193 Threat Intelligence Jobs - Page 8

The role involves monitoring security threats, responding to emergencies, and communicating critical incidents to stakeholders while ensuring high customer service standards. A proactive, detail-oriented professional who can work under pressure Required Candidate profile Fluent English (verbal/written) with international voice support experience (US/UK/AU accents). Proven incident management skills in a BPO/SOC/security operations setting. Strong customer service

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Architecture Design Good to have skills : NA Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will be responsible for defining the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will document the implementation of the cloud security controls and transition to cloud security-managed operations. Your typical day will involve designing and implementing security solutions, collaborating with cross-functional teams, and ensuring the integrity and confidentiality of data. Roles & Responsibilities: Expected to be an SME, collaborate and manage the team to perform. Responsible for team decisions. Engage with multiple teams and contribute on key decisions. Provide solutions to problems for their immediate team and across multiple teams. Design and implement security solutions to protect the organization's cloud infrastructure. Collaborate with cross-functional teams to ensure the integrity and confidentiality of data. Conduct risk assessments and develop strategies to mitigate security risks. Stay up-to-date with the latest security trends and technologies. Ensure compliance with industry standards and regulations. Train and educate employees on security best practices. Professional & Technical Skills: Must To Have Skills:Proficiency in Security Architecture Design. Strong understanding of cloud security principles and best practices. Experience with cloud security technologies and tools. Knowledge of network security protocols and technologies. Familiarity with security frameworks and standards such as ISO 27001 and NIST. Good To Have Skills:Experience with cloud platforms such as AWS or Azure. Experience with security incident response and management. Knowledge of threat intelligence and vulnerability management. Understanding of identity and access management concepts. Solid grasp of encryption and cryptographic techniques. Additional Information: The candidate should have a minimum of 7.5 years of experience in Security Architecture Design. This position is based at our Mumbai office. A 15 years full time education is required. Qualifications 15 years full time education

We are looking for a highly skilled and experienced Cyber Exercise Analyst to join our team in Bengaluru. The ideal candidate will have 2-4 years of experience in cyber security, with a strong background in risk strategy, digital identity, cyber defense, application security, and technology solutions. ### Roles and Responsibility Collaborate with cross-functional teams to develop and implement comprehensive cyber security strategies. Conduct thorough analysis of complex data sets to identify potential threats and vulnerabilities. Develop and maintain detailed documentation of cyber security processes and procedures. Provide expert guidance on cyber security best practices to stakeholders at all levels. Stay up-to-date with emerging trends and technologies in cyber security. Participate in incident response efforts to mitigate the impact of security breaches. ### Job Requirements Strong understanding of cyber security principles, including risk management and compliance. Experience with cyber security tools and technologies, such as SIEM systems and intrusion detection systems. Excellent analytical and problem-solving skills, with the ability to interpret complex data sets. Effective communication and collaboration skills, with the ability to work with diverse stakeholders. Ability to stay current with emerging trends and technologies in cyber security. Strong attention to detail, with a focus on delivering high-quality results. Expert knowledge of red teaming, tabletop exercises, cyber incident response, and threat intelligence processes. Experience in test documentation, red team report creation, threat intelligence report creation, and analysis for red teaming. Skilled in using information technology/security, proficient in writing technical documentation including manuals, policies, and procedures. Good time management skills and versatility to present to technical audiences. Knowledge of TIBER-EU is an added advantage.

Greetings from IT.. I am now hiring a Threat Detection Engineer for my Clients. Location: Bangalore, Gurugram. Experience: 6-13 Years N[P: Immediate-30 days Primary skills: Threat hunting, threat intelligence, Splunk In-depth knowledge of external attacks and detection techniques to be able to run analysis of the requirements provided by threat intelligence / SOC teams, generate list of rules that could be implemented (based on self analysis of a threat and avaiable log sources), work with SOC team to operationalize and Purple Team to test.. Familiarity with MITRE ATT&CK framework and Tactics, Techniques, and Procedures (TTPs). Experience with security tools such as Splunk, MDE , Databricks to be able to write custom detections to detect various threats (preferably MDE). Kindly share your resume at chanchal@oitindia.com

The role is within the Information Security Risk Management (ISRM) Cyber Fusion Engineering team responsible for the support of Thomson Reuters Cyber Defense Engineering Tools. The successful candidate will have the opportunity to learn - and provide skilled technical support - for our current infrastructure security toolset as well as our future security services within the technical operations environment. About the role: Support the development and maintenance of security tools and infrastructure such as Confluence, MISP Threat Intelligence Platform, and ServiceNow Security Incident Response. Help build and maintain cloud infrastructure in support of our technologies Collaborate with Cyber Defense teams such as the SOC, Threat Detection, Threat Intel, and Incident Response teams to understand feature and support needs. Act as an interface with other IT disciplines inside the larger organization to develop deployment pipelines for AWS infrastructure to meet Enterprise standards. About You: Bachelor's Degree with 3+ years IT or Information Security experience Scripting experience with Python and bash Foundational knowledge of AWS Application/Infrastructure administration experience in an Enterprise environment. Excellent customer service and communication (oral / written) skills required. Strong critical thinking, analytical, and troubleshooting skills. Must be able to accept delegated work on assigned projects and initiatives and complete them successfully with minimum supervision. Preferred Qualifications: Knowledge of/and experience with a Linux OS distribution. Hands on experience deploying and managing infrastructure in AWS Knowledge of/or experience with Infrastructure as Code technologies (e.g. Terraform, CloudFormation) and/or CI/CD pipeline technologies (e.g. AWS CodeBuild, CodePipeline, etc) Understanding of the principles of IaaS, PaaS, SaaS cloud environments Knowledge of/and experience in Cyber Security or Security+ certification Knowledge of/or experience with security orchestration, automation, and response (SOAR) tools. Understanding of network transport protocols and services (TCP/IP, syslog, DNS, ODBC, SFTP, SSH, PKI, etc.) Experience working in a large enterprise environment Whats in it For You? Join us to inform the way forward with the latest AI solutions and address real-world challenges in legal, tax, compliance, and news. Backed by our commitment to continuous learning and market-leading benefits, youll be prepared to grow, lead, and thrive in an AI-enabled future. This includes: Industry-Leading Benefits: We offer comprehensive benefit plans to include flexible vacation, two company-wide Mental Health Days off, access to the Headspace app, retirement savings, tuition reimbursement, employee incentive programs, and resources for mental, physical, and financial wellbeing. Flexibility & Work-Life Balance: Flex My Way is a set of supportive workplace policies designed to help manage personal and professional responsibilities, whether caring for family, giving back to the community, or finding time to refresh and reset. This builds upon our flexible work arrangements, including work from anywhere for up to 8 weeks per year, and hybrid model, empowering employees to achieve a better work-life balance. Career Development and Growth: ?By fostering a culture of continuous learning and skill development, we prepare our talent to tackle tomorrows challenges and deliver real-world solutions. Our skills-first approach ensures you have the tools and knowledge to grow, lead, and thrive in an AI-enabled future. Culture: Globally recognized and award-winning reputation for inclusion, innovation, and customer-focus. Our eleven business resource groups nurture our culture of belonging across the diverse backgrounds and experiences represented across our global footprint. Hybrid Work Model: Weve adopted a flexible hybrid working environment (2-3 days a week in the office depending on the role) for our office-based roles while delivering a seamless experience that is digitally and physically connected. Social Impact: Make an impact in your community with our Social Impact Institute. We offer employees two paid volunteer days off annually and opportunities to get involved with pro-bono consulting projects and Environmental, Social, and Governance (ESG) initiatives.

Role & responsibilities Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related field; Master’s degree preferred. Lead and mentor the SOC team, fostering a culture of continuous improvement and collaboration. Oversee the day-to-day operations of the SOC, ensuring efficient incident detection, response, and recovery processes Collaborate with IT and business units to integrate cybersecurity measures into existing and new technology deployments Manage cybersecurity projects, including the selection and implementation of state-of-the-art security tools and technologies. Conduct regular security assessments, penetration testing, and proactive threat hunting to identify and mitigate potential security vulnerabilities. Relevant cybersecurity certifications such as CISSP, CISM, CEH, or GIAC. At least 5 years of experience in cybersecurity, with a minimum of 3 years in a leadership role within an SOC environment. Extensive knowledge of and experience with cybersecurity regulations and standards. Proficient in managing and configuring security technologies (e.g., SIEM, firewall, IDS/IPS, EDR, and vulnerability management tools). Demonstrated ability to lead and develop high-performing teams. Excellent problem-solving, communication, and presentation skills. Must be a flexible to work in US Shift

Role & responsibilities Primary skills: Threat hunting, threat intelligence, Splunk In-depth knowledge of external attacks and detection techniques to be able to run analysis of the requirements provided by threat intelligence / SOC teams, generate list of rules that could be implemented (based on self analysis of a threat and avaiable log sources), work with SOC team to operationalize and Purple Team to test.. Familiarity with MITRE ATT&CK framework and Tactics, Techniques, and Procedures (TTPs). Experience with security tools such as Splunk, MDE , Databricks to be able to write custom detections to detect various threats (preferably MDE) Preferred candidate profile

•Review and triage information security alerts, provide analysis and determine and track remediation and escalate as appropriate •Assist with log management and security information and event management (SIEM) solutions design and configuration Required Candidate profile Scripting in one of the common scripting languages (Python, Bash, Powershell) is an asset. CISSP Certification is a plus.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NA Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As SOC Operations Manager, you will oversee and manage day to day activities of a security operations center on Security incident management delivery. You will be expected to support the documentation, enhancement of SOC Operations through SIEM for external client service. Roles & Responsibilities: Should be an SME in SOC Operations (SIEM Infrastructure and Incident Response activities) Collaborate and manage the team to perform Responsible for decisions on team management, financial, project transitions Engage with multiple teams and contribute on key decisions on project intake, solution reviews and end to end incident response cycle Provide solutions to problems for their immediate team and across multiple teams Lead security assessments and provide recommendations Develop and implement security operations strategies, processes, architecture standards and guidelines Conduct security reviews and manage internal/external audits Support continuous service improvement cycle, through collaboration with Onshore or client stakeholders Professional & Technical Skills: Must To Have Skills: Proficiency in Security Information and Event Management (SIEM), deep understanding of cybersecurity principles, threat detection, and incident management. Strong understanding of threat intelligence analysis Knowledge of security compliance frameworks Hands-on experience with security tools and technologies Additional Information: The candidate should have a minimum of 7.5 years of experience in Security Information and Event Management (SIEM). This position is based at Gurugram office. 15 years of full-time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : Security Information and Event Management (SIEM) Operations Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of the cloud security controls and transition to cloud security-managed operations. Roles & Responsibilities: Expected to be an SME Collaborate and manage the team to perform Responsible for team decisions Engage with multiple teams and contribute on key decisions Provide solutions to problems for their immediate team and across multiple teams Develop and implement security architecture solutions Conduct security assessments and recommend enhancements Stay updated on the latest security trends and technologies Professional & Technical Skills: Must To Have Skills: Proficiency in Security Information and Event Management (SIEM) Strong understanding of security operations Experience with incident response and threat intelligence Knowledge of network security principles Familiarity with security compliance standards Additional Information: The candidate should have a minimum of 5 years of experience in Security Information and Event Management (SIEM) This position is based at our Bengaluru office A 15 years full time education is required Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Operation Automation Good to have skills : NA Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking an experienced and innovative SOAR Architect to lead the design, development, and implementation of advanced Security Orchestration, Automation, and Response (SOAR) solutions. The ideal candidate will leverage their expertise in platforms like Splunk Phantom, Chronicle SOAR, and Cortex XSOAR to optimize and automate incident response workflows, enhance threat detection, and improve overall security operations efficiency. Roles & Responsibilities: SOAR Strategy and Architecture:Develop strategies for automation, playbook standardization, and process optimization. Playbook Development:Create, test, and deploy playbooks for automated threat detection, investigation, and response. Collaborate with SOC teams to identify repetitive tasks for automation and translate them into SOAR workflows. Integration and Customization:Integrate SOAR platforms with existing security tools, including SIEM, threat intelligence platforms, and endpoint protection. Customize connectors and APIs to enable seamless communication between security tools. Collaboration and Leadership:Work closely with SOC analysts, threat hunters, and other stakeholders to align automation efforts with organizational goals. Provide technical mentorship to analysts on SOAR platform utilization. Performance Optimization:Continuously evaluate SOAR platform performance and implement improvements for scalability and reliability. Monitor automation workflows and troubleshoot issues to ensure consistent operations. Compliance and Best Practices:Ensure that all SOAR implementations align with industry standards, compliance regulations, and organizational policies. Stay up to date with the latest advancements in SOAR technology and incident response practices. Professional & Technical Skills: Proficiency in scripting and programming Python to develop custom playbooks and integrations. Strong understanding of security operations, incident response, and threat intelligence workflows. Proven track record of integrating SOAR with SIEM solutions (e.g., Splunk, Chronicle), EDR, and other security tools. Ability to troubleshoot complex integration and automation issues effectively. Additional Information: Certifications such as Splunk Phantom Certified Admin, XSOAR Certified Engineer, or equivalent. Experience with cloud-native SOAR deployments and hybrid environments. Familiarity with frameworks like MITRE ATT&CK, NIST CSF, or ISO 27001. A 15 year full-time education is required 3.5 years of hands-on experience with SOAR platforms like Splunk Phantom (On-Prem and Cloud), Chronicle SOAR, and Cortex XSOAR. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NA Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As SOC Operations Manager, you will oversee and manage day to day activities of a security operations center on Security incident management delivery. You will be expected to support the documentation, enhancement of SOC Operations through SIEM for external client service. Roles & Responsibilities: Should be an SME in SOC Operations (SIEM Infrastructure and Incident Response activities) Collaborate and manage the team to perform Responsible for decisions on team management, financial, project transitions Engage with multiple teams and contribute on key decisions on project intake, solution reviews and end to end incident response cycle Provide solutions to problems for their immediate team and across multiple teams Lead security assessments and provide recommendations Develop and implement security operations strategies, processes, architecture standards and guidelines Conduct security reviews and manage internal/external audits Support continuous service improvement cycle, through collaboration with Onshore or client stakeholders Professional & Technical Skills: Must To Have Skills: Proficiency in Security Information and Event Management (SIEM), deep understanding of cybersecurity principles, threat detection, and incident management. Strong understanding of threat intelligence analysis Knowledge of security compliance frameworks Hands-on experience with security tools and technologies Additional Information: The candidate should have a minimum of 7.5 years of experience in Security Information and Event Management (SIEM). This position is based at our Pune office. A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NA Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As SOC Operations Manager, you will oversee and manage day to day activities of a security operations center on Security incident management delivery. You will be expected to support the documentation, enhancement of SOC Operations through SIEM for external client service. Roles & Responsibilities: Should be an SME in SOC Operations (SIEM Infrastructure and Incident Response activities) Collaborate and manage the team to perform Responsible for decisions on team management, financial, project transitions Engage with multiple teams and contribute on key decisions on project intake, solution reviews and end to end incident response cycle Provide solutions to problems for their immediate team and across multiple teams Lead security assessments and provide recommendations Develop and implement security operations strategies, processes, architecture standards and guidelines Conduct security reviews and manage internal/external audits Support continuous service improvement cycle, through collaboration with Onshore or client stakeholders Professional & Technical Skills: Must To Have Skills: Proficiency in Security Information and Event Management (SIEM), deep understanding of cybersecurity principles, threat detection, and incident management. Strong understanding of threat intelligence analysis Knowledge of security compliance frameworks Hands-on experience with security tools and technologies Additional Information: The candidate should have a minimum of 7.5 years of experience in Security Information and Event Management (SIEM). This position is based at Bengaluru office. 15 years of full-time education is required. Qualification 15 years full time education

About KPMG in India KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience Role & responsibilities: The candidate should be hands-on in managing Security Operations, SOC, Identify access management, Risk Management Should have worked on Blueprinting and Designing of SOC frameworks and implementation of SOC/SIEM solution and Enterprise Architecture Should be hands-on on security processes with good client and Market facing experience in India geography Should have worked on Designing, solutioning and Implementation of Cyber Security Frameworks - Security Operations Strategy, Vulnerability Management - Application & Infrastructure and Threat Intelligence and Analytics Preferred candidate profile : Should have worked on the below - M&A experience - Actively monitoring, analyzing & escalating SIEM alerts based on correlation rules, Active threat hunting on network flow, user behavior and threat intelligence Candidate should have expert level domain knowledge (Cyber Security), Threat Hunting, SIEM - Azure Sentinel, SIEM - (RSA / Splunk / LogRhythm/Qradar ), Ability to Comprehend Logs (HTTP, SMTP, Network), Operating systems and servers, Organizes Technical Sessions / Talks. Candidate should able to familiar with python Scripting & Windows Active Directory (Optional). Vulnerability Management Services - External & internal Vulnerability scanning, VMS tool Qualys & Kenna Administration, Application server & Vulnerability scanning Candidate should have expert level domain knowledge (Cyber Security), Vulnerability scans and recognizing vulnerabilities in security systems, Network analysis tools to identify vulnerabilities, Develop insights about the context of an organizations threat environment, Risk management processes, Network attack and a network attacks relationship to both threats and vulnerabilities. Candidate should have advance level understanding of Impact/risk assessments. Security Operations and Management experience - SOC Experience in Identity access, privilege access, vulnerability management Client facing - front end with the client- focused on engagements + Sales, BD + Capability Development Qualification: B.Tech / M.Tech/ MCA professional with 9-12 years of experience in the relevant role Should have strong hands on MS Power Point and MS Project Hands on experience and certification in any one SIEM (IBM QRadar, ArcSight, Azure Sentinel, Splunk) Security Certifications like CISSP, CISM, GIAC, Security+ etc Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.

Job Overview: We are seeking a motivated and detail-oriented Junior Security Analyst to join our security team. As a Junior Security Analyst, you will assist in monitoring and defending our network and systems, helping to identify and resolve security vulnerabilities, and ensuring the safety of our organization's data and assets. Key Responsibilities: Monitor Security Systems: Assist in monitoring security alerts and events from various security tools and platforms (e.g., SIEM, firewalls, intrusion detection systems). Incident Response: Support the identification, investigation, and response to security incidents, including potential breaches, malware infections, and system vulnerabilities. Vulnerability Management: Help assess and track vulnerabilities and assist with patch management and remediation efforts. Security Audits: Participate in regular security audits and assessments to evaluate and ensure the security posture of the organization. Threat Intelligence: Stay updated on the latest cybersecurity threats and trends, providing insight into emerging risks and recommended countermeasures. Security Documentation: Maintain accurate documentation for security incidents, vulnerabilities, and remediation steps taken. Collaboration: Work closely with seniors, IT teams, and other departments to improve the overall security posture of the organization. Security Awareness: Assist in developing and promoting security best practices among employees and assist with training on security-related topics. Our Ideal Candidate: Qualifications: Education: Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field. Alternatively, relevant certifications or work experience in cybersecurity may be considered. Experience: 0-2 years of experience in IT security or a related field. Familiarity with security concepts such as firewalls, intrusion detection systems, malware, encryption, and risk assessments. Technical Skills: Good understanding of network protocols, operating systems, and security tools. Knowledge of security frameworks and standards (e.g., NIST, ISO 27001, CIS). Familiarity with SIEM tools, vulnerability scanners, and endpoint protection technologies is a plus. Certifications: Industry certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), or Certified Ethical Hacker (CEH), eJPT, or any relevant certifications are a plus. Problem-Solving Skills: Ability to analyze security incidents and recommend actionable steps for remediation. Communication Skills: Strong written and verbal communication skills, with the ability to document incidents and work with teams effectively. Attention to Detail: Ability to focus on details while managing multiple tasks in a fast-paced environment. Must have Skills : Familiarity with cloud security (AWS, Azure, Google Cloud). Basic scripting or programming skills (Python, PowerShell, etc.) for automation or analysis. Experience with endpoint protection, antivirus solutions, or web application security. Personal Attributes: Eagerness to learn and adapt to new technologies and security practices. Strong team player with the ability to work independently when needed. A proactive mindset, always thinking ahead to prevent security incidents before they occur. Ability to handle sensitive information with discretion and integrity.

About The Role : Job TitleThreat Intelligence Analyst Corporate TitleAVP LocationPune, India Role Description As a Threat Intelligence A VP in the Threat Intelligence and Assessment function, you will play a critical role in safeguarding the organization from cyber threats. In this role, you will be responsible for identifying, assessing, and mitigating threats, you will provide mitigation recommendations in response to evolving threats. You will be required to analyse complex technical issues and develop bank specific solutions while collaborating with diverse teams and stakeholders. This role will also consist of delivering against projects and strategic initiatives to continuously enhance the banks capabilities in responding to threats. What we'll offer you As part of our flexible scheme, here are just some of the benefits that youll enjoy, Best in class leave policy. Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities Pro-actively identify threats and track threat actors, TTPs, and ongoing campaigns to produce timely actionable intelligence. Produce threat assessments to support threat mitigation activities. Analyse multiple data/intelligence sources and sets to identify patterns of activity that could be attributed to threats and develop informed recommendations. Conduct analysis on files/binaries, packet captures, and supporting materials to extract relevant artifacts, observables, and IOCs. Proactively drive improvements of internal processes, procedures, and workflows. Participate in the testing and integration of new security monitoring tools. Meet strict deadlines to deliver high quality reports on threats, findings, and broader technical analysis. Take ownership for personal career development and management, seeking opportunities to develop personal capability and improve performance contribution. Develop and maintain relationships with internal stakeholders, external intelligence sharing communities. Your skills and experience Requirements 5+ years of experience in cybersecurity, with a focus on threat intelligence, analysis, and mitigation Strong operational background in intelligence related operations with experience in Open-Source Intelligence (OSINT) techniques Operational understanding of computing/networking (OSI Model or TCP/IP). Knowledge on the functions of security technologies such as IPS/IDS, Firewalls, EDR, etc A good or developing understanding of virtual environments and cloud (e.g., VSphere, Hypervisor, AWS, Azure, GCP) Demonstrated knowledge and keen interest in tracking prominent cyber threat actor groups, campaigns and TTPs in line with industry standards Knowledge of or demonstratable experience in working with intelligence lifecycle, intelligence requirements and Mitre ATT&CK Framework Non-Technical Experience Investigative and analytical problem solving skills Excellent verbal and written communication; to both technical and non-technical audiences. Self-motivated with ability to work with minimal supervision. Education and Certifications Preferred - Degree in computer science, networking, engineering, or other field associated with cyber, intelligence or analysis. Desired Experience or Certifications CISSP, CISM, GIAC, GCTI, GCIH, GCFE, GCFA, GREM, GNFA, Security+, CEH How we'll support you Training and development to help you excel in your career. Coaching and support from experts in your team. A culture of continuous learning to aid progression. A range of flexible benefits that you can tailor to suit your needs. About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

Job Description Minimum Qualifications 10+ years of experience in security engineering, detection engineering, or cloud security. Strong expertise in application security, API security, and SaaS-specific threat detection. Experience with SIEM, SOAR, and detection-as-code tools (e.g., Splunk, OpenSearch, KQL, Sigma). Proficiency in log analysis, security telemetry engineering, and anomaly detection in cloud applications. Experience integrating security controls into SaaS applications and microservices. Good programming and automation skills. Preferred Qualifications Experience with automated threat simulations, MITRE ATT&CK mappings, and adversary emulation. Knowledge of risk quantification methods and security metrics for executive reporting. Familiarity with cloud-native security tools. Hands-on experience in threat intelligence-driven detection engineering. Security certifications (e.g., GIAC GCDA/GCFA, AWS Security Specialty, GCP Security Engineer, OSCP). Career Level - IC5 Responsibilities 1. SaaS-Application Centric Detection Research & Engineering Develop and refine application-layer security detections for FAaaS, Spectra, and other critical LoBs, focusing on business logic abuse, API security threats, and identity-based attacks. Research and engineer detections for SaaS-specific attack vectors. Leverage detection-as-code frameworks (e.g., Sigma, OpenSearch, KQL) to automate the development and tuning of detection rules. Work closely with application security teams to enhance telemetry and ensure that security observability is embedded in SaaS products. 2. Proactive Security Controls & Mitigative Capabilities Move beyond traditional monitoring by implementing proactive security controls to mitigate threats before exploitation. Collaborate with development teams to integrate security controls into SaaS applications for real-time anomaly detection and automated response. Drive continuous security validation efforts through automated adversary simulation and detection effectiveness testing. 3. Cross-Team Integration & Real-Time Threat Intelligence Sharing Drive collaboration between Detection Engineering, Incident Response, and Red Teams by aligning detection research with real-world attack simulations and post-incident learnings. Develop automated feedback loops to reduce false positives, false negatives, and coverage gaps. Work with Incident Response to develop automated triage and enrichment mechanisms for SaaS security incidents. 4. Risk-Based Detection Engineering & Security Metrics Shift towards a risk-based detection approach, ensuring that high-impact threats are prioritized based on their potential financial and reputational consequences. Provide executive-level visibility into detection efficacy by quantifying the impact of mitigated threats and aligning detection efforts with business risk. Develop security dashboards and reporting to communicate detection outcomes, including risk coverage, adversary trends, and operational efficiency. 5. Proactive Threat Hunting & Data Anomaly Analysis Expand threat hunting and anomaly detection capabilities to identify previously unknown threats affecting SaaS customers and cloud applications. Utilize advanced data analytics and behavioral anomaly detection to identify stealthy attacks that evade traditional detection methods. Reduce reliance on SOC-driven escalations by proactively analyzing security telemetry for signs of compromise. Work closely with data scientists to enhance the use of ML/AI-driven security analytics for predictive threat detection. #LI-DNI

Cybersecurity Incident Response Analyst/ Threat Intelligence (Senior Person) Skills: Strong understanding of threat intelligence and cyber threat analysis methodologies. Experience in monitoring and analyzing security alerts from SIEM, EDR, IDS/IPS, and other security solutions. Proficiency in triaging security incidents, engaging stakeholders across business and technology teams. Knowledge of cybersecurity frameworks such as Mitre ATT&CK framework, Pyramid of Pain, NIST, ISO 27001, and regulatory standards like PCI DSS and GDPR . Familiarity with incident response processes for Tier 1 and Tier 2 operations, including containment, eradication, and recovery. Proven experience in Threat hunting and detection engineering. Ability to correlate security events and identify potential cyber threats. Short JD: The Cybersecurity Operations Analyst will be responsible for performing threat intelligence tasks, analyzing security alerts across multiple security solutions, and triaging incidents by collaborating with stakeholders across business and technology teams. You will follow the incident response process for Tier 1 and Tier 2 operations, ensuring timely identification, investigation, and mitigation of cyber threats.