254 Edr Jobs

Job Summary: We are looking for a Security Analyst to join the MakeMyTrip Cybersecurity team and strengthen MMTs defense against evolving cyber threats. This role involves monitoring, analyzing, and responding to security incidents while enhancing our security framework. The ideal candidate should have 4-6 years of experience in Security Operations, with a strong focus on Endpoint Security and network security controls. Hands-on experience with security tools in these areas is essential. Scripting knowledge is preferable, along with a proactive learning attitude, strong problem-solving skills, and a can-do mindset. Key Responsibilities: Monitor and analyse security events across endpoints, networks, and cloud environments. Implement and manage security controls using various security technologies. Ensure strong endpoint protection and respond to threats, vulnerabilities, and suspicious activities. Manage and enhance email security to prevent phishing, malware, and other emailbased threats. Work on Zero Trust security principles to enhance access control and identity security. Assist in security incident detection, response, and remediation efforts. Develop and maintain security policies, procedures, and compliance documentation. Collaborate with IT and security teams to strengthen the overall security posture. Automate security processes using Python, PowerShell, or Bash. Stay updated on emerging threats, vulnerabilities, and security technologies. Required Skills & Qualifications: 4-6 years of experience in cybersecurity, focusing on endpoint security, network security, and cloud security. Hands-on experience with security tools in areas such as: Endpoint Security: EDR, XDR, Incident Response, malware analysis, threat hunting. Network Security: NAC, firewalls, IDS/IPS, network segmentation, Zero Trust access. Cloud & Web Security: SSE, CASB, Secure Web Gateway, DLP, cloud security posture management Email Security: Email analysis, expertise in email authentication protocols, knowledge of modern email-based cyber threats, and integration of threat intelligence Strong understanding of Zero Trust security models and implementation. Knowledge of security best practices, frameworks, and compliance standards (NIST, ISO 27001, CIS, etc.). Experience in security incident investigation, threat intelligence, and vulnerability management. Scripting knowledge (Python, PowerShell, Bash) is a plus. Familiarity with SIEM tools and log analysis for threat detection. Excellent problem-solving skills and a proactive learning attitude. Strong communication and documentation skills to convey security insights effectively.

Job Title: Senior Network Security Engineer Job Summary The Senior Network Engineer Cloud Focus (AWS/Azure) is a pivotal role that blends traditional network engineering with modern cloud-native practices. This individual is responsible for designing, implementing, and maintaining secure, scalable, and high-performance networking solutions across hybrid and multi-cloud environments, particularly within Amazon Web Services (AWS) and Microsoft Azure platforms. In addition to cloud networking, this role entails the deployment and support of enterprise-grade data and telecommunication infrastructures. The Senior Network Engineer is expected to manage complex networking projects, troubleshoot advanced issues, and provide technical leadership to junior staff. Essential Job Duties Job Duty Deisgn & Deployment of cloud-based network solutions on AWS and Azure platforms, including configuration and management of VPCs, VNets, VPNs, Direct Connect, ExpressRoute, load balancers, firewalls, and network gateways. Ensure seamless integration between on-premises and cloud environments, enabling robust support for hybrid and multi-cloud architectures. Develop, manage, and maintain network infrastructure using Terraform, enabling consistent, repeatable, and automated provisioning of cloud resources. Build automated workflows and integrate Terraform with CI/CD pipelines to streamline network changes, testing, and deployments. Utilize tools such as CloudWatch, Azure Monitor, and third-party platforms (e.g., Datadog, Splunk) to monitor network performance, detect issues, and perform root cause analysis. Undserstand and execute technical documentation in the functional network for deployments. Configure and install network softwares on virtual machines, routers and other network devices. Deep undersatanding of networking protocols and packet encapsulation methods to identify and troubleshoot network performance issues. Automate network functions and monitor their effectiveness. Deploy, maintain and test device security and business continuity measures such as access authentication and disaster recovery. Suggest improvements to network performance, capacity and scability. Communicate with users on various solutions as needed. Execute network releases & infrastructure changes in a pre-approved maintenance window in a highly available, multi data centers corporate IT and public facing services environment. Assist in evaluation of network products and service for new development in the networking industry. Manage network infrastructure and connectivity to Amazon Web Service virtual private network. Mentor junior network menebers as needed. Job Qualifications Required Education, Experience, Certification/Licensure Bachelors Degree in Computer Science, Information Technology or similar. Masters degree (optional but advantageous) in Cybersecurity, Cloud Computing, or Systems Engineering. A minimum 7 years of full-time experience with a solid background in network administration and architecture Cloud platform certifications (AWS & Azure) such as professional or expert level in Network & solution architecture. Network industry standard professional certifications such as CCNP, CCDP, FCNSP, CheckPoint, A10. Indepth understanding of communication protocols (mainly TCP/IP) and routing protocols (eg BGP, OSPF) Familiarity with access control model and network security Knowledge of coding languages for scripting (eg python, perl) Experience with network diagnostic, monitoring and analysis tools (e.g. SolarWinds network tools) Solid understanding of network operating systems (JUNOS, Cisco IOS) Sharp troubleshooting skills Organizational and mentoring skills Systems: Windows, Cisco Systems, Linux Must be flexible with schedule. Must be honest, responsible, self-motivated and very willing to learn. Knowledge, Skills and Abilities (KSAs) Perform all work and activities with honesty and integrity. Ability to work overtime/extended hours as required. Will be required to provide after-hours support for infrastructure related emergencies, as needed, and occasional weekend maintenance. Effectively communicate (and listen) clearly, professionally, politely and persuasively in all situations; respond well and in a reasonable, timely manner. Challenge conventional practices and use creativity and information to lead, innovate, problem solve, and implement ideas to contribute to the growth of the organization. Support and meet company/department goals and core values. Collaborate with co-workers to achieve common goals. Take personal responsibility for productivity, quality and timeliness of work. Problem Solving/Analysis. Technical Capacity. Time Management.

As a Security Architect & Engineer, you will play a crucial role in designing secure architectures, implementing effective security controls, and supporting security operations across IT and cloud environments. Your responsibilities will involve creating long-term security strategies aligned with business goals, evaluating security technologies, and ensuring compliance with regulatory requirements. In the realm of Security Architecture, you will be tasked with designing secure and scalable architectures that seamlessly integrate with existing IT systems. Your role will also involve recommending security technologies, frameworks, and practices across IT, OT, and cloud environments. Implementing access control and identity management measures will be essential, including least privilege, RBAC, MFA, and SSO controls. In terms of Security Engineering, you will apply secure configuration baselines and automation across operating systems, databases, and cloud environments. Supporting security and vulnerability assessments, assisting in patch implementations, and promoting infrastructure-as-code and DevSecOps practices will also fall under your purview. Your involvement in Security Operations will require collaboration with SOC and IT teams to detect, investigate, and respond to security incidents. To enhance security measures, you will support threat hunting, root cause analysis, and the evolution of incident response and disaster recovery plans. Regarding Risk, Compliance & Governance, you will be responsible for identifying and mitigating security risks associated with IT systems. Developing security policies, conducting risk assessments, ensuring compliance with frameworks and regulations, and providing security input into vendor assessments will be crucial aspects of your role. In terms of Collaboration & Communication, you will act as a trusted advisor to internal teams on security best practices and secure solution design. Your ability to translate complex security topics into actionable guidance for technical and business stakeholders will be paramount. To qualify for this role, you should hold a Bachelor's degree in Information Security, Computer Science, or a related field, along with 8-12 years of cybersecurity experience. Strong knowledge of cloud security services, regulatory compliance requirements, IAM concepts, and relevant certifications are required. Additionally, experience with SIEM, EDR, vulnerability scanners, and cloud-native controls is essential. While not mandatory, advanced knowledge in cloud security architecture, experience with automation tools, and relevant certifications like CISSP, CISM, or CEH would be advantageous. This position may offer remote work options and will involve collaboration with diverse teams in a dynamic environment, providing you with the opportunity to contribute to critical security initiatives.,

As a Security Managed Services Engineer (L1) at NTT DATA, your primary responsibility will be to provide a managed service to clients, ensuring the operational functionality of their Firewall infrastructure. You will proactively identify, investigate, and route incidents to the correct resolver group to maintain zero missed service level agreement (SLA) conditions. This role focuses on first-line support for standard and low complexity incidents and service requests, aiming to contribute to project work as required. Your key responsibilities will include assessing the existing endpoint security infrastructure, deploying EDR agents on endpoints and critical systems, configuring EDR agents to collect and analyze security events, monitoring endpoints for suspicious activities, using behavioral analysis and machine learning to detect advanced threats, generating real-time alerts for potential security incidents, enabling endpoint forensics capabilities, integrating with vulnerability management systems, rolling out patches or upgrades, alerting and remediating endpoints with outdated software configurations, providing real-time alerts for anomalies, ensuring compatibility with other security systems, correlating network anomalies with potential threats, delivering reports as per client requirements, and re-deploying agents when there is a change in infrastructure or operating systems. To excel in this role, you should have a minimum of 3 years of experience in EDR and Trend Micro, possess a Bachelor's degree or equivalent qualification in IT/Computing, hold a CEH certification, and have entry-level experience in troubleshooting and providing support in security/network/data center/systems/storage administration and monitoring services within a medium to large ICT organization. Additionally, you should have a basic knowledge of management agents, redundancy concepts, and products within the supported technical domain, as well as a working knowledge of ITIL processes. Your attributes should include the ability to communicate and work across different cultures, plan activities well in advance, maintain a positive outlook at work, work well in a pressurized environment, apply active listening techniques, adapt to changing circumstances, and prioritize client satisfaction throughout interactions. As an Equal Opportunity Employer, NTT DATA offers an on-site working environment where you can contribute to pushing the boundaries of technical excellence and leading innovations, making a positive impact on clients and society. Join us to grow, belong, and thrive as part of a diverse and inclusive workplace committed to long-term success through innovation and transformation.,

As an L3 Network Security Senior Engineer, you will be responsible for leading technical delivery and managing client engagements in post-sales cycles. Your experience of 10+ years in Network Security/Cyber Security will be crucial in conducting deep-dive security incident analysis and deriving actionable insights. You will handle and configure various security infrastructure components such as Firewalls, VPN, DLP, Proxy, PIM/PAM, Load Balancers, EDR, WAF, SIEM, IDAM, NAC, ZTNA, and CASB. Additionally, you will work on virtualization and server OS including Windows, Redhat Linux, and other Linux distributions. Engaging with OEMs, vendors, and internal teams will be essential for seamless implementation and support. You will be required to draft HLD/LLD documentation, execute Proof of Concepts (POC) for proposed security solutions, and ensure adherence to SLAs and KPIs across security services. Staying updated on evolving threats and technologies will enable you to implement best practices across deployments. Furthermore, conducting presentations, preparing detailed technical/executive reports, and monitoring security services will be part of your responsibilities. In terms of technical skills, you should have expertise in Network Security tools such as Firewall, VPN, DLP, Proxy, PIM/PAM, Load Balancers, EDR, WAF, SIEM, as well as networking components like Switches, Routers, TCP/IP, DNS, DHCP, Routing & Switching. Experience with Public Cloud and On-Prem Private Cloud security, operating systems like Windows, Redhat Linux, other Linux distributions, and tools like Microsoft Office will be required. Preferred certifications for this role include CCNA/CCNP, CCSA, Redhat Certified, Microsoft Certified, ITIL 4, PMP or equivalent. This is a full-time, permanent position with benefits including health insurance and Provident Fund. The work schedule involves fixed shifts from Monday to Friday with rotational shifts at the office in Thane.,

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L2 Analyst has responsibility to closely track the incidents and support for closure. 10.Working with logsource and usecase management in integrating log sources and developing & testing usecase 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Developing SOP / instruction manual for L1 team 13.Guiding L1 team for triage/analysis and assist in clousure of cybersecurity alert and incidents 14.Handle XDR alerts and followup with customer team for agent updates 15.Escalate more complex incidents to L3 SME for deeper analysis. Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.3-7 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques. Preferred technical and professional experience Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications"

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L2 Analyst has responsibility to closely track the incidents and support for closure. 10.Working with logsource and usecase management in integrating log sources and developing & testing usecase 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Developing SOP / instruction manual for L1 team 13.Guiding L1 team for triage/analysis and assist in clousure of cybersecurity alert and incidents 14.Handle XDR alerts and followup with customer team for agent updates 15.Escalate more complex incidents to L3 SME for deeper analysis. Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.3-5 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques. Preferred technical and professional experience Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications

Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. 6+ years of experience in a Security Operations Center (SOC) or similar security role. Relevant certifications preferred such as: Certified Information Systems Security Professional (CISSP) Certified Ethical Hacker (CEH) Certified Information Security Manager (CISM) CompTIA Security+ Strong understanding of networking protocols and technologies, vulnerability assessment, and incident response procedures. Experience with SIEM tools (e.g., Splunk, ArcSight, or similar). Familiarity with compliance frameworks (e.g., ISO 27001, NIST, GDPR). Strong analytical and problem-solving skills. Excellent verbal and written communication skills.

Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. 6+ years of experience in a Security Operations Center (SOC) or similar security role. Relevant certifications preferred such as: Certified Information Systems Security Professional (CISSP) Certified Ethical Hacker (CEH) Certified Information Security Manager (CISM) CompTIA Security+ Strong understanding of networking protocols and technologies, vulnerability assessment, and incident response procedures. Experience with SIEM tools (e.g., Splunk, ArcSight, or similar). Familiarity with compliance frameworks (e.g., ISO 27001, NIST, GDPR). Strong analytical and problem-solving skills. Excellent verbal and written communication skills.

Role - End Point and Data Security Architect Location - Hyderabad Contract to hire (after 6 months based upon performance) Roles: Design, implement and manage cybersecurity EDR and Data Security solutions. • Update. rules & controls, identify and ensure changes in response to major emerging threats. • Manage cybersecurity data and systems lifecycle to ensure that they are patched and/or upgraded at the right time and remain effective. • Implementing specialized security frameworks including CIS Benchmarks for a broad range of endpoints. • Be highly experienced in EDR/XDR solutions such as SentinelOne, Qualys EVM etc Required: At least 4-5 years of relevant professional experience. • Previous work in an international environment. • Demonstrated experience in working within cybersecurity teams, particularly specialised cyber technology capabilities. • Proven track record of contributing to the design and implementation of security solutions aligned with organizational goals. • Strong interpersonal skills with the ability to build and maintain relationships with stakeholders, understand their security needs.

Minimum 2-4 years of experience in Security Operations Centre Experience across SOC domains use case creation, incident management, threat hunting, threat intelligence etc. Solid understanding of cyber security, network security, end point security concepts Good understanding of recent cyber threats, latest attack vectors Must have experience in any one SIEM (Splunk), EDR and SOAR solution Must have experience in leading/managing SOC shifts Experience in shift roster creation, resource management etc. Will be responsible for critical incident investigation, use case review, mentoring Shift Leads, SLA management etc.

You will be responsible for creating and implementing new threat detection content, rules, and use cases to deploy in the SIEM platform with different data sets such as Proxy, VPN, Firewall, DLP, etc. In addition, you will assist with process development and process improvement for Security Operations by creating/modifying SOPs, Playbooks, and Work instructions. Your role will also involve developing custom content based on threat intelligence and threat hunting results, as well as identifying gaps in the existing security controls and proposing new security controls. Your expertise in SIEM Engineering and knowledge of integrating various log sources with any SIEM platform will be crucial. Furthermore, you will be expected to perform custom parsing of logs being ingested into the SIEM Platform. To succeed in this role, you should have at least 3 years of experience in Content development and experience in delivering and/or building content on any of the SIEM tools like Splunk, ArcSight, QRadar, Nitro ESM, etc. A deep understanding of the MITRE ATT&CK Framework is essential. Experience in SOC Incident analysis with exposure to information security technologies such as Firewall, VPN, Intrusion detection tools, Malware tools, Authentication tools, endpoint technologies, EDR, and cloud security tools is required. You should also have a good understanding of networking concepts and experience in interpreting, searching, and manipulating data within enterprise logging solutions. In this role, you will be expected to have an in-depth knowledge of security data logs and the ability to create new content on advanced security threats as per Threat Intelligence. You should be able to identify gaps in the existing security controls and have experience in writing queries/rules/use cases for security analytics on platforms like ELK, Splunk, or any other SIEM platform. Familiarity with EDR tools like Crowdstrike and understanding of TTPs like Process Injection are desirable. Excellent communication, listening, facilitation skills, investigative mindset, and problem-solving abilities are essential for this role. Preferred qualifications include understanding of the MITRE ATT&CK framework, demonstrable experience in Use case/rule creation on any SIEM Platform, and familiarity with Chronicle Backstory, YARA, or Crowdstrike rules.,

As a Security Analyst/Engineer, you will be responsible for supporting the security operations of the organization by assisting in the monitoring, detection, and response to security incidents. This role offers a blend of security analysis and engineering tasks, providing a progression from foundational knowledge to more advanced responsibilities, enabling you to contribute significantly to the organization's cybersecurity efforts. You will be involved in various key responsibilities, including security monitoring and analysis. This involves monitoring security events and alerts from sources such as SIEM, IDS/IPS, antivirus systems, and endpoint detection platforms. Additionally, you will conduct initial analysis of security events, collaborate with senior analysts to investigate and respond to security incidents like malware infections, phishing attempts, and unauthorized access. In incident response activities, you will provide technical assistance during security incidents for containment, eradication, and recovery efforts. You will also document incident response procedures, develop post-incident reports, and implement proactive measures to enhance incident detection and response capabilities, such as developing playbooks for common attack scenarios. Supporting the vulnerability management process will be part of your responsibilities, including assisting in vulnerability scanning, assessment, and remediation efforts. You will help prioritize and track the resolution of identified vulnerabilities, collaborate with system owners and IT teams for timely patching and mitigation, and conduct security assessments and penetration tests to identify weaknesses in systems, applications, and network infrastructure. Furthermore, you will assist in the administration and configuration of security tools and technologies, participate in evaluating and testing new security technologies, optimize the configuration and tuning of security tools, and recommend enhancements based on industry best practices and organizational requirements. You will also support security awareness and training initiatives by assisting in the development of educational materials and delivering security awareness briefings to staff. The ideal candidate should have a Bachelor's degree in computer science, Information Security, or related field, along with 3-5 years of experience in a cybersecurity role. Strong understanding of cybersecurity principles, proficiency in security tools and technologies, excellent analytical and problem-solving skills, effective communication, and stakeholder management abilities are essential. Certifications such as CompTIA Security+, CEH, or equivalent are a plus. Demonstrated experience in conducting security analysis, incident response, and vulnerability management in a complex environment, hands-on experience with security tool optimization, security assessments, and penetration testing, as well as a proven track record of incident response efforts are desired qualifications for this role. This position offers a valuable opportunity for career growth and development in the field of cybersecurity, with the possibility to progress into more specialized roles such as Senior Security Analyst, Incident Responder, or Security Engineer. Continued learning and professional certifications will be encouraged to enhance skills and knowledge in the cybersecurity domain. Joining the global cyber security team at Carmeuse will provide you with the opportunity to contribute to the organization's digitalization strategy while ensuring security. Working with a team of regional senior security managers and cyber architects, you will be involved in security design, delivery, and operations to safeguard Carmeuse's digital IT & OT footprint, participating in innovative initiatives to strengthen operations. Reporting to Victor Alexandrescu, the leader of the team, you will benefit from his extensive experience and practical knowledge. Victor's management style focuses on efficiency, continuous improvement, and proactive problem-solving, aiming to optimize processes and enhance team performance. The organization offers a permanent contract, flexible working hours, home working policy, competitive salary package and benefits, growth opportunities, strong HR and training policy, and work-life balance. The recruitment process includes steps such as resume and cover letter analysis by Georges Mensah-Boateng, a first "Teams" interview with personality questionnaires, a second interview with Victor Alexandrescu and Aurelie Mordant, and a final interview with Stavros Georgakopoulos, Rusty Gavin, and Eugene Marchenko to assess your suitability for the role.,

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. As part of our EY-Cyber security in the Risk Consulting team, your role will be primarily responsible for the daily monitoring and/or maintenance of the enterprise Data Protection tools/solutions. The main duties of the person in this role will include proper care and administration of the Data Protection tools, monitoring and responding to the alerts that generate from the tool. This person will interface with IT Operations, Network Operations, Infrastructure teams, Legal, Risk Management, etc. We're looking for Security Analyst in the Risk Consulting team to work on various privacy/data protection related projects for our customers across the globe. In line with EY's commitment to quality, consultant shall confirm that work is of the highest quality as per EY's quality standards and is reviewed by the next-level reviewer. As an influential member of the team, consultant shall help to create a positive learning culture, coach and counsel junior team members and help them to develop. Your key responsibilities include building DATA PROTECTION solution concepts and deployment requirements, deploying DATA PROTECTION tools and implementing endpoint protection, working with vendors to support the DATA PROTECTION technology, administration of the Data Protection tools, monitoring and responding to alerts generated from the Data Protection systems, understanding and following the incident response process through event escalations, responding to escalations by the Incident Response Team, following processes to maintain the leading DATA LOSS PREVENTION/CASB system, assisting clients in privacy-related incident response activities, and supporting the client's team by acting as an interim team member. To qualify for the role, you must have a Bachelor's or master's degree in Computer Science, Information Systems, Engineering, or a related field, at least 5-8 years of experience in supporting Data Security Technology, at least 4-6 years of experience in Information Security concepts related to Governance, Risk & Compliance, Data Loss Prevention, CASB Technology support, and Event Handling, experience in Administration of the DLP, CASB tools, technical/vendor certification will be an added advantage, experience in utilizing and good knowledge of other data protection technology, ability to independently research and solve technical issues, demonstrated integrity in a professional environment, and the ability to work in and adapt to a changing environment. Ideally, you'll also have a professional certificate or be actively pursuing related professional certifications such as the CompTia Security+, CEH, CISSP or Vendor/Technical certification. If not, certified candidates are expected to complete one of the business required certifications within 12 months of hire, expect some weekend work and 20%-30% travel based on job requirement, work at the office mandatory 5 days a week as per client requirement, and be flexible to work on rotational shifts. EY offers a team of people with commercial acumen, technical experience, and enthusiasm to learn new things in this fast-moving environment with consulting skills, an opportunity to be a part of a market-leading, multi-disciplinary team of 1400+ professionals, opportunities to work with EY Consulting practices globally with leading businesses across a range of industries.,

experience in cyber security Information security with security posture. Assessment. advance threat detection, Incident response and responding to critical security incident endpoint security capabilities with Carbon black EDR tools.

Bachelors degree in Computer Science, Information Security, or related field; or equivalent practical experience. Experience in a SOC or cybersecurity analyst role. Proficient in using Microsoft Sentinel, MS Unified SecOps/XDR, and other SIEM/EDR platforms. Strong knowledge of KQL and experience creating detection rules. Hands-on experience handling alerts and incidents from MDE & MDO. Ability to perform advanced analysis of logs, network flows, and security telemetry. Excellent problem-solving, analytical, and communication skills. Certifications such as CompTIA Security+, CEH, or equivalent are preferred. Mandatory Skills: Security Information Event Management. Experience: 5-8 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: EDR - Cybereason. Experience: 3-5 Years.

Role & responsibilities 6+ years of experience in cybersecurity operations with solid L3-level incident handling. Hands-on expertise with endpoint security solutions (CrowdStrike, SentinelOne, Microsoft Defender ATP, Carbon Black, etc.). Strong proficiency in conducting demos and technical evaluations for R&D or pre-deployment scenarios. In-depth understanding of SIEM platforms, EDR, network security, and intrusion detection. Experience with malware analysis, threat intelligence, and reverse engineering is a plus. Knowledge of Windows, Linux, and cloud environments (AWS/Azure/GCP). Familiarity with security frameworks (NIST, MITRE ATT&CK, SANS). Scripting skills (Python, PowerShell, Bash) for automation. Relevant certifications preferred: CISSP, OSCP, CEH, GCIA, GCIH .

Hiring a Zscaler Engineer for a remote full-time contractual position with a working shift from 05:30 PM IST to 02:30 AM IST. The candidate should have 35 years of hands-on experience with Zscaler technologies including ZIA, ZPA, and ZCC. The role involves designing and maintaining Zero Trust Architecture, configuring Zscaler Client Connector (ZCC), integrating with MDM/EDR tools, and performing security audits. Strong networking fundamentals, troubleshooting skills across endpoints and cloud layers, and a sound understanding of DNS, VPNs, firewalls, and access control are essential. Zscaler certifications are preferred. Immediate joiners are highly desirable. Location: Remote- Bengaluru,Hyderabad,Delhi / NCR,Chennai,Pune,Kolkata,Ahmedabad,Mumbai

SOC Analyst - Sentinel - L2 Chennai/ Bangalore/ Kochi/ Hyderabad Responsibilities Thoroughly investigate security incidents escalated by L1 analysts, going beyond initial alerts to understand the full scope and impact. Analyze complex security events, logs, and incident data from various sources integrated into Azure Sentinel. Determine if a security event is a genuine incident and classify its severity. Utilize Azure Sentinel's investigation graph to explore entities, connections, and timelines of attacks. Proactively search for undetected threats within the organization's Azure environment and connected data sources using Kusto Query Language (KQL) in Azure Sentinel. Lead and coordinate incident response activities, including containment, eradication, and recovery from security incidents Develop and maintain incident response playbooks within Azure Sentinel. Execute automated response actions through Sentinel playbooks, such as blocking IPs, isolating compromised systems, or enriching incident data. Collaborate with other security teams (e.g., L1, L3, forensic teams), IT, and business stakeholders to resolve incidents effectively. Document findings, actions taken, and lessons learned to improve future incident response procedures. Desired Skills and Qualifications Required: Deep expertise in Microsoft Sentinel: Including data connectors, analytics rules, workbooks, hunting queries, incidents, and automation (Logic Apps/Playbooks). Kusto Query Language (KQL) mastery: Essential for advanced threat hunting, data analysis, and rule creation in Sentinel. Understanding of Azure security services: Strong knowledge of Azure Security Center/Defender for Cloud, Azure Active Directory (now Microsoft Entra ID), Azure Monitor, Azure Networking, and other relevant Azure services. SOAR (Security Orchestration, Automation, and Response): Experience in building and optimizing playbooks using Azure Logic Apps within Sentinel. MITRE ATT&CK Framework: Ability to map security events and detections to MITRE ATT&CK tactics and techniques for comprehensive threat analysis. Cloud Security Concepts: A solid understanding of cloud computing security principles, especially within the Azure ecosystem. General SOC Skills Strong analytical and problem-solving skills. Excellent communication (verbal and written) and interpersonal skills. Please share your resume to "priyanga.govindharaj@aspiresys.com"

As a candidate for this position, you should hold a Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related field, with a preference for a Masters degree. Your role will involve leading and mentoring the SOC team to promote a culture of continuous improvement and collaboration. Overseeing the day-to-day operations of the SOC is crucial, ensuring efficient incident detection, response, and recovery processes. Collaboration with IT and business units is essential to integrate cybersecurity measures into existing and new technology deployments. Your responsibilities will also include managing cybersecurity projects, selecting and implementing cutting-edge security tools and technologies. Regular security assessments, penetration testing, and proactive threat hunting are key tasks to identify and mitigate potential security vulnerabilities. Relevant cybersecurity certifications such as CISSP, CISM, CEH, or GIAC are desired, along with at least 10 years of experience in cybersecurity, including a minimum of 3 years in a leadership role within an SOC environment. In-depth knowledge and experience with cybersecurity regulations and standards are expected. Proficiency in managing and configuring security technologies such as SIEM, firewall, IDS/IPS, EDR, and vulnerability management tools is required. You should have a demonstrated ability to lead and develop high-performing teams. Additional responsibilities include preparing lab/demo environments, conducting research and development on security tools and best practices, and being flexible to work in US Shift. Excellent problem-solving, communication, and presentation skills are necessary for this role.,

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an L1 SOC Analyst you are the first line of defense in monitoring and triaging security alerts. You will work primarily with Sumo Logic SIEM and SOAR tools to identify potential security incidents, validate alerts, and escalate them according to the defined SOPs. You will ensure real-time visibility and log health while flagging suspicious activity promptly. This role is essential to ensuring timely detection and reducing noise from false positives Roles & Responsibilities:--Basic Security Knowledge:Understanding of key concepts (malware, phishing, brute force, etc.-SIEM Familiarity:Exposure to Sumo Logic UI and understanding how to read/query logs-Exposure to CrowdStrike Falcon Console:Ability to view and interpret endpoint alerts-Alert Triage:Ability to differentiate between false positives and real threats-Communication Skills: Clear written documentation and verbal escalation-Ticketing Systems:Familiarity with platforms like JIRA, ServiceNow, or similar-Basic understanding of cybersecurity fundamentals-Basic Scripting:Awareness of PowerShell or Python for log parsing-SOAR Exposure:Familiarity with automated triage workflows-Security Certifications:Security+, Microsoft SC-900, or similar certification-Operating System Basics:Windows and Linux process and file system awareness Professional & Technical Skills: -Monitor real-time alerts and dashboards in Sumo Logic SIEM-Perform initial triage on alerts and determine severity/priority-Escalate validated security incidents to L2 analysts per defined SOPs-Follow pre-defined SOAR playbooks to document or assist in response-Ensure alert enrichment fields are populated like host info, user details, etc.-Conduct basic log searches to support alert analysis-Perform daily health checks on log sources and ingestion pipelines-Maintain accurate ticket documentation for each alert handled-Participate in shift handovers and team sync-ups for awareness-SIEM:Basic log searching, correlation rule awareness-SOAR:Familiarity with playbook execution-Security Concepts:Basic understanding of malware, phishing, brute force-Tools:CrowdStrike EDR, Sumo Logic Additional Information:- The candidate should have minimum 2 years of experience in Security Information and Event Management (SIEM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As the SOC L3 Analyst you will lead the technical handling of critical security incidents. Youll be responsible for deep-dive analysis, root cause investigation, forensics, and containment using tools such as CrowdStrike, Sumo Logic SIEM, and SOAR. You will be responsible for onboarding and managing log sources, building SIEM use cases (custom + in built), and developing automation in SOAR to support incident response and threat detection workflows Roles & Responsibilities:-End-to-End Incident Response Ownership:Ability to handle incident lifecycle (detect, contain, remediate)-Subject matter expert for handling the escalated critical or actual true positive incidents.-CrowdStrike Deep Dive:Using Real Time Response (RTR), Threat Graph, custom IOA rules-Strong command over Sumo Logic SIEM content engineering:Creating detection rules, dashboards, and field extractions-Threat Hunting:Behavior-based detection using TTPs-SOAR Automation:Designing playbooks, integrations with REST APIs, ServiceNow, CrowdStrike-Threat Intel Integration:Automation of IOC lookups and enrichment flows-Forensic Skills: Live host forensics, log correlation, malware behavioral analysis-Deep experience in advanced threat detection and incident response-Scripting Proficiency:Python, PowerShell, Bash for automation or ETL-Error Handling & Debugging:Identify and resolve failures in SOAR or data pipelines-Proficiency in CrowdStrike forensic and real-time response capabilities-Experience Sumo Logic SOAR for playbook optimization-Use case development in Sumo Logic SIEM Professional & Technical Skills: -Lead high-severity incident response, coordinating with stakeholders and IT teams-Perform endpoint forensic triage using CrowdStrike Real Time Response (RTR)-Conduct detailed log analysis and anomaly detection in Sumo Logic-Customize or create new detection rules and enrichments in SIEM-Develop/Tune SOAR playbooks for advanced scenarios, branching logic, and enrichment-Perform root cause analysis and support RCA documentation-Mentor L1 and L2 analysts through case walk-throughs and knowledge sharing-Generate post-incident reports and present findings to leadership-Lead investigations and coordinate response for major incidents-Perform root cause analysis and post-incident reviews-Develop advanced detection content in Sumo Logic-Optimize SOAR playbooks for complex use cases-Onboard and maintain data sources in Sumo Logic SIEM and ensure parsing accuracy-Build custom dashboards, alerts, and queries aligned with SOC use cases-Create and maintain field extractions, log normalization schemas, and alert suppression rules-Integrate external APIs into SOAR (e.g., VirusTotal, WHOIS, CrowdStrike)-Monitor log health and alert performance metrics; troubleshoot data quality issues-Collaborate with L3 IR and Threat Intel teams to translate threat use cases into detections-Participate in continuous improvement initiatives and tech upgrades-Conduct playbook testing, version control, and change documentation-CrowdStrike:Custom detections, forensic triage, threat graphs-SIEM:Rule creation, anomaly detection, ATT&CK mapping-SOAR:Playbook customization, API integrations, dynamic playbook logic-Threat Intelligence:TTP mapping, behavioral correlation-SIEM:Parser creation, field extraction, correlation rule design-Scripting:Python, regex, shell scripting for ETL workflows-Data Handling:JSON, syslog, Windows Event Logs-Tools:Sumologic SIEM, Sumo logic SOAR & Crowdstrike EDR-Exp in in SOC/IR including 4+ in L3 role (IR + SIEM Content Engineering & SOAR) Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Job Discription: Minimum of 8 years of experience. Strong understanding of SIEM tools. Solid knowledge of EDR solutions. Experience in managing and mentoring a SOC team. Proven experience in leading the incident response process. Strong analytical skills, with a basic understanding of forensics, networking, and Windows processes

Skills required for MS Defender: L2 MS Defender for Endpoints (EDR/ATP),Other Monitoring Tools Office 365,Active Directory, Microsoft Intune, Anti-Virus, Trend Micro