9 Zeek Jobs

Key Responsibility Areas (KRAs) of an ITEXE 1. IT Infrastructure Management Objective: Ensure that the resort’s IT infrastructure is robust, secure, and always operational. Responsibilities: Oversee the installation, maintenance, and upgrade of servers, network systems, and hardware. IDS KNOWLEDGE is a must. Maintain uninterrupted operation of internet connectivity, Wi-Fi access points, and LAN/WAN infrastructure. Manage cloud and on-premises data center infrastructure. Monitor system performance and troubleshoot issues proactively. Coordinate with external vendors for infrastructure support and upgrades. 2. Hotel Systems Administration Objective: Manage and support critical hotel operation systems. Responsibilities: Administer Property Management System (PMS) such as Opera, Protel, or eZee FrontDesk. Support POS (Point-of-Sale) systems in restaurants, bars, and retail outlets. Manage interface integrations between PMS, POS, CRM, and third-party systems (e.g., payment gateways, key card access, guest apps). Ensure Business Intelligence tools and reporting platforms are functioning optimally. 3. Data Security & Compliance Objective: Ensure data security, privacy compliance, and risk mitigation. Responsibilities: Implement and enforce cyber security protocols, firewalls, antivirus, and intrusion detection systems. Maintain backup and disaster recovery systems. Ensure compliance with data protection regulations (e.g., GDPR, PCI-DSS). Conduct periodic IT audits and vulnerability assessments. Train staff on information security awareness. 4. Guest-Facing Technology Support Objective: Enhance guest experience through seamless and innovative technology. Responsibilities: Ensure high-speed internet/Wi-Fi coverage throughout the resort. Manage IPTV systems, smart room controls, in-room tablets, or voice assistants. Troubleshoot guest technology issues promptly and courteously. Implement and maintain digital check-in/check-out solutions and guest mobile apps. 5. IT Budgeting & Procurement Objective: Plan and manage IT expenditures efficiently. Responsibilities: Prepare and manage annual IT budget. Evaluate and recommend technology purchases, upgrades, and vendor contracts. Track IT asset inventory (hardware, software, licenses). Ensure cost-effective sourcing of IT supplies and services. 6. Team Leadership & Staff Support Objective: Lead IT staff and support internal departments. Responsibilities: Manage and train the IT support team. Provide desktop and application support to all departments (front office, housekeeping, finance, F\&B, spa, etc.). Ensure proper functioning of staff communication tools (IP phones, radios, internal messaging apps). Set SLAs (Service Level Agreements) for response and resolution times. 7. Technology Strategy & Innovation Objective: Drive digital transformation and strategic improvements. Responsibilities: Identify and implement emerging hospitality technologies. Recommend system enhancements based on operational feedback and technology trends. Support digital marketing initiatives with tech tools and analytics platforms. Align IT strategy with the resort’s business objectives. 8. Vendor and Contract Management Objective: Maintain productive relationships with technology partners. Responsibilities: Manage contracts and performance of IT service providers, hardware vendors, and software vendors. Evaluate service levels and renewals of support agreements and licensing. Liaise with telecom providers, surveillance system providers, and guest entertainment system vendors. 9. Surveillance, Access Control & Safety Systems Objective: Oversee electronic safety and monitoring systems. Responsibilities: Maintain and monitor CCTV systems, access control, and electronic key card systems. Support integration of IT with security systems (e.g., fire alarms, emergency response). Ensure uptime and recording integrity of surveillance systems. 10. Sustainability & Green IT Initiatives Objective: Promote energy-efficient and eco-friendly IT practices. Responsibilities: Implement power-saving settings, e-waste disposal policies, and cloud solutions. Support digital processes to reduce paper usage (e.g., e-billing, e-menus). Summary Table: Key KRAs at a Glance | KRA | Key Focus | | --------------------- | -------------------------------- | | IT Infrastructure | Network, servers, hardware | | Hotel Systems | PMS, POS, interfaces | | Data Security | Firewalls, compliance, DR | | Guest Tech Support | Wi-Fi, IPTV, smart rooms | | Budget & Procurement | Planning, purchases, inventory | | Team Leadership | IT support, training, SLAs | | Strategy & Innovation | Tech upgrades, alignment | | Vendor Management | Contracts, SLAs, procurement | | Surveillance & Access | CCTV, key card, alarms | | Sustainability | Green IT, digital transformation | Technical Checklist for IDS Expertise For assessing or preparing for the IT Manager role 1. System Design & Architecture [ ] Understands NIDS vs HIDS and can design hybrid IDS architecture. [ ] Able to place sensors at critical network chokepoints (e.g., between VLANs, DMZ, guest/staff networks). [ ] Can build redundancy/failover into IDS deployments. [ ] Knows how to minimize false positives and alert fatigue. 2. IDS Tools Mastery [ ] Hands-on with Snort, Suricata, or Zeek (Bro) for traffic inspection. [ ] Familiarity with OSSEC or Wazuh for host-based intrusion detection. [ ] Experience integrating IDS with SIEM tools(e.g., Splunk, QRadar, ELK). [ ] Can create, modify, and optimize custom rulesets and detection signatures. [ ] Knows **packet capture and log analysis tools (Wireshark, tcpdump, etc.). 3. Network & Endpoint Integration [ ] Understands VLAN segmentation, port mirroring (SPAN), and firewall placement. [ ] Capable of monitoring POS, PMS, guest Wi-Fi, and IoT networks via IDS. [ ] Experience integrating IDS with **endpoint security suites** (e.g., CrowdStrike, SentinelOne). 4. Threat Detection & Response [ ] Able to identify and react to DDoS attacks, malware signatures, brute-force attempts. [ ] Can write and manage incident response plans using IDS data. [ ] Maintains **threat intelligence feeds** and updates IDS signatures regularly. [ ] Correlates logs and triggers **automated alerts/responses** via SIEM or EDR. 5. Policy & Compliance [ ] Designs IDS policies, incident playbooks, and alerting thresholds. [ ] Ensures GDPR, PCI-DSS, ISO 27001 alignment in IDS use. [ ] Conducts regular **vulnerability assessments** and penetration testing. Job Types: Full-time, Permanent Pay: ₹13,874.67 - ₹21,522.23 per month Benefits: Cell phone reimbursement Commuter assistance Flexible schedule Food provided Health insurance Internet reimbursement Leave encashment Paid sick time Paid time off Provident Fund Work Location: In person

Acronis is revolutionizing cyber protection—providing natively integrated, all-in-one solutions that monitor, control, and protect the data that businesses and lives depend on. We are looking for a TRU Researcher to join our mission to create a #CyberFit future and protect all data, applications and systems across any environment. We are seeking a skilled and driven Threat Researcher to join Acronis’ Threat Research Unit. This exciting opportunity offers you the chance to play a key role in proactively defending Acronis customers against evolving cyber threats. As part of our expert team, you will engage in cutting-edge research and collaborate on high-profile security incidents. What You’ll Do Conduct in-depth research and actively hunt for both emerging and existing cyber threats, attack techniques, and malware. Monitor, analyze, and interpret threat intelligence feeds, security alerts, and notifications to create a comprehensive understanding of the threat landscape. Investigate and profile threat actors and their tactics, techniques, and procedures (TTPs), identifying correlations and connections between activities. Develop automation tools to gather malware and threat intelligence data from diverse sources such as product telemetry, the Dark Web, and honeypots. Manage and populate threat intelligence databases with the data collected. Collaborate with incident response teams to provide detailed intelligence analysis and reports during high-profile incidents. Produce high-quality, actionable threat intelligence reports and presentations for internal and external stakeholders. Represent Acronis at industry forums and conferences, sharing valuable insights to enhance the collective understanding of the evolving cyber threat landscape. What You Bring A minimum of 3 years’ relevant experience in cybersecurity, specifically in threat intelligence or malware analysis. In-depth understanding of the threat landscape, MITRE ATT&CK framework, and threat actor profiles. Proficiency in static and dynamic malware analysis, as well as reverse engineering using tools such as IDA Pro and Ghidra. Solid knowledge of the TCP/IP network stack, with experience using network analysis tools like Suricata, Zeek, and Wireshark. Strong understanding of Windows and Linux operating systems, including their architecture and internals. Excellent analytical, problem-solving, and critical thinking abilities. Strong written and verbal communication skills, with the ability to present complex technical information to both technical and non-technical audiences. Proficiency in English. Preferred Qualifications Experience with programming/scripting languages such as Python, Bash, or PowerShell. Working knowledge of Chinese languages is a plus. Who We Are Acronis is a global cyber protection company that provides natively integrated cybersecurity, data protection, and endpoint management for managed service providers (MSPs), small and medium businesses (SMBs), enterprise IT departments and home users. Our all-in-one solutions are highly efficient and designed to identify, prevent, detect, respond, remediate, and recover from modern cyberthreats with minimal downtime, ensuring data integrity and business continuity. We offer the most comprehensive security solution on the market for MSPs with our unique ability to meet the needs of diverse and distributed IT environments. A Swiss company founded in Singapore in 2003, Acronis offers over twenty years of innovation with 15 offices worldwide and more than 1800 employees in 50+ countries. Acronis Cyber Protect is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses. Our corporate culture is focused on making a positive impact on the lives of each employee and the communities we serve. Mutual trust, respect and belief that we can contribute to the world everyday are the cornerstones of our team. Each member of our “A-Team” plays an instrumental role in driving the success of our innovative and expanding business. We seek individuals who excel in dynamic, global environments and have a never give up attitude, contributing to our collective growth and impact. Our Interview Practices To maintain a fair and genuine hiring process, we kindly ask that all candidates participate in interviews without the assistance of AI tools or external prompts. Our interview process is designed to assess your individual skills, experiences, and communication style. We value authenticity and want to ensure we’re getting to know you—not a digital assistant. To help maintain this integrity, we ask to remove virtual backgrounds and include in-person interviews in our hiring process. Use of AI-generated responses or third-party support during live interviews may be grounds for disqualification from the recruitment process and a full criminal, education and identification background check is required for all new hires. Acronis is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, marital status, national origin, physical or mental disability, medical condition, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, gender identity or expression, or any other characteristic protected by applicable laws, regulations and ordinances.

Description We are seeking a skilled OT Network Traffic Analyst with deep expertise in Operational Technology (OT) communication protocols to join our cross-functional security and ML team. The ideal candidate will be responsible for intercepting and analyzing OT network traffic, identifying potential anomalies, and contributing to the development of cutting-edge anomaly detection solutions — even across proprietary and undocumented protocols. This is a hands-on role requiring both technical proficiency in network traffic inspection and the ability to collaborate with machine learning engineers and cybersecurity experts. Responsibilities Intercept, monitor, and analyze traffic from OT/ICS networks in real-time and from historical captures. Perform protocol-level inspection across standard (e.g., Modbus, DNP3, OPC-UA, IEC 61850) and proprietary OT communication protocols. Reverse engineer undocumented or proprietary OT protocols where necessary. Identify and flag anomalous behavior or patterns in the traffic, correlating with known attack vectors or operational deviations. Collaborate with ML engineers to define features and data inputs for anomaly detection models. Contribute domain expertise in OT to refine, validate, and test detection algorithms. Assist in setting up testbeds and simulations to emulate OT environments and collect relevant traffic data. Document findings and create actionable reports for both technical and non-technical stakeholders. Stay current with advancements in OT threat intelligence and anomaly detection research. Eligibility Bachelor's or Master's degree in Computer Science, Electrical Engineering, Cybersecurity, or a related field. 3+ years of experience working in OT/ICS environments. Deep understanding of OT communication protocols (e.g., Modbus, BACnet, PROFINET, OPC, etc.), including the ability to analyze raw packet captures. Experience with network traffic analysis tools (Wireshark, Zeek, tcpdump, etc.). Familiarity with network intrusion detection systems (NIDS) and traffic replay tools. Basic knowledge of machine learning concepts and how data features are derived from raw data. Hands-on experience with packet inspection, protocol dissection, or protocol reverse engineering. Desired Eligibility Experience working with or developing anomaly detection models in cybersecurity. Knowledge of ICS/SCADA systems and the Purdue model. Exposure to proprietary or vendor-specific OT protocols (e.g., Siemens S7, GE, Allen-Bradley, etc.). Familiarity with cybersecurity frameworks like NIST, MITRE ATT&CK for ICS. Scripting or automation skills (Python, Bash) for parsing and transforming traffic data. Prior experience in cross-functional teams, including ML and cybersecurity experts. Why Join Us? Work on cutting-edge anomaly detection in real-world OT environments. Collaborate with a high-caliber team of machine learning and cybersecurity professionals. Tackle novel challenges across legacy and proprietary OT protocols. Flexible work environment and opportunity to influence core security products. Travel As and when required, across the country for project execution and monitoring as well as for coordination with geographically distributed teams. Communication Submit a cover letter summarising your experience in relevant technologies and software, along with a resume and the Latest passport-size photograph.

Acronis is revolutionizing cyber protection—providing natively integrated, all-in-one solutions that monitor, control, and protect the data that businesses and lives depend on. We are looking for a TRU Researcher to join our mission to create a #CyberFit future and protect all data, applications and systems across any environment. We are seeking a skilled and driven Threat Researcher to join Acronis’ Threat Research Unit. This exciting opportunity offers you the chance to play a key role in proactively defending Acronis customers against evolving cyber threats. As part of our expert team, you will engage in cutting-edge research and collaborate on high-profile security incidents. What You’ll Do Conduct in-depth research and actively hunt for both emerging and existing cyber threats, attack techniques, and malware. Generate original research leads through exploratory data analysis, pivoting on indicators, and investigating anomalous or low-prevalence activity patterns. Develop automation tools to gather malware and threat intelligence data from diverse sources such as product telemetry, the Dark Web, and honeypots. Manage and populate threat intelligence databases with the data collected. Track and attribute emerging TTPs and campaigns across malware families, threat actors, and regions. Perform reverse engineering of malware and identify novel obfuscation, packer, and C2 techniques to enrich intelligence feeds and produce unique detection content. Lead the production of actionable threat intelligence tailored to internal detection teams, external partners, and public-facing reports. Maintain, expand, and enrich Acronis’ internal threat intelligence platforms and hunting capabilities, including malware collection pipelines, dark web scrapers, and honeypot networks. Represent Acronis in the threat intelligence community: publish cutting-edge research, participate in coordinated disclosures, and present findings at leading industry conferences. What You Bring A minimum of 3 years experience in threat intelligence, threat hunting, or malware research roles with demonstrable hands-on investigations. In-depth understanding of the threat landscape, MITRE ATT&CK, malware TTP tracking, and actor profiling. Proficiency in static and dynamic malware analysis, as well as reverse engineering using tools such as IDA Pro and Ghidra. Solid knowledge of the TCP/IP network stack, with experience using network analysis tools like Suricata, Zeek, and Wireshark. Strong understanding of Windows and Linux operating systems, including their architecture and internals. Excellent analytical, problem-solving, and critical thinking abilities. Strong written and verbal communication skills, with the ability to present complex technical information to both technical and non-technical audiences. Proficiency in English. Preferred Qualifications Hands-on experience developing custom threat hunting or enrichment tools in Python, Go, or similar languages. Experience discovering new malware variants or infrastructure through passive DNS, WHOIS, TLS certificate analysis, or OSINT. Working knowledge of Chinese languages is a plus. Who We Are Acronis is a global cyber protection company that provides natively integrated cybersecurity, data protection, and endpoint management for managed service providers (MSPs), small and medium businesses (SMBs), enterprise IT departments and home users. Our all-in-one solutions are highly efficient and designed to identify, prevent, detect, respond, remediate, and recover from modern cyberthreats with minimal downtime, ensuring data integrity and business continuity. We offer the most comprehensive security solution on the market for MSPs with our unique ability to meet the needs of diverse and distributed IT environments. A Swiss company founded in Singapore in 2003, Acronis offers over twenty years of innovation with 15 offices worldwide and more than 1800 employees in 50+ countries. Acronis Cyber Protect is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses. Our corporate culture is focused on making a positive impact on the lives of each employee and the communities we serve. Mutual trust, respect and belief that we can contribute to the world everyday are the cornerstones of our team. Each member of our “A-Team” plays an instrumental role in driving the success of our innovative and expanding business. We seek individuals who excel in dynamic, global environments and have a never give up attitude, contributing to our collective growth and impact. Acronis is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, marital status, national origin, physical or mental disability, medical condition, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, gender identity or expression, or any other characteristic protected by applicable laws, regulations and ordinances.

We are looking to onboard a freelance SOC Analyst on a project basis to support our growing Security Operations Center (SOC) initiatives. This role will be essential in helping us expand capabilities for clients across the finance, SaaS, and critical infrastructure sectors. Please find below the project overview and candidate expectations: Project Overview The selected analyst will play a critical role in threat monitoring, log analysis, incident response , and real-time security event detection . This position will be project-based, with the potential for ongoing engagements depending on performance. Key Responsibilities Security Monitoring: Monitor alerts from Wazuh, Splunk, ELK, IDS/IPS, endpoint logs, and cloud environments. Incident Response: Analyze and respond to alerts, perform root cause analysis, and escalate as needed. Threat Hunting: Identify potential threats using intelligence feeds and behavioral anomalies. Alert & Rule Tuning: Customize Wazuh/OSSEC rules to reduce false positives. Documentation: Prepare incident reports, runbooks, and weekly summaries. Client Support: Assist in aligning with client-specific SOC policies, and support us during client meetings for POC and SOC service delivery discussions. Skills & Competencies Technical Expertise SIEM platforms: Wazuh (mandatory), ELK Stack, Splunk OS: Linux (Debian/Ubuntu/CentOS) & Windows (Event logs) Network: TCP/IP, DNS, ports, protocols, packet analysis Monitoring: File/process integrity, rootkit detection Scripting: Basic Python or Bash Tools Stack (Preferred) EDR: OSQuery, CrowdStrike Network: Zeek, Suricata, Wireshark Threat Intel: VirusTotal, AbuseIPDB, MISP, MITRE ATT&CK Case Management: TheHive + Cortex Minimum Qualifications 2–5 years of experience in a SOC Proven ability to analyze security logs and events Strong analytical and reporting skills Proficiency in written English for documentation Interested can share the profile at hr@petadot.com or visit www.petadot.com

Company Description Arista Networks is an industry leader in data-driven, client-to-cloud networking for large data center, campus and routing environments. Arista is a well-established and profitable company with over $7 billion in revenue. Arista’s award-winning platforms, ranging in Ethernet speeds up to 800G bits per second, redefine scalability, agility, and resilience. Arista is a founding member of the Ultra Ethernet consortium. We have shipped over 20 million cloud networking ports worldwide with CloudVision and EOS, an advanced network operating system. Arista is committed to open standards, and its products are available worldwide directly and through partners. At Arista, we value the diversity of thought and perspectives each employee brings. We believe fostering an inclusive environment where individuals from various backgrounds and experiences feel welcome is essential for driving creativity and innovation. Our commitment to excellence has earned us several prestigious awards, such as the Great Place to Work Survey for Best Engineering Team and Best Company for Diversity, Compensation, and Work-Life Balance. At Arista, we take pride in our track record of success and strive to maintain the highest quality and performance standards in everything we do. Job Description Who You’ll Work With In this role as a Network Detection and Response (NDR) Specialist, you will work closely with Security Operations Center (SOC) analysts, threat hunters, incident response teams, network and infrastructure teams, and IT security leadership. You will also collaborate with cybersecurity architects, intelligence analysts, and tool administrators to ensure effective deployment, tuning, and integration of NDR platforms. Coordination with external vendors and platform providers (such as Vectra, Darktrace, or ExtraHop) may also be required for tool optimization and support. This role demands strong cross-functional engagement to enable rapid threat detection, investigation, response, and continuous improvement of the organization’s security posture. What You’ll Do Arista is seeking a skilled and proactive Network Detection and Response (NDR) Specialist to join our cybersecurity team. The ideal candidate will be responsible for monitoring, detecting, investigating, and responding to network-based threats using advanced NDR platforms. This role is crucial in strengthening our organization’s threat detection capabilities and reducing cyber risks in real time. Key Responsibilities Monitor network traffic to detect malicious or anomalous activity using NDR solutions (e.g., Darktrace, Vectra, ExtraHop, Corelight). Configure, maintain, and fine-tune NDR tools to optimize detection capabilities and minimize false positives. Conduct deep-dive analysis of network events to identify indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs). Collaborate with SOC analysts, threat hunters, and other teams to contain and remediate threats. Perform forensic investigations of network packets and flows using tools such as Wireshark, Zeek, or Suricata. Develop detection rules, playbooks, and alerting mechanisms aligned with MITRE ATT&CK framework. Assist in threat intelligence enrichment and correlation with network-based alerts. Prepare root cause analyses, and recommendations for enhancing network security posture. Stay current on emerging threats, attack techniques, and NDR technologies. Qualifications Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field (or equivalent experience). 3–5 years of experience in cybersecurity, with at least 2 years focused on NDR or network security. Hands-on experience with one or more NDR platforms (Vectra AI, Darktrace, ExtraHop, etc.). Strong understanding of network protocols (TCP/IP, DNS, HTTP, etc.) and packet analysis. Familiarity with threat detection and response processes. Working knowledge of SIEM platforms, firewalls, IDS/IPS, and EDR solutions. Experience using MITRE ATT&CK, PCAP analysis, and threat intelligence feeds. Preferred Qualifications Certifications such as GCIA, GCIH, CEH, CISSP, or equivalent. Experience in scripting (Python, PowerShell, Bash) for automation and data analysis. Knowledge of cloud environments (AWS, Azure, GCP) and their networking components. Experience integrating NDR with SOAR/SIEM for automation and correlation. Analytical mindset with strong problem-solving skills. Ability to work under pressure Excellent verbal and written communication skills. Team player with the ability to collaborate across technical and non-technical teams. Additional Information Arista stands out as an engineering-centric company. Our leadership, including founders and engineering managers, are all engineers who understand sound software engineering principles and the importance of doing things right. We hire globally into our diverse team. At Arista, engineers have complete ownership of their projects. Our management structure is flat and streamlined, and software engineering is led by those who understand it best. We prioritize the development and utilization of test automation tools. Our engineers have access to every part of the company, providing opportunities to work across various domains. Arista is headquartered in Santa Clara, California, with development offices in Australia, Canada, India, Ireland, and the US. We consider all our R&D centers equal in stature. Join us to shape the future of networking and be part of a culture that values invention, quality, respect, and fun.

Outreach is the first and only AI Sales Execution Platform built for intelligent revenue workflows. Built on the world’s largest foundation of customer interactions and go-to-market team data, Outreach’s leading revenue AI technology helps go-to-market professionals and their companies win by intelligently accelerating decision making and elevating sellers to do their best work. Our powerful platform gives revenue teams the tools they need to design, measure, and improve a revenue strategy for every stage of the customer journey, improving efficiency and effectiveness across the entire revenue cycle. Over 6,000 customers, including Zoom, McKesson, Snowflake, SAP, and Okta use Outreach to power workflows, put customers at the center of their business, improve revenue results, and win in the market. Outreach is a privately held company based in Seattle, Washington, with offices worldwide. To learn more, please visit www.outreach.io. The Role Bridging Intelligence and Action The Cyber Intel Fusion Analyst is a pivotal role within our security program. This position serves as a critical bridge, linking strategic threat intelligence with tactical security operations. The analyst will be instrumental in evolving our security practices beyond traditional, siloed functions while ensuring that intelligence capabilities are not merely insightful but are directly integrated and operationalized within our security framework. This proactive operationalization of intelligence is key to anticipating emerging threats and developing innovative countermeasures to counter sophisticated cyber threats before they can impact our services or compromise sensitive information. The ability to quickly fuse intelligence into operational defense mechanisms provides a distinct security advantage, crucial for maintaining service reliability and customer trust. Your Daily Adventures Will Include Core Responsibilities: Shaping Our Defenses The responsibilities of the Cyber Intel Fusion Analyst are multifaceted, demanding a blend of analytical acumen, technical expertise, and collaborative skill. Intelligence Cycle Management & Requirements Definition: The analyst will manage the intelligence analysis cycle as it pertains to team operations. This includes working closely with team operators and other stakeholders to identify and refine intelligence requirements that drive threat emulation assessments and inform defensive strategies. A key function involves identifying intelligence requirements for diverse areas such as security operations, cloud security, enterprise security, and application security, including those related to artificial intelligence. This broad scope necessitates an understanding of the unique intelligence needs of various teams, positioning the analyst as a strategic partner who can tailor and deliver relevant intelligence to enhance the effectiveness of multiple security functions. Tactical Intelligence Analysis & Adversary Understanding: A core function is providing tactical cyber intelligence analysis, meticulously identifying specific adversary tactics, techniques, and procedures (TTPs). This analysis will be consistently tied back to established frameworks like the MITRE ATT&CK® Framework, leveraging intelligence provided by relevant organizations. The role involves recognizing and researching attacks and attack patterns based onpublished open-source intelligence (OSINT) and other intelligence sources. The analyst will be adept at handling and organizing disparate data concerning detections, attacks, and attackers to accurately identify adversary groups and their modus operandi, thereby driving assessments pertinent to the company. This process transforms general threat data into a refined understanding of adversaries specifically targeting our environment, such as those focusing on SaaS platforms if applicable. Developing Actionable Intelligence & Driving Threat Emulation: The analyst is tasked with developing, producing, and managing Adversary Response Playbooks. These playbooks are crucial for supporting and driving threat emulation assessments, ensuring our defenses are tested against realistic adversary behaviors.1 This involves translating analyzed intelligence on adversary TTPs and campaign indicators into actionable detection strategies, such as developing custom SIEM correlation rules or contributing to Security Orchestration, Automation, and Response (SOAR) playbooks. This operationalization of intelligence is fundamental, turning analytical findings into tangible, proactive defensive measures that strengthen our security posture. Collaboration, Liaison & Stakeholder Management: Effective relationship management is paramount. The analyst will manage relationships with organizations, both internal and external, that provide requested intelligence to the team or receive information from it. A significant part of the role includes representing the team in cyber threat intelligence-related meetings and matters, acting as a crucial liaison. This collaboration extends across multiple organizational functions, potentially including cloud engineering teams, DevSecOps personnel, SOC analysts, incident responders, and even executive leadership. By effectively sharing tailored intelligence, the analyst acts as a force multiplier, enhancing the capabilities and preparedness of various teams across the organization. Our Vision of You Core Competencies: Mastery of the Intelligence Cycle: Expertise in managing the intelligence analysis cycle, encompassing planning, collection (including OSINT and multi-source intelligence), processing, in-depth analysis of adversary TTPs, and the production and dissemination of timely, accurate, and actionable intelligence products tailored to diverse internal audiences. Strategic Requirements Identification: Proven ability to identify and refine intelligence requirements for a wide array of security functions, includingsecurity operations, cloud security, enterprise security, and application security (potentially including AI), ensuring intelligence efforts align with business and operational needs. Tactical Intelligence & TTP Expertise: Strong skills in tactical cyber intelligence analysis, identifying specific adversary TTPs and mapping them to frameworks like MITRE ATT&CK®. This includes researching current attacks, attack patterns, and understanding threats specific to modern environments (e.g., SaaS-specific attack patterns). Actionable Output Development: Demonstrable experience in developing, producing, and managing resources like Adversary Response Playbooks to support and drive threat emulation assessments, effectively translating intelligence into practical defensive measures. Data Synthesis & Adversary Profiling: Capability in handling and organizing disparate data about detections, attacks, and attackers to properly identify adversary groups and develop comprehensive threat actor profiles, particularly those relevant to the company’s operational landscape. Exceptional Collaboration & Liaison Skills: Excellent relationship management abilities with internal and external intelligence providers and consumers, and proven experience acting as an effective liaison and team representative in intelligence matters. Education and Experience: A minimum of 5 years of progressive, hands-on experience in the cybersecurity domain, with a demonstrable track record in roles that combine cyber threat intelligence analysis with security operations or incident response functions. Experience in environments with a significant cloud and SaaS focus is highly advantageous. This emphasis on combined experience highlights the need for individuals who have practically applied the "fusion"concept. Technical Prowess: The analyst must possess a robust set of technical skills to effectively investigate security incidents, analyze threat data, and implement defensive measures, especially within cloud environments. Essential Technical Competencies Are Outlined Below An in-depth understanding of core networking protocols (TCP/IP, UDP,HTTP/S, DNS, SMTP, etc.), network traffic analysis methodologies, and the function of common networking ports and protocols. Proficiency with cloud security architectures (IaaS, PaaS, SaaS) and hands-onexperience with security tools native to major cloud platforms (e.g., AWS,Azure, GCP). Expertise with Security Information and Event Management (SIEM) platforms for log correlation, advanced analysis, and the development of custom detection rules. Hands-on experience with Endpoint Detection and Response (EDR/XDR) solutions for endpoint threat detection, investigation, and response. Strong skills in comprehensive log analysis from diverse cloud and on-premises sources, including operating systems (Windows, Linux, macOS), applications, network devices, and cloud service logs (e.g., CloudTrail, Azure Monitor). A solid understanding of Windows and Linux operating systems (including distributions such as RHEL, Ubuntu, CentOS) and macOS, encompassing system administration fundamentals, security configurations, logging mechanisms, and common attack vectors. Scripting skills for automation of analytical tasks, data manipulation, tool integration, or the development of custom detection scripts using languages such as Python, PowerShell, or Bash. Deep understanding and practical application of threat intelligence frameworks such as the MITRE ATT&CK® Framework, the Cyber Kill Chain®, and the Diamond Model of Intrusion Analysis. The following outlines core technical competencies and representative toolsets relevant to this role: Category Examples/Specific Tools (Tailored for SaaS) Cloud Platform Security: AWS (GuardDuty, Security Hub, Macie, Inspector), Azure (Sentinel, Defender for Cloud), GCP (Security Command Center) SIEM: Google SecOps, CrowdStrike NG SIEM, Sumologic CloudSiem EDR/XDR: CrowdStrike Falcon, JAMF Protect Network Analysis: Wireshark, Zeek (formerly Bro), Suricata, Cloud-native traffic mirroring/analysis tools Vulnerability Management: CrowdStrike Exposure Management, Wiz, Cloud-native vulnerability scanners Scripting Languages: Python, PowerShell, Bash Operating Systems: Windows (Client/Server), Linux (various distributions such as RHEL, Ubuntu, CentOS), macOS Threat Intelligence Platforms: (TIPs) MISP, ThreatConnect, Anomali ThreatStream,Recorded Future. Analytical and Communication Skills: Exceptional analytical and problem-solving skills, with a demonstrated ability to correlate disparate datasets, identify subtle patterns of malicious activity, and make sound, evidence-based judgments, often under pressure. Excellent written and verbal communication skills, with the proven ability to articulate complex technical information, security concepts, and intelligence findings clearly and concisely to diverse audiences, including technical peers and management. Work Requirements This position requires participation in an on-call rotation to provide expert support during critical security incidents. This role does not involve regular shift work. Bonus Points: Preferred Qualifications While not mandatory, the following qualifications will significantly differentiate strong candidates and indicate a deeper specialization. Advanced Industry-recognized Cybersecurity Certifications. Examples Include GIAC Cyber Threat, SANS/GIAC Cyber Threat Intelligence, Intelligence (GCTI), GIAC Certified Intrusion, SANS/GIAC Network Security Monitoring, Analyst (GCIA), Intrusion Detection, GIAC Certified Incident, SANS/GIAC Incident Response, Handler (GCIH), CISSP (ISC)² Broad Cybersecurity, Management & Operations, AWS Certified Security – Amazon Web Services AWS Cloud Security Specialty, Azure Security Engineer, Microsoft Azure Cloud Security, Associate (AZ-500), CompTIA Cybersecurity, CompTIA Cybersecurity Analysis, Analyst (CySA+), Intrusion Detection, Offensive Security Certified, Offensive Security Penetration Testing, Professional (OSCP), (Understanding Attacker Methods) Practical experience utilizing Threat Intelligence Platforms (TIPs) such as MISP, ThreatConnect, Anomali ThreatStream, or Recorded Future. Experience with Security Orchestration, Automation, and Response (SOAR) platforms and playbook development. Knowledge of malware analysis (static and dynamic) and reverse engineering techniques, and familiarity with associated tools. Familiarity with DevSecOps principles and experience securing CI/CD pipelines. Understanding of compliance frameworks relevant to SaaS environments (e.g.,SOC 2, ISO 27001/27701/42001, GDPR, HIPAA). Why You’ll Love It Here Highly competitive salary 25 days annual vacation time + sick time and casual leave Group medical policy coverage available to employees and up to 5 eligible family members OPD benefit covered up to INR 10,000 Life insurance and personal accident insurance at 3x annual CTC 26 weeks of maternity leave pay, and 15 days of paternity leave pay Opportunity to be part of company success via the RSU program Diversity and inclusion programs that promote employee resource groups like OWN+ (Outreach Women's Network), Adelante (Latinx community), OBX (Outreach Black Connection), Mosaic (AAPI community), Pride (LGBTQIA+), Gender+, Disability Community, and Veterans/Military Employee referral bonuses to encourage the addition of great new people to the team Fun company and team outings because we play just as hard as we work Our success is reliant on building teams that include people from different backgrounds and experiences who can elevate assumptions and ideas with fresh perspectives. We're dedicated to hiring the whole human, not just a resume. To that end, we look for a diverse pool of applicants-including those from historically marginalized groups. We would like to invite you to apply even if you don't think you meet all of the requirements listed below. We don't want a few lines in a job description to get between us and the opportunity to meet you. Show more Show less

Indore, Madhya Pradesh, India Qualification : Deploying various Open-Source Network Security Solutions Integrate relevant components. Performance Optimization and Optimization of Rules set. Event driven process flow and actions – customization of IPC and enrichments. System Engineering for reliability and system performance improvement Research on new approaches and IP creation. Skills Required : IP Networks, Linux Internals, Scripting, LUA, Event Driven Scripting, YARA, SIGMA Role : Rich Experience in working on Network Security Products such as IDS / IPS, Next Generation Firewall, Experience of as product Development / Solution Engineering Experience in working on IP networking, IP networking Protocols, Computer System internals, IPCs. Good understanding and knowledge of TCP/IP networking: Including L2/L3/L4/L7 protocols (SIP, RTP, SMTP, HTTP, POP3, FTP, STP, VLAN, VTP, TCP/IP, BGP, OSPF, GTP, GRE,DHCP, DNS, FTP, HTTP/S and SNMP) Strong Understanding of PCAP, DPI (Deep Packet Inspection) Deployment and performance optimization of– Suricata / SNORT/ Zeek. Creating and adopting Rules for IDS/IPS, Experience in working large networks ~ 10G/100G/400G. Network Clustering, Parallel processing, Virtual Appliances, Working on Linux, Cloud Environment, Network Processing Cards (NICs), Parallel processing, Off-loading, Accelerations Qualifications Postgraduate in Com Sc. Engineering with specialization in IP Networking Programming Skills in C/C++, Python Operating Systems: Linux Experience: 4-6 years. Experience : 4 to 6 years Job Reference Number : 11592

We are seeking an OT Network Engineer to contribute to the development of an industrial automation and security platform with advanced OT network discovery, device fingerprinting, real-time tracking, and security compliance features . The ideal candidate will have expertise in network scanning, industrial protocols (SNMP, LLDP, ARP), Zero Trust security, IEC 62443 compliance, and PLC inventory management . This role requires hands-on experience in building scalable, secure, and AI-driven OT networking solutions integrated into the platform. Key Responsibilities: OT Network Discovery & Device Fingerprinting Develop and integrate automated network scanning for industrial assets into the platform. Implement passive & active network scanning using SNMP, LLDP, ARP, and industrial protocols. Design and optimize device fingerprinting to classify OT devices (PLCs, SCADA nodes, IIoT gateways, sensors) based on manufacturer, model, firmware, and protocol stack. Enable real-time endpoint tracking and automated asset registration within the platform. 2. Industrial Network Security & Compliance (IEC 62443, Zero Trust) Implement IEC 62443-based security frameworks within the platform to ensure OT network compliance. Integrate Zero Trust security models for industrial endpoints and control networks. Work on network segmentation strategies for isolating critical industrial systems within the platform. Design and develop anomaly detection features for unauthorized device behaviors using AI-based security analytics. 3. SCADA-Integrated Asset Management & Monitoring Contribute to the development of a SCADA-integrated asset inventory system for industrial environments. Develop a real-time monitoring engine for tracking PLC instances, network ports, and communication health. Optimize SCADA-to-OT data flows for improved visibility and control. Design SCADA security monitoring dashboards for operational visibility and threat detection. 4. OT Network Simulation & Testing Framework Develop a virtualized OT network environment for testing protocol translations and device communications. Simulate SCADA-to-PLC interactions within a cloud-based or hybrid testing framework. Create automated test cases for evaluating platform performance in large-scale OT environments. 5. AI-Driven Security & Network Optimization Contribute to AI-powered security heuristics for intrusion detection, anomaly recognition, and behavioral analysis. – Strongly Preferred Design real-time correlation engines to map network security events to operational risk indicators. Work with data scientists to integrate machine learning models for predictive network failure analysis. Required Skills & Qualifications: Networking & Industrial Protocols: Expertise in SNMP, LLDP, ARP-based discovery and industrial networking standards. Deep understanding of SCADA, PLC, DCS, and IIoT network architectures. Strong knowledge of Modbus TCP/IP, OPC-UA, EtherNet/IP, PROFINET. Security & Compliance: In-depth knowledge of IEC 62443, Zero Trust Architecture (ZTA), and industrial cybersecurity. Experience in firewall configurations, network segmentation, and encrypted communications (TLS 1.3, AES-256). Understanding of SIEM integration and OT security monitoring tools (Claroty, Nozomi, Dragos, CyberX). Platform Development & Integration: Experience in building scalable network discovery and security platforms for industrial automation. Familiarity with cloud-based OT security solutions (Azure Defender for IoT, AWS IoT Device Defender). Ability to work with RESTful APIs, MQTT, Kafka, and real-time event processing frameworks. Tools & Technologies: Network Security & Monitoring: Wireshark, Nmap, Zeek, Snort, Suricata. OT Security Platforms: Claroty, Nozomi Networks, Dragos, CyberX. Cloud & Edge Security: Azure IoT Hub, AWS IoT Core, Google Cloud IoT. PLC & SCADA Systems: Siemens, Rockwell, ABB, Schneider Electric, GE. Cloud & Edge Security: Azure Defender for IoT, AWS IoT Device Defender. Show more Show less