers. Sagent powers servicers and consumers. You power Sagent! About the Opportunity: Sagent is seeking a Senior Threat Analyst to join a growing team responsible for securing next-generation, cloud-native financial technology systems. We are seeking a skilled and motivated Threat Analyst to join our growing team. This role offers the opportunity to work in a dynamic environment where your expertise will play a critical role identifying, analyzing, and mitigating security threats. You will be responsible for monitoring, analyzing, and responding to potential security incidents, performing in-depth security investigations, and executing regular threat hunting campaigns across the organization. If you are passionate about information security, possess a keen eye for detail, we encourage you to apply and be a part of our mission to safeguard our digital landscape. We'd love to hear from you if you have: Willingness to work outside of standard business hours during critical incidents. Prior experience administrating and securing IT systems or networks (~5+ years), preferably with both in public cloud environment(s) and physical data center location(s). Proven mastery of SQL-like query languages, and proficient in data manipulation and analysis techniques to extract actionable insights from large and complex cybersecurity datasets. Demonstrated ability to maintain collected demeanor under high-pressure security incident response scenarios. Proficiency of MITRE ATT&CK framework and its application to threat hunting campaign scenarios, as a bonus in hybrid cloud environments. Hands-on experience professionally administrating and securing both Windows and Unix/Linux operating systems, and common threats that each are susceptible to. Proven expertise in identifying, analyzing, and mitigating threats that could impact cloud-based and containerized workloads. Experience administrating cloud IaaS and PaaS infrastructure is a plus. Deep understanding of the OSI model and a wide range of common network protocols, enabling effective analysis, detection, and mitigation of security threats at various layers of the network stack. Extensive experience working within Security Information and Event Management (SIEM) platforms, especially building, and optimizing custom detection rules. Excellent communication skills with ability to effectively translate complex technical concepts and findings into clear and concise insights for non-technical stakeholders, fostering collaboration and informed decision-making across cross functional teams. Expertise of scripting languages such as Python (preferred), Bash scripting, or Powershell; prior experience using scripting to automate tasks. Extensive experience working with modern defense-in-depth security tools and technologies such as Intrusion Detection and Prevention (IDS/IPS), Endpoint Detection and Response (EDR) solutions, Cloud Native Application Protection Platform (CNAPP) and Web Application Firewalls (WAF) Enthusiasm for security automation and creative technical ability to identify time-saving or novel automation workflows. Proven understanding of common web-based attacks at runtime, such as those found OWASP Top 10, and how to respond/mitigate each from an operational standpoint. Extensive experience detecting and mitigating email-based threats, including phishing, malware, and spoofing, and as a bonus, hands-on experience in administering and configuring email security tools and protocols to safeguard against these threats. Thorough understanding of threat modeling concepts and methodologies, with the ability to identify compound attack vectors. Support the larger Information Security team & IT teams with security expertise and assistance as needed. Perks! As a Sagent Associate, you will be eligible to participate in our benefit programs beginning on Day #1! We offer a comprehensive package including Remote/Hybrid workplace options, Group Medical Coverage, Group Personal Accidental, Group Term Life Insurance Benefits, Flexible Time Off, Food@Work, Career Pathing, Summer Fridays and much, much more!

Architect, implement, and maintain secure, high-performance network infrastructure. Deploy and manage firewalls, routers, switches, VPNs, IDS/IPS, and secure wireless environments. Lead network security initiatives including segmentation, policy enforcement, and hardening. Conduct network security audits and vulnerability assessments with detailed reporting. Proactively monitor for threats, perform incident response, and mitigate risks. Ensure compliance with cybersecurity best practices, industry frameworks, and client policies. Help deploy, configure, and maintain SIEM platforms (e.g., Splunk, LogRhythm, Sentinel, etc) to aggregate logs and detect anomalies. Perform log analysis, threat hunting, and correlation rule tuning within SIEM systems. Help manage and monitor endpoint protection platforms (e.g., CrowdStrike, SentinelOne, Sophos, EDR/XDR solutions). Collaborate with internal teams and clients to develop tailored network and endpoint security solutions. Act as a subject matter expert (SME) on networking and cybersecurity during sales, planning, and strategy sessions. Document network architectures, policies, configurations, and processes. Manage and lead infrastructure upgrades, migrations, and disaster recovery planning. Stay current with emerging threats, technologies, and compliance regulations. Requirements Degree in Information Systems, Computer Science, Cybersecurity, or equivalent work experience. 8-10 years of enterprise networking and infrastructure experience.

ANZEN Technologies Private Limited. stands as an unparalleled powerhouse, empowering organizations across industries with our visionary services, cutting-edge solutions, and ground-breaking services in the realm of Cyber Security, IT Governance, Risk Management, and Compliance. As your trusted partner, we offer a comprehensive suite of End-to-End security services and consultancy, tailored to safeguard critical infrastructure installations, elevate the standards of BFSI, eCommerce, IT/ITES, Pharmaceuticals, and an array of other sectors. JD :- 1. Designing and deploying a SIEM system. 2. Managing the day-to-day operations of the SIEM system. 3. Perform detailed security event/incident analysis/RCA. 4. Create Correlation Rules in SIEM. Create, Modify and fine tune the SIEM rules to adjust the specifications of alerts and incidents. 5. Perform device integration with SIEM. 6. Develop reports from SIEM for compliance requirements. 7. Monitor Correlated Security Event/Incident and perform investigation along with respective team. 8. Troubleshoot with other support group on the systems that are not logging into the SIEM. Assist customers to fully optimize the SIEM system capabilities. 9. Integration of customized threat intelligence content feeds provided by the Threat Intelligence & Analytics service. 10. Good knowledge and experience of Security Monitoring tools 11. Good knowledge and experience of Cyber Incident Response 12. Good communication and advocacy skills, both verbal and written, with the ability to express complex technical issues in an easily understood manner. 13. Knowledge regarding the security solutions is must such as IPS/IDS, WAF, Proxy, Firewall, AV, EDR etc. 14. Understanding of common network services (Web, Mail, FTP, etc.), network vulnerabilities, and network attack patterns. 15. Experienced in working with both Windows and Unix based server environments. 16. Knowledge of Threat Intelligence platforms and should know about Threat hunting

Role & responsibilities Daily review of security alerts/logs with follow-up on any suspicious activity Perform investigation of network and hosts/endpoints for malicious activity, to include analysis of packet captures, and assist in efforts to detect, confirm, contain, remediate, and recover from attacks. Proactively monitor, identify and analyze complex internal and external threats, including viruses, targeted attacks and unauthorized access, and mitigate risk to IT systems Work in concert with team members, Information Security engineering, and relevant Subject Matter Experts to process, analyze and drive the remediation of identified IT related vulnerabilities Responsible to follow the IT Security Incident Response policies and tools Contribute to Information Security policies, standards, and supporting documentation Root cause analysis, troubleshoot complex issues with existing security and privacy protection protocols Responding to inbound security monitoring alerts, emails, and inquiries from the organization. Providing support for Incident Response, including evidence collection, documentation, communications, and reporting Maintaining and improving standard operating procedures and processes

Role & responsibilities Primary Skill: Threat Intelligence, Threat Hunting, Threat Detection Engineers with experience in writing SPL (Splunk Processing Language), Mitre Framework. Secondary Skill: DataBricks, MDE Threat Intelligence, Threat Hunting, Splunk Enterprise Security, Cyber Security SME, Splunk Power User, Mitre Framework JD: • In-depth knowledge of external attacks and detection techniques to be able to run analysis of the requirements provided by threat intelligence / SOC teams, generate list of rules that could be implemented (based on self analysis of a threat and avaiable log sources), work with SOC team to operationalize and Purple Team to test.. • Familiarity with MITRE ATT&CK framework and Tactics, Techniques, and Procedures (TTPs). • Experience with security tools such as Splunk, MDE , Databricks to be able to write custom detections to detect various threats (preferably MDE) So to give you better picture, I will give some examples. Person needs to be able to navigate through Mitre framework to be able to assign correct technique to the rule that is worked on. Must be able to tell what Beaconing does or CnC channel means, methods to detect, logs to use (ofc not limited to, in general must know common attach techniques and how to detect them - external threat attacks on prem / cloud). Must be familiar with Cobalt Strike meaning (generic knowledge what it does, not how to use it). Manually write SPL / KQL / SQL rules in one of our tools, generated alerts and get them validated by asking Purple team to run a simulation. Talk to CDC on operationalizing the rule

Role: The Security Operations (SOC) - Engineer is responsible for monitoring the environment, identifying, reporting, and responding to security threats that put the organization at risk. The primary function of this position is to monitor the security tools and perform alert management and initial incident qualification. Job Description Acknowledge, analyze, and validate incidents triggered from multiple security tools like IDS/IPS, Web Application Firewall, Firewalls, Endpoint Detection & Response tools, and events through SIEM solution Acknowledge, analyze, and validate incidents received through other reporting mechanisms such as email, phone calls, management directions, etc. Collection of necessary logs that could help in the incident containment and security investigation Escalate validated and confirmed incidents to Security administrators Undertake first stages of false positive and false negative analysis Understand the structure and the meaning of logs from different log sources such as FW, IDS/IPS, WAF, Windows DC, Cloudflare, AV and antimalware software, O365 email security etc. Open incidents in ticketing platform to report the alarms triggered or threats detected. Track and update incidents and requests based on updates and analysis results Report infrastructure issues to the IMS Team Working with vendors to work on security issues. Perform other duties as assigned Skills: Strong security knowledge Should have expertise on TCP/IP network traffic and event log analysis Experience with Linux, Windows and Network Operating Systems required. Knowledge and hands-on experience in management of IDS/IPS, Firewall, VPN, and other security products Experience in Security Information Event Management (SIEM) tools, creation of basic co-relation rules, and administration of SIEM Knowledge and hands-on experience in Log management & Endpoint detection and response tools Knowledge of ITIL disciplines such as Incident, Problem and Change Management Strong interpersonal skills including excellent written/verbal communication skills Interview Process: Technical Interview HRBP Interview Consent: Consent: we will use your resume for current full-time job openings with us and retain it for future opportunities

Proactively lead and support incident response team during an incident. Experience in advance investigation, triaging, analysis and escalation of security incidents with recommendations Hands-on basic experience with configurations and management of SIEM tools(Qradar)including log source integrations, custom parser built, fine tuning and optimizing the correlation rules and use cases recommendations Is MUST. Proven Experience on any of the Security information and event management (SIEM) tools using Qradar Data-driven threat hunting using SIEM, EDR and XDR tools Basic Experience is SOAR tools such as Qradar Resilient, PaloAlto XSOAR Identify quick defence techniques till permanent resolution. Recognize successful intrusions and compromises through review and analysis of relevant event detail information. Review incidents escalated by Level 1 analysts. Launch and track investigations to resolution. Recognize attacks based on their signatures, differentiates false positives from true intrusion attempts. Actively investigates the latest in security vulnerabilities, advisories, incidents, and penetration techniques and notifies end users when appropriate. Identify the gaps in security environment & suggest the gap closure Drive & Support Change Management Performs and reviews tasks as identified in a daily task list. Report Generation and Trend Analysis. Participate in the Weekly and Monthly governance calls to support the SOC metrics reporting Good to have hands on experience with managing SIEM solutions on public/private clouds like Amazon AWS, Microsoft Azure, etc. Willing to work in 24x7 rotational shift model including night shift. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 5+ YearsHands-on experience required in Qradar SIEM and SOAR. Desired experience in Threat hunting, Threat intelligence. Worked on tools belongs to Qradar, UEBA, UAX. Bachelor’s degree in engineering/information security, or a related field. Relevant certifications such as CEH, CISSP, CISM, CompTIA CASP+, or equivalent. Proven experience to work in a SOC environment. Preferred technical and professional experience Proven experience in managing and responding to complex security incidents. Strong analytical and problem-solving skills. Excellent communication and collaboration abilities. Ability to work in a fast-paced, dynamic environment. Deep technical knowledge of security technologies and advanced threat landscapes.

Proactively lead and support incident response team during an incident. Experience in advance investigation, triaging, analysis and escalation of security incidents with recommendations Hands-on basic experience with configurations and management of SIEM tools(Qradar)including log source integrations, custom parser built, fine tuning and optimizing the correlation rules and use cases recommendations Is MUST. Proven Experience on any of the Security information and event management (SIEM) tools using Qradar Data-driven threat hunting using SIEM, EDR and XDR tools Basic Experience is SOAR tools such as Qradar Resilient, PaloAlto XSOAR Identify quick defence techniques till permanent resolution. Recognize successful intrusions and compromises through review and analysis of relevant event detail information. Review incidents escalated by Level 1 analysts. Launch and track investigations to resolution. Recognize attacks based on their signatures, differentiates false positives from true intrusion attempts. Actively investigates the latest in security vulnerabilities, advisories, incidents, and penetration techniques and notifies end users when appropriate. Identify the gaps in security environment & suggest the gap closure Drive & Support Change Management Performs and reviews tasks as identified in a daily task list. Report Generation and Trend Analysis. Participate in the Weekly and Monthly governance calls to support the SOC metrics reporting Good to have hands on experience with managing SIEM solutions on public/private clouds like Amazon AWS, Microsoft Azure, etc. Willing to work in 24x7 rotational shift model including night shift. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 5+ Years Hands-on experience required in Qradar SIEM and SOAR. Desired experience in Threat hunting, Threat intelligence. Worked on tools belongs to Qradar, UEBA, UAX. Bachelor’s degree in engineering/information security, or a related field. Relevant certifications such as CEH, CISSP, CISM, CompTIA CASP+, or equivalent. Proven experience to work in a SOC environment. Preferred technical and professional experience Proven experience in managing and responding to complex security incidents. Strong analytical and problem-solving skills. Excellent communication and collaboration abilities. Ability to work in a fast-paced, dynamic environment. Deep technical knowledge of security technologies and advanced threat landscapes.

As Security Services Consultant, you are responsible for managing day to day operations of Security Device Management SIEM, Arcsight, Qradar, incident response, threat hunting, Use case engineering, SOC analyst, device integration with SIEM. If you thrive in a dynamic, reciprocal workplace, IBM provides an environment to explore new opportunities every single day. And if you relish the freedom to bring creative, thoughtful solutions to the table, there's no limit to what you can accomplish here. What will you do * Responsible for implementation partner to see project on track along with providing required reports to management and client Handle the project as well as BAU operations while ensuring high level of systems security compliance Coordinate with and act as an authority to resolve incidents by working with other information security specialists to correlate threat assessment data. Analyze data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise 4+ years of experience in IT security with at least 3+ Years in SOC. Expertise in Security Device Management SIEM, Arcsight, Qradar, incident response, threat hunting, Use case engineering, SOC analyst, device integration with SIEM Working knowledge of industry standard risk, governance and security standard methodologies Proficient in incident response processes - detection, triage, incident analysis, remediation and reporting Competence with Microsoft Office, e.g. Word, PowerPoint, Excel, Visio, etc. Preferred technical and professional experience One or more security certificationsCEH, Security+, GSEC, GCIH, etc., Ability to multitask and work independently with minimal direction and maximum accountability. Intuitive individual with an ability to manage change and proven time management Proven interpersonal skills while contributing to team effort by accomplishing related results as needed Up-to-date technical knowledge by attending educational workshops, reviewing publications

Dear Candidate, We are seeking a Security Operations Engineer to monitor, detect, investigate, and respond to security incidents and threats across systems and networks. Key Responsibilities: Monitor alerts and logs using SIEM tools (Splunk, QRadar, Sentinel). Analyze security incidents, conduct root cause analysis, and coordinate response. Support threat hunting and vulnerability assessments. Maintain and tune security tools (IDS/IPS, endpoint protection, firewalls). Document incident reports and provide remediation recommendations. Required Skills & Qualifications: Experience in a Security Operations Center (SOC) or similar role. Strong knowledge of cybersecurity concepts and incident response. Familiarity with EDR tools (CrowdStrike, Carbon Black) and log analysis. Scripting and automation skills for detection and response tasks. Security certifications such as CEH, CompTIA Security+, or GCIA are beneficial. Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Srinivasa Reddy Kandi Delivery Manager Integra Technologies

Roles and Responsibilities Conduct threat hunting activities to identify potential security threats and vulnerabilities. Analyze malware samples using various tools such as QRadar, Splunk, and ArcSight. Perform incident response duties including handling incidents, conducting root cause analysis, and implementing remediation measures. Monitor security event logs from multiple sources to detect anomalies and potential security breaches. Collaborate with other teams to develop threat intelligence reports and improve overall security posture. Desired Candidate Profile 7-12 years of experience in Security Operations Center (SOC) or related field. Strong understanding of incident response, threat analysis, threat intelligence gathering, log analysis, and security monitoring concepts. Proficiency in tools like QRadar, Splunk, ArcSight for malware analysis and incident response tasks.

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Accenture MxDR Ops Security Threat Analysis Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build, and protect enterprise systems, applications, data, assets, and people. You will provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Be a crucial part of ensuring the security of the organization's digital assets and operations. Roles & Responsibilities:Perform security monitoring by analyzing logs, traffic and alerts generated by variety of device technologiesTimely response to customer requests like detection capabilities, tuning, etc.Research new threats and provide recommendations to enhance detection capabilitiesStrong desire for continuous learning on vulnerabilities, attacks and countermeasures Identify opportunities for process improvement Professional & Technical Skills: Experience in SOC operations with customer-facing responsibilitiesDeep understanding on cyber security fundamentals, security devices, network defense concepts and threat landscapeHands-on experience in SIEM and threat hunting tools Added advantage in working with any SOAR platformDesirable knowledge in any scripting language and EDR productsStrong customer service and interpersonal skillsStrong problem-solving skillsAbility to communicate clearly at all levels, demonstrating strong verbal and written communication skills.Adaptability to accept change Additional Information:Work as part of analysis team that works 24x7 on a rotational shift Minimum a bachelors or a masters degree in addition to regular 15- year full time educationThe candidate should have minimum 2 years of experience This position is based at our Chennai office. Qualification 15 years full time education

Responsibilities Work in a 24x7 Security Operation Centre (SOC) environment. Provide analysis and trending of security log data from various security devices. Coordinate incident response on a daily basis. Perform threat analysis to improve detection capabilities. Conduct forensic investigations and develop recovery plans. Develop and implement advanced defensive strategies and countermeasures. Engage in threat hunting to identify potential threats that may have bypassed defenses. Communicate effectively through written and visual documents for diverse audiences. Requirements Minimum of 8 - 10 years of experience in Cybersecurity. At least 6 years of working in a Security Operations Center (SOC). Proficient in Incident Management and Response, handling escalations. In-depth knowledge of security concepts such as cyber-attacks, threat vectors, and risk management. Knowledge of various operating system flavors including Windows, Linux, and Unix. Knowledge of TCP/IP protocols and network analysis. Experience with SIEM, SSL, Packet Analysis, HIPS/NIPS, and network monitoring tools. Nice-to-haves Hands-on experience with Splunk. Experience with Proofpoint and Azure security. Ability to suggest fine-tuning of existing security use cases.

Job Description: 5+ years of experience in Security Operations Center and Threat Hunting. Develop and refine threat hunting techniques and tools. Experience in monitoring and alert handling in QRadar SIEM. In-depth knowledge of advanced persistent threats (APTs) and attack vectors. Collaborate with threat intelligence teams to integrate new threat data into hunting processes. Security incident handling and reporting. Experienced in EDR alert analysis, preferably Sentinel One. Preferred candidate profile Bachelor's degree in computer science, Information Security, or related field. Should be flexible to work in 24/7 rotational shifts. Should possess good communication skills.

Qualification Bachelors degree in Cybersecurity, Information Security, Computer Science, or a related field, or equivalent work experience. Strong experience with SIEM (e.g., Splunk, QRadar, ArcSight). Proficient in EDR and Endpoint Security tools (e.g., CrowdStrike, Microsoft Defender). Hands-on experience in threat and malware analysis . Familiarity with email security systems (e.g., Proofpoint, Mimecast). Strong understanding of network protocols, firewalls, and intrusion detection/prevention systems. Knowledge of security frameworks and industry standards (e.g., MITRE ATT&CK, NIST). Excellent analytical and problem-solving skills.

Role & responsibilities: 1. Provides Monitoring and Analysis support of Cybersecurity events Identify and detect security threats Perform initial triage Report security events, in accordance with established processes and procedures Perform threat analysis, risk analysis, security assessments, and vulnerability testing Anticipate threats and alerts to avoid their occurrence Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc. 2. Investigate, analyze, and contain malware incidents Includes performing computer forensic investigations 3. Understanding of common malware types and behaviors and common infection vectors Ability to identify attacker Tactics, Techniques, and procedures (TTPs) Experience with IoC lifecycle (development, organization, sharing, effective usage) 4. Will be responsible for: Developing alerting, reporting, and automated detection solutions Authoring rules and creating new ML features 5. Strong experience in leveraging Next gen SIEM with SOAR/XDR capabilities to detect & investigate the cyber security incident and reporting in defined template. 6. SIEM solution management and maintenance: Ensure health of underlying architecture Create ruleset and alerts to cover the current threat landscape Remediate alerts generated by the system Manage vendor relationship with OEM 7. Security Log Analysis Monitor and analyze the logs from various security tools e.g. SIEM, EDR, DLP, AV etc. and manually correlate system analyzed events 8. Practical/Working experience with tools like EDR, DLP, Zero Trust, Threat intel software, IPS/IDS, Email Security tools 9. Collaborate with various IT groups to collaborate for analysis, troubleshooting, and ensure that their requirements and new initiatives adhere to information security policies and best practices 10. Responding to escalations to resolve detection effectiveness issues (misclassified spam/phish and false positives) Design and develop novel threat detection techniques or methodologies from creating proof-of-concept to productizing the solution. 11. Perform device reviews to ensure compliance with hardening standards, access controls and security related configuration settings 12. Prepare and update security documentation including security procedures, standards, notifications, and alerts in support of other teams within the EgonZehnder Security department. 13. Proactively hunting threats, blue teaming, performing exploit and vulnerability research, all in order to find and a gap that can be exploited by bad actors Preferred candidate profile: 1. Prior work experience in SOC 2. Should be able to conduct advanced forensics including packet captures using tools such as Wireshark, Netmon etc. 3. Knowledge and experience of configuration and operation of SIEM Solutions 4. Expert knowledge of configuration and operation of Security Solutions including, Firewalls, IDS, Internet Filters, DLP, Vulnerability Scanners, Anti Malware Solutions, etc. 5. A basic understanding of Linux and Windows operating systems and OS event logging 6. Strong analytical and problem-solving skills 7. Excellent communication skills both verbal and written 8. Experience in evaluating and implementing new tools, and solutions by working directly with the vendor Relevant Professional Qualifications (Preferred) Certified Ethical Hacker (CEH) Global Information Assurance Certifications (GIAC) e.g. Certified Incident Handler (GCIH), Certified Intrusion Analyst (GCIA), Certified Enterprise Defender (GCED) Benefits: Benefits which make us unique At EZ, we know that great people are what makes a great firm. We value our people and offer employees a comprehensive benefits package. Learn more about what working at Egon Zehnder can mean for you! Benefits Highlights: 5 Days working in a Fast-paced work environment Work directly with the senior management team Reward and Recognition Employee friendly policies Personal development and training Health Benefits, Accident Insurance Potential Growth for you! We will nurture your talent in an inclusive culture that values diversity. You will be doing regular catchups with your Manager who will act as your career coach and guide you in your career goals and aspirations.

https://zrec.in/jXrSD?source=CareerSite

Monitor,analyze security events,alerts across various platforms. Investigate potential security incidents,escalate as appropriate,following defined incident response processes. Correlate events from multiple sources to identify patterns or anomalies Required Candidate profile Lead,participate in threat hunting activities to proactively identify potential threats vulnerabilities Serve as the administrator for SOC tools including SIEM, EDR, SOAR,threat intelligence platforms Perks and benefits To be disclosed post interview