164 Threat Intelligence Jobs - Page 4

Say hello to possibilities. Its not everyday that you consider starting a new career. We’re RingCentral, and we’re happy that someone as talented as you is considering this role. First, a little about us, we’re the global leader in cloud-based communications and collaboration software. We are fundamentally changing the nature of human interaction—giving people the freedom to connect powerfully and personally from anywhere, at any time, on any device. We’re a $2 billion company that’s growing at 30+% annually. Job Type: Full-Time Department: Security This is a great opportunity to work at a rapidly growing, market leading Unified Communications as-a-service company. RingCentral provides Voice-over-IP (VoIP), hosted PBX, voicemail, SMS, e-fax, and HD video meeting solutions for business. About this role: As a SOC Analyst at RingCentral, your primary responsibilities are to implement a comprehensive security monitoring, incident response and threat intelligence program for RingCentral’s global cloud service, corporate and development environments. You will also be collaboratively providing feedback to improve security operations processes, generating actionable analysis and threat intelligence from tools, logs, and other data sources, ensuring strong documentation is in place to support ongoing SOC activities, and reporting your observations to other Security, Operations and IT personnel. Successful Candidates will: Have proven skills in application security, security monitoring, incident response and intrusion analysis Have strong knowledge of the diverse methods and technologies used to attack web/mobile/desktop applications, SaaS infrastructure, and data Think critically, work well under pressure, and possess strong analytical, written, verbal, and interpersonal skills Demonstrated track record of quality processes in candidate’s work history Be strongly self-motivated with an aptitude for both individual and team-oriented work Have experience following and refining standard operating procedures and playbooks Responsibilities: Monitor security events, analyze and investigate alarms, and maintain day-to-day operational activities of a secure cloud environment Engage teams within and outside of RingCentral to mitigate and resolve cases Maintain relevant documentation and audit artifacts Identify and track suspicious system activity Identify trends and patterns, and present them to Security Engineers to enhance our processes and systems This role participates in on-call rotations Qualifications / Requirements: 3+ years in a security engineering, SRE, or SOC roles in a cloud services environment Experience with SIEM Experience investigating security incidents Basic knowledge AWS or GCP Experience with IDS, case management, and related tools and practices Experience with Linux, RedHat preferred Basic knowledge of broad security topics such as encryption, application security, malware, ransomware, etc. Knowledge of network, VoIP and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, SIP, RTP) Preferred Skills/Experience: Any combination of the following certifications: GCIA (GIAC Certified Intrusion Analyst) GCIH (GIAC Certified Incident Handler) GCFA (GIAC Certified Forensic Analyst) GNFA (GIAC Certified Network Forensic Analyst) GCFE (GIAC Forensic Examiner) GASF (GIAC Advanced Smartphone Forensics) GICA GCTI (GIAC Certified Cyber Threat Intelligence) GPEN (GIAC Certified Pentester) GWAPT (GIAC Certified Web Application Pentester) GPYC (GIAC Certified Python Coder) OSCP (Offensive Security Certified Pentester) Experience using Crowdstrike, Cloudflare, FirePower, Splunk, ELK, Imperva, Syslog, packet capture, and Windows Event Log tools and similar tools Knowledge of current hacking techniques, malicious code trends, botnets, exploits, malware, DDoS, and data breach events Strong knowledge of Microsoft Windows Experience automating security tasks, including scripting, programming and/or SecDevOps Experience working with global teams

: Job TitleCSA SIEM Admin (Sentinel) Corporate TitleAssistant Vice President LocationBangalore, India Role Description The COO Chief Information Security Office (CISO) is responsible for addressing information security risks to the Deutsche Bank global IT, as a Security Engineer-AVP, you will play a key technical role in our SIEM Operations team within the Global Cyber Security Engineering & Architecture organization. You will serve as a technical expert for the platform engineering and provide 24x7x365 support for critical security technologies. The role primarily entails hands on technical product design, build & support of multi SIEM platforms Microsoft Sentinel, Chronicle,Splunk. You will be part of a global SIEM Operations Team. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Configure, manage, and optimize Microsoft Sentinel for efficient threat detection and response. Ensure SIEM infrastructure is running optimally, including performance monitoring and issue resolution. Regularly update and optimize SIEM policies, rules and configurations based on evolving threats. Onboard, configure, and manage data connectors from various log sources, including cloud, on-premises, and hybrid environments. Ensure log ingestion health and troubleshoot data collection issues. Develop, implement, and fine-tune analytics rules, detection logic, and playbooks in Sentinel. Assist SOC and incident response teams with log analysis, threat correlation, and incident investigation. Reduce false positives by refining detection rules and optimizing event filtering. Implements and maintains Splunk platform infrastructure and configuration. Designs and optimizes Splunk platform architecture for large-scale and distributed deployments. Good understanding of security frameworks, vulnerability management, and incident response Implement and enhance automation using Kusto Query Language (KQL), Logic Apps , and Microsoft Defender XDR integrations. Maintain SIEM compliance with security policies, industry regulations (e.g., GDPR, NIST, ISO 27001), and best practices. Generate reports and dashboards to provide visibility into security posture and SIEM performance. Experience managing Linux and Windows agents in a Splunk environment. Strong understanding of Splunk system architecture and best practices. Work with SOC, IT, and Cloud Security teams to enhance Sentinel capabilities. Document SIEM configurations, detection use cases, and operational procedures. Incident & Problem Management, Change & Release Management, Vendor Management, Capacity Management functions for the platform. Maintain up-to-date knowledge of technology standards, industry trends, emerging technologies, and cyber security best practices. Ensure technical issues are quickly resolved and help implement strategies and solutions to reduce the likelihood of recurrence. Passionate about data to drive information-based security analytics. Value add - Person in having experience in Cloud Management, Splunk and Chronicle. Your skills and experience The candidate must have Engineering Background in Computer Science, Information Technology, Cybersecurity or related field and a minimum of 8+ years of experience with recent experience in Security engineering, system administration, network engineering, software engineering/development with a focus on Cybersecurity. 8+ years of IT engineering experience with recent experience in building and managing infrastructure and security platforms. 3+ years of Experience implementing, architecting and administering SIEM platforms like Sentinel, Chronicle, Splunk for a large global organization. Knowledge of Azure services and data ingestion from those services into SIEM. Familiarity with MITRE ATT&CK, cyber threat intelligence and SOC Workflows Understanding of SOAR Principles Hands on Experience with Microsoft Azure platform, managing various configurations to enable & manage Sentinel. Experience developing in XML, Bash,Python, and PowerShell scripts. DevOps Engineering experience.(Terraform, SDLC, Actions) Independent, self-motivated, proactive approach to problem solving and prevention. Excellent written and verbal communication skills. Passionate about cyber security and the aptitude to identify and solve security problems. How well support you About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

: Job TitleThreat Intelligence Analyst Corporate TitleAVP LocationPune, India Role Description As a Threat Intelligence A VP in the Threat Intelligence and Assessment function, you will play a critical role in safeguarding the organization from cyber threats. In this role, you will be responsible for identifying, assessing, and mitigating threats, you will provide mitigation recommendations in response to evolving threats. You will be required to analyse complex technical issues and develop bank specific solutions while collaborating with diverse teams and stakeholders. This role will also consist of delivering against projects and strategic initiatives to continuously enhance the banks capabilities in responding to threats. What well offer you , 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Pro-actively identify threats and track threat actors, TTPs, and ongoing campaigns to produce timely actionable intelligence. Produce threat assessments to support threat mitigation activities. Analyse multiple data/intelligence sources and sets to identify patterns of activity that could be attributed to threats and develop informed recommendations. Conduct analysis on files/binaries, packet captures, and supporting materials to extract relevant artifacts, observables, and IOCs. Proactively drive improvements of internal processes, procedures, and workflows. Participate in the testing and integration of new security monitoring tools. Meet strict deadlines to deliver high quality reports on threats, findings, and broader technical analysis. Take ownership for personal career development and management, seeking opportunities to develop personal capability and improve performance contribution. Develop and maintain relationships with internal stakeholders, external intelligence sharing communities. Your skills and experience 5+ years of experience in cybersecurity, with a focus on threat intelligence, analysis, and mitigation Strong operational background in intelligence related operations with experience in Open-Source Intelligence (OSINT) techniques Operational understanding of computing/networking (OSI Model or TCP/IP). Knowledge on the functions of security technologies such as IPS/IDS, Firewalls, EDR, etc A good or developing understanding of virtual environments and cloud (e.g., VSphere, Hypervisor, AWS, Azure, GCP) Demonstrated knowledge and keen interest in tracking prominent cyber threat actor groups, campaigns and TTPs in line with industry standards Knowledge of or demonstratable experience in working with intelligence lifecycle, intelligence requirements and Mitre ATT&CK Framework Non-Technical Experience Investigative and analytical problem solving skills Excellent verbal and written communication; to both technical and non-technical audiences. Self-motivated with ability to work with minimal supervision. Education and Certifications Preferred - Degree in computer science, networking, engineering, or other field associated with cyber, intelligence or analysis. Desired Experience or Certifications CISSP, CISM, GIAC, GCTI, GCIH, GCFE, GCFA, GREM, GNFA, Security+, CEH How well support you . . . . About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

Essential knowledge• Have over 8+ years of rich experience in information security domain and at least 4-6 years of dedicated experience in Threat-hunting.• Proficiency in using threat intel platforms such as CybelAngel, ThreatConnect, Recorded Future, DarkTrace etc.• Proficiency in using SIEM and SOAR solutions.• Strong understanding of network protocols and security technologies.• Strong understanding of endpoint detection and response (EDR) tools.• Excellent analytical and problem-solving skills• Preferably worked in BFSI domain with proven experience in SOC function.• Knowledge of key security standards and regulations such as NIST 800-61, CERT/CC, ISO 27035 etc.Skills and Application• Maintaining up-to-date knowledge of security landscape, threats, attack patterns and counter measures• Assess and design threat-hunting processes through solutions, tools and methodologies• Reviewing use cases/playbooks for integrating threat-intel• Continuously monitor security hygiene and performance using tools and processes• Collaborate with other IS teams, Ops and tech teams on enhancing security incident response resilienceOther• Knowledge of evolving advanced tech stacks and related control and risk universe from a threat-hunting perspective.• The ideal candidate will have a technical or computer science degree.• Professional certifications: GCIH, CISSP, CEH,etc.

Job Summary Experienced Vulnerability Management and penetration testing Governance lead will manage a team to oversee the identification, assessment, and remediation of security vulnerabilities across enterprise systems. This role will focus on establishing a proactive security posture, ensuring compliance with industry standards, and driving governance initiatives to mitigate risks effectively along with strong leadership and project management skills. Vulnerability Assessment: Lead regular vulnerability scans and penetration testing across infrastructure, cloud environments and outside-In. Security Baseline: Lead development and implementation of Security Baseline using CIS Benchmarks by determining the systems, applications, and network devices to be secured (e.g., Windows, Linux, Cloud, Docker, Kubernetes). Risk Analysis & Prioritization: Evaluate identified vulnerabilities based on severity, exploitability, and potential business impact. Remediation Planning: Collaborate with IT, security, engineering and entity teams to ensure timely remediation of high-risk vulnerabilities. Governance & Compliance: Develop and enforce security governance frameworks in line with industry standards (e.g., NIST, CIS, ISO 27001, PCI-DSS). Threat Intelligence Integration Leverage global threat intelligence feeds to stay ahead of emerging security threats and vulnerabilities. Security Policy Development: Define policies and best practices for vulnerability management, reporting, and remediation. Automation & Continuous Monitoring: Implement automated vulnerability scanning tools and ensure ongoing security assessments. Incident Response Support: Provide technical guidance in vulnerability-related security incidents and audits. Reporting & Metrics: Establish key risk indicators and provide executive reports on vulnerability trends and remediation progress. Experience: 12+ years in cybersecurity, vulnerability management, or Penetration testing roles. Technical Expertise: Hands-on experience with vulnerability scanning tools (e.g., Qualys, Tenable, Rapid7, Nessus, OpenVAS), penetration testing and threat intelligence platforms. Penetration Testing & Ethical Hacking Experience with tools like Metasploit, Burp Suite, Nmap, and Wireshark for real-world security assessments. Security Framework Knowledge: Strong understanding of NIST, CIS benchmarks, OWASP Top 10, and CVSS scoring models. Compliance Awareness: Familiarity with regulatory standards affecting security risk management. Leadership & Communication: Ability to coordinate with multiple stakeholders, drive security improvements, and articulate risks effectively. Certifications such as CISSP, CISM, CEH, OSCP or equivalent. Experience in cloud vulnerability management (AWS, Azure, GCP). Knowledge of DevSecOps practices and security automation. Reinvent your world.We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention. Come to Wipro. Realize your ambitions. Applications from people with disabilities are explicitly welcome.

We are looking for a Lead Cybersecurity Engineer with deep technical expertise and leadership experience to drive innovative threat detection solutions and lead a team of security engineers. The ideal candidate will bring hands-on experience in research & development (R&D) , demo environment creation , endpoint security , SIEM operations , and cloud-native tools such as Azure Sentinel and the Microsoft Defender suite . This role will play a strategic part in shaping our security detection roadmap and mentoring a high-performing team. Key Responsibilities: Technical Leadership & Strategy Lead a team of cybersecurity engineers in R&D, detection engineering, and solution design. Define detection strategies and oversee implementation of new use cases across tools. Collaborate with security architects, threat intel, and SOC teams for end-to-end threat coverage. R&D & Security Innovation Drive continuous improvement through security research, PoCs, and new technology evaluations. Analyze evolving threats and proactively build defense strategies and custom detections. Lead the development of security content aligned with frameworks like MITRE ATT&CK. Demo Environment & Simulation Lab Design and lead the creation of demo/test environments to simulate real-world threats. Automate environment deployment for testing security tools, rules, and threat scenarios. Build reusable assets and playbooks for internal enablement and customer-facing demos. Endpoint & SIEM Security Lead implementation and optimization of Microsoft Defender for Endpoint , Defender for Identity , and Defender for Cloud . Oversee the configuration and tuning of Azure Sentinel , including custom KQL queries, analytics rules, and automation via playbooks. Ensure integration of diverse log sources and enrichment for advanced threat detection. People & Process Management Mentor junior engineers and promote skill development across the security engineering team. Establish standards and documentation for security engineering best practices. Drive cross-functional collaboration with IT, Cloud, Compliance, and SOC stakeholders. Required Skills & Experience: 8+ years in cybersecurity roles, with 3+ years in a leadership or senior engineering position . Strong hands-on experience with: Azure Sentinel (KQL, workbooks, playbooks) Microsoft Defender for Endpoint, Identity, and Cloud Endpoint security, EDR, and threat detection Security lab/demo environment setup Excellent understanding of security frameworks (MITRE ATT&CK, NIST, etc.). Strong scripting and automation skills (PowerShell, Python, etc.). Experience managing or mentoring technical teams and delivering complex security projects.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As SOC Operations Manager, you will oversee and manage day to day activities of a security operations center on Security incident management delivery. You will be expected to support the documentation, enhancement of SOC Operations through SIEM for external client service. Roles & Responsibilities:- Should be an SME in SOC Operations (SIEM Infrastructure and Incident Response activities)- Collaborate and manage the team to perform- Responsible for decisions on team management, financial, project transitions- Engage with multiple teams and contribute on key decisions on project intake, solution reviews and end to end incident response cycle- Provide solutions to problems for their immediate team and across multiple teams- Lead security assessments and provide recommendations- Develop and implement security operations strategies, processes, architecture standards and guidelines- Conduct security reviews and manage internal/external audits- Support continuous service improvement cycle, through collaboration with Onshore or client stakeholders Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Information and Event Management (SIEM), deep understanding of cybersecurity principles, threat detection, and incident management.- Strong understanding of threat intelligence analysis- Knowledge of security compliance frameworks- Hands-on experience with security tools and technologies Additional Information:- The candidate should have a minimum of 7.5 years of experience in Security Information and Event Management (SIEM).- This position is based at Bengaluru office.- 15 years of full-time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As SOC Operations Manager, you will oversee and manage day to day activities of a security operations center on Security incident management delivery. You will be expected to support the documentation, enhancement of SOC Operations through SIEM for external client service. Roles & Responsibilities:- Should be an SME in SOC Operations (SIEM Infrastructure and Incident Response activities)- Collaborate and manage the team to perform- Responsible for decisions on team management, financial, project transitions- Engage with multiple teams and contribute on key decisions on project intake, solution reviews and end to end incident response cycle- Provide solutions to problems for their immediate team and across multiple teams- Lead security assessments and provide recommendations- Develop and implement security operations strategies, processes, architecture standards and guidelines- Conduct security reviews and manage internal/external audits- Support continuous service improvement cycle, through collaboration with Onshore or client stakeholders Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Information and Event Management (SIEM), deep understanding of cybersecurity principles, threat detection, and incident management.- Strong understanding of threat intelligence analysis- Knowledge of security compliance frameworks- Hands-on experience with security tools and technologies Additional Information:- The candidate should have a minimum of 7.5 years of experience in Security Information and Event Management (SIEM).- This position is based at Gurugram office.- 15 years of full-time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As SOC Operations Manager, you will oversee and manage day to day activities of a security operations center on Security incident management delivery. You will be expected to support the documentation, enhancement of SOC Operations through SIEM for external client service. Roles & Responsibilities:- Should be an SME in SOC Operations (SIEM Infrastructure and Incident Response activities)- Collaborate and manage the team to perform- Responsible for decisions on team management, financial, project transitions- Engage with multiple teams and contribute on key decisions on project intake, solution reviews and end to end incident response cycle- Provide solutions to problems for their immediate team and across multiple teams- Lead security assessments and provide recommendations- Develop and implement security operations strategies, processes, architecture standards and guidelines- Conduct security reviews and manage internal/external audits- Support continuous service improvement cycle, through collaboration with Onshore or client stakeholders Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Information and Event Management (SIEM), deep understanding of cybersecurity principles, threat detection, and incident management.- Strong understanding of threat intelligence analysis- Knowledge of security compliance frameworks- Hands-on experience with security tools and technologies Additional Information:- The candidate should have a minimum of 7.5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Pune office.- A 15 years full time education is required. Qualification 15 years full time education

JD: Work Location Mumbai (Aeroli) Experience – 3-4years Install, configure, and manage FleetDM and OSQuery across the bank's critical endpoints, ensuring continuous monitoring of core banking systems and financial infrastructure. Create and deploy custom queries, alerts, and rules to detect unauthorized activities, internal threats, and system anomalies. Leverage FleetDM and OSQuery to gather and analyze endpoint telemetry data (e.g., processes, network activity, financial transactions, file system changes) for signs of malicious activity targeting banking applications and infrastructure. Proactively hunt for advanced persistent threats (APTs), malware, and other security risks across Windows and Linux environments, with a focus on protecting critical banking systems. Utilize data from FleetDM and OSQuery to identify potential risks and detect fraudulent activities across financial systems and customer-facing services. Investigate malware to understand its impact on financial services, and develop detection rules to mitigate future incidents. Track and respond to threats involving online banking, mobile banking apps, payment systems, and other financial platforms. Knowledge on operating systems, networking, any query language etc

SOC Analyst / Security Engineer - Vacancies for FRESHERS (Level-1 / Those who completed the courses or learnt on their own) & EXPERIENCED (Level-1 & Level-2 / Those who have experienced in Cyber Security Domain only) SOC Analyst / Security Engineer who is familiar or interested to work with Windows, Linux, and cloud environments technical skills. Any courses/certification like CompTIA Security+, GSEC, EC-Council Certified SOC Analyst (CSA), Microsoft SC-200(Security Operations Analyst Associate), Cisco Cyber Ops Associate, Splunk Core Certified User / Analyst are preferable. Responsibilities Capable of understanding the training & Nature of works on Job Responsibilities. Monitor and assess alerts generated by security monitoring systems such as SIEMs and EDR platforms. Analyze logs, network activity, and endpoint behavior to detect suspicious or malicious activity. Execute initial incident triage and escalate complex threats to senior teams as needed. Collaborate with internal teams on containment, eradication, and recovery processes. Maintain detailed records of security events and actions taken in internal tracking systems. Continuously fine-tune detection rules and alert thresholds to improve incident accuracy. Stay informed on the latest tactics, techniques, and procedures (TTPs) used by threat actors. Support proactive initiatives like threat hunting and vulnerability assessments. Contribute to red/blue team simulations and post-incident reviews. Help develop and refine operational playbooks and standard response workflows. Capable for Rotational shifts (Morning / Forenoon / Evening / Night) as its 24 X 7 organization & Adoptable for the working environment & Night Shifts. Maintain the System Security, identify threats and install / configure Software. Solid grasp of network protocols, endpoint defenses, and common attack vectors. Familiar with one or more SIEM solutions (e.g., Splunk, Sentinel, QRadar). Comfortable navigating both Windows and Linux environment. knowledge of cloud platforms & Malware analysis is a plus. Understanding of TCP/IP, DNS, HTTP, and common attack vectors Understanding of cybersecurity frameworks such as MITRE ATT&CK or NIST. Strong Interpersonal and Oral/Non-Oral English Communication skills to Handle Chats & Mails if needed. 1 to 3 years of experience in a SOC or technical security role is an added advantage. To be Sincere and Honest towards the Job Responsibilities. Perks and Benefits Other Allowances Negotiable Based on Availability & Experience. For clarification Contact - HR +91 87543 01002 jobs@oryon.in

Role & responsibilities Position Summary: We are seeking an experienced and proactive Threat Intelligence & IR Lead to oversee our SOC threat intelligence and ensure the security of our organizations assets. The ideal candidate will have a minimum of 7 years of experience in cybersecurity, with a strong focus on threat intelligence, threat hunting, analysis & incident response. You will be responsible for identifying, analyzing, and mitigating threats to protect the organization's infrastructure, data, and operations. Key Responsibilities: Threat Intelligence & Incident Response : Develop, implement, and manage the organizations threat intelligence strategy and program. Lead a team of threat SOC analysts and ensure timely identification of emerging threats. Threat Identification and Analysis: Monitor and analyze cyber threat data, including data banks , data lakes , API access controls , threat feeds, and intelligence platforms. Identify trends, techniques, tactics, and procedures (TTPs) of threat actors and provide actionable insights. Collaboration and Reporting: Collaborate with internal teams (e.g., SOC, incident response, and risk management) to share threat intelligence insights. Prepare detailed threat reports and brief senior management on the organizations threat landscape. Threat Hunting and Mitigation: Conduct proactive threat-hunting activities to identify vulnerabilities and weaknesses in the organization’s systems. Recommend and implement mitigation strategies to address identified threats. Tool and Technology Management: Evaluate, implement, and maintain tools and technologies to support the threat intelligence program. Automate threat detection processes and maintain integrations with security operations platforms. Industry Engagement: Participate in threat intelligence sharing forums and build relationships with external organizations to stay updated on evolving threats. Qualifications and Experience: Minimum of 7 years of experience in cybersecurity, with at least 3 years in a threat intelligence or similar role. Strong knowledge of cyber threat landscapes, attack vectors, and defensive strategies. Hands-on experience with threat intelligence platforms (TIPs), SIEMs, and other security tools. Familiarity with frameworks such as MITRE ATT&CK, NIST, and Cyber Kill Chain. Experience in analyzing threat data, including malware, indicators of compromise (IoCs), and vulnerabilities. Excellent analytical, communication, and problem-solving skills. Relevant certifications (e.g., CISSP, CEH, GIAC, GCTI) are preferred. Educational Requirements: Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field. Master’s degree preferred. Key Competencies: Strong leadership and team management skills. Ability to work under pressure in fast-paced, high-stakes environments. Detail-oriented with a focus on continuous learning and staying ahead of emerging threats. This role offers the opportunity to lead a critical function within our cybersecurity operations and make a tangible impact on the organization's security posture. If you are passionate about staying ahead of cyber threats and have a proven track record in threat intelligence, we encourage you to apply.

JD 1. Hands-on experience on Insider Threat/Risk Tools like Microsoft Purview Insider Risk Management or its competitors (like Proofpoint Insider Threat Management, Splunk User Behavior Analytics, Securonix UEBA, QRadar User Behavior Analytics) 2. Experience in triaging Insider Threat/Risk alerts 3. Working in the Insider Threat team of the Security department. 4. Experience producing Insider Threat reports for C-level leaders. 5. Experience in setting up IRM policies and monitoring them. 6. Understanding of AI, Large Language models, prompt engineering is a plus.

HI, Job Description Develop and maintain security tooling, guidelines, and standards for the Security Engineering team. Participate in threat intelligence and forensic analysis exercises, with guidance from more senior engineers. Work closely with application and infrastructure teams on mitigation of vulnerabilities against all cloud hosted systems. Create and maintain thorough runbooks and incident response documentation for the Security Operations Center (SOC). Create and monitor correlated event dashboards in the SIEM, alerting against thresholds you develop. Research, implement, and configure security protections for email, hosts, and identities. Write scripts to automate manual tasks. Create and provide training to assist new staff and internal teams. Education Bachelor's degree in Information Systems, Computer Science, or related discipline. Or any combination of education and experience which would provide the required qualifications for the position. Experience 5+ years of experience in being a part of a security operations center, with focuses on threat intelligence, incident response, blue team operations and SIEM query/workflow creation. 5+ years of experience in systems administration, software engineering, software development, or related discipline. Licenses CEH, SANS, ISC2 (CISM, CISSP, CCSP, etc), AWS, GCP, Azure Knowledge Working knowledge of SOC operations and incident response procedures, such as EDR, SWG, CASB, email threat protection, SIEM and SOAR platforms, threat intelligence frameworks (like MITRE ATT&CK), vulnerability and identity management, network security tools (firewalls, IDS/IPS), Python or PowerShell scripting, cloud-native security services (AWS, Azure, GCP), forensic and log analysis, and documentation platforms for preserving security operations materials. Skill in: Analytical, critical thinking and problem-solving skills; troubleshooting and resolving architecture and application development issues; working as member of a team; communicating effectively; establishing and maintaining effective working relationships. Ability to: Determine how a system should work and how changes in conditions, operations, and the environment will affect outcomes; demonstrate presentation skills with a high degree of comfort with both large and small audiences; work in a fast- paced environment; plan, organize, and prioritize workload and multi-task, to meet deadlines; establish and maintain effective working relationships through collaboration and respect.

Req ID: 125023. Remote Position: Hybrid. Region: Asia. Country: India. State/Province: Chennai. City: Guindy, Chennai. Summary. The Senior Specialist, IT Solutions is a key role that evaluates, implements, and manages Security solutions to protect Celestica's systems and data. Responsibilities include implementing automation technologies, performing risk assessments, contributing to automation policies and standards, and advising on automation best practices. This role also mentors junior team members and provides advanced technical support for automation solutions.. Detailed Description. Performs tasks such as, but not limited to, the following:. Maintain security infrastructure for operational efficiencies. collaborate with other IT infrastructure, application and network teams to ensure seamless integrations of tools and technology.. Develop and implement playbooks for security automation and orchestration to respond to security events and incidents.. Design and implement integrations between security tools such as EDR, SIEM, and ServiceNow, to automate incident response and threat intelligence sharing.. Automate security processes, such as vulnerability scanning, patching, and user provisioning, using scripting and configuration management tools.. Develop custom scripts and tools, such as parsers and data enrichment scripts, to automate repetitive security tasks and integrate disparate security data sources.. Create and maintain comprehensive documentation and runbooks for security automation processes and integrations.. Collaborate with other security team members, such as threat intelligence analysts and incident responders, to identify automation opportunities and implement effective security automation solutions.. Stay up-to-date on emerging security threats and technologies to proactively identify and address potential security risks through automation.. Knowledge/Skills/Competencies. Expert knowledge of information security principles, practices, and technologies.. Expert knowledge of EDR, SIEM, and ServiceNow. Strong understanding of data integration and API development. In-depth knowledge of information security standards and regulations (e.g., ISO 27001, NIST).. Strong understanding of software design processes and data modeling.. Excellent problem-solving and analytical skills.. Strong leadership, mentoring, and communication skills.. Ability to work independently and as part of a team.. Physical Demands. Duties of this position are performed in a normal office environment.. Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.. Typical Experience. 6 to 8 years of experience in information security, with a proven track record of evaluating, implementing, and managing security solutions.. Typical Education. Bachelor's degree in Software Engineering, Computer Science, Information Security, or a related field.. Relevant industry certifications (e.g., CISSP, CISM) are highly desirable.. Notes. This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.. Celestica is an equal opportunity employer. All qualified applicants will receive consideration for employment and will not be discriminated against on any protected status (including race, religion, national origin, gender, sexual orientation, age, marital status, veteran or disability status or other characteristics protected by law).. At Celestica we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. Special arrangements can be made for candidates who need it throughout the hiring process. Please indicate your needs and we will work with you to meet them.. Company Overview. Celestica (NYSE, TSX: CLS) enables the world’s best brands. Through our recognized customer-centric approach, we partner with leading companies in Aerospace and Defense, Communications, Enterprise, HealthTech, Industrial, Capital Equipment and Energy to deliver solutions for their most complex challenges. As a leader in design, manufacturing, hardware platform and supply chain solutions, Celestica brings global expertise and insight at every stage of product development – from drawing board to full-scale production and after-market services for products from advanced medical devices, to highly engineered aviation systems, to next-generation hardware platform solutions for the Cloud. Headquartered in Toronto, with talented teams spanning 40+ locations in 13 countries across the Americas, Europe and Asia, we imagine, develop and deliver a better future with our customers.. Celestica would like to thank all applicants, however, only qualified applicants will be contacted.. Celestica does not accept unsolicited resumes from recruitment agencies or fee based recruitment services.. Show more Show less

Come join Deepwatch’s team of world-class cybersecurity professionals and the brightest minds in the industry. If you're ready to challenge yourself with work that matters, then this is the place for you. We're redefining cybersecurity as one of the fastest growing companies in the U.S. – and we have a blast doing it!. Who We Are. Deepwatch is the leader in managed security services, protecting organizations from ever-increasing cyber threats 24/7/365. Powered by Deepwatch’s cloud-based security operations platform, Deepwatch provides the industry’s fastest, most comprehensive detection and automated response to cyber threats together with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business.. Our core values drive everything we do at Deepwatch, including our approach to tackling tough cyber challenges. We seek out tenacious individuals who are passionate about solving complex problems and protecting our customers. At Deepwatch, every decision, process, and hire is made with a focus on improving our cybersecurity solutions and delivering an exceptional experience for our customers. By embracing our values, we create a culture of excellence that is dedicated to empowering our team members to explore their potential, expand their skill sets, and achieve their career aspirations, which is supported by our unique annual professional development benefit.. Deepwatch Recognition Includes. 2025, 2024, 2023, 2022 and 2021 Great Place to Work® Certified. 2024 Military Times Best for Vets Employers. 2024 US Department of Labor Hire Vets Gold Award. 2024 Forbes' America's Best Startup Employers. 2024 Cyber Defense Magazine, Global Infosec Awards. 2023 and 2022 Fortress Cybersecurity Award. 2023 $180M Series C investment from Springcoast Capital Partners, Splunk Ventures, and Vista Credit Partners of Vista Equity Partners. 2022 Cybersecurity Excellence Award for MDR. Position Summary. This role is 100% onsite in Bengaluru. The shift for this position is Monday Friday, 7:30AM 3:30 PM.. Deepwatch is looking for a highly motivated, self-driven, technical analyst dedicated to making a difference in global security by protecting organizations against the most advanced attackers in the world. The Deepwatch Squad and Security Operations Center offers opportunities to expand your skill set through a wide variety of experiences, detecting and responding to incidents as they occur in real-time for our customers.. The Deepwatch squad is a unique approach to how we support our customers and ultimately provide an experience not found anywhere else. You’ll be an integral part of supporting our customers by understanding their bespoke environment, needs and challenges. You will be playing a key role in supporting some of the top organizations in the world, and have the opportunity to develop your skills by working with the best responders in the industry, your team and your Squad.. The Analyst I is focused on providing descriptive analysis. They will answer questions such as the who, what, when, and where of events. Analysts are curious individuals who actively work to develop a better understanding of the environments they are assigned. Using cybersecurity best practices, you will monitor and secure complex customer environments utilizing industry leading technology such as Splunk, xSOAR, CrowdStrike and more.. In This Role, You’ll Get To. Support incident handling processes across multiple platforms and security technologies including Windows, Linux and macOS. Monitor a queue of security events generated by the Deepwatch platform SOAR, triage events based on their criticality, and escalate validated security events to customers. Document and manage incident cases in our case management system. Keep up-to-date with information security news, techniques, and trends. Identify and report any gaps in log collection or reporting as soon as possible to the customer and Deepwatch Engineering. Become proficient with Splunk, ServiceNow and other third-party threat intelligence tools as required. Perform security detection analysis and investigations using SIEM and SOAR technologies, leverage Deepwatch proprietary tooling and intelligence and maintain SLA’s. Act as the first line of defense during security events by triaging and investigating alerts within a customer’s environment. Produce high-quality written and verbal communications, recommendations, and findings to customer management in a timely manner. Continue to sharpen your skills and capabilities on the job, and through the Deepwatch development program. To be successful in this role, you’ll need to:. A basic understanding of cyber security principles, concepts and practice with a focus on SOC operations, alert triage and investigations. Know your way around SIEM platforms (Splunk preferred), how to perform queries and leverage various log sources to perform investigations. Articulate the process involved in pivoting to other log sources, cloud systems, or consoles to perform a comprehensive analysis from multiple data sources. Have a basic understanding of modern EDR, email security and cloud identity platforms. Review SIEM alerts and make a determination for what other sources or intelligence is needed to make a determination, relying on peers to help improve your skills and capabilities. A strong understanding of all basic ports and protocols. Familiarity with Windows, Mac, and Linux file path structure.. Familiarity with OSINT, TTPs and IOCs. Strong written and verbal communication skills with the ability to produce well-written reports and analysis that’s thorough, accurate and complete.. Provide the customer with a complete understanding of the investigation. CEH, CySA, GSEC, Sec+, or equivalent certification preferred. A college degree in Information Security or IT, related training, certifications or on-the-job experience. Life At Deepwatch. For employees, Deepwatch fosters a unique, flexible work environment designed with collaboration in mind. The company emphasizes personal and professional. growth, offering benefits such as professional development programs, comprehensive health coverage, and generous parental leave. Deepwatch is also committed to diversity, equity, inclusion, and belonging, aiming to empower underrepresented groups in tech by connecting them with meaningful opportunities, mentors, and sponsors.. In recognition of its supportive workplace culture, Deepwatch earned the Great Place To Work Certification/(TM) in 2025, underscoring its dedication to. creating a positive and inclusive work environment. Deepwatch is a global cybersecurity company with offices in San Francisco Bay Area, CA; Tampa, Florida;. and Bengaluru, India.. What We Offer. At Deepwatch, we are committed to supporting our employees with a comprehensive benefits package designed to enhance your well-being and financial security.. We Partner With Plum Benefits To Provide. ? Group Health Insurance – Comprehensive medical coverage for you and your dependents.. ? Group Accidental Insurance – Financial protection in case of accidental injuries.. ? Group Term Life Insurance – Security for your loved ones in unforeseen circumstances.. For additional details, refer to the benefits guide provided by Plum.. Payroll & Compensation. ? Pay Cycle: Salaries are processed monthly and paid on the last day of each month.. ? Pay Slips & Reimbursements: Delivered via email.. ? Payroll Processing: Managed by BCL Chartered Accountants through GreytHR, which provides tax and payment-related details.. Show more Show less

Job Summary The Director, TSG Information Security, Cyber Threat Management is a position within Bain's Cyber Security Department, whose mission is to define and enable strategies to safeguard the digital assets and integrity of the organization In this role, the Director understands how security measures align with the overall organizational strategy and will begin to organize and lead in the development and implementation of security controls that adhere to regulatory requirements and best practices The Director combines a strong level of technical and managerial skills and business alignment to build and guide a growing team and resources across a spectrum of capabilities The position primarily focuses on the efficient, effective and reliable resolution of Bain's defensive strategy as well as focuses on improving our offensive strategy to help the company meet its overall business objectives The position therefore must have the technical skills to troubleshoot and resolve complex issues as well as excellent communication and upward management These measures require taking a leadership position in coordinating activities across the team working with Technical, IT and Cybersecurity leadership The Director role has expertise and experience in multiple disciplines, including Threat Intelligence programs, Detection and Deterrence systems, Threat Exposure Management, Incident Response, Forensics and Evidence gather and Pro-Active Security probing capabilities (Red/Blue/Purple teaming & Penetration Testing), Principal Accountabilities Monitoring & Detection Oversee and strategize on developing advanced security monitoring, analysis, and correlation platforms to detect cybersecurity events, Direct cross-functional efforts in the identification and in-depth analysis of sophisticated security threats, including malware, APTs (Advanced Persistent Threats), and targeted attacks, Enable a wide range of security tools and technologies, including SIEM, IDS/IPS, or next gen/advanced threat detection solutions, Partner with organizations and vendors to identify and integrate new data sources, Incident Response & Analysis Oversee the ongoing management and evolution of security runbooks and champion for ongoing automation or AI/ML based technologies to increase speed/efficiency, Strengthen Bains capability in-depth log analysis, data correlation, and forensic investigations to identify root causes of incidents and improve security measures, Provide strong and clear communications on cyber events and situations with sr leadership, Ensure alignment in security policies and practices adhere to industry standards and compliance requirements and oversee the validation of the controls, Serve as a subject matter expert in security discussions and decision-making and enable and grow team members skills and experience, Work with the primary goal of building efficiencies in Cyber Threat Management responses and driving down MTTR and reducing overall risk, Threat Intelligence Enable a threat intelligence capability, including open-source intelligences (OSINT), dark web forums, and industry reports to drive awareness and improvement in our defensive posture, Utilize threat intelligence platforms and tools to aggregate and correlate threat data, Drive coordination with intelligence and incident response teams to investigate and analyze security incidents, Develop and refine threat intelligence methodologies and tools, Stay current with industry best practices and new methodologies to enhance the teams capabilities, Vulnerability Management & Threat Exposure Management Work cross-functionally across IT teams and provide leadership and guidance in mitigating threats to Bain Serve as a subject matter expert in security discussions and decision-making, Build processes to enable regular vulnerability scans on the organization's network, applications, and systems using industry-standard tools ProActive Security Testing Experience implementing and operationalizing vulnerability management tools, processes, and best practices, Oversee the classification and prioritization of vulnerabilities based on risk and potential impact, Stay informed about emerging trends and technologies in cybersecurity, Work collaboratively with other security team members, IT departments, and relevant business units to address security concerns and enhance overall security posture, ProActive/Enhanced Security Testing Partner with colleagues to expand controlled penetration testing technologies and capabilities on networks, applications, and systems to identify security vulnerabilities, Investigate and keep up to date with changes in tooling and advanced attacks in network, cloud and application testing, Analyze and interpret results to identify potential risk as well as evaluate potential impact, Red Team, Blue Team, Purple team exercise leadership experience, Professional Development and Innovation Stay informed about emerging trends and technologies in cybersecurity, Drive collaboration and defensive standards/expertise across Bain, working with other security team members, IT departments, and relevant business units to address security concerns and enhance overall security posture, Explore Professional Certifications and work with leadership to plan trainings, Knowledge, Skills, and Abilities Security Monitoring & Incident Detection and Response Strong knowledge of Splunk (or other SIEM tools),CrowdStrike or equivalent EDR/MDR platforms, Windows Defender, Palo Alto Networks, Other AV/EDR tool configuration, Cyberhaven (or other DLP tools) Knowledge of Vulnerability & Attack Surface Management toolsets, Threat Intelligence and Analysis tools, Vendor technical Risk Scoring tools, Deception technologies Knowledge of ticketing, triage and forensics capabilities and toolsets General Skills Great communication skills, with the ability to document and explain technical information clearly, Analytical mindset, with a focus on learning and problem-solving, Ability to work independently and well in a team, showing strong interpersonal skills, Eagerness to learn and adapt to new challenges in cybersecurity, Entrepreneurial spirit, open to trying new approaches and learning from them, Team Management Drive and expand the training and professional development of Security Operations staff, Qualification and Experience Bachelor's degree in a related field (e-g , Computer Science, Cybersecurity, Information Technology) or an equivalent combination of education, training, and experience 10-15 years of relevant experience Experience with Information Security technologies (Firewall, IPS, IDS, SIEM, EDR, CASB, AV, DLP, etc ) Experience with common information security controls frameworks (i-e ISO, NIST, CIS, or CSA) Global company or equivalent Experience deploying systems or applications Ability to work independently and with teams on complex problems Complex problem solving Ability to work in a fast paced, dynamic environment,

Warm Greetings from SP Staffing!! Role :SOC Analyst Experience Required :3 to 8 yrs Work Location :Bangalore Required Skills, Security operations SOC1, SOC2 , FFIEC , GDPR Interested candidates can send resumes to nandhini.spstaffing@gmail.com

Sr. Network & Security Engineer Location : Chennai - Taramani (Work From Office) Notice : Short Period / Immediate Full time role RESPONSIBILITIES Design, deploy, and manage scalable enterprise network infrastructures focusing on Cisco switches and routing technologies. Configure and maintain next-generation firewalls, including Palo Alto, FortiGate, and Cisco Firepower NGFW. Administer F5 Load Balancers (LTM, ASM) to ensure high availability and secure application delivery. Manage the full SSL certificates and domain services lifecycle, including DNS configuration and domain registration. Implement, monitor, and support endpoint security platforms such as Symantec Endpoint Protection Manager (SEPM), Trend Micro, and CrowdStrike. Perform ongoing threat monitoring, vulnerability remediation and incident response related to endpoints and network devices. Troubleshoot & resolve complex issues across network and endpoint layers, focusing on minimising downtime. Define/enforce network & endpoint security policies in alignment with compliance & organisational needs. Maintain detailed documentation of all infrastructure components, including network architecture, firewall configurations, SSL/DNS records, domain configurations, and endpoint security deployments. Collaborate with internal IT teams and business stakeholders to align security and infrastructure strategies with organisational objectives. Stay current on emerging threats, security technologies, and industry best practices. DESIRED SKILLS Experience in network and security engineering, including endpoint protection management. Expertise with Cisco Switches, routing protocols, and network design. Proven experience with Palo Alto, FortiGate, and Cisco Firepower firewalls. Strong operational knowledge of F5 Load Balancers (LTM, ASM). In-depth understanding of SSL/TLS certificate management and DNS/domain services. Hands-on experience with SEPM, Trend Micro, and CrowdStrike for endpoint protection. Solid knowledge of TCP/IP, VPNs, VLANs, NAT, ACLs, and network segmentation techniques. Familiarity with cybersecurity frameworks, threat intelligence, and incident response methodologies. Strong troubleshooting and analytical skills with a proactive mindset Experience in license management, procurement, purchase, contracts and vendor management for security and network infrastructure. Ability to work independently, manage multiple priorities, and provide off-hours/on-call support as needed. Excellent verbal and written communication skills. QUALIFICATIONS Bachelors or Masters degree in a related field. CCNP, PCNSE, Fortinet NSE Certifications, F5 Certified Administrator Interested can forward your latest resumes to John.s@zirlen.com

This role requires a technical expert to support our direct and channel business. This role involves crafting tailored technical bids and solutions, collaborating with account managers, partners, sales, marketing, finance, legal, and HR.The person will be responsible for ensuring written responses are well crafted and created to meet tender requirements. This will ensure they score highly and provide content for business-critical frameworks. For this role you will need to be creative, a team player, detail-oriented, reliable, and self-motivated and have outstanding communication skills. You must be able to master our managed service offerings. In doing so, you will play a leading role with our sales teams. Providing high quality and credible bid responses. Your technical knowledge, writing and interpersonal skills will set you apart from other candidates. Responsibilities: Compelling Bids to be submitted in a timely manner by coordinating with different stakeholders. As the person responsible for allocating tasks and setting internal deadlines. Understanding business requirements and know how to map technology/Services. Ability to convey business value or complex technical solutions through your technical responses and graphical designs. Produce professional response documentation. Participate in key review meetings / final document review, content sign-off, and document production Identify and re-work existing pre-written content where relevant under guidance of a senior team members. This includes win and loss reviews, lessons learned and continual improvement. Develop knowledge of business, SHQ services by reading and reviewing previous bid submissions and design documents. Also, by spending time with pre-sales, technical and commercial teams. Own and manage the central Bid Content Library regularly update, curate, and manage content library to enhance proposal quality and speed. Learn and utilize AI tools and other capabilities as they become available. Standardize and maintain proposal templates and boilerplate content across all major service lines. Support the implementation and continuous improvement of Bid Management SOPs. Work with global teams to ensure technical proposal content remains accurate, current, and aligned with sales strategy. Manage and evolve the confluence knowledgebase used by Pre-sales. Drive the production and updating of content. Essential Skills The ability to work under pressure and within short deadlines. Proven skills in writing and editing proposal content within a complex technical business environment. Attention to detail. Excellent knowledge of M365, and ideally Copilot. Ability to work independently and confidently. Excellent interpersonal and communication skills and adept at working with multiple stakeholders internationally. To demonstrate an understanding of how an IT Managed Service/Security Service Provider operates. Knowledge of cybersecurity terms such as SIEM, EDR, XDR, Firewalls, Threat Intelligence etc. Familiar with Cloud technologies and platforms such as AWS and Azure. Proven history of working with Managed Security Service Providers (MSSP) Education & Experience Educational qualification: BE or any postgraduate in any stream Candidates should have at least 4-5 years of experience working Pre- Sales/ Bid Management/Technical writing. Any Cyber Security related certifications are highly desired. A desire to learn, harness AI, and to support the creation of better content.

The role is within the Information Security Risk Management (ISRM) Cyber Fusion Engineering team responsible for the support of Thomson Reuters Cyber Defense Engineering Tools. The successful candidate will have the opportunity to learn - and provide skilled technical support - for our current infrastructure security toolset as well as our future security services within the technical operations environment. About the role: Support the development and maintenance of security tools and infrastructure such as Confluence, MISP Threat Intelligence Platform, and ServiceNow Security Incident Response. Help build and maintain cloud infrastructure in support of our technologies Collaborate with Cyber Defense teams such as the SOC, Threat Detection, Threat Intel, and Incident Response teams to understand feature and support needs. Act as an interface with other IT disciplines inside the larger organization to develop deployment pipelines for AWS infrastructure to meet Enterprise standards. About You: Bachelor's Degree with 3+ years IT or Information Security experience Scripting experience with Python and bash Foundational knowledge of AWS Application/Infrastructure administration experience in an Enterprise environment. Excellent customer service and communication (oral / written) skills required. Strong critical thinking, analytical, and troubleshooting skills. Must be able to accept delegated work on assigned projects and initiatives and complete them successfully with minimum supervision. Preferred Qualifications: Knowledge of/and experience with a Linux OS distribution. Hands on experience deploying and managing infrastructure in AWS Knowledge of/or experience with Infrastructure as Code technologies (e.g. Terraform, CloudFormation) and/or CI/CD pipeline technologies (e.g. AWS CodeBuild, CodePipeline, etc) Understanding of the principles of IaaS, PaaS, SaaS cloud environments Knowledge of/and experience in Cyber Security or Security+ certification Knowledge of/or experience with security orchestration, automation, and response (SOAR) tools. Understanding of network transport protocols and services (TCP/IP, syslog, DNS, ODBC, SFTP, SSH, PKI, etc.) Experience working in a large enterprise environment #LI-HS1 Whats in it For You Hybrid Work Model Weve adopted a flexible hybrid working environment (2-3 days a week in the office depending on the role) for our office-based roles while delivering a seamless experience that is digitally and physically connected. Flexibility & Work-Life Balance: Flex My Way is a set of supportive workplace policies designed to help manage personal and professional responsibilities, whether caring for family, giving back to the community, or finding time to refresh and reset. This builds upon our flexible work arrangements, including work from anywhere for up to 8 weeks per year, empowering employees to achieve a better work-life balance. Career Development and Growth: By fostering a culture of continuous learning and skill development, we prepare our talent to tackle tomorrows challenges and deliver real-world solutions. Our Grow My Way programming and skills-first approach ensures you have the tools and knowledge to grow, lead, and thrive in an AI-enabled future. Industry Competitive Benefits We offer comprehensive benefit plans to include flexible vacation, two company-wide Mental Health Days off, access to the Headspace app, retirement savings, tuition reimbursement, employee incentive programs, and resources for mental, physical, and financial wellbeing. Culture: Globally recognized, award-winning reputation for inclusion and belonging, flexibility, work-life balance, and more. We live by our valuesObsess over our Customers, Compete to Win, Challenge (Y)our Thinking, Act Fast / Learn Fast, and Stronger Together. Social Impact Make an impact in your community with our Social Impact Institute. We offer employees two paid volunteer days off annually and opportunities to get involved with pro-bono consulting projects and Environmental, Social, and Governance (ESG) initiatives. Making a Real-World Impact: We are one of the few companies globally that helps its customers pursue justice, truth, and transparency. Together, with the professionals and institutions we serve, we help uphold the rule of law, turn the wheels of commerce, catch bad actors, report the facts, and provide trusted, unbiased information to people all over the world. Thomson Reuters informs the way forward by bringing together the trusted content and technology that people and organizations need to make the right decisions. We serve professionals across legal, tax, accounting, compliance, government, and media. Our products combine highly specialized software and insights to empower professionals with the data, intelligence, and solutions needed to make informed decisions, and to help institutions in their pursuit of justice, truth, and transparency. Reuters, part of Thomson Reuters, is a world leading provider of trusted journalism and news. We are powered by the talents of 26,000 employees across more than 70 countries, where everyone has a chance to contribute and grow professionally in flexible work environments. At a time when objectivity, accuracy, fairness, and transparency are under attack, we consider it our duty to pursue them. Sound excitingJoin us and help shape the industries that move society forward. As a global business, we rely on the unique backgrounds, perspectives, and experiences of all employees to deliver on our business goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under applicable law. Thomson Reuters is proud to be an Equal Employment Opportunity Employer providing a drug-free workplace. We also make reasonable accommodations for qualified individuals with disabilities and for sincerely held religious beliefs in accordance with applicable law. More information on requesting an accommodation here. Learn more on how to protect yourself from fraudulent job postings here. More information about Thomson Reuters can be found on thomsonreuters.com.

Cyber Defense Governance & Compliance Develop and maintain cyber defense governance frameworks, ensuring alignment with industry standards like NIST, ISO 27001, and regulatory mandates. Establish and enforce policies, procedures, and risk management guidelines for security operations. Conduct regular governance audits to assess cybersecurity effectiveness and compliance adherence. Security Metrics & Executive Reporting Design and manage cybersecurity Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to measure operational effectiveness. Generate Cyber Defense MIS reports, dashboards, and executive summaries for leadership and regulatory bodies. Provide actionable insights from security metrics, ensuring data-driven decision-making in cyber defense operations. Threat Intelligence & Risk Management Oversee integration of threat intelligence insights into governance frameworks to enhance risk mitigation strategies. Conduct risk assessments based on emerging threats, attack trends, and compliance gaps. Collaborate with security teams to refine incident classification models, response SLAs, and governance workflows. Cyber Incident & Crisis Reporting Establish standardized incident reporting protocols, ensuring compliance with regulatory requirements. Lead post-incident root cause analysis (RCA) and governance-driven improvement initiatives. Develop structured processes for incident escalation tracking, remediation follow-ups, and reporting accuracy. Process Governance & Operational Excellence Define and optimize cyber defense operational workflows, ensuring consistency in threat monitoring and response. Conduct SOC maturity assessments and provide governance recommendations to improve security posture. Enhance alignment between cyber defense strategies and business risk management goals. Cyber Awareness & Compliance Training Develop and execute cybersecurity training programs for risk, compliance, and executive teams. Conduct tabletop exercises and simulated security drills to improve organizational response readiness. Ensure continuous improvement in security awareness initiatives across stakeholders. Stakeholder & Regulatory Engagement Act as the primary liaison between cybersecurity teams, risk management, compliance, and executive leadership. Represent cyber defense operations in audit meetings, regulatory discussions, and board-level reporting sessions. Stay updated with evolving cybersecurity laws, frameworks, and global compliance requirements.

Role: The Security Operations (SOC) - Engineer is responsible for monitoring the environment, identifying, reporting, and responding to security threats that put the organization at risk. The primary function of this position is to monitor the security tools and perform alert management and initial incident qualification. Job Description Acknowledge, analyze, and validate incidents triggered from multiple security tools like IDS/IPS, Web Application Firewall, Firewalls, Endpoint Detection & Response tools, and events through SIEM solution Acknowledge, analyze, and validate incidents received through other reporting mechanisms such as email, phone calls, management directions, etc. Collection of necessary logs that could help in the incident containment and security investigation Escalate validated and confirmed incidents to Security administrators Undertake first stages of false positive and false negative analysis Understand the structure and the meaning of logs from different log sources such as FW, IDS/IPS, WAF, Windows DC, Cloudflare, AV and antimalware software, O365 email security etc. Open incidents in ticketing platform to report the alarms triggered or threats detected. Track and update incidents and requests based on updates and analysis results Report infrastructure issues to the IMS Team Working with vendors to work on security issues. Perform other duties as assigned Skills: Strong security knowledge Should have expertise on TCP/IP network traffic and event log analysis Experience with Linux, Windows and Network Operating Systems required. Knowledge and hands-on experience in management of IDS/IPS, Firewall, VPN, and other security products Experience in Security Information Event Management (SIEM) tools, creation of basic co-relation rules, and administration of SIEM Knowledge and hands-on experience in Log management & Endpoint detection and response tools Knowledge of ITIL disciplines such as Incident, Problem and Change Management Strong interpersonal skills including excellent written/verbal communication skills Interview Process: Technical Interview HRBP Interview Consent: Consent: we will use your resume for current full-time job openings with us and retain it for future opportunities

Analysing cyber-IOCs, APTs, MITRE ATT&CK TTPs, attack vectors, adversary TTPs, and cyber threat intelligence topics and translating these into actionable intelligence Develop, maintain, and update a repository of cyber threat information that is used in conducting risk assessments and reports on cyber risk trends. Conducts research and evaluates intelligence data, with emphasis on TTP's. Good Experience in Development and documenting of threat Intelligence procedures into playbooks. Experience on Threat Research Reports for Strategic, Tactical, and Operational intelligence Focusing on intent, objectives, and activity of cyber threat actors and then acting accordingly. Perform ad-hoc intelligence gathering using OSINT tools and techniques Able to apply creative and critical thinking when approaching issues and in resolving them. Able to communicate effectively with technical, operational, and senior client staff. Required education Bachelor's Degree Required technical and professional expertise Analysing cyber-IOCs, APTs, MITRE ATT&CK TTPs, attack vectors, adversary TTPs, and cyber threat intelligence topics and translating these into actionable intelligence Develop, maintain, and update a repository of cyber threat information that is used in conducting risk assessments and reports on cyber risk trends. Conducts research and evaluates intelligence data, with emphasis on TTP's. Good Experience in Development and documenting of threat Intelligence procedures into playbooks. Experience on Threat Research Reports for Strategic, Tactical, and Operational intelligence Focusing on intent, objectives, and activity of cyber threat actors and then acting accordingly. Perform ad-hoc intelligence gathering using OSINT tools and techniques Preferred technical and professional experience Able to apply creative and critical thinking when approaching issues and in resolving them. Able to communicate effectively with technical, operational, and senior client staff.

What you'll do Greetings from Data Security Council of India...!! The Data Security Council of India (DSCI) is a not-for-profit, industry body for data protection in India, setup by nasscom committed to making cyberspace safe, secure, and trustworthy by establishing cybersecurity best practices, standards, and initiatives in cyber security and privacy. DSCI engages with governments, regulators, industry sectors, and think tanks on policy advocacy, thought leadership, capacity building, and outreach initiatives. For more information, visit: www.dsci.in. We are seeking a dynamic and technically proficient AI/ML Engineer to support our AI/ML R&D initiatives in cybersecurity and take ownership of TechSagar.in a knowledge repository for India's emerging technology capabilities. The ideal candidate will possess hands-on experience in generative AI, emerging technologies, and product management. This is a hybrid role combining deep technical development with stakeholder engagement and platform evangelism. Role & responsibilities : AI/ML & Cybersecurity Innovation Support R&D efforts to prototype generative AI models for real-time threat detection and cybersecurity. Design, develop, and deploy machine learning models tailored to cyber threat intelligence and anomaly detection. Research and implement novel AI approaches, including multi-agent and reasoning-based systems. Develop distributed security monitoring frameworks using tools like AutoGen , CrewAI , etc. Build LLM-powered threat analysis tools using LangChain , LlamaIndex , and integrate with enterprise infrastructure. Apply MLOps best practices for model deployment, performance monitoring, and continuous integration. Optimize vector stores (Qdrant, FAISS, Pinecone, etc.) for RAG-based systems. Create synthetic datasets for AI training and model evaluation. Use Pydantic for data validation within AI pipelines. TechSagar Product Responsibilities Manage and evolve the TechSagar.in platformenhancing features, ensuring data integrity, and driving usage. Liaise with tech partners, government bodies, startups, and academia to enrich platform content. Strategize and execute industry engagement plans to market TechSagar and establish its relevance. Represent TechSagar in external forums, conferences, and industry meetings. Collect user feedback, define product roadmap, and ensure alignment with AI/ML advancements. Required Qualifications: Bachelors or Masters degree in Computer Science, Artificial Intelligence, or related field. 12 years of hands-on experience in AI/ML model development and deployment. Strong programming expertise in Python . Familiarity with LangChain , LlamaIndex , and large language models (LLMs). Experience in applying AI to cybersecurity or vulnerability analysis. Good understanding of machine learning algorithms, data pipelines, and model evaluation. Excellent communication skills for technical and stakeholder engagement Preferred Skills: Exposure to generative AI , LLMs, and chain-of-thought reasoning techniques. Working knowledge of MLOps tools such as MLflow , Docker , etc. Familiarity with FastAPI or Flask for API development. Ability to preprocess, clean, and analyze large datasets efficiently. Experience in integrating AI tools with legacy or existing security systems. Technologies & Frameworks: LLM Frameworks: LangChain, LlamaIndex Multi-agent Systems: AutoGen, CrewAI Vector Databases: FAISS, Pinecone, Qdrant, Elasticsearch, AstraDB MLOps Tools: MLflow, Docker Programming & APIs: Python, FastAPI/Flask Data Validation: Pydantic Why Join Us? Be at the forefront of AI innovation in cybersecurity and national technology initiatives. Lead and shape a strategic tech product (TechSagar) with national impact. Collaborate with thought leaders in the AI, cybersecurity, and emerging tech ecosystem.