13 Detection Engineering Jobs

At a Glance: The Story Behind AMINA Founded in April 2018 and headquartered in Zug, AMINA Bank is a pioneer in the financial industry providing a seamless, secure and easy-to-use bridge between digital and traditional assets. As a smart bank AMINA Bank offers a fully universal suite of regulated banking services in the emerging digital economy. In August 2019, AMINA Bank received a Swiss banking and securities dealer license the first time a reputed, regulatory authority such as FINMA has granted a licence to a financial services provider with a core capability in digital assets. The broad, vertically integrated spectrum of services combined with the highest security standards, make AMINA Banks value proposition unique. CVVC Global Report and CB Insights names AMINA Bank as Top 50 Companies within the blockchain ecosystem. Your Mission (Should You Choose to Accept It) Were looking for a talented and dynamic individual, who is self-motivated and loves finding optimal operational results to join us as a SOC Analyst and Incident Responder to protect our enterprise infrastructure against cyber threats. Your AMINA To-Do List Security Monitoring and Triage: Handle initial monitoring and triaging alerts, conduct deeper investigations into escalated incidents, and manage complex threats. You will be responsible for responding to basic incidents, escalating issues as needed, and performing advanced analysis to resolve issues that Tier 1 analysts cannot handle. Incident Response: Lead response efforts for major incidents such as ransomware and data breaches. Coordinate containment and eradication with IT-Ops and IT-Security teams, develop and execute recovery plans post-incident, conduct root cause analysis, and document lessons learned. You will also brief leadership on incident status and impact. Threat Hunting and Intelligence: Proactively search for hidden threats or anomalies, gather and analyze threat intelligence, and produce actionable threat reports and briefings. Collaborate with Threat Intelligence Analysts to prioritize hunting efforts and refine detection logic. Forensic Analysis: Conduct detailed investigations into security breaches to support recovery and legal efforts. Collect and preserve digital evidence, analyze malware, logs, and memory dumps for attack details, and prepare forensic reports for legal or compliance use. Malware Analysis: Specialize in dissecting and understanding malicious software. Reverse-engineer malware samples, identify and document IOCs and behaviors, assist in developing detection signatures, and support incident response with malware insights. Your Golden Ticket To The AMINA Team Bachelors degree in Computer Science, Information Security, Cybersecurity, or a related field. Minimum of 2 years in security analysis and incident response, with proficiency in tools such as SIEM, XDR, and IR platforms. Proven experience in handling major security incidents, conducting threat hunting, and performing forensic analysis. Experience in cloud security, network security, and application security is highly desirable. Familiarity with detection engineering and API security is a plus. Advanced proficiency in log and event analysis, threat identification, and mitigation. Strong analytical and problem-solving abilities. Excellent written and oral communication skills, with a knack for collaboration. Proficiency in English, both written and spoken, with good presentation skills. Ability to work independently and as part of a team. Relevant certifications such as CISSP, CEH, OSCP, GCIH, GCIA, Microsoft Certified: Azure Security Engineer, or equivalent. Understanding of ITIL and ITSM processes, and strong understanding of IT-Security Detection & Response principles and practices. Proactive with a continuous improvement approach, staying updated on emerging security threats and technologies. Why Were Awesome Join our skilled team and together redefine finance. We owe our exponential growth to our innovative and collaborate team spirit and talented workforce. Every voice counts as we are always committed to learning from diverse perspectives and backgrounds because our people make the difference at AMINA Bank. Regardless of your age, gender, belief, and background, at AMINA EVERYONE (E) is welcome! Show more Show less

KEY Capabilities Experience in working with SIEM Solutions such as Splunk or Azure Sentinel. Experience in working with any of Endpoint Detection and Response tools preferably Crowdstrike, Sentinel One or Microsoft Defender for Endpoint. Expertise in SIEM and EDR content development with an eye towards behavior-based detection logic. Strong background in host based and network-based behaviors. Familiarity of Windows Event IDs and common application logs. Knowledge in programming or scripting languages such as Batch Scripting, Python PowerShell, etc. Experience in purple teaming activities. Hands-on experience on threat Hunting for identification of interested events for content development. Analyze and investigate broad range of threats or cyber activities occurring on daily basis. Provide actionable insights to help identify, detect, prevent, and respond to potentially malicious activities. Qualification and experience Minimum of 3 to 7 years experience with in-depth host, network architecture knowledge that will translate over to effective content development. Minimum of 3 years SOC experience. An adversarial mindset, understanding the goals, behaviors, and TTPs of threat actors. Strong oral, written and listening skills are an essential component to effective consulting. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary. Must have content development knowledge in Endpoint Detection and Response (Defender/CrowdStrike), SIEM (Splunk/Sentinel). Must have knowledge of Windows and Linux basics including command and script interpreters, PowerShell, registries etc. Troubleshoot EDR and SIEM platform and application issues, escalate and work with relevant teams to resolve issues. Certifications in a core security related discipline will be an added advantage. Certification in any one of the SIEM, EDR or Network Solutions such as Splunk, Azure Sentinel, Falcon Crowdstrike, SentinelOne will be an added advantage.

About this role: Wells Fargo is seeking a Senior Information Security Engineer. In this role, you will: Lead or participate in computer security incident response activities for moderately complex events Conduct technical investigation of security related incidents and post incident digital forensics to identify causes and recommend future mitigation strategies Provide security consulting on medium projects for internal clients to ensure conformity with corporate information, security policy, and standards Design, document, test, maintain, and provide issue resolution recommendations for moderately complex security solutions related to networking, cryptography, cloud, authentication and directory services, email, internet, applications, and endpoint security Review and correlate security logs Utilize subject matter knowledge in industry leading security solutions and best practices to implement one or more components of information security such as availability, integrity, confidentiality, risk management, threat identification, modeling, monitoring, incident response, access management, and business continuity Identify security vulnerabilities and issues, perform risk assessments, and evaluate remediation alternatives Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals Required Qualifications: 4+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education Desired Qualifications: 4+ years of demonstrated experience leveraging security technologies such as SIEM for security incident analysis 2+ years of demonstrated experience with at least one scripting language (preferably JavaScript and its frameworks Python) working on automation and engineering projects Proficiency in detection engineering developing and maintaining effective detection rules and correlation logic. Correlation searches, rules, alerts. Behavioral detections (e.g., brute-force, privilege escalation). Anomaly detections (e.g., unusual logon patterns, entropy-based detections). Hands-on experience with parsing configurations (props, transforms, regex, normalization techniques). Expertise in log source onboarding , source categorization, and enrichment. Strong understanding of security event types (firewall, endpoint, identity, cloud, SaaS logs). Familiarity with common attack vectors (credential abuse, privilege escalation, lateral movement). Knowledge of threat detection frameworks like MITRE ATT&CK, NIST, CIS . Ability to work with threat intelligence feeds to build contextual detections. Experience with log analysis , anomaly detection , and statistical detection methods. Proficient in developing content for SIEMs such as Splunk, Sentinel, QRadar, ArcSight, Elastic, etc. Optimize search performance and false positive tuning of existing detection rules. Maintain deployment workflows for apps, configurations, and detection packages across the SIEM infrastructure. Work with security analytics teams to develop data models or normalized schemas (CIM or equivalent). Knowledge and understanding of banking or financial services industry Should possess understanding of security and threat landscape relevant to cloud technologies Excellent verbal, written, and interpersonal communication skills Strong ability to identify anomalous behavior on endpoint devices and/or network communications Advanced problem solving skills, ability to develop effective long-term solutions to complex problems Relevant certifications such as Splunk Certified Admin, Splunk Enterprise Security Certified Admin. Job Expectations: The candidate will play a major role in our Secure content development team, including the vetting of new models and procedures to identify and react to anomalous network and/or endpoint behaviors. This position is designed to assure success in our next-generation ability to discover and react to advanced security threats. The engineer will be responsible to develop rules and usecases on SIEM platform. Responsible for finetuning of the rules/creating exceptions. Develop and manage Technology Add-ons (TAs) Data connectors for custom and third-party applications

Essential Services : Role & Location fungibility At ICICI Bank, we believe in serving our customers beyond our role definition, product boundaries, and domain limitations through our philosophy of customer 360-degree. In essence, this captures our belief in serving the entire banking needs of our customers as One Bank, One Team . To achieve this, employees at ICICI Bank are expected to be role and location-fungible with the understanding that Banking is an essential service . The role descriptions give you an overview of the responsibilities, it is only directional and guiding in nature. About the role: As a SOC Analyst - Detection Engineering in the banks security operations center (SOC), the individual will be responsible to strengthen the creation and optimization of Analytical rules and alerts configured in the banks SIEM platform. Key Responsibilities: Business Understanding: Accountable to ensure all security anomalous activities are detected by the banks SIEM platform and false positives are kept to a minimum. You will be responsible to build analytical correlational rules in the banks SIEM platform covering network, systems and endpoints, cloud (SAAS, IAAS and PAAS) and applications (both COTS and internally developed). Collaborate: Verify the ingested logs and ensure log parsing to normalize the events. Implement a testing methodology to test the alerts configured and obtain sign off before releasing into production. Provide expert guidance and support to the security operations team in the use of for threat hunting and incident investigation. Analyzing the detected Incidents to identify lessons learned to improve response processes and make recommendations for enhancing security posture. Reporting: Develop and maintain documentation for Analytical rules processes and procedures. Stay Up to date with the latest trends and developments in cybersecurity and SIEM technologies and recommend improvements to the organization security posture. Qualifications & Skills Educational Qualification: Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent with experience in cloud security with any of the following - Microsoft Azure, Google cloud, Ability to develop and implement security policies, procedures and best practices. Experience: At least 5 years of experience working as a SOC analysts responsible to create SIEM rules/alerts. Hands-on experience in creation of security alerts in any of the commonly used SIEM solutions is a must. Certifications: SIEM Certification from any of the leading SIEM OEMs Splunk, Palo Alto, Securonix, LogRhythm, etc,. CEH or CISSP CCNA Security and/or any of the Cloud security certifications (AWS, GCP, Azure, OCI). Compliance: Knowledge of Networking components, Servers (RHEL, Windows, etc.) and Endpoints, cloud infrastructure along with Machine learning models used for detection of security alerts. Knowledge of various log types, event parsing and ingestion mechanisms across Systems, networks, cloud and commonly used applications in banks. Communication Skills: Excellent communication and interpersonal skills. Synergize with the Team: Working with the designated bank personnel to ensure alignment with RBI guidelines on detection of security alerts applicable to banks. Should have strong understanding of cybersecurity principles, threat detection and incident response. About the Business Group ICICI Bank’s Information Security Group believes in providing services to its customers in the safest and secured manner, keeping in mind that data protection for its customers is as important as providing quality banking services across the spectrum. The CIA triad of Confidentiality, Integrity, and Availability is built on the vision of creating a comprehensive information security framework. The Bank also lays emphasis on customer elements like protection from phishing, adaptive authentication, awareness initiatives, and provide easy to use protection and risk configuration ability in the hands of customers. With this core responsibly, ICICI administer and promotes on going campaigns to create awareness among customers on security aspects while banking through digital channels.

You are a Cybersecurity Implementation Engineer with at least 2 years of relevant experience, specializing in customer parser development, Yara rules creation, playbook implementation, and data ingestion techniques. In this role, you will be involved in designing and implementing cutting-edge cybersecurity solutions while collaborating with a team of skilled professionals. Your responsibilities will include developing custom parsers to extract and normalize data from various sources, designing and maintaining Yara rules for threat detection, creating playbook automation for incident response, and implementing data ingestion pipelines for analyzing security data. You will work closely with cross-functional teams to understand customer requirements, identify emerging threats, and provide technical support during security incident response activities. To qualify for this position, you should hold a Bachelor's degree in Computer Science, Information Security, or a related field. You must have hands-on experience in cybersecurity, data analysis, detection engineering, and implementing custom parsers for log and data normalization. Proficiency in creating and managing Yara rules, designing playbook automation, and utilizing tools like Demisto and Phantom is essential. Additionally, you should be familiar with data ingestion technologies, SIEM solutions such as Splunk and ELK, and possess excellent analytical, troubleshooting, and communication skills. If you are a dedicated cybersecurity professional with expertise in customer parser development, Yara rules creation, playbook implementation, and data ingestion techniques, we invite you to join our team. Help us in our mission to safeguard our organization and customers from cyber threats by sharing your updated profile at naveen.vemula@netenrich.com.,

Agoda is an online travel booking platform that connects travelers with a global network of 4.7M hotels and holiday properties worldwide, as well as flights, activities, and more. As part of Booking Holdings and based in Asia, Agoda has a diverse team of 7,100+ employees from 95+ nationalities across 27 markets. The work environment at Agoda is characterized by diversity, creativity, and collaboration, fostering a culture of experimentation and ownership to enhance the travel experience for customers. The Security Department at Agoda oversees security, compliance, GRC, and security operations to ensure the safety and protection of the company and its employees. As a member of the Security Operations (SecOps) Team, you will be at the forefront of designing, implementing, and maintaining cutting-edge security solutions to safeguard Agoda's large-scale global environment. This role offers the opportunity to work with advanced security tools, collaborate across multiple teams, and contribute directly to Agoda's mission of secure, seamless travel for millions of users worldwide. Key responsibilities in this role include implementing and managing secure cloud deployments across AWS, Azure, and GCP using Infrastructure-as-Code (IaC) tools like Terraform, identifying and remediating misconfigurations in cloud resources, providing expert guidance on cloud architecture and deployment strategies, and utilizing advanced tools for monitoring, detecting, and mitigating security threats. Additionally, you will be expected to develop scalable solutions using programming languages like Python and Go, design automated workflows to enhance threat detection capabilities, and establish secure practices for Kubernetes environments and CI/CD pipelines. To succeed in this role, you should have a minimum of 4 years of experience in a hands-on information security role, expertise in IDP/IAM solutions, familiarity with Microsoft security tools, proficiency in programming languages for automation tasks, and experience in managing cloud environments such as AWS, Google Cloud, or Azure. Effective communication skills are essential for conveying complex security concepts clearly to various stakeholders. Agoda offers a relocation package for those interested in moving to Bangkok, Thailand, along with a range of benefits including a hybrid working model, WFH set up allowance, remote working opportunities, employee accommodation discounts, a diverse global team, annual CSR/volunteer time off, and access to various subscription services and support programs. Agoda is an Equal Opportunity Employer and keeps applications on file for future vacancies. Please note that Agoda does not accept third-party resumes and is not responsible for any fees related to unsolicited resumes. For more details, please refer to the privacy policy.,

About the role: As a SOC Analyst - Detection Engineering in the banks security operations center (SOC), the individual will be responsible to strengthen the creation and optimization of Analytical rules and alerts configured in the bank’s SIEM platform. Key Responsibilities: Business Understanding Accountable to ensure all security anomalous activities are detected by the banks SIEM platform and false positives are kept to a minimum. You will be responsible to build analytical correlational rules in the banks SIEM platform covering network, systems and endpoints, cloud (SAAS, IAAS and PAAS) and applications (both COTS and internally developed). Collaborate Verify the ingested logs and ensure log parsing to normalize the events. Implement a testing methodology to test the alerts configured and obtain sign off before releasing into production. Provide expert guidance and support to the security operations team in the use of for threat hunting and incident investigation. Analyzing the detected Incidents to identify lessons learned to improve response processes and make recommendations for enhancing security posture. Reporting Develop and maintain documentation for Analytical rules processes and procedures. Stay Up to date with the latest trends and developments in cybersecurity and SIEM technologies and recommend improvements to the organization security posture. Qualifications & Skills Educational Qualification Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent with experience in cloud security with any of the following - Microsoft Azure, Google cloud, Ability to develop and implement security policies, procedures and best practices. Experience At least 5 years of experience working as a SOC analysts responsible to create SIEM rules/alerts. Hands-on experience in creation of security alerts in any of the commonly used SIEM solutions is a must. Certifications SIEM Certification from any of the leading SIEM OEMs Splunk, Palo Alto, Securonix, LogRhythm, etc,. CEH or CISSP CCNA Security and/or any of the Cloud security certifications (AWS, GCP, Azure, OCI). Compliance Knowledge of Networking components, Servers (RHEL, Windows, etc.) and Endpoints, cloud infrastructure along with Machine learning models used for detection of security alerts. Knowledge of various log types, event parsing and ingestion mechanisms across Systems, networks, cloud and commonly used applications in banks. Communication Skills Excellent communication and interpersonal skills. Synergize with the Team Working with the designated bank personnel to ensure alignment with RBI guidelines on detection of security alerts applicable to banks. Should have strong understanding of cybersecurity principles, threat detection and incident response.

What You'll Do Avalara, Inc. is the leading provider of cloud-based software that delivers a broad array of compliance solutions related to sales tax and other transactional taxes. What is it like to work at Avalara? Come find out! We are committed to the following success traits that embody our culture and how we work together to accomplish great things: Fun. Passion. Adaptability. Urgency. Simplicity. Curiosity. Humility. Ownership. Optimism. Avalara is looking for Detection Engineer to join the Detection and Response Team. The ideal candidate will have a track record in incident response, demonstrating advanced technical expertise and leadership capabilities. Your role will be of an Incident Response Analyst, you will help protect Avalara. This includes detecting, investigating, and mitigating security incidents. You will also be a key contributor in improving our incident response capabilities. You will report to Security leadership at Avalara. This is a remote position. #LI-Remote What Your Responsibilities Will Be You will perform incident response activities and workstreams as the Incident Response Senior Analyst. You will monitor security systems, including Intrusion Detection Systems (IDS), Endpoint Detection and Response (EDR) platforms, software firewalls, and Security Information and Event Management (SIEM) platforms. Gather and analyze evidence from affected systems, logs, and network traffic. You will conduct detailed investigations of security incidents to determine the root cause, scope, and impact. Document all aspects of security incidents, including timelines, actions taken, and lessons learned. Perform forensic analysis of compromised systems to identify the techniques and tactics used by attackers, or as directed by Legal. Collaborate with cross-functional teams including Engineering, IT, Security Operations, Legal, HR, and Compliance to manage and mitigate incidents. Strengthen KPIs and metrics for measuring response effectiveness and provide clear and consistent reporting to internal stakeholders. Participate in rotating On Call shifts that utilize a paging system in case a security event requires attention. What You'll Need to be Successful 5+ years experience in Security Incident Response. Experience across the information security domain, including familiarity with endpoint, email, network, cloud security, vulnerability management, incident response, and threat intelligence. Experience with log analysis, network security, digital forensics, and incident response investigations. Ability to script code using Python or an equivalent language. Bachelor's degree in computer science, information security, or relevant experience. Certifications related to digital forensics and incident response

Job description Role Overview: Were looking for a Email Security Researcher to join our Email Security Research Team. In this role, you will focus on identifying and mitigating advanced email-borne threatsspam, Business Email Compromise (BEC), vishing, and targeted impersonation campaigns. Youll leverage open-source and commercial tools, develop detection rules, and collaborate with global SOC teams to continuously improve our email threat-detection capabilities. Key Responsibilities: Threat Analysis & Hunting: Review large volumes of email traffic to identify malicious patterns, emerging spam campaigns, BEC tactics, vishing attempts, and impersonation fraud. Perform root-cause analysis on incidents and produce actionable intelligence. Rule Development & Tuning: Author and maintain detection signatures in Snort, YARA, ClamAV, and SpamAssassin. Optimize rule performance to minimize false positives/negatives. Automation & Tooling: Develop Python scripts and serverless functions (AWS Lambda or GCP Cloud Functions) to automate email parsing, feature extraction, and alerting. Integrate detection engines into SIEM and SOAR platforms. Collaboration & Reporting: Work closely with SOC analysts, incident responders, and product teams to triage alerts, refine workflows, and deploy new detection logic. Communicate findings and recommendations through clear technical reports and dashboards. Continuous Improvement: Stay current on attacker tactics (TTPs), new phishing/vishing toolkits, and protocol-level evasion techniques (e.g., sender forging, DMARC bypass). Contribute to threat-intel feeds and internal knowledge bases. Basic Qualifications: Experience: 5-8 years total with 35 years in email security research or detection engineering, with a focus on spam, BEC, vishing, and impersonation. Tools & Technologies: Rule engines: Snort, YARA, ClamAV, SpamAssassin Scripting: Python (experience with email libraries imaplib, email, etc.) Cloud platforms: AWS or GCP (Lambda/Functions, serverless compute, storage) Email Protocols & Forensics: Proficient with SMTP, MIME, DKIM, DMARC, SPF, and email header analysis. Analytical Skills: Strong capability to sift through raw logs and MIME bodies to uncover malicious indicators. Communication: Clear written and verbal skills to document findings for technical and non-technical audiences. Preferred Qualifications: Machine Learning & Analytics: Hands-on experience applying ML or statistical methods to email threat detection (e.g., feature engineering, anomaly detection, clustering). Global SOC Environment: Prior work in a 247 Security Operations Center supporting multi-region email volumes. Threat Intelligence Integration: Familiarity with integrating open-source or commercial intel feeds into detection pipelines. Scripting & Infrastructure as Code: Experience with Terraform, CloudFormation, or similar for automated deployment of detection infrastructure.

Investigate, hunt, and lead escalated incident response using advanced threat detection from SIEM, EDR, NDR platforms. Develop and manage custom detection use cases aligned to threat frameworks and customer environments. Key Responsibilities: Monitoring, Investigation & Triage Triage and correlate alerts from SIEM (QRadar/Sentinel), EDR, and NDR Identify lateral movement, C2 activity, and data exfiltration Lead incident investigations and initiate containment measures Threat Hunting & Detection Engineering Proactive hunting using logs, flow data, and behavior analytics Apply MITRE ATT&CK for hypothesis-driven hunts Develop, test, and optimize custom detection rules Maintain a backlog aligned with emerging threats Tool Proficienc y SIEM: Advanced KQL/AQL queries, rule tuning, alert optimization EDR: Defender for Endpoint binary/process analysis, endpoint containment NDR: Darktrace/LinkShadow behavioral baselining, detection logic SOAR: Sentinel Playbooks / Cortex XSOAR for automated workflows Cloud Security: Azure AD alerts, MCAS, Defender for Cloud, M365 Defender Threat Intelligence Integration IOC/TTP enrichment Threat intel feed integration Contextual alert correlation Reporting & RCA Draft technical incident reports and RCAs Executive-level summaries for major incidents Cloud Security (Optional): Investigate alerts like impossible travel, app consent abuse Respond to cloud-native security incidents using Defender for Cloud, MCAS Create advanced SOAR workflows and playbook Tool Familiarity QRadar Microsoft Sentinel Microsoft Defender for Endpoint LinkShadow or Darktrace EOP/Exchange protection Antivirus platforms Defender for Identity / Defender for Cloud Advanced SOAR workflows (Sentinel playbooks / Cortex XSOAR) Network forensic tools like Wireshark / Zeek Certifications (Preferred): GCIH / GCIA / CEH Microsoft SC-200 / SC-100 QRadar Admin or equivalent Shift Readiness: 24x7 rotational shifts, including on-call support for escalations and major incidents Soft Skills: Strong analytical and documentation skills Proactive communicator Independent problem-solver and critical thinker

Scope: We are looking for a dynamic and strategic Vice President of Cyber Defense to lead our global cyber defense and incident response capabilities. This executive leader will own the detection, response, and mitigation of cyber threats, ensuring our organization is resilient in the face of a rapidly evolving threat landscape. The ideal candidate brings deep expertise in threat detection, SOC operations, incident response, and threat intelligence. This leader will partner across the business to build and maintain a world-class cyber defense program that proactively protects the company's assets, data, and reputation. Key Responsibilities: Cyber Defense Strategy & Operations: Develop and execute the company's cyber defense strategy, aligning with enterprise risk, compliance, and business objectives. Work with key stakeholders and business lines to ensure detection and response meet NIST CSF minimum baselines for global security operations and response. Lead 24/7/365 operations based on business need partner with Global Command and Site Reliability Teams to ensure baseline for all customer facing incidents, and internal company wide incidents are coordinated in a centralized operation center follow the sun model. Lead the global Security Operations Center (SOC), including 24/7 monitoring, detection, analysis, and response to cyber threats. Build out capabilities for detection and response for Tier 1, Tier 2, and Tier 3 security incidents and events. Implement and mature threat hunting, security analytics, and detection engineering programs. Ensure and validate Customer Incident Response and capabilities for onboarding mergers & acquisitions, new customers, and new environments as we grow and scale. Security Assessment and Continuous Threat Exposure Management:Identifying and fixing weaknesses in systems and networks including establish MTTD, MTTR, and MTTA for exposures, vulnerabilities, and potential threats. Incident Response:Investigating and responding to security breaches, including analyzing incidents and escalating them when necessary. Threat Detection and Prevention:Monitoring network traffic, system logs, and other data sources to identify potential threats and malicious activity. Security System Administration and Maintenance:Installing, configuring, and maintaining security tools like firewalls, antivirus software, and intrusion detection systems. Security Policy and Procedure Development:Creating and enforcing security policies and procedures to protect sensitive information. Security Training and Awareness:Educating employees about cybersecurity risks and best practices. Staying Up-to-Date:Keeping abreast of the latest security threats, vulnerabilities, and technologies. Threat Intelligence & Response: Build and manage a comprehensive threat intelligence function to anticipate and defend against advanced persistent threats (APTs) and zero-day vulnerabilities. Lead cyber incident response efforts, including containment, eradication, and post-incident reviews. Serve as a key escalation point during major security events and coordinate cross-functional response. Security Engineering & Automation: Oversee the development and deployment of tools and technologies that support threat detection, log aggregation, SIEM, SOAR, EDR, and XDR platforms. Drive automation and orchestration to increase efficiency and reduce time to detection/response. Hold QBRs with key security operations vendors to ensure compliance and SLAs are met with all contracts. Team Leadership & Development: Build, lead, and inspire a high-performing cyber defense team, including SOC analysts, incident responders, threat hunters, and detection engineers. Foster a culture of accountability, continuous learning, and proactive defense. Establish Career Development Plans and Growth for analysts, engineers, managers, and directors as the business grows and scales. Collaboration & Executive Engagement: Partner with IT, Infrastructure, Risk, Compliance, and Legal teams to align cyber defense practices with business needs. Provide executive-level reporting on threat landscape, risk posture, and incident metrics. Act as a thought leader and spokesperson on cyber defense strategy internally and externally. Qualifications: Bachelor's or Master's degree in Cybersecurity, Computer Science, Information Technology, or a related field. 15+ years of experience in cybersecurity, with at least 5 to 8 years in a senior leadership role overseeing SOC, incident response, or threat intelligence. Deep knowledge of security operations, threat detection techniques, MITRE ATT&CK, and NIST/ISO frameworks. Proven track record managing large-scale incident response, threat intelligence operations, and blue team functions. Experience with cloud security (AWS, Azure, GCP) and hybrid infrastructure defense. Strong executive presence and ability to communicate effectively with C-level stakeholders. Relevant certifications such as CISSP, GIAC, GCIA, GCIH, or equivalent are highly desirable. Our Values If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success - and the success of our customers. Does your heart beat like ours Find out here: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

We are hiring an experienced Cybersecurity Threat Detection Engineer for a contract-to-hire role based in Hyderabad. The ideal candidate will have 6+ years of hands-on experience in threat detection, incident response, and SIEM platforms such as Splunk, QRadar, or Azure Sentinel. The role focuses on developing high-fidelity detection content, integrating diverse log sources, and enhancing cloud and on-premise threat visibility. Strong knowledge of MITRE ATT&CK, adversary TTPs, and scripting for playbook automation is essential. The position is full-time onsite with a cab facility provided.

We are hiring an experienced Cybersecurity Threat Detection Engineer for a contract-to-hire role based in Hyderabad. The ideal candidate will have 6+ years of hands-on experience in threat detection, incident response, and SIEM platforms such as Splunk, QRadar, or Azure Sentinel. The role focuses on developing high-fidelity detection content, integrating diverse log sources, and enhancing cloud and on-premise threat visibility. Strong knowledge of MITRE ATT&CK, adversary TTPs, and scripting for playbook automation is essential. The position is full-time onsite with a cab facility provided.