393 Arcsight Jobs

We are looking for a skilled professional with 6-9 years of experience to join our team as an SIEM specialist. The ideal candidate will have a strong background in security information and event management. Roles and Responsibility Design, implement, and manage SIEM systems to ensure the security and integrity of our organization's data. Develop and maintain dashboards and reports to provide insights into security threats and trends. Collaborate with cross-functional teams to identify and mitigate potential security risks. Conduct regular vulnerability assessments and penetration testing to identify weaknesses. Analyze log files and system logs to detect anomalies and suspicious activity. Develop and enforce security policies and procedures to ensure compliance with industry standards. Job Requirements Strong understanding of security principles and technologies such as firewalls, intrusion detection systems, and encryption. Experience with SIEM tools such as Splunk, LogRhythm, or QRadar. Excellent analytical and problem-solving skills with attention to detail. Ability to work effectively in a fast-paced environment and meet deadlines. Strong communication and collaboration skills to work with technical and non-technical stakeholders. Familiarity with industry standards and regulations related to security such as HIPAA, PCI-DSS, or NIST.

Immediate Job Openings on Security Analyst _ Gurgaon_ Contract Experience 4+ Years Skills Security Analyst Location Gurgaon Notice Period Immediate . Employment Type Contract Work Mode WFO 1. 4 to 8 years of exp in Security Analyst. 2. 2 to 3 Years of exp in Fine-tune SIEM rules to reduce false positive and remove false negatives. 3. Good exp in SOC (Security Operation Center)

Project Role : Solution Architect Project Role Description : Translate client requirements into differentiated, deliverable solutions using in-depth knowledge of a technology, function, or platform. Collaborate with the Sales Pursuit and Delivery Teams to develop a winnable and deliverable solution that underpins the client value proposition and business case. Must have skills : Solution Architecture Good to have skills : Security Architecture DesignMinimum 12 year(s) of experience is required Educational Qualification : Minimum BE BTech from a reputed university Summary :As a Solution Architect, you will translate client requirements into differentiated, deliverable solutions using in-depth knowledge of a technology, function, or platform. Collaborate with the Sales Pursuit and Delivery Teams to develop a winnable and deliverable solution that underpins the client value proposition and business case. To design and deploy cyber security solutions in on-premises and public cloud infrastructure for large scale technology projects such as data lake, digital platform, and other core business and supporting applications Cyber Security Architect Roles & Responsibilities:-SPOC for cyber security design and deployment for any designated projects-Take full accountability of design of cyber security domain including network connectivity to various entities such as on-premises data centers and partner networks -Take ownership of design related issues and challenges and drive for solutions working with various internal teams and third-party solution providers such as OEMs and technology partners-Define and develop high level operating procedures for seamless operations of the project-Support transition of projects from deployment to operations-Anchor design and implementation of cyber security components-Be a SPOC for all cyber security initiatives in existing project and able to navigate through the clients landscape to upsell new initiatives in infrastructure space or able to pave ways for upselling value-driven initiatives for the client in other related domains such as application modernization, network transformation, and information security.-Lead the teams across various security solutions and thrive for upskilling and cross skilling to rationalize the resources across the towers and across the clients.-Introduce innovative solutions such as automation to increase productivity and improve service delivery quality -Participate in architecture and design review and approval forums to ensure the design principles are adhered to for any changes in the existing landscape or any new initiatives being rolled out in the existing landscape-Participate in client account planning and discussions to ensure security level initiatives are accounted for and issues are escalated to the right leaders for resolution-Build strong relationships with all client stakeholders and Accenture project teams for effective collaboration and outcomes Professional & Technical Skills: -Must have:-Hands-on Architecture and Design skills for SIEM, SOAR, UEBA, and cyber security-operations in on-premises data centers and public cloud-Strong experience working in Splunk, Palo Alto, and other leading OEMs in security domain-Strong Communication skills-Ability to drive discussions and ideas with clients senior leadership forums-Problem solving skills-Good to have-TOGAF or any equivalent certification in enterprise Security Architecture Additional Information:-Total IT experience of minimum 15 years; and-Minimum 4 years of experience in design and deployment of cyber security solutions in public cloud infrastructure (anyone from AWS, Azure, GCP, and OCI)-Minimum 10 years of experience in design and deployment of cyber security in on-premises infrastructure (SIEM, SOAR, UEBA, and cyber security operations)- This position is based at our Mumbai office.- A Minimum BE BTech from a reputed university is required. Qualification Minimum BE BTech from a reputed university

Join our Team About this opportunity: We are looking for an experienced ArcSight Solution Architect to lead the design, implementation, and optimization of ArcSight-based security solutions. The ideal candidate will have deep expertise in SIEM (Security Information and Event Management), with hands-on experience in ArcSight architecture, deployment, and integration with various log sources and security tools. The role also includes close collaboration with cloud engineering, security operations, and compliance teams to ensure end-to-end security visibility across the GCP environment. What will you do: Analyse and understand new log source formats (syslog, flat files, APIs, JSON etc.). Design and develop custom Flex Connectors, including support for JSON and non-standard log formats & deploy ArcSight Flex Connectors for custom log source integration. Lead parser creation and tuning for various log sources and security technologies. Collaborate with the SOC and threat intel teams to build detection use cases and correlation rules aligned with MITRE ATT&CK. Integrate ArcSight with SOAR platforms for automated response, leveraging Python scripting. Conduct feasibility analysis for new integrations and support parser deployment lifecycle. Review parser performance, log quality, EPS optimization, and correlation tuning. Document architecture, parser specifications, playbooks, and integration workflows. Lead implementation projects, including installation, configuration, and tuning of ArcSight ESM, Logger, and Smart Connectors. Work closely with security operations and infrastructure teams to integrate log sources and develop use cases. Perform infrastructure sizing, health checks, and system performance tuning. Develop and maintain documentation including solution design, implementation guides, and SOPs. Provide subject matter expertise during POCs, and implementation support. The skills you bring: Bachelor in CS/IT or similar 8+ years of experience in cybersecurity with at least 4+ years in ArcSight solution design and deployment. Familiarity with regular expressions (regex) for parsing custom logs. Experience with log onboarding, parsing, and normalization processes. Log analysis (Analyst) Understanding of cloud environment (GCP) & Kubernetes & docker technologies Integration of different types of log sources Solid understanding of - CEF (Common Event Format) ,ArcSight Event Schema and Field Mapping, Device/Product Event Categorization Knowledge of Linux/Unix systems and basic scripting. Experience with ArcSight content development: rules, correlation, dashboards, reports. And familiarity with ArcSight upgrades and migration planning. Strong understanding of log management, threat detection, and SOC workflows. Knowledge of related tools and platforms such as SIEM, SOAR, firewalls, IDS/IPS, endpoint security. Scripting knowledge (e.g., Python, Shell) for automation and data parsing. Excellent communication and stakeholder management skills. Architect and implement end-to-end SIEM solutions using ArcSight 24* (ESM, SmartConnectors, Thub, Recon). Hands-on experience in leading parser development, customization, and tuning for various log sources and third-party security technologies. Integrate ArcSight with SOAR platforms for automated response, leveraging Python scripting. Skilled in performing feasibility analysis and POCs for new log source integrations and managing the complete parser deployment lifecycle. Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply? Click Here to find all you need to know about what our typical hiring process looks like. Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more. Primary country and city: India (IN) || Req ID: 770473

Position: Team Lead-SOC, Noida Department: Information Technology | Role: Full-time | Experience: 7 to 12 Years | Number of Positions: 1 | Location: Noida Skillset: SOC Lead, Team Lead, Threat monitoring, Cyber Security, Forensics Services, Audit Trails, SIEM, ITSM Tools, Excellent English communication skills Job Description: We are seeking for SOC Lead to support threat monitoring, detection, event analysis, incident response/reporting, brand monitoring, forensics and threat hunting activities for its SOC, which is a 24/7 environment. The individual must be able to rapidly respond to security incidents and should have at least 7 years of relevant experience in Cyber security incident response. Should have deeper understanding with some hands-on experience on enterprise IT infra components such as advanced firewalls, IPS/IDS/WIPS/HIPS, routers/switches, TACACS, VPN, proxy, AV/EDR, DNS, DHCP, multi factor authentication, virtualization, Email systems/security, Web Proxy, DLP etc. along with cloud environments like AWS (Must), Azure etc. Responsibilities: • Should be able to manage a SOC L1/L2 team • Providing incident response/investigation and remediation support for escalated security alerts/incidents • Work with various stakeholders for communicating and remediating the cyber incidents • Use emerging threat intelligence IOCs, IOAs, etc.to identify affected systems and the scope of the attack and perform threat hunting, end user’s systems and AWS infrastructure • Provides support for complex computer/network exploitation and defense techniques to include deterring, identifying and investigating computer, applications and network intrusions • Provides technical support for forensics services to include evidence capture, computer forensic analysis and data recovery, in support of computer crime investigation. • Should be able to safeguard and custody of audit trails in case of any security incident • Researches and maintains proficiency in open and closed source computer exploitation tools, attack techniques, procedures and trends. • Performs research into emerging threat sources and develops threat profiles. Keep updated on latest cyber security threats. • Demonstrates strong evidence of analytical ability and attention to detail. Has a broad understanding of all stages of incident response. • Performing comprehensive computer monitoring, identifying vulnerabilities, Target mapping and profiling. • Has a sound understanding of SIEM (Splunk, Datadog, Arcsight etc), PIM/PAM, EDR, O365 security suite and other threat detection platforms and Incident Response tools. • Should have knowledge of integrating security solutions to SIEM tool and crate the use cases as per the best practices and customized requirements • Has knowledge on working on ITSM tools such as JIRA, Service NOW etc • Has a logical, disciplined and analytical approach to problem solving • Has knowledge of current threat landscape such as APTs • Has basic knowledge of Data Loss Prevention monitoring • Has basic knowledge of audit requirements (SOC2, HIPPA, ISO27001, etc.) • Should be flexible to work in 24*7 environment Preferred qualifications: Security Certifications Preferred (but not limited to): CISSP, CHFI, CEH Additional Information: • This is 5 days work from office role.(No Hybrid/ Remote options available) • There are 2-3 rounds in the interview process. • Final round will be F2F only (Strictly) Required Qualification: Bachelor of Engineering - Bachelor of Technology (B.E./B.Tech.) - IT/CS/E&CE/MCA With a Top Pharmacovigilance IT Products MNC

At Securonix, we’re on a mission to secure the world by staying ahead of cyber threats, reinforcing all layers of our platform with AI capabilities. Our Securonix Unified Defense SIEM provides organizations with the first and only AI-Reinforced solution built with a cybersecurity mesh architecture on a highly scalable data cloud. Enhanced by Securonix EON’s AI capabilities, our innovative cloud-native solution delivers a seamless CyberOps experience, empowering organizations to scale their security operations and keep up with evolving threats. Recognized as a five-time leader in the Gartner Magic Quadrant for SIEM and highly rated on Gartner Peer Insights, our award-winning Unified Defense SIEM provides organizations with 365 days of ‘hot’ data for rapid search and investigation, threat content-as-a-service, proactive defense through continuous peer and partner collaboration, and a fully integrated Threat Detection, Investigation, and Response (TDIR) experience—all within a single platform. Built on a cloud-native architecture, the platform leverages the Snowflake Data Cloud for unparalleled scalability and performance. Securonix is proud to be a cybersecurity unicorn and featured in CRN's 2024 Security 100 list. Backed by Vista Equity Partners, one of the largest private equity firms with over $100 billion in assets under management, we have a unique advantage in driving innovation and growth. With a global footprint, we serve more than 1,000 customers worldwide, including 10% of the Fortune 100. Our network of 150+ partners and Managed Security Service Providers (MSSPs) enables us to deliver unmatched security solutions on a global scale. At Securonix, we are driven by our core values and place our people at the heart of everything we do: Winning as One Team: We work together with universal respect to achieve aligned outcomes Customer Driven Innovation: We innovate to stay ahead of the market and create value for our customers Agility in Action: We embrace change and are unified in our purpose and objectives amidst change Join us as we redefine cybersecurity, innovate fearlessly, and grow together as one team. Role Summary: The SIEM Engineer III position is an integral part of our Professional Services team. In this role, you will work with our customers , supporting our mission to help them quickly and completely adopt our Security Operating Platform, leaving them more secure. This is a highly technical, hands-on role that will focus on architecting, planning, implementing, and operationalizing the SIEM platform. The ideal candidate will have a demonstrated understanding of information security and networking and extensive experience interacting with customers. Securonix Next-Gen SIEM and UEBA experience, although desired, is not required, but the candidate must have SIEM and SOAR software expertise and be willing to train on the Securonix platform and products. Primary Responsibility: Lead end-to-end SIEM implementation or integrations in a customer environment. Understand customer business requirements and the threat landscape applicable to their industry’s vertical sector to develop tailored use cases for security and Incident monitoring. Coordinate with customers to deploy collectors and agents in the on-premises network for data collection and forwarding. Work with customers to design and implement secure data flow into the Securonix cloud, following industry-standard best practices. Coordinate with service delivery managers, management, engineering, maintenance, and operational support teams to ensure timely delivery. Develop content, use cases, data models, dashboards, and connectors to support custom user requirements. Troubleshooting end-to-end network and infrastructure issues during data onboarding. Deploy and integrate the Securonix SOAR solution with the customer infrastructure for response orchestration. Engage with customers and internal product development teams to gather user requirements, suggest new product features, and help improve existing ones. Training and enabling customers and partners for successful adoption. Minimum Requirements: 5+ years of experience in information security and SIEM field. Strong understanding of SIEM solutions such as Splunk, Qradar, ArcSight, Logrhythm and Exabeam. Experience deploying SIEM across multiple customers. Good understanding of MITRE ATT&CK matrices, kill chains and other attack models. Strong communication skills and customer facing experience. Strong knowledge of scripting languages such as Python, Powershell. Industry certifications such as CISSP, CISM Preferred: BS in Computer Science, Information Systems, CyberSecurity 3-4+ years of experience in UEBA deployment Working knowledge of Machine learning in cybersecurity Working knowledge of cloud technologies such as Amazon, Azure and Google Good understanding of log collection methodologies and aggregation techniques such as Syslog-NG, syslog, Nxlog, Windows Event Forwarding Good understanding of Hadoop ecosystem and Apache technologies. Experience integrating endpoint security and host-based intrusion detection solutions Experience with network forensics and toolsets such as Wireshark, PCAP, tcpdump Benefits: As a full-time employee with Securonix, you will be eligible for the following employee benefits: Health Insurance with a total sum insured is INR 7,50,000 Coverage: Self, Spouse, 2 kids, Dependent parents, or parents-in-law Personal Accident with total sum insured is INR 10,00,000 Term Life Insurance with a sum assured for employees is 5 times fixed base pay is covered. Securonix provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state and local laws. Securonix complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including hiring, placement, promotion, termination, layoff, recall, and transfer, leaves of absence, compensation and training. Securonix expressly prohibits any form of unlawful employee harassment based on race, color, religion, gender, sexual orientation, national origin, age, genetic information, disability or veteran status. Improper interference with the ability of Securonix employees to perform their expected job duties is absolutely not tolerated. Headhunters and recruitment agencies may not submit candidates through this application. Securonix does not accept unsolicited headhunter and agency submissions for candidates and will not pay fees to any third-party agency without a prior agreement with Securonix.

At Securonix, we’re on a mission to secure the world by staying ahead of cyber threats, reinforcing all layers of our platform with AI capabilities. Our Securonix Unified Defense SIEM provides organizations with the first and only AI-Reinforced solution built with a cybersecurity mesh architecture on a highly scalable data cloud. Enhanced by Securonix EON’s AI capabilities, our innovative cloud-native solution delivers a seamless CyberOps experience, empowering organizations to scale their security operations and keep up with evolving threats. Recognized as a five-time leader in the Gartner Magic Quadrant for SIEM and highly rated on Gartner Peer Insights, our award-winning Unified Defense SIEM provides organizations with 365 days of ‘hot’ data for rapid search and investigation, threat content-as-a-service, proactive defense through continuous peer and partner collaboration, and a fully integrated Threat Detection, Investigation, and Response (TDIR) experience—all within a single platform. Built on a cloud-native architecture, the platform leverages the Snowflake Data Cloud for unparalleled scalability and performance. Securonix is proud to be a cybersecurity unicorn and featured in CRN's 2024 Security 100 list. Backed by Vista Equity Partners, one of the largest private equity firms with over $100 billion in assets under management, we have a unique advantage in driving innovation and growth. With a global footprint, we serve more than 1,000 customers worldwide, including 10% of the Fortune 100. Our network of 150+ partners and Managed Security Service Providers (MSSPs) enables us to deliver unmatched security solutions on a global scale. At Securonix, we are driven by our core values and place our people at the heart of everything we do: Winning as One Team: We work together with universal respect to achieve aligned outcomes Customer Driven Innovation: We innovate to stay ahead of the market and create value for our customers Agility in Action: We embrace change and are unified in our purpose and objectives amidst change Join us as we redefine cybersecurity, innovate fearlessly, and grow together as one team. Role Summary: The SIEM Engineer III position is an integral part of our Professional Services team. In this role, you will work with our customers , supporting our mission to help them quickly and completely adopt our Security Operating Platform, leaving them more secure. This is a highly technical, hands-on role that will focus on architecting, planning, implementing, and operationalizing the SIEM platform. The ideal candidate will have a demonstrated understanding of information security and networking and extensive experience interacting with customers. Securonix Next-Gen SIEM and UEBA experience, although desired, is not required, but the candidate must have SIEM and SOAR software expertise and be willing to train on the Securonix platform and products. Primary Responsibility: Lead end-to-end SIEM implementation or integrations in a customer environment. Understand customer business requirements and the threat landscape applicable to their industry’s vertical sector to develop tailored use cases for security and Incident monitoring. Coordinate with customers to deploy collectors and agents in the on-premises network for data collection and forwarding. Work with customers to design and implement secure data flow into the Securonix cloud, following industry-standard best practices. Coordinate with service delivery managers, management, engineering, maintenance, and operational support teams to ensure timely delivery. Develop content, use cases, data models, dashboards, and connectors to support custom user requirements. Troubleshooting end-to-end network and infrastructure issues during data onboarding. Deploy and integrate the Securonix SOAR solution with the customer infrastructure for response orchestration. Engage with customers and internal product development teams to gather user requirements, suggest new product features, and help improve existing ones. Training and enabling customers and partners for successful adoption. Minimum Requirements: 5+ years of experience in information security and SIEM field. Strong understanding of SIEM solutions such as Splunk, Qradar, ArcSight, Logrhythm and Exabeam. Experience deploying SIEM across multiple customers. Good understanding of MITRE ATT&CK matrices, kill chains and other attack models. Strong communication skills and customer facing experience. Strong knowledge of scripting languages such as Python, Powershell. Industry certifications such as CISSP, CISM Preferred: BS in Computer Science, Information Systems, CyberSecurity 3-4+ years of experience in UEBA deployment Working knowledge of Machine learning in cybersecurity Working knowledge of cloud technologies such as Amazon, Azure and Google Good understanding of log collection methodologies and aggregation techniques such as Syslog-NG, syslog, Nxlog, Windows Event Forwarding Good understanding of Hadoop ecosystem and Apache technologies. Experience integrating endpoint security and host-based intrusion detection solutions Experience with network forensics and toolsets such as Wireshark, PCAP, tcpdump Benefits: As a full-time employee with Securonix, you will be eligible for the following employee benefits: Health Insurance with a total sum insured is INR 7,50,000 Coverage: Self, Spouse, 2 kids, Dependent parents, or parents-in-law Personal Accident with total sum insured is INR 10,00,000 Term Life Insurance with a sum assured for employees is 5 times fixed base pay is covered. Securonix provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state and local laws. Securonix complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including hiring, placement, promotion, termination, layoff, recall, and transfer, leaves of absence, compensation and training. Securonix expressly prohibits any form of unlawful employee harassment based on race, color, religion, gender, sexual orientation, national origin, age, genetic information, disability or veteran status. Improper interference with the ability of Securonix employees to perform their expected job duties is absolutely not tolerated. Headhunters and recruitment agencies may not submit candidates through this application. Securonix does not accept unsolicited headhunter and agency submissions for candidates and will not pay fees to any third-party agency without a prior agreement with Securonix.

Overview: We are looking for a skilled SIEM Administrator to manage and maintain Security Information and Event Management (SIEM) solutions such as Innspark , LogRhythm , or similar tools. This role is critical to ensuring effective security monitoring, log management, and event analysis across our systems. Key Responsibilities: Design, deploy, and manage SIEM tools (e.g., Innspark, LogRhythm, Splunk). Develop and maintain correlation rules, s, dashboards, and reports. Integrate logs from servers, network devices, cloud services, and applications. Troubleshoot log collection, parsing, normalization, and event correlation issues. Work with security teams to improve detection and response capabilities. Ensure SIEM configurations align with compliance and audit requirements. Perform routine SIEM maintenance (e.g., patching, upgrades, health checks). Create and maintain documentation for implementation, architecture, and operations. Participate in evaluating and testing new SIEM tools and features. Support incident response by providing relevant event data and insights. Required Qualifications: Bachelor's degree in Computer Science, Information Security, or related field. 3+ years of hands-on experience with SIEM tools. Experience with Innspark, LogRhythm, or other SIEM platforms (e.g., Splunk, QRadar, ArcSight). Strong knowledge of log management and event normalization. Good understanding of cybersecurity concepts and incident response. Familiarity with Windows/Linux OS and network protocols. Scripting knowledge (e.g., Python, PowerShell) is a plus. Strong troubleshooting, analytical, and communication skills. Industry certifications (CEH, Security+, SSCP, or vendor-specific) are a plus. Key Skills: SIEM Tools (Innspark, LogRhythm, Splunk) Troubleshooting Log Management & Analysis Scripting (optional) Security Monitoring Skills Siem,Splunk,Troubleshooting Required Skills Siem,Splunk,Troubleshooting

Overview: We are looking for a skilled SIEM Administrator to manage and maintain Security Information and Event Management (SIEM) solutions such as Innspark , LogRhythm , or similar tools. This role is critical to ensuring effective security monitoring, log management, and event analysis across our systems. Key Responsibilities: Design, deploy, and manage SIEM tools (e.g., Innspark, LogRhythm, Splunk). Develop and maintain correlation rules, s, dashboards, and reports. Integrate logs from servers, network devices, cloud services, and applications. Troubleshoot log collection, parsing, normalization, and event correlation issues. Work with security teams to improve detection and response capabilities. Ensure SIEM configurations align with compliance and audit requirements. Perform routine SIEM maintenance (e.g., patching, upgrades, health checks). Create and maintain documentation for implementation, architecture, and operations. Participate in evaluating and testing new SIEM tools and features. Support incident response by providing relevant event data and insights. Required Qualifications: Bachelor's degree in Computer Science, Information Security, or related field. 3+ years of hands-on experience with SIEM tools. Experience with Innspark, LogRhythm, or other SIEM platforms (e.g., Splunk, QRadar, ArcSight). Strong knowledge of log management and event normalization. Good understanding of cybersecurity concepts and incident response. Familiarity with Windows/Linux OS and network protocols. Scripting knowledge (e.g., Python, PowerShell) is a plus. Strong troubleshooting, analytical, and communication skills. Industry certifications (CEH, Security+, SSCP, or vendor-specific) are a plus. Key Skills: SIEM Tools (Innspark, LogRhythm, Splunk) Troubleshooting Log Management & Analysis Scripting (optional) Security Monitoring Skills Siem,Splunk,Troubleshooting Required Skills Siem,Splunk,Troubleshooting

Your Role Administer and develop solutions usingSplunkandSplunk Security Essentialsto support enterprise security monitoring and analytics. Design, implement, and maintain Splunk dashboards, alerts, and reports to provide actionable insights into security events. UtilizeUNIX shell scripting or Pythonto automate data ingestion, parsing, and enrichment processes. Lead and manage security-related projects from planning through execution, ensuring timely delivery and alignment with business goals. Collaborate with cross-functional teams to define requirements, manage risks, and ensure stakeholder satisfaction. Your Profile 5 to 10 yearsof experience in IT security with a strong focus onSplunk administration and development. Proficiency inSplunk Security Essentials, data onboarding, and custom dashboard creation. Strong scripting skills inUNIX shellorPythonfor automation and integration. Solid understanding ofAgile/Scrum methodologiesand project lifecycle management. Proven experience in leading cross-functional teams and managing complex security projects. What You Will Love Working at Capgemini Work on cutting-edge security analytics platforms likeSplunkin enterprise-scale environments. Lead impactful projects that enhance cybersecurity posture for global clients. Clear career progression paths from engineering to leadership and consulting roles. Collaborate with diverse teams in a supportive, inclusive, and innovation-driven culture. Gain exposure to modern security frameworks, automation tools, and real-time threat intelligence.

Job Title: SOC Consultant Location: Gurgaon / Bangalore Experience: 3+ Years Position Type: Full-time Immediate Joiners Preferred Job Description: We are seeking a skilled SOC (Security Operations Center) Consultant with 3+ years of experience in security operations, threat analysis, and incident response. The ideal candidate should have hands-on experience with SIEM tools and a strong understanding of cybersecurity principles and frameworks. Key Responsibilities: Monitor, analyze, and respond to security events and incidents Operate and manage SIEM platforms (e.g., Splunk, QRadar, ArcSight, etc.) Perform real-time threat analysis, detection, and triage of security incidents Support vulnerability management and threat intelligence integration Work closely with clients and internal teams to implement security best practices Document security incidents and contribute to knowledge base development Assist in the development of security playbooks and incident response plans Required Skills: 3+ years of experience in SOC operations or a similar cybersecurity role Proficiency in SIEM tools and log analysis Good understanding of TCP/IP, IDS/IPS, firewalls, and malware analysis Familiarity with threat hunting techniques and cybersecurity frameworks (NIST, MITRE ATT&CK) Strong analytical and problem-solving skills Excellent communication and documentation skills Certifications (Preferred): CEH / CompTIA Security+ / SSCP / Splunk Certified / Microsoft SC-200 or equivalent

Job Responsibilities - Investigate, document, and report on information security issues and emerging trends - Notify clients of incidents and required mitigation works - Understand logs from various sources like firewalls, IDS, Windows DC, Cisco appliances, AV and antimalware software, and email security - Fine-tune SIEM rules to reduce false positives and remove false negatives - Perform threat intel research and vulnerability analysis Required Skills and Experience - Experience: 5-7 years in roles related to information security or similar fields - Skills: Expertise in Cloudstrike, Proofpoint, LogRhythm, and Rapid 7 - Knowledge of ITIL disciplines like Incident, Problem, and Change Management

#PrimarySkills #CloudSecurity #AWS #IAM #DLP #SecurityConsultant #DataEncryption #Logging #SecretsManagement #SecurityPosture #RiskAssessment #ComplianceFrameworks #SIEM #SOAR #IncidentResponse #AutomatedSecurity #AIinSecurity #RemoteJobsIndia #JobDescription We are seeking an experienced Security Consultant with 710 years of deep technical expertise across AWS security practices, posture assessment, incident response, and automation in security environments. The ideal candidate will play a key role in advising on cloud security design, conducting risk assessments, and strengthening compliance and data protection mechanisms in cloud-native environments. #KeyResponsibilities Lead cloud security strategy and implementation for AWS-based applications Conduct Security Posture Assessments, identify gaps, and define risk prioritization plans Implement and manage AWS security controls: IAM (Identity & Access Management) Network Security & Logging Data Encryption & Secrets Management Ensure adherence to compliance frameworks (ISO 27001, NIST, CIS, etc.) Implement Data Loss Prevention (DLP), Data Masking/Obfuscation solutions Drive SIEM/SOAR integration for intelligent threat detection and response Develop and maintain Incident Response plans and coordinate response activities Conduct automated security scanning and integrate into DevSecOps pipelines Provide consultation and innovation around Agentic AI applications in security #Qualifications 7+ years of hands-on experience in cloud security, with a focus on AWS Deep knowledge of IAM, encryption, secrets management, and compliance frameworks Experience with SIEM/SOAR platforms, automated scanning tools, and AI-driven security solutions Strong documentation, communication, and stakeholder collaboration skills Ability to work independently in a remote team structure Location: Delhi NCR,Bangalore,Chennai,Pune,Kolkata,Ahmedabad,Mumbai,Hyderabad

RESG/GTS is the entity in charge of the entire IT infrastructure of Socit Gnrale. The RESG/GTS/SEC/SOC department, which corresponds to the Socit Gnrale SOC (SOC SG), is in charge of operational detection, incident response and prevention activities within the scope of GTS across the businesses. The mission of the SOC is to identify, protect, detect, respond and using the security platforms for the detection/reaction and prevention and resolution of security incidents. The SG SOC consists of Cyber Defense (incident management) Cyber Tools (management of SOC tools including the SIEM), Cyber Control (Prevention and Compliance) and Governance. This role is for a SOC L3(Lead Cyber Security Analyst) will be part of the GTS Security SOC team. In this role, you will involved in supporting India and global regional needs. The objectives of the Security Department (RESG/GTS/SEC) are to manage the strategy for all RESG/GTS in terms of security, technical standards, processes and tools, and thus to cover many cross-functional functions within the company and subsidiaries across all regions. Accountabilities Major Activities SOC Lead/L3 Lead and manage all high priority Critical Security Incidents including end to end incident mgmt. Support/help and guide the L1/L2 in managing complex issues/incidents Lead and engage in Study/POC of Tools and technologies aligning to the security roadmap Will be an expert in 1 or 2 key security technologies/tools globally and be part of the global SOC L3/Experts Example Areas: Threat Hunting, Forensic Analysis, IPS, EDR, DLP, etc. Contribution to the risk detection management approach, consistent with the SG MITRE Matrix approach and other industry standard relevant approaches Analysis support for complex investigations and improve reaction procedures/run book definitions/ enhancements Support for analyses on cybersecurity technical plans, analysis approach and incident management Identify different security tools and technologies to make security operations more effective. Identification of security gaps, mitigation strategy, implementation tracking till closure Work with various regional SOC and CERT teams on the security aspects an incidents where required Reporting to Function Head GTS SEC SOC

Hi Everyone, I am on lookout for Sr Information Security Analyst -GSOC for leading product based MNC in Pune, Yerwada. Kindly refer below JD & share your resume on alisha.sh@peoplefy.com Job description: ● 7 to 10 years of overall experience ● Experience with Security Information and Event Management (SIEM) systems (e.g., Splunk, ArcSight, Qradar) and GSOC ● Experience with vulnerability assessment tools and techniques. ● Experience with incident response frameworks and procedures. ● Knowledge of security standards and regulations (e.g., PCI DSS, GDPR) ● Looking for candidates who can join within 30 days

You will be responsible for monitoring and analyzing information security events such as unauthorized use or access, fraudulent activities, and data leakage. This role involves initiating information security incident tickets at a third level, which complements the first and second level monitoring and support in the service desk. Your tasks will include monitoring and analyzing security events in central tools like ArcSight and local systems like IPS on a regular basis. You will be involved in developing and refining detective controls based on input from Information Security Investigation Coordinators, as well as controlling the effectiveness of preventive and detective measures. Additionally, you will develop and report metrics for the overall information security situation, such as the number of targeted attacks or attempts. In terms of incident management, you will be responsible for initiating information security incident tickets, triggering escalation processes if necessary, and implementing initial counter-measures. You will support and collaborate with the Information Security Incident Response Team by providing real-time information on current developments and identifying the origin and target of attacks. Furthermore, you will be involved in planning, performing, and monitoring vulnerability scans using tools like Qualys Guard and reporting the results. The ideal candidate should possess a graduate degree in computer sciences or a related field, with at least 5+ years of experience working with ArcSight. Proficiency in security monitoring tools and devices, including IDS/IPS, AV scanners, security gateways, and SIEM solutions (preferably ArcSight) is mandatory. You should demonstrate the ability to handle high workloads and pressure effectively. Knowledge of network and infrastructure security is essential for this role. Strong analytical skills, good communication abilities, self-organization, and motivation to work in a multicultural environment are highly desirable. Preferred certifications include CEH, ECSA, and GCIH. If you are a Senior Systems Engineer with expertise in SIEM, HP ArcSight, IDS/IPS, AV scanners, and security gateways, this opportunity in Trivandrum could be a perfect fit for you. Holders of B.Sc, B.Com, M.Sc, MCA, B.E, or B.Tech degrees are encouraged to apply by sending your resume to jobs@augustainfotech.com.,

A career in our Advisory Acceleration Centre is the natural extension of PwC’s leading class global delivery capabilities. We provide premium, cost effective, high quality services that support process quality and delivery capability in support for client engagements. To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future. Responsibilities As a Senior Associate, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to: Use feedback and reflection to develop self awareness, personal strengths and address development areas. Delegate to others to provide stretch opportunities, coaching them to deliver results. Demonstrate critical thinking and the ability to bring order to unstructured problems. Use a broad range of tools and techniques to extract insights from current industry or sector trends. Review your work and that of others for quality, accuracy and relevance. Know how and when to use tools available for a given situation and can explain the reasons for this choice. Seek and embrace opportunities which give exposure to different situations, environments and perspectives. Use straightforward communication, in a structured way, when influencing and connecting with others. Able to read situations and modify behavior to build quality relationships. Uphold the firm's code of ethics and business conduct. ,Quality Assurance SOC Analyst - CaaS As a Quality Assurance SOC Analyst (Senior Associate) within the Cyber as a Service (CaaS) practice, you’ll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. You will play a pivotal role in ensuring the quality and effectiveness of our SOC operations. You will be responsible for reviewing and enhancing our security incident response processes and procedures, evaluating the performance of SOC analysts, and implementing best practices to maintain the highest standards of security. This role is critical in maintaining the integrity of our clients' systems and Required Qualifications data. Responsibilities include but are not limited to: 3+ years of experience in a technical role in the areas of Security Operations, Quality Assurance in a SOC setting, Threat Intelligence, Incident Response, or Penetration Testing/Red Team. At a minimum, a Bachelor's Degree in a relevant area of study with a preference for Computer Science, Computer Engineering, Cybersecurity, or Information Security. Knowledge and experience working with various SIEM, EDR, NDR and Ticketing tools. Knowledge of Security Operations Centre (SOC) processes and procedures. Effective communication skills, both written and verbal. Strong attention to detail and commitment to quality. Advanced knowledge and experience analyzing attacker techniques at all stages of a breach. Knowledge of MITRE ATT&CK and Cyber Kill-Chain is a must Be available to work on a 24/7 basis (Mon-Sun) on a shift based schedule to continuously assure quality within SOC. Roles & Responsibilities Conduct regular quality assessments of security incident handling processes within the SOC for both L1 and L2 functions. Review and evaluate the effectiveness of SOC analyst activities, including incident detection, analysis, investigation and response. Identify areas for improvement and provide recommendations to enhance SOC operations and incident response capabilities. Collaborate with SOC management and leads to develop and implement quality assurance strategies and initiatives. Create and maintain comprehensive quality assurance documentation, reports, and metrics. Mentor and provide guidance to junior SOC analysts to improve their performance and investigation skills. Stay up-to-date with the latest threat landscape, attack vectors, and cybersecurity technologies through ongoing research and professional development. Assist in incident response activities as needed, including during high-priority security incidents. Participate in the development and delivery of training programs for SOC staff. Collaborate with the L2 analyst team to develop robust quality assurance practices, documentation, reports and metrics. Collaborate with L1 and L2 SOC analysts to provide training and knowledge sharing on quality assurance best practices. Communicate findings and recommendations effectively to technical and non-technical stakeholders internally and externally. Maintain detailed records of quality assurance activity, including findings, actions taken, and outcomes. Participate in knowledge-sharing initiatives with the L1 and L2 team to enhance collective expertise and investigation skills. Ensure adherence to established quality assurance processes and procedures. Identify opportunities for process improvement and contribute to the enhancement of quality assurance methodologies. Maintain composure and efficiency in high-pressure situations. Willing to work in US day shift (9AM EST - 5PM EST) / India night Shift (7 PM IST to 3 AM IST) and weekend support / on call support Experience & Skills 3+ years of experience in a technical role in the areas of Security Operations, Quality Assurance in a SOC setting, Threat Intelligence, Cyber Incident Response, or Penetration Testing/Red Team. Experience in SOC L1, SOC L2 is a must. Experience in SOC Quality Assurance is a must Experience in SIEM technologies such as Azure Sentinel, Splunk, ArcSight, QRadar, Exabeam, LogRhythm Experience and knowledge of EDR and NDR technologies such as Cortex XDR, CrowdStrike, Carbon Black, Cylance, Defender, DarkTrace Experience with ticketing system such as ServiceNow, JIRA is considered a strong asset Experience and Knowledge working with Cyber Kill-Chain model and MITRE ATT&CK framework Ability to use data to 'tell a story'; ability to communicate findings and recommendations effectively to technical and non-technical stakeholders. Proficient in preparation of reports, dashboards and documentation Excellent communication and leadership skills Ability to handle high pressure situations with key stakeholders Good Analytical skills, Problem solving and Interpersonal skills A demonstrated commitment to valuing differences and working alongside diverse people and perspectives

Location: Gurgaon (Work from Office) Looking for Immediate joiners only Required Technical Skills & Experience: Experience: 7+ years in cybersecurity, with at least 3 years in a SOC leadership role . SIEM & Log Analytics: XSIAM, ArcSight, Splunk, Elastic Stack (ELK), QRadar, Microsoft Sentinel Threat Intelligence: MITRE ATT&CK, Cyber Kill Chain, MISP, STIX/TAXII. Incident Response & Forensics: Volatility, Wireshark, FTK, EnCase, Sleuth Kit, YARA. Endpoint Security & EDR/XDR: CrowdStrike Falcon, Microsoft Defender, Palo Alto XDR, SentinelOne, Carbon Black. Cloud Security: AWS GuardDuty, Azure Security Center, Google Chronicle, CSPM, CNAPP. Compliance & Risk: NIST 800-53, ISO 27001, PCI-DSS, SOC2, GDPR, CIS Benchmarks. Key Responsibilities: SOC Operations & Security Monitoring Lead and manage the 24/7 Security Operations Center (SOC) , ensuring continuous threat detection and response . Working extensively on SIEM (XSIAM. Arcsight, Splunk, QRadar, ELK, Sentinel, etc.) and other security monitoring tools. Oversee 24/7 monitoring of security events and alerts. Ensure effective use of SIEM (Security Information and Event Management) tools. Prioritize, analyze, and manage security incidents. Improve threat intelligence capabilities and integrate with threat intelligence feeds. Continuously optimize detection rules, correlation logic, and security alerts to minimize false positives and improve response times. Incident Response & Management Develop and enforce incident response plans (IRPs) . Ensure timely response to cyber threats, minimizing impact. Coordinate with stakeholders during major incidents. Conduct post-incident analysis and lessons learned exercises. EDR/XDR (Endpoint Detection & Response / Extended Detection & Response) CrowdStrike Falcon – AI-powered threat detection with real-time response. Palo Alto XDR – Extended Detection and Response. Microsoft Defender for Endpoint – Integrated with Azure security solutions. – Behavioral AI-driven endpoint protection. Carbon Black (VMware) – Next-gen EDR with cloud analytics. Sophos Intercept X – Machine-learning-based ransomware prevention. Threat Intelligence Platforms (TIP) Recorded Future – AI-driven threat intelligence analysis. MISP (Malware Information Sharing Platform) – Open-source threat sharing platform. Flashpoint Threat Intel Outseer AFCC ( Previously RSA) IBM X-Force Exchange – Intelligence-sharing with global threat data. Anomali ThreatStream – Automated threat intelligence processing. VirusTotal Enterprise – File and URL malware scanning with shared intelligence. Compliance & Reporting Ensure compliance with security frameworks (ISO 27001, NIST, GDPR, etc.). Maintain accurate security logs and reports for audits. Prepare executive-level reports on security incidents and risk posture.

Microland Limited is looking for Associate Manager - Cyber Security to join our dynamic team and embark on a rewarding career journeyTeam Supervision: Provide leadership, direction, and supervision to a team of employees, ensuring their productivity, performance, and professional development.Operational Management: Manage day-to-day operations within the assigned area, ensuring efficiency, adherence to processes, and effective resource allocation.Performance Management: Set performance goals, conduct regular performance reviews, and provide feedback and coaching to team members to help them excel in their roles.Project Coordination: Oversee projects, initiatives, or tasks within the department, ensuring that deadlines are met and objectives are achieved.Communication: Foster effective communication within the team and with other departments, conveying goals, expectations, and updates to ensure alignment.Problem-Solving: Address challenges and issues that arise within the team or department, working to find solutions and implement process improvements.Budget Management: Contribute to budget planning and management, ensuring that resources are allocated appropriately to achieve departmental goals.

Administering and maintaining Deep security systems to ensure the security of IT Infrastructure Monitoring and analysing security alerts to identify potential threats. Ensure proper integration with existing system Troubleshooting and debugging of Problems related to TrendMicro Deep security manager and agent TrendMicro Deep Security Agent management (Agent Installation, Reconciliation, Troubleshooting etc. Fine-tuning of policies in Deep security features such as FIM, Log Inspection, IPS, Firewall, A Developing and updating security policies and procedures related to Deep security (SOP, SCD, NDA etc.) Anti-malware module etc Log monitoring and incident investigation. Maintaining, generating & analysing all deep security related reports Manager version upgradation and capacity management. Should take up with OEM in case of any Deep security related issue reported Ensuring compliance with industry standards, regulations and best practice Mandatory Skills: Antivirus Microsoft EDR XDR Experience : 5-8 Years.

Paytm is India's leading mobile payments and financial services distribution company. Pioneer of the mobile QR payments revolution in India, Paytm builds technologies that help small businesses with payments and commerce. Paytms mission is to serve half a billion Indians and bring them to the mainstream economy with the help of technology. Job Title: IBM SOAR Administrator / Automation Engineer Experience Required: Minimum 5+ years overall experience - 2+ years hands-on experience with IBM SOAR (Resilient) - 3+ years experience in Python scripting and API integrations Job Summary: We are seeking a skilled and proactive IBM SOAR Administrator / Automation Engineer to manage, customize, and enhance our Security Orchestration, Automation and Response (SOAR) platform. The candidate will be responsible for developing and maintaining playbooks, integrating various security and threat intelligence tools, and automating key SOC tasks to improve efficiency and response times. Key Responsibilities: ‚ Act as the Master Administrator for IBM SOAR platform ‚ Design, implement, and maintain automatic and manual playbooks based on SOC workflows and requirements ‚ Develop and manage custom scripts, functions, and workflows to support automation in IBM SOAR ‚ Setup and manage the IBM SOAR Integration Server ‚ Integrate IBM SOAR with various SOC tools (SIEMs, EDRs, firewalls, etc.) and threat intelligence platforms ‚ Automate manual processes handled by SOC analysts to streamline operations ‚ Collaborate with the SOC team to identify opportunities for orchestration and automation ‚ Maintain platform documentation and provide training to SOC team members as needed ‚ Perform regular system checks and updates to ensure platform reliability and security Required Skills and Qualifications: ‚ Strong hands-on experience with IBM SOAR (Resilient) platform ‚ Deep knowledge of IBM SOAR playbook creation, workflow design, and integration ‚ Proficiency in Python scripting and using RESTful APIs ‚ Working knowledge of HTML, JavaScript, CSS for UI-level customizations ‚ Familiarity with basic Linux commands and system operations ‚ Experience integrating security tools (SIEM, EDR, AV, firewalls) and threat intelligence feeds with SOAR ‚ Basic understanding of ticketing systems (ServiceNow, JIRA, etc.) ‚ Ability to work independently as well as collaboratively within a team ‚ Strong analytical, troubleshooting, and problem-solving skills Preferred Qualifications: ‚ IBM SOAR certification or equivalent training ‚ Exposure to other SOAR platforms like Palo Alto XSOAR, Splunk SOAR is a plus

Your role We are looking for an experienced and strategic Detection Engineer across India. The ideal candidate will have a strong background in cybersecurity, detection and Splunk Enterprise Security. Develop and maintain cyber threat detection and hunting capabilities for Organization. Actively research, innovate and uplift in the areas of threat detection and hunting. Develop and maintain attack & use case models against Organizations environment and systems for the purposes of detection and monitoring use cases. Build and maintain continuous validation and assurance of the detection and hunting pipeline. Maximise detection visibility, coverage, and return-on-investment to maintain a defensible architecture across the business. Develop threat/attack models to depict and model detection of known attack vectors. Work with Threat Intelligence, Incident Response and Cyber Orchestration teams to prioritise and develop detection and orchestration capability. Work with the Red Team to actively test and validate detection capabilities Your Profile 5+ years of experience in a CSOC, Cyber detection, Threat Hunting and/or SOAR development role. 5+ years developing detections within a SIEM environment. Experience working with security tools such as endpoint detection and response systems, network anomaly detection, etc. Designing and implementing threat/attack modelling to derive abuse cases, detection logic and automation course of actions. Well versed in the development of detection and hunting strategies for a broad range of cyber threats, including malware, DDOS, hacking, phishing, lateral movement and data exfiltration in the Financial Services sector or similar. Knowledge of the frameworks like NIST Cybersecurity framework, MITRE ATT&CK, Lockheed Martin Cyber Kill Chain or similar methodologies is required What you"ll love about working here You can shape yourcareerwith us. We offer a range of career paths and internal opportunities within Capgemini group. You will also get personalized career guidance from our leaders. You will get comprehensive wellness benefits including health checks, telemedicine, insurance with top-ups, elder care, partner coverage or new parent support via flexible work. At Capgemini, you can work on cutting-edge projectsin tech and engineering with industry leaders or createsolutionsto overcome societal and environmental challenges

Domain Certifications CISSP, CISA, CRISC, ISO 27001 Responsibilities Own and lead the governance program at account level for a large Financial services account with 700 + head count and multi country locations having high security Offshore Delivery Centres & Work from home teams Develop, implement and monitor Account level Information security governance program; meeting client compliance requirements proactively Perform contract reviews, cyber security risk assessments and drive compliance programs to meet contractual and organizational cyber security requirements within the client offshore delivery centres. Experience in Application security and code reviews which can be leveraged to guide and work with delivery teams on covering the cyber security risks associated with Application security, development and maintenance projects. Work closely with different teams internally like IT, business, HR, facilities, cyber security which operate at Organization level to translate client requirements and assess residual risk if required Give directions and monitor the compliance and operations activities within the account through dedicated team and work closely with account team on ensuring the compliance within account team Develop account level procedures, metrics and review programs to maintain and enhance the governance model within the account Be a single point of contact for client interactions during third party audits and liaise within the organization Prepare the account for certification and internal audit requirements based on industry standards like PCI DSS and ISO 27001 requirements Focus and objective driven to demonstrate ongoing improvements; identify early indicators of non compliance and able to draw mitigation actions Hold technical skills to participate in technical discussions for delivery centre setup, connectivity models Excellent communication skills and have demonstrated effective CXO level reviews

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Platform Engineering Good to have skills : NA Minimum 5 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: We are seeking a skilled Security Engineer with expertise in Google Chronicle SIEM, parser development, and foundational knowledge of cybersecurity. The ideal candidate will be responsible for analyzing security data and logs, ensuring accurate aggregation, normalization, tagging, and classification. You will work closely with log sources, particularly security and networking devices, to enhance our security monitoring capabilities. Roles & Responsibilities: Conduct security and data/log analysis, focusing on the aggregation, normalization, tagging, and classification of logs. Research, analyze, and understand log sources for security monitoring, with a particular focus on security and networking devices such as firewalls, routers, antivirus products, proxies, IDS/IPS, and operating systems. Validate log sources and indexed data, optimizing search criteria to improve search efficiency. Utilize automation tools to build and validate log collectors for parsing aggregated logs. Professional & Technical Skills: Proficiency in log analysis and SIEM tools, including but not limited to Google Chronicle, Splunk, ArcSight, and QRadar. Experience in SIEM content creation and reporting is essential. Strong experience in manual security log review and analysis, such as Windows Event Log and Linux Syslog, including incident classification, investigation, and remediation. Solid understanding of multiple attack vectors, including malware, Trojans, exploit kits, ransomware, phishing techniques, and APTs, as well as familiarity with attack techniques outlined in the OWASP Top 10. Knowledge of security and networking devices, including firewalls, routers, antivirus products, proxies, IDS/IPS, and operating systems. TCP/IP networking skills for packet and log analysis. Experience working with Windows and Unix platforms. Familiarity with databases is an advantage. Experience in GCP, AWS and Azure environments is a plus. Additional Information: - The candidate should have minimum 5 years of experience in Security Platform Engineering. - This position is based at our Pune office. - A 15 years full time education is required.

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Platform Engineering Good to have skills : NA Minimum 5 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: We are seeking a skilled Security Engineer with expertise in Google Chronicle SIEM, parser development, and foundational knowledge of cybersecurity. The ideal candidate will be responsible for analyzing security data and logs, ensuring accurate aggregation, normalization, tagging, and classification. You will work closely with log sources, particularly security and networking devices, to enhance our security monitoring capabilities. Roles & Responsibilities: Conduct security and data/log analysis, focusing on the aggregation, normalization, tagging, and classification of logs. Research, analyze, and understand log sources for security monitoring, with a particular focus on security and networking devices such as firewalls, routers, antivirus products, proxies, IDS/IPS, and operating systems. Validate log sources and indexed data, optimizing search criteria to improve search efficiency. Utilize automation tools to build and validate log collectors for parsing aggregated logs. Professional & Technical Skills: Proficiency in log analysis and SIEM tools, including but not limited to Google Chronicle, Splunk, ArcSight, and QRadar. Experience in SIEM content creation and reporting is essential. Strong experience in manual security log review and analysis, such as Windows Event Log and Linux Syslog, including incident classification, investigation, and remediation. Solid understanding of multiple attack vectors, including malware, Trojans, exploit kits, ransomware, phishing techniques, and APTs, as well as familiarity with attack techniques outlined in the OWASP Top 10. Knowledge of security and networking devices, including firewalls, routers, antivirus products, proxies, IDS/IPS, and operating systems. TCP/IP networking skills for packet and log analysis. Experience working with Windows and Unix platforms. Familiarity with databases is an advantage. Experience in GCP, AWS and Azure environments is a plus. Additional Information: - The candidate should have minimum 5 years of experience in Security Platform Engineering. - This position is based at our Pune office. - A 15 years full time education is required.