179 Edr Jobs - Page 2

SOC Analyst / Security Engineer - Vacancies for FRESHERS (Level-1 / Those who completed the courses or learnt on their own) & EXPERIENCED (Level-1 & Level-2 / Those who have experienced in Cyber Security Domain only) SOC Analyst / Security Engineer who is familiar or interested to work with Windows, Linux, and cloud environments technical skills. Any courses/certification like CompTIA Security+, GSEC, EC-Council Certified SOC Analyst (CSA), Microsoft SC-200(Security Operations Analyst Associate), Cisco Cyber Ops Associate, Splunk Core Certified User / Analyst are preferable. Responsibilities Capable of understanding the training & Nature of works on Job Responsibilities. Monitor and assess alerts generated by security monitoring systems such as SIEMs and EDR platforms. Analyze logs, network activity, and endpoint behavior to detect suspicious or malicious activity. Execute initial incident triage and escalate complex threats to senior teams as needed. Collaborate with internal teams on containment, eradication, and recovery processes. Maintain detailed records of security events and actions taken in internal tracking systems. Continuously fine-tune detection rules and alert thresholds to improve incident accuracy. Stay informed on the latest tactics, techniques, and procedures (TTPs) used by threat actors. Support proactive initiatives like threat hunting and vulnerability assessments. Contribute to red/blue team simulations and post-incident reviews. Help develop and refine operational playbooks and standard response workflows. Capable for Rotational shifts (Morning / Forenoon / Evening / Night) as its 24 X 7 organization & Adoptable for the working environment & Night Shifts. Maintain the System Security, identify threats and install / configure Software. Solid grasp of network protocols, endpoint defenses, and common attack vectors. Familiar with one or more SIEM solutions (e.g., Splunk, Sentinel, QRadar). Comfortable navigating both Windows and Linux environment. knowledge of cloud platforms & Malware analysis is a plus. Understanding of TCP/IP, DNS, HTTP, and common attack vectors Understanding of cybersecurity frameworks such as MITRE ATT&CK or NIST. Strong Interpersonal and Oral/Non-Oral English Communication skills to Handle Chats & Mails if needed. 1 to 3 years of experience in a SOC or technical security role is an added advantage. To be Sincere and Honest towards the Job Responsibilities. Perks and Benefits Other Allowances Negotiable Based on Availability & Experience. For clarification Contact - HR +91 87543 01002 jobs@oryon.in

Req ID: 125023. Remote Position: Hybrid. Region: Asia. Country: India. State/Province: Chennai. City: Guindy, Chennai. Summary. The Senior Specialist, IT Solutions is a key role that evaluates, implements, and manages Security solutions to protect Celestica's systems and data. Responsibilities include implementing automation technologies, performing risk assessments, contributing to automation policies and standards, and advising on automation best practices. This role also mentors junior team members and provides advanced technical support for automation solutions.. Detailed Description. Performs tasks such as, but not limited to, the following:. Maintain security infrastructure for operational efficiencies. collaborate with other IT infrastructure, application and network teams to ensure seamless integrations of tools and technology.. Develop and implement playbooks for security automation and orchestration to respond to security events and incidents.. Design and implement integrations between security tools such as EDR, SIEM, and ServiceNow, to automate incident response and threat intelligence sharing.. Automate security processes, such as vulnerability scanning, patching, and user provisioning, using scripting and configuration management tools.. Develop custom scripts and tools, such as parsers and data enrichment scripts, to automate repetitive security tasks and integrate disparate security data sources.. Create and maintain comprehensive documentation and runbooks for security automation processes and integrations.. Collaborate with other security team members, such as threat intelligence analysts and incident responders, to identify automation opportunities and implement effective security automation solutions.. Stay up-to-date on emerging security threats and technologies to proactively identify and address potential security risks through automation.. Knowledge/Skills/Competencies. Expert knowledge of information security principles, practices, and technologies.. Expert knowledge of EDR, SIEM, and ServiceNow. Strong understanding of data integration and API development. In-depth knowledge of information security standards and regulations (e.g., ISO 27001, NIST).. Strong understanding of software design processes and data modeling.. Excellent problem-solving and analytical skills.. Strong leadership, mentoring, and communication skills.. Ability to work independently and as part of a team.. Physical Demands. Duties of this position are performed in a normal office environment.. Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.. Typical Experience. 6 to 8 years of experience in information security, with a proven track record of evaluating, implementing, and managing security solutions.. Typical Education. Bachelor's degree in Software Engineering, Computer Science, Information Security, or a related field.. Relevant industry certifications (e.g., CISSP, CISM) are highly desirable.. Notes. This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.. Celestica is an equal opportunity employer. All qualified applicants will receive consideration for employment and will not be discriminated against on any protected status (including race, religion, national origin, gender, sexual orientation, age, marital status, veteran or disability status or other characteristics protected by law).. At Celestica we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. Special arrangements can be made for candidates who need it throughout the hiring process. Please indicate your needs and we will work with you to meet them.. Company Overview. Celestica (NYSE, TSX: CLS) enables the world’s best brands. Through our recognized customer-centric approach, we partner with leading companies in Aerospace and Defense, Communications, Enterprise, HealthTech, Industrial, Capital Equipment and Energy to deliver solutions for their most complex challenges. As a leader in design, manufacturing, hardware platform and supply chain solutions, Celestica brings global expertise and insight at every stage of product development – from drawing board to full-scale production and after-market services for products from advanced medical devices, to highly engineered aviation systems, to next-generation hardware platform solutions for the Cloud. Headquartered in Toronto, with talented teams spanning 40+ locations in 13 countries across the Americas, Europe and Asia, we imagine, develop and deliver a better future with our customers.. Celestica would like to thank all applicants, however, only qualified applicants will be contacted.. Celestica does not accept unsolicited resumes from recruitment agencies or fee based recruitment services.. Show more Show less

Dentsply Sirona is the world’s largest manufacturer of professional dental products and technologies, with a 130-year history of innovation and service to the dental industry and patients worldwide. Dentsply Sirona develops, manufactures, and markets a comprehensive solutions offering including dental and oral health products as well as other consumable medical devices under a strong portfolio of world class brands. Dentsply Sirona’s products provide innovative, high-quality and effective solutions to advance patient care and deliver better and safer dentistry. Dentsply Sirona’s global headquarters is located in Charlotte, North Carolina, USA. The company’s shares are listed in the United States on NASDAQ under the symbol XRAY.. Bringing out the best in people. As advanced as dentistry is today, we are dedicated to making it even better. Our people have a passion for innovation and are committed to applying it to improve dental care. We live and breathe high performance, working as one global team, bringing out the best in each other for the benefit of dental patients, and the professionals who serve them. If you want to grow and develop as a part of a team that is shaping an industry, then we’re looking for the best to join us.. Working At Dentsply Sirona You Are Able To. Develop faster with our commitment to the best professional development.. Perform better as part of a high-performance, empowering culture.. Shape an industry with a market leader that continues to drive innovation.. Make a difference -by helping improve oral health worldwide.. Scope. The Senior Security Analyst is responsible for maintaining security systems, implementing process automation, and responding to security incidents. They must have a thorough understanding of both cloud-based and on-prem environments and threats. They serve as an escalation point for incident response and the support of security toolsets. They must be capable of working on multiple projects and alerts with general supervision.. Key Responsibilities. Administer, monitor, and maintain cloud-based and on-prem security systems.. Coordinate the implementation and upgrade of security systems.. Administer, monitor, and maintain automated security response tools.. Develop and maintain automated security processes and workflows.. Investigate and remediate security related alerts for both cloud-based and on-prem systems.. Investigate and remediate security policy violations.. Research threat actors, tactics, techniques, procedures, malware, and other IOCs.. Engineer and tune custom alerts for security systems.. Research emerging security technologies and make recommendations to influence security initiatives.. Assist with documentation and training related to security systems.. Act as an escalation point and mentor for junior analysts.. Act as an escalation point and oversee relationship with hosted SOC.. Act as a technical point of contact during security incidents.. Prepare security reports for benchmarking security efficiency.. Collaborate with cross-functional teams to support security initiatives of varying complexity.. Typical Background. Education: BS/BA Degree in Computer Information Systems, Computer Science, Information Systems Management, or equivalent professional experience. Certifications/Licensing: COMPTIA Security+, CEH, CISSP, GIAC Security Essentials, CCNA Security, Google Professional Cloud Security Engineer. Years and Type of Experience: 6+ years of experience in Information Systems with at least 2 years of formal experience in Cyber Security.. Excellent English written and spoken communication skills with the ability to explain technical information to non-technical people.. Key Required Skills, Knowledge And Capabilities. Experience with the Microsoft Suite of Security Tools.. Experience with configuration and management of security solutions for Google Cloud, Microsoft Azure, and/or Amazon Web Services.. Experience with configuration and management of endpoint security solutions including EDR and DLP.. Experience with process and security automation.. Experience with SIEM configuration, alert tuning, and KQL.. Experience with configuration and management of Office 365 services and security solutions.. Experience with incident response.. Must have excellent technical writing and research skills.. Experience with Microsoft Windows, Linux, and macOS.. Willing to work non-standard hours and be on-call.. Team player.. Ability to work with ambiguity.. Resilience to change.. Communication skills.. Integrity.. Open minded, respectful, empathetic ability to work in a multicultural environment.. Analytical thinking, problem solving.. DentsplySirona is an Equal Opportunity/ Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, sexual orientation, disability, or protected Veteran status. We appreciate your interest in DentsplySirona.. If you need assistance with completing the online application due to a disability, please send an accommodation request to careers@dentsplysirona.com. Please be sure to include “Accommodation Request” in the subject.. Show more Show less

Come join Deepwatch’s team of world-class cybersecurity professionals and the brightest minds in the industry. If you're ready to challenge yourself with work that matters, then this is the place for you. We're redefining cybersecurity as one of the fastest growing companies in the U.S. – and we have a blast doing it!. Who We Are. Deepwatch is the leader in managed security services, protecting organizations from ever-increasing cyber threats 24/7/365. Powered by Deepwatch’s cloud-based security operations platform, Deepwatch provides the industry’s fastest, most comprehensive detection and automated response to cyber threats together with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business.. Our core values drive everything we do at Deepwatch, including our approach to tackling tough cyber challenges. We seek out tenacious individuals who are passionate about solving complex problems and protecting our customers. At Deepwatch, every decision, process, and hire is made with a focus on improving our cybersecurity solutions and delivering an exceptional experience for our customers. By embracing our values, we create a culture of excellence that is dedicated to empowering our team members to explore their potential, expand their skill sets, and achieve their career aspirations, which is supported by our unique annual professional development benefit.. Deepwatch Recognition Includes. 2025, 2024, 2023, 2022 and 2021 Great Place to Work® Certified. 2024 Military Times Best for Vets Employers. 2024 US Department of Labor Hire Vets Gold Award. 2024 Forbes' America's Best Startup Employers. 2024 Cyber Defense Magazine, Global Infosec Awards. 2023 and 2022 Fortress Cybersecurity Award. 2023 $180M Series C investment from Springcoast Capital Partners, Splunk Ventures, and Vista Credit Partners of Vista Equity Partners. 2022 Cybersecurity Excellence Award for MDR. Position Summary. This role is 100% onsite in Bengaluru. The shift for this position is Monday Friday, 7:30AM 3:30 PM.. Deepwatch is looking for a highly motivated, self-driven, technical analyst dedicated to making a difference in global security by protecting organizations against the most advanced attackers in the world. The Deepwatch Squad and Security Operations Center offers opportunities to expand your skill set through a wide variety of experiences, detecting and responding to incidents as they occur in real-time for our customers.. The Deepwatch squad is a unique approach to how we support our customers and ultimately provide an experience not found anywhere else. You’ll be an integral part of supporting our customers by understanding their bespoke environment, needs and challenges. You will be playing a key role in supporting some of the top organizations in the world, and have the opportunity to develop your skills by working with the best responders in the industry, your team and your Squad.. The Analyst I is focused on providing descriptive analysis. They will answer questions such as the who, what, when, and where of events. Analysts are curious individuals who actively work to develop a better understanding of the environments they are assigned. Using cybersecurity best practices, you will monitor and secure complex customer environments utilizing industry leading technology such as Splunk, xSOAR, CrowdStrike and more.. In This Role, You’ll Get To. Support incident handling processes across multiple platforms and security technologies including Windows, Linux and macOS. Monitor a queue of security events generated by the Deepwatch platform SOAR, triage events based on their criticality, and escalate validated security events to customers. Document and manage incident cases in our case management system. Keep up-to-date with information security news, techniques, and trends. Identify and report any gaps in log collection or reporting as soon as possible to the customer and Deepwatch Engineering. Become proficient with Splunk, ServiceNow and other third-party threat intelligence tools as required. Perform security detection analysis and investigations using SIEM and SOAR technologies, leverage Deepwatch proprietary tooling and intelligence and maintain SLA’s. Act as the first line of defense during security events by triaging and investigating alerts within a customer’s environment. Produce high-quality written and verbal communications, recommendations, and findings to customer management in a timely manner. Continue to sharpen your skills and capabilities on the job, and through the Deepwatch development program. To be successful in this role, you’ll need to:. A basic understanding of cyber security principles, concepts and practice with a focus on SOC operations, alert triage and investigations. Know your way around SIEM platforms (Splunk preferred), how to perform queries and leverage various log sources to perform investigations. Articulate the process involved in pivoting to other log sources, cloud systems, or consoles to perform a comprehensive analysis from multiple data sources. Have a basic understanding of modern EDR, email security and cloud identity platforms. Review SIEM alerts and make a determination for what other sources or intelligence is needed to make a determination, relying on peers to help improve your skills and capabilities. A strong understanding of all basic ports and protocols. Familiarity with Windows, Mac, and Linux file path structure.. Familiarity with OSINT, TTPs and IOCs. Strong written and verbal communication skills with the ability to produce well-written reports and analysis that’s thorough, accurate and complete.. Provide the customer with a complete understanding of the investigation. CEH, CySA, GSEC, Sec+, or equivalent certification preferred. A college degree in Information Security or IT, related training, certifications or on-the-job experience. Life At Deepwatch. For employees, Deepwatch fosters a unique, flexible work environment designed with collaboration in mind. The company emphasizes personal and professional. growth, offering benefits such as professional development programs, comprehensive health coverage, and generous parental leave. Deepwatch is also committed to diversity, equity, inclusion, and belonging, aiming to empower underrepresented groups in tech by connecting them with meaningful opportunities, mentors, and sponsors.. In recognition of its supportive workplace culture, Deepwatch earned the Great Place To Work Certification/(TM) in 2025, underscoring its dedication to. creating a positive and inclusive work environment. Deepwatch is a global cybersecurity company with offices in San Francisco Bay Area, CA; Tampa, Florida;. and Bengaluru, India.. What We Offer. At Deepwatch, we are committed to supporting our employees with a comprehensive benefits package designed to enhance your well-being and financial security.. We Partner With Plum Benefits To Provide. ? Group Health Insurance – Comprehensive medical coverage for you and your dependents.. ? Group Accidental Insurance – Financial protection in case of accidental injuries.. ? Group Term Life Insurance – Security for your loved ones in unforeseen circumstances.. For additional details, refer to the benefits guide provided by Plum.. Payroll & Compensation. ? Pay Cycle: Salaries are processed monthly and paid on the last day of each month.. ? Pay Slips & Reimbursements: Delivered via email.. ? Payroll Processing: Managed by BCL Chartered Accountants through GreytHR, which provides tax and payment-related details.. Show more Show less

WHAT YOU DO AT AMD CHANGES EVERYTHING. We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world’s most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives.. AMD together we advance_. The Staff Information Security Analyst will be responsible for identifying and defining requirements and engineering solutions to solve the existing threats and security issues of a global organization. This role will initial focus heavily on data protection, leading advancements in data loss prevention, and changing how AMD protects data going forward.. The Person. The ideal candidate will possess strong multi-tasking skills and enthusiasm for details and should think one step ahead of cyber-criminals. They should be well prepared to thrive in a fast-paced environment, possessing strong interpersonal and communication skills. You will use your critical thinking and sense of ownership to focus on long term quality IT security solutions. Are you self-motivated and a team player with proven ability to deliver end-to-end solutions in a high-tech and fast-moving industry? If so, this is a great career opportunity!. Key Responsibilities. The Staff Information Security Analyst responsibilities include, but are not limited to:. Building and growing AMD’s data security capabilities to keep AMD data secure regardless of location.. Identifying, monitoring, and defining the requirements to reduce the overall risk to AMD data, systems, and infrastructure.. Implementing hardware and software solutions to help mitigate a wide variety of information security risks.. Collaborating with other IT teams to align initiatives across the company.. Preferred Experience. Minimum of 5 years of IT security related experience.. Professional experience as a Security Engineer with demonstrated successful leadership and delivery of data protection solutions.. Experience as a customer-facing technical lead, including working with both management-level and development teams.. Senior/advanced related IT or security experience working in one or more Security Domains.. Experience with CASB, DLP, CSPM, Web Proxy.. Hands on experience with Data Classification policies and technologies to address data leakage.. Working knowledge of network topology, protocols, components, and OSI model, and IAM technologies (e.g., PKI, Oauth, OIDC, SAML). Understanding of NIST Cyber Security Framework standard and requirements and ability to apply them to an enterprise environment.. Experience with infrastructure operations and processes associated with IT service management in an Enterprise-level organization.. Experience with cloud services (AWS, Google, Microsoft) and associated networking, as well as collaboration and integration with O365 products.. Hands on experience with Enterprise Linux platforms.. Experience with EDR solutions is a plus.. DLP, CASB. Nice to have: Client proxy, SIEM, File and Removable Media Protection [FRP]. It Would Be Nice If You Also Had. Experience with scripting language (python, PowerShell, etc.).. Strong documentation skills.. Academic Credentials. BS CS preferred but not required.. CISSP, CISA, CISM, CCSK. Benefits offered are described: AMD benefits at a glance.. AMD does not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services. AMD and its subsidiaries are equal opportunity, inclusive employers and will consider all applicants without regard to age, ancestry, color, marital status, medical condition, mental or physical disability, national origin, race, religion, political and/or third-party affiliation, sex, pregnancy, sexual orientation, gender identity, military or veteran status, or any other characteristic protected by law. We encourage applications from all qualified candidates and will accommodate applicants’ needs under the respective laws throughout all stages of the recruitment and selection process.. Show more Show less

Picture Yourself at Pega: As a Senior Cloud Security Operations Analyst, you will play a critical role in ensuring the confidentiality, integrity, and availability of Pega's commercial cloud infrastructure and assets. You will be key in the continuous monitoring and protection of all global cloud security operations at Pega as well as an active participant in incident response efforts. As a key member of a team consisting of highly capable and talented problem-solving analysts and engineers, you'll help develop processes that drive proactive, automated detection and incident response tactics to support the quick resolution of cloud security events and incidents. You will accomplish this by collaborating with cross-functional teams including other security analysts, threat detection engineers, vulnerability analysts, security engineers, system administrators, and developers to proactively identify potential security risks and vulnerabilities within our cloud environment. You will leverage your strong analytical skills to assess and prioritize threats, applying your knowledge of industry best practices and cloud security frameworks. As a Senior Cloud Security Operations Analyst at Pega, you'll contribute to the success of our globally recognized brand. Your efforts will directly impact the security and trust our clients place in us, as we help them transform their business processes and drive meaningful digital experiences. So, picture yourself at Pega, where your expertise in cloud security is valued, and your passion for protecting data is celebrated. join us in shaping the future of secure cloud operations and make a lasting impact on the world of technology. What You'll Do at Pega: Perform security monitoring of Pega Cloud commercial environments using multiple security tools/dashboards Perform security investigations to identify indicators of compromise (IOCs) and better protect Pega Cloud and our clients from unauthorized or malicious activity Actively contribute to incident response activities as we identify, contain, eradicate, and recover Contribute to standard operating procedure (SOP) and policy development for CSOC detection and analysis tools and methodologies Assist in enhancing security incident response plans, conducting thorough investigations, and recommending remediation measures to prevent future incidents. Perform threat hunts for adversarial activities within Pega Cloud to identify evidence of attacker presence that may have not been identified by existing detection mechanisms Assist the threat detection team in developing high confidence Splunk notables focused on use cases for known and emerging threats, based on hypotheses derived from the Pega threat landscape Assist in the development of dashboards, reports, and other non-alert based content to maintain and improve situational awareness of Pega Cloud's security posture Assist in the development of playbooks for use by analysts to investigate both high confidence and anomalous activity Who You Are: You have an insatiable curiosity with an inborn tenacity for finding creative ways to deter, detect, deny, delay, and defend against bad actors of all shapes and sizes. You have been in the security trenches and you know what an efficient security operations center looks like. You have conducted in-depth analyses of various security events/alerts, contributed to incident response efforts, and developed new methods for detecting and mitigating badness wherever you see it. You bring a wealth of cloud security experience to the table and are ready to harness that expertise to dive into cloud-centric, technical analysis and incident response to make Pega Cloud the most secure it can be. You have a history of success in the information security industry. Your list of accolades include : SANS, Offensive Security, or other top-tier industry recognized technical security certifications focused on analysis, detection, and/or incident response Industry recognition for identifying security gaps to secure applications or products What You've Accomplished: Minimum of 6+ years of industry-relevant experience, with a demonstrated working knowledge of cloud architecture, infrastructure, and resources, along with the associated services, threats, and mitigations. Minimum of 4+ years in operational SIEM (Security Information and Event Management) roles, focusing on analysis, investigations, and incident response, with experience in Google Chronicle SIEM being an added advantage. 3+ years of operational cloud security experience preferably AWS and/or GCP including knowledge and analysis of various cloud logs such as CloudTrail, Cloud Audit, GuardDuty, Security Command Center, CloudWatch, Cloud Ops, Trusted Advisor, Recommender, VPCFIow, and WAF logs. 4+ years of operational experience with EDR/XDR platforms and related analysis and response techniques Operational experience performing investigations and incident response within Linux and Windows hosts as well as AWS, GCP, and related Kubernetes environments (EKS/GKE) Solid working knowledge of MITRE ATT&CK framework and the associated TTP's and how to map detections against it, particularly the cloud matrix portion Familiarity with the OWASP Top 10 vulnerabilities and best practices for mitigating these security risks. A solid foundational understanding of computer, OS (Linux/Windows), and network architecture concepts, and various related exploits/attacks Experience developing standard operating procedures (SOPs), incident response plans, runbooks/playbooks for repeated actions, and security operations policies Experience with Python, Linux shell/bash, and PowerShell scripting is a plus Excellent verbal and written communication skills, including poise in high pressure situations A demonstrated ability to work in a team environment and foster a healthy, productive team culture A Bachelor's degree in Cybersecurity, Computer Science, Data Science, or related field

Develop and refine threat hunting techniques and tools. Experience in monitoring and alert handling in QRadar SIEM. In-depth knowledge of advanced persistent threats (APTs) and attack vectors. Collaborate with threat intelligence teams to integrate new threat data into hunting processes. Security incident handling and reporting. Experienced in EDR alert analysis, preferably Sentinel One. Preferred candidate profile Bachelor's degree in computer science, Information Security, or related field. Should be flexible to work in 24/7 rotational shifts. Should possess good communication skills.

Job Role : Cyber Security Engineer--Work From Office Experience : 4 to 8 Yrs Key Skills: Security tools integration and management, Onboarding, Log ingestion, writing rules and polices in SIEM/EDR/DLP/Antivirus/XDR/Firewall/MDR/SOAR tool Notice Period : 0 to 30 days Should be willing to work in Second shift Company: Cyber Towers, Quadrant 3, 3rd floor, Madhapur, Hyderabad -- 500081. Job Overview: They plan, implement, and maintain security measures, respond to security incidents, and identify vulnerabilities. Their roles vary depending on the specific area of security, such as network, application, or cloud security. Here's a more detailed breakdown of their responsibilities: Security Planning and Implementation: Designing and implementing security controls: This includes firewalls, intrusion detection systems, and access control mechanisms. Developing security policies and procedures: Establishing guidelines for secure operations and data handling. Performing risk assessments: Identifying potential vulnerabilities and threats. Implementing security tools and technologies: Integrating security software and hardware into the organization's infrastructure. Analyze and recommend improvements to network, system, and application architectures to enhance security. Research, design, and implement cybersecurity solutions that protect the organizations systems and products. Collaborate with DevOps, Platform Engineering, and Architecture teams to ensure security is embedded in the design and development of applications and systems. Actively participate in the change management process, ensuring security considerations are prioritized in system upgrades and modifications. Design and deploy automated security controls to improve efficiency in risk identification, configuration management, and security assessments. Develop and refine security policies to address cloud security misconfigurations, leveraging cloud-native security technologies. Implement logging and monitoring solutions for cloud environments to enhance SOC team capabilities in detecting and responding to security incidents. Assess and review emerging technologies to identify potential security risks and implement mitigation strategies. Design and deploy innovative security technologies to address evolving security challenges. Conduct vulnerability scanning, anomaly detection, and risk assessment to enhance the security posture. Work closely with security architects to develop and deploy security solutions that address cloud-specific risks. Take ownership of security posture improvements, ensuring strict security policies and controls align with business objectives. Research and stay up to date on emerging security threats and provide strategic recommendations to strengthen security defenses. Qualifications & experience: Hands-on experience with implementing security controls, including Database security, Web content filtering, Anomaly detection & response, Vulnerability scanning & management Proficiency in at least one scripting language (e.g., Perl, Python, PowerShell, Bash) for automation and security tooling. Expertise in at least one of the following security domains: Cloud-native security (e.g., IAM, security groups, encryption), Endpoint security (e.g., EDR/XDR, mobile security) Strong familiarity with industry security frameworks and regulations, including: NIST Cybersecurity Framework (CSF) , CIS Controls, HIPAA, GDPR compliance Ability to assess compliance requirements and implement security controls to ensure adherence. Strong problem-solving and analytical skills, with the ability to assess complex security risks and develop mitigation strategies. Excellent communication and interpersonal skills, with the ability to engage both technical and non-technical stakeholders. Proven ability to work independently, manage projects, and contribute as an integral part of a high-performing security team.

Essential Responsibilities Ability to apply thorough and methodical assessment skills to analyze and properly triage reported events and incidents • Possess excellent and thorough communication and documentation skills • Ability to work collaboratively in a team of professionals sharing workload and investigation assignments in a fast-paced environment • Ability and willingness to provide (when necessary) afterhours (night and weekend) support for security related incidents as needed • Maintain skills through annual and ongoing training and certification • Performs analysis to determine scope, risk, and impact of security events leveraging the MITRE ATT&CK framework and other best practices • Identifies supporting information for events including attack vectors, effected resources, effected profiles, and other supporting evidence • Properly and thoroughly document event findings, evidence, analysis steps, and create after action reports and recommendations if needed • Identifies and applies mitigation controls (where possible) to remediate alerts • Engages appropriate levels of management to provide updates to any ongoing security issues • Provides updates to team guidance and other central documentation Job Qualifications List of minimum education and minimum years of experience, level of knowledge, skills, abilities, licensures, certifications and other job-related requirements that must be met to be considered for a position. GCC's cannot hire candidate's that do not meet all of the minimum qualifications. Fewer minimum qualifications and more preferred qualifications broadens the applicant pool. Minimum Qualifications Bachelors degree in Information Technology, Computer Science, or a related field, and a minimum of 3 years experience in Cyber Security •Additional equivalent work experience of three years of work experience may be substituted for degree requirement, in addition to minimum years of experience (6 years total) • Possess and leverage knowledge of cybersecurity practices including functional areas and cybersecurity operations Additional Requirements 3+ years hands-on experience with cybersecurity platforms including Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), antivirus (AV), Identity and Access Management (IDAM), Security Information and Event Monitoring (SIEM), and Security Orchestration and Automation (SOAR) platforms • Related work or educational experience in Information Technology (IT), particularly in cybersecurity/information security Licenses and Certifications Cybersecurity certifications including CompTIA Network+, Security+, Cloud+, Ethical Hacker, EnCE, GCFE, GCFA, GNFA, GDAT, GCIH, GREM, CISA, CISM, CISSP, and/or similar cybersecurity certifications Preferred Qualifications List of nice-to-have skills that are not required, but are desired qualifications that would compliment the job. These include complex skills, unique knowledge, job experience, added education, certifications, or licenses. Note: If a skill is required, please list it under minimum and basic qualifications. Certifications in Information Technology and/or Cybersecurity • Possesses knowledge of security technologies at multiple layers: Identity and Access Management, Intrusion Detection, Endpoint Protection, Data Loss Prevention, Security Information and Event Monitoring, etc. • Three (3) year experience in cyber security vulnerability, threat response, or investigation. • Three (3) year experience working on project or technical teams

Job Summary The Director, TSG Information Security, Cyber Threat Management is a position within Bain's Cyber Security Department, whose mission is to define and enable strategies to safeguard the digital assets and integrity of the organization In this role, the Director understands how security measures align with the overall organizational strategy and will begin to organize and lead in the development and implementation of security controls that adhere to regulatory requirements and best practices The Director combines a strong level of technical and managerial skills and business alignment to build and guide a growing team and resources across a spectrum of capabilities The position primarily focuses on the efficient, effective and reliable resolution of Bain's defensive strategy as well as focuses on improving our offensive strategy to help the company meet its overall business objectives The position therefore must have the technical skills to troubleshoot and resolve complex issues as well as excellent communication and upward management These measures require taking a leadership position in coordinating activities across the team working with Technical, IT and Cybersecurity leadership The Director role has expertise and experience in multiple disciplines, including Threat Intelligence programs, Detection and Deterrence systems, Threat Exposure Management, Incident Response, Forensics and Evidence gather and Pro-Active Security probing capabilities (Red/Blue/Purple teaming & Penetration Testing), Principal Accountabilities Monitoring & Detection Oversee and strategize on developing advanced security monitoring, analysis, and correlation platforms to detect cybersecurity events, Direct cross-functional efforts in the identification and in-depth analysis of sophisticated security threats, including malware, APTs (Advanced Persistent Threats), and targeted attacks, Enable a wide range of security tools and technologies, including SIEM, IDS/IPS, or next gen/advanced threat detection solutions, Partner with organizations and vendors to identify and integrate new data sources, Incident Response & Analysis Oversee the ongoing management and evolution of security runbooks and champion for ongoing automation or AI/ML based technologies to increase speed/efficiency, Strengthen Bains capability in-depth log analysis, data correlation, and forensic investigations to identify root causes of incidents and improve security measures, Provide strong and clear communications on cyber events and situations with sr leadership, Ensure alignment in security policies and practices adhere to industry standards and compliance requirements and oversee the validation of the controls, Serve as a subject matter expert in security discussions and decision-making and enable and grow team members skills and experience, Work with the primary goal of building efficiencies in Cyber Threat Management responses and driving down MTTR and reducing overall risk, Threat Intelligence Enable a threat intelligence capability, including open-source intelligences (OSINT), dark web forums, and industry reports to drive awareness and improvement in our defensive posture, Utilize threat intelligence platforms and tools to aggregate and correlate threat data, Drive coordination with intelligence and incident response teams to investigate and analyze security incidents, Develop and refine threat intelligence methodologies and tools, Stay current with industry best practices and new methodologies to enhance the teams capabilities, Vulnerability Management & Threat Exposure Management Work cross-functionally across IT teams and provide leadership and guidance in mitigating threats to Bain Serve as a subject matter expert in security discussions and decision-making, Build processes to enable regular vulnerability scans on the organization's network, applications, and systems using industry-standard tools ProActive Security Testing Experience implementing and operationalizing vulnerability management tools, processes, and best practices, Oversee the classification and prioritization of vulnerabilities based on risk and potential impact, Stay informed about emerging trends and technologies in cybersecurity, Work collaboratively with other security team members, IT departments, and relevant business units to address security concerns and enhance overall security posture, ProActive/Enhanced Security Testing Partner with colleagues to expand controlled penetration testing technologies and capabilities on networks, applications, and systems to identify security vulnerabilities, Investigate and keep up to date with changes in tooling and advanced attacks in network, cloud and application testing, Analyze and interpret results to identify potential risk as well as evaluate potential impact, Red Team, Blue Team, Purple team exercise leadership experience, Professional Development and Innovation Stay informed about emerging trends and technologies in cybersecurity, Drive collaboration and defensive standards/expertise across Bain, working with other security team members, IT departments, and relevant business units to address security concerns and enhance overall security posture, Explore Professional Certifications and work with leadership to plan trainings, Knowledge, Skills, and Abilities Security Monitoring & Incident Detection and Response Strong knowledge of Splunk (or other SIEM tools),CrowdStrike or equivalent EDR/MDR platforms, Windows Defender, Palo Alto Networks, Other AV/EDR tool configuration, Cyberhaven (or other DLP tools) Knowledge of Vulnerability & Attack Surface Management toolsets, Threat Intelligence and Analysis tools, Vendor technical Risk Scoring tools, Deception technologies Knowledge of ticketing, triage and forensics capabilities and toolsets General Skills Great communication skills, with the ability to document and explain technical information clearly, Analytical mindset, with a focus on learning and problem-solving, Ability to work independently and well in a team, showing strong interpersonal skills, Eagerness to learn and adapt to new challenges in cybersecurity, Entrepreneurial spirit, open to trying new approaches and learning from them, Team Management Drive and expand the training and professional development of Security Operations staff, Qualification and Experience Bachelor's degree in a related field (e-g , Computer Science, Cybersecurity, Information Technology) or an equivalent combination of education, training, and experience 10-15 years of relevant experience Experience with Information Security technologies (Firewall, IPS, IDS, SIEM, EDR, CASB, AV, DLP, etc ) Experience with common information security controls frameworks (i-e ISO, NIST, CIS, or CSA) Global company or equivalent Experience deploying systems or applications Ability to work independently and with teams on complex problems Complex problem solving Ability to work in a fast paced, dynamic environment,

So, whats the job? Red Team (70%) You'll lead the Vulnerability Management Program, providing strategic guidance to regional technology teams to address cyber risks. You'll initiate and execute Red Teaming Exercises across global Business Units, testing security controls and delivering actionable feedback. You'll manage the External Attack Surface Platform, assess risks, coordinate remediation efforts, and report on enterprise-wide security posture. You'll perform regular penetration tests to identify and exploit weaknesses in the external attack surface. You'll establish a Counter-Adversary capability in the Global SOC, maintaining sandboxes, identifying attacker TTPs, and performing advanced threat hunting. You'll manage Threat Intelligence feeds and respond to Zero-Day vulnerabilities by configuring alerts and defining automated response actions. You'll track and ensure completion of security improvements discovered during critical incidents or P1 investigations. You'll document and maintain a robust Incident Response Plan, aligning with best practices and evolving threat landscapes. You'll stay ahead of the curve through research on emerging threats, new defensive technologies, and evolving industry standards. Blue Team (30%) You'll lead and facilitate Security Incident Response Drills and Tabletop Exercises, enhancing organizational readiness. You'll serve as the technical escalation point for complex detections across the enterprise security stack. You'll collaborate with the Global SOC to optimize and evolve defensive control strategies. You'll support ISO27001 and SOC 2 audits, providing technical evidence and ensuring compliance. You'll assist with the deployment of standard security tools, ensuring consistent implementation across regions. You'll manage security vendors, attend QBRs, and drive improvements in their services. You'll create and maintain Blue Team playbooks, ensuring up-to-date CrowdStrike Fusion SOAR automations. You'll ensure all security tools are fully integrated into the NextGen SIEM, with reliable log ingestion and correlation. You'll conduct proactive threat hunting using CrowdStrike Query Language and develop Fusion Workflows to detect IOCs, alert teams, and automate responses. You'll perform daily health checks to validate the functionality and reliability of all deployed security tools. And what are we looking for? Youll have major experience in Red teaming, along with pen testing Youll have experience with security incident management and network monitoring in medium to large-scale enterprise environments. Youll bring over 6 years of general Information Security experience, with proven exposure to both strategic and hands-on roles. Youll have strong communication skills and demonstrated success collaborating across business and technical teams in large organisations. Youll have a solid understanding of core security technologies, including endpoint protection, data loss prevention, network security, and identity access controls. Youll ideally have experience working with tools like CrowdStrike, Netskope, and Vectra or similar EDR, SASE, and NDR platforms. Youll be familiar with SIEM technologies, with working knowledge of log correlation, threat detection, and rule creation. Youll have experience in scripting (e.g., Python, PowerShell) and developing or integrating security tooling via APIs to automate tasks or enhance capabilities

Why you'll LOVE Sagent: You could work anywhere. We know you are talented and looking for something inspiring and impactful. A place where you will make a difference and have a great time doing it! By choosing Sagent, you can be part of our mission to make loans and homeownership simpler and safer for all US consumers. Sagent powers servicers and consumers. You power Sagent! About the Opportunity: Sagent is seeking a Senior Threat Analyst to join a growing team responsible for securing next-generation, cloud-native financial technology systems. We are seeking a skilled and motivated Threat Analyst to join our growing team. This role offers the opportunity to work in a dynamic environment where your expertise will play a critical role identifying, analyzing, and mitigating security threats. You will be responsible for monitoring, analyzing, and responding to potential security incidents, performing in-depth security investigations, and executing regular threat hunting campaigns across the organization. If you are passionate about information security, possess a keen eye for detail, we encourage you to apply and be a part of our mission to safeguard our digital landscape. We'd love to hear from you if you have: Willingness to work outside of standard business hours during critical incidents. Prior experience administrating and securing IT systems or networks (~5+ years), preferably with both in public cloud environment(s) and physical data center location(s). Proven mastery of SQL-like query languages, and proficient in data manipulation and analysis techniques to extract actionable insights from large and complex cybersecurity datasets. Demonstrated ability to maintain collected demeanor under high-pressure security incident response scenarios. Proficiency of MITRE ATT&CK framework and its application to threat hunting campaign scenarios, as a bonus in hybrid cloud environments. Hands-on experience professionally administrating and securing both Windows and Unix/Linux operating systems, and common threats that each are susceptible to. Proven expertise in identifying, analyzing, and mitigating threats that could impact cloud-based and containerized workloads. Experience administrating cloud IaaS and PaaS infrastructure is a plus. Deep understanding of the OSI model and a wide range of common network protocols, enabling effective analysis, detection, and mitigation of security threats at various layers of the network stack. Extensive experience working within Security Information and Event Management (SIEM) platforms, especially building, and optimizing custom detection rules. Excellent communication skills with ability to effectively translate complex technical concepts and findings into clear and concise insights for non-technical stakeholders, fostering collaboration and informed decision-making across cross functional teams. Expertise of scripting languages such as Python (preferred), Bash scripting, or Powershell; prior experience using scripting to automate tasks. Extensive experience working with modern defense-in-depth security tools and technologies such as Intrusion Detection and Prevention (IDS/IPS), Endpoint Detection and Response (EDR) solutions, Cloud Native Application Protection Platform (CNAPP) and Web Application Firewalls (WAF) Enthusiasm for security automation and creative technical ability to identify time-saving or novel automation workflows. Proven understanding of common web-based attacks at runtime, such as those found OWASP Top 10, and how to respond/mitigate each from an operational standpoint. Extensive experience detecting and mitigating email-based threats, including phishing, malware, and spoofing, and as a bonus, hands-on experience in administering and configuring email security tools and protocols to safeguard against these threats. Thorough understanding of threat modeling concepts and methodologies, with the ability to identify compound attack vectors. Support the larger Information Security team & IT teams with security expertise and assistance as needed. Perks! As a Sagent Associate, you will be eligible to participate in our benefit programs beginning on Day #1! We offer a comprehensive package including Remote/Hybrid workplace options, Group Medical Coverage, Group Personal Accidental, Group Term Life Insurance Benefits, Flexible Time Off, Food@Work, Career Pathing, Summer Fridays and much, much more!

Hi everyone. Open Positions in the SOC Lead Analyst Role Greetings from Tekaccel! This is an excellent opportunity with us. If you have that unique and unlimited passion for building world-class enterprise software products that turn into actionable intelligence, then we have the right opportunity for you and your career. What are we looking for? Job Title: SOC Lead Analyst Location: Hyderabad (Work from Office) Experience Required: 5 to 7 years Shift: Rotational shifts (24x7) Contract Key Responsibilities: Incident Response: Respond to alerts across the global technology environment to detect, analyze, contain, and mitigate security incidents. Work in collaboration with Cybersecurity Incident Response teams to manage serious security events. Threat Detection & Analysis: Develop, test, and implement new detection use cases and response playbooks. Conduct root cause analysis and participate in post-incident reviews. Stay current with emerging threats and vulnerabilities. Process & Tooling: Continuously improve analysis workflows, tools, and playbooks. Identify opportunities for automation to enhance operational efficiency. Ensure detection rules are optimized for maximum coverage and minimum false positives. Leadership & Collaboration: Provide expert-level guidance to team members and stakeholders. Mentor and coach junior analysts to improve overall team capability. Collaborate with IT and Cybersecurity teams to ensure effective security controls are in place. Support shift handovers and ensure seamless incident management coverage. Strategic Contribution: Promote a culture of continuous improvement and proactive risk management. Support broader cybersecurity awareness initiatives across the organization. Required Skills & Qualifications: 5+ years of technical experience in IT or IT Security (e.g., network/system administration, SOC analyst). Expertise in SIEM platforms, EDR solutions, log management, and cybersecurity tools. Strong knowledge of IDS/IPS, HIPS, anti-malware, firewalls, proxies, MSS. Experience with cloud platforms (AWS, Azure, Google Cloud). In-depth understanding of operating systems (Windows, Linux, UNIX, iOS, OSX, etc.). Proficiency in network protocols (TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc.). Hands-on experience in scripting/programming for automation and tool development. Familiarity with security frameworks and standards (OWASP, ISO 2700x, PCI DSS, NIST, etc.). Proven experience in incident response, threat containment, and remediation processes. Relevant certifications (CEH, EnCE, SANS GSEC, GCIH, GCIA, CISSP, or equivalent). Education: Bachelors or advanced degree in Computer Science, Cybersecurity, or equivalent experience. If interested, candidates, please share your updated resume at naveen@tekaccel.com or WhatsApp at +91 7997763537 Tekaccel Software Services India

Responsibilities : Technical and operational escalation point for investigations, incidents, and other elements of the MDR service. Assist in the development, documentation, analysis, testing, and modification of Varonis threat detection systems, playbooks, runbooks, and MDR team operations. Continuously train the team so they are equipped with the required skills and knowledge to effectively execute the MDR service. Validate findings and coordinate investigative efforts with customers and internal teams. Ensure all investigative findings are documented and communicated appropriately by the team, including tracking in CRM. Maintain up-to-date knowledge of all aspects of Varonis MDR service. Oversee and execute programs, projects, operational tasks, and responsibilities related to the MDR service. Conduct regular performance reviews and quarterly SWOT analyses to drive team growth and development. Requirements: Proven success in leading and managing within a team-oriented environment. 5+ years of experience working in cybersecurity operations in a global cybersecurity company 2+ years of experience leading a team. Degree or certification(s) in cybersecurity and/or proven ability to execute across cybersecurity operations disciplines, including monitoring, detection, investigation, and incident response. Proven ability to deliver security operations service while meeting SLA and other operational requirements. Knowledge of common security technologies and tools including network-based (firewall and IDS), host-based (EDR and AV), data-based (DLP and DSPM), and identity-based (PAM and IAM). Proven ability to creatively problem-solve when handling complex issues. Strong analytical and critical thinking skills. Excellent communication skills in English (written and oral) and interpersonal skills (direct reports, colleagues, and customers). Attention to detail and the capability to deliver outcomes autonomously.

Job Title: FortiSIEM Administrator Location: Gurgaon Experience: 36 Years Job Summary: We are hiring a FortiSIEM Administrator to manage and maintain our SIEM infrastructure and security tools. The ideal candidate will have deep experience in SIEM architecture (FortiSIEM) , EDR , DLP , and a sound understanding of cybersecurity frameworks like MITRE ATT&CK, NIST, CIS Controls , and ISO 27001 . The role requires someone who can ensure complete visibility and protection of IT assets while supporting incident response and compliance. Key Responsibilities: Deploy, configure, and maintain the FortiSIEM platform for real-time monitoring and alerting. Integrate log sources across firewalls, servers, endpoints, and cloud environments. Develop and manage SIEM rules, parsers, dashboards, and alerts. Operate and optimize EDR , DLP , and other advanced security tools. Conduct incident triage, investigation, and provide root cause analysis. Align monitoring and response activities with MITRE ATT&CK, NIST, CIS Controls , and ISO 27001 frameworks. Collaborate with SOC, infrastructure, and application teams for end-to-end threat visibility. Maintain updated documentation and support internal and external security audits. Ensure regular health checks, version upgrades, and platform tuning for performance. Required Skills & Qualifications: 3–6 years of experience in cybersecurity with a focus on SIEM administration (preferably FortiSIEM) . Hands-on expertise in deploying and managing EDR , DLP , and other endpoint security tools. Good understanding of SIEM architecture , log ingestion, and threat correlation. Knowledge of networking fundamentals, TCP/IP, firewalls, VPNs, and IDS/IPS. Familiarity with security frameworks like MITRE ATT&CK, NIST, CIS Controls , and ISO 27001 . Scripting knowledge (PowerShell, Python, Bash) is an advantage. Fortinet certification (e.g., NSE 5/7) is a plus. Nice to Have: Experience with cloud platforms (AWS, Azure) and cloud security monitoring. Exposure to other SIEM tools (Splunk, QRadar, etc.) is beneficial. Experience in compliance-driven environments (PCI-DSS, SOC 2, etc.). Interested candidates can apply share your updated CV at Rachita.dhiman@progression.com

Lead Consultant (Cyber Security) Job Summary: The Lead consultant for Cyber Security (B2B SOC MSS) provides the advance level of support for Product Implementation & Services in the Security Operations. In this position, the consultant will be to lead the project (technical) consultants team for successful migration/ implementation of the Cyber Security Products (and Services). Mini.2years of experience implementation & operations. The resource should have implemented at least 4-5 projects in customer environment. Working Knowledge of SOC/ SIEM tools and operational understanding Must have lead team of Security Consultants/ Analysts Should have sound knowledge of products & should be able to carry out the POCs, Implementation and Operations support Should lead the delivery of multiple projects at customer locations Should have knowledge of following products (with Operations and Implementation) DLP/ Proxy Forcepoint, Symantec, Cisco, McAfee Email Security Symantec, Forcepoint, Cisco NAC Solutions – Cisco ISE, Forcescout EDR/ XDR Solution – Trend Micro, Crowdstrike SOC SIEM Solution (Arcsight, Qradar, RSA or Seceon) ( Must have hands-on experience from any two of above) Product certification from any of the above products will be added advantage Must be able to execute strategic and tactical direction for solutions offerings Experience in supporting a multiple customer base systems and network environments Provides timely and adequate response to threats/alerts, including off-hour support. Develop functional specifications for integrating/ adopting requirements into enterprise target state architecture or specific application Collaborate with business groups to help them to identify, classify, and secure high value data Provide feedback via periodic reports based on rule parameters; Ability to write regular expressions Ability to self- direct and work independently when necessary, and clearly articulate technical concepts/ issues to both technical and non- technical peers and management The ability to assess security events to drive to a resolution. Demonstrate Understand Critical Data Types such as PII, NPI, PCI, HIPAA, etc Demonstrate Understanding of Mass Storage, USB, Removable Media, for example allow charge but do not allow data copy Excellent English communication skills mandatory Excellent documentation skills mandatory Understand reporting capabilities Required Technical Expertise Process and Procedure adherence General network knowledge and TCP/IP Troubleshooting Ability to trace down an endpoint on the network, based on ticket information Familiarity with system log information and what it means Understanding of common network services (web, mail, DNS, authentication) Knowledge of host based firewalls, Anti-Malware, HIDS General Desktop OS and Server OS knowledge TCP/IP, Internet Routing, UNIX / LINUX & Windows NT Good to have industry certifications on SIEM Platform, CCNA, CEH, MCSE & Others Bachelor’s Degree in Computer Science or equivalent required Good communication skills Strong level of customer service required

1. SIEM Administration and Engineering Oversee the installation, configuration, and maintenance of IBM Qradar. Develop and implement SIEM architecture and engineering strategies. 2. Rule & Use Case Development Design, implement, and optimize custom rules, searches and dashboards. Develop and maintain advanced use cases for threat detection and incident response 3 . Incident Response and Forensics Lead the investigation of complex security incidents escalated by L1 & L2 analyst. Perform deep-dive analysis of security events and conduct forensic investigations 4. Performance and Optimization Monitor and manage the performance QRadar environment. Conduct regular health checks and audits to ensure optimal SIEM Performance. 5. Collaboration and Mentoring Work closely with SOC analysts, IT, and security teams to enhance detection capabilities. Providing training and mentorship to L1 & L2 analysts on QRadar functionalities and best practices. 6. Documentation and Reporting Develop and maintain comprehensive documentation for SIEM configurations, procedures, and incident responses. Generate detailed reports and metrics on SIEM performance and security incidents. 7. Continuous Improvement Stay updated with the latest security trends, vulnerabilities, and technologies. Contribute to the development of security policies, standards, and guidelines. Preferred Mumbai/Pune based candidates ONLY.

Pre-sales solution architect Network security Job Description Pre-sales solution architect will help develop solution strategies, sales plays and present to client sponsors, which can include the CISO and Line of Business sponsors. As a pre-sales solution architect for 1) Network Security and SASE (Secure Access Service Edge) 2) EDR (Endpoint Detection and Response) & 3) Cloud Security offerings you will be responsible for driving opportunities, bookings and revenue for Infosys managed service offerings. In this role, you will serve as the “go-to” solution expert on Network Security, SASE, EDR & Cloud Security for customers and the account sales teams working with those customers. The ideal candidate will possess both a hunter mindset and solution architect background to drive engagement with decision-makers and influencers within security, networking, IT and operations. Tools like Zscaler, Palo Alto, Cisco, Fortinet, Netskope, etc. Responsibilities You will provide complete and appropriate solutions using partner products to meet customer requirements in order to boost top-line revenue growth Create solution architecture and prepare proposal deck along with commercials (provided by partner) Present solution to customers as an expert of our Network Security, SASE, EDR & Cloud Security offerings with a focus on zero trust approach and convince them of benefits of the solution. Tools like Zscaler, Palo Alto, Cisco, Fortinet, Netskope, etc. Present a compelling business case at all levels in the customer hierarchy, from security professionals to CXOs planning to address transformational events such as cloud migration, remote worker shift and the adoption of zero trust security architecture Develop a sales plan that is based on regional strategies and pipeline focusing on Network Security, SASE, EDR & Cloud Security Foster growth and track the solution offerings pipeline by engaging with internal account teams, existing customers, net new prospects and key technology partners The Pre-sales solution architect leads and supports sales delivery of solution specific GTM plans. In order to be successful, you will need to become a thought leader, trusted advisor, and spokesperson for Infosys packaged service offerings. Requirements and skills 10+ years of experience selling or supporting the sales of cyber security, network security or cloud security solutions. Subject matter expert in designing and architecting solution in the cyber technologies areas such as network security, IT security and zero trust, SASE, EDR, Cloud security, etc. Tools like Zscaler, Palo Alto, Cisco, Fortinet, Netskope, etc. Knowledge of key market players/competitors in the cybersecurity and Zero Trust solution spaces. Demonstrated ability to think strategically and develop/execute corresponding objectives. Strong verbal and written communications, as well as the ability to work effectively across internal and external organizations.

Architect, implement, and maintain secure, high-performance network infrastructure. Deploy and manage firewalls, routers, switches, VPNs, IDS/IPS, and secure wireless environments. Lead network security initiatives including segmentation, policy enforcement, and hardening. Conduct network security audits and vulnerability assessments with detailed reporting. Proactively monitor for threats, perform incident response, and mitigate risks. Ensure compliance with cybersecurity best practices, industry frameworks, and client policies. Help deploy, configure, and maintain SIEM platforms (e.g., Splunk, LogRhythm, Sentinel, etc) to aggregate logs and detect anomalies. Perform log analysis, threat hunting, and correlation rule tuning within SIEM systems. Help manage and monitor endpoint protection platforms (e.g., CrowdStrike, SentinelOne, Sophos, EDR/XDR solutions). Collaborate with internal teams and clients to develop tailored network and endpoint security solutions. Act as a subject matter expert (SME) on networking and cybersecurity during sales, planning, and strategy sessions. Document network architectures, policies, configurations, and processes. Manage and lead infrastructure upgrades, migrations, and disaster recovery planning. Stay current with emerging threats, technologies, and compliance regulations. Requirements Degree in Information Systems, Computer Science, Cybersecurity, or equivalent work experience. 8-10 years of enterprise networking and infrastructure experience.

Responsibilities: * Ensure compliance with PCI DSS, NIST, HIPAA & ISO standards. * Design, implement & maintain secure systems using Infosec principles. * Conduct regular security audits & risk assessments. * Experience in SOC and SIEM tools-Qradar

ANZEN Technologies Private Limited. stands as an unparalleled powerhouse, empowering organizations across industries with our visionary services, cutting-edge solutions, and ground-breaking services in the realm of Cyber Security, IT Governance, Risk Management, and Compliance. As your trusted partner, we offer a comprehensive suite of End-to-End security services and consultancy, tailored to safeguard critical infrastructure installations, elevate the standards of BFSI, eCommerce, IT/ITES, Pharmaceuticals, and an array of other sectors. JD :- 1. Designing and deploying a SIEM system. 2. Managing the day-to-day operations of the SIEM system. 3. Perform detailed security event/incident analysis/RCA. 4. Create Correlation Rules in SIEM. Create, Modify and fine tune the SIEM rules to adjust the specifications of alerts and incidents. 5. Perform device integration with SIEM. 6. Develop reports from SIEM for compliance requirements. 7. Monitor Correlated Security Event/Incident and perform investigation along with respective team. 8. Troubleshoot with other support group on the systems that are not logging into the SIEM. Assist customers to fully optimize the SIEM system capabilities. 9. Integration of customized threat intelligence content feeds provided by the Threat Intelligence & Analytics service. 10. Good knowledge and experience of Security Monitoring tools 11. Good knowledge and experience of Cyber Incident Response 12. Good communication and advocacy skills, both verbal and written, with the ability to express complex technical issues in an easily understood manner. 13. Knowledge regarding the security solutions is must such as IPS/IDS, WAF, Proxy, Firewall, AV, EDR etc. 14. Understanding of common network services (Web, Mail, FTP, etc.), network vulnerabilities, and network attack patterns. 15. Experienced in working with both Windows and Unix based server environments. 16. Knowledge of Threat Intelligence platforms and should know about Threat hunting

ANZEN Technologies Private Limited. stands as an unparalleled powerhouse, empowering organizations across industries with our visionary services, cutting-edge solutions, and ground-breaking services in the realm of Cyber Security, IT Governance, Risk Management, and Compliance. As your trusted partner, we offer a comprehensive suite of End-to-End security services and consultancy, tailored to safeguard critical infrastructure installations, elevate the standards of BFSI, eCommerce, IT/ITES, Pharmaceuticals, and an array of other sectors. Position : Associate Consultant Key Responsibilities: Knowledge regarding Incidents and SOC. Knowledge regarding security solutions such as WAF, IPS/IDS, Proxy, Firewall, AV, EDR etc. Knowledge regarding Logs and should be familiar with log analysis. Qualifications & Certifications : Graduated from IT Stream Experience: Candidate with 1 to 1.5 Years of experience. Excellent communication and interpersonal skills. Ability to work in a fast-paced environment Preferred Skills & Location Experience in Cybersecurity, IT Industry from Navi Mumbai Office Address : ANZEN Technologies Private Limited Akshar Business Park, H - 3025, 3rd Floor, Plot No. 3, Sector-25, Vashi, Navi Mumbai 400703 https://anzentech.com Immediate Joiner may apply for this position

Security Engineering & Cyber Defense Operations Architect, implement, and optimize SIEM, SOAR, XDR, and EDR solutions for effective threat detection and response. Develop and maintain security controls, logging, and monitoring strategies to ensure comprehensive threat visibility. Evaluate and integrate AI and Machine Learning-based cybersecurity tools for enhanced detection and automated response. Implement MITRE ATT&CK Framework to improve detection logic and adversary tactics coverage. Automation & AI-Driven Security Design and implement SOAR (Security Orchestration, Automation, and Response) workflows to automate threat response. Develop and fine-tune AI/ML models to enhance anomaly detection, alert correlation, and predictive threat analysis. Automate threat hunting processes using AI-based behavior analytics and security automation tools. Threat Hunting & Threat Intelligence Lead proactive threat-hunting activities using MITRE ATT&CK, TTP-based detection, and hypothesis-driven approaches. Utilize threat intelligence platforms (TIPs) to enrich SOC alerts, correlate IoCs, and enhance incident response. Establish hunting methodologies using behavioral analytics, network telemetry, and endpoint forensics. Collaborate with intelligence-sharing platforms and industry peers to stay updated on emerging threats. Use Case Development & Optimization Design and maintain SIEM use cases based on threat modeling, attack surface analysis, and business risk. Continuously refine detection logic, correlation rules, and alerting thresholds to reduce false positives. Leverage MITRE D3FEND and MITRE ATT&CK to develop advanced attack detection strategies. Incident Response & Forensic Analysis Provide engineering support for incident response teams, helping with log analysis, forensics, and root cause analysis. Develop custom threat detection scripts and automation workflows to accelerate IR capabilities. Assist in post-incident investigations by collecting and analyzing digital evidence. Security Architecture & Compliance Work closely with security architects to integrate cyber defense controls into enterprise security architecture. Ensure adherence to NIST, ISO 27001, and regulatory frameworks in cyber defense implementations. Conduct security tool assessments and evaluate new cybersecurity technologies for continuous improvement. Leadership & Stakeholder Collaboration Lead a team of security engineers and analysts, mentoring them in advanced detection and response techniques. Collaborate with IT, DevOps, and business units to align security engineering with enterprise objectives. Conduct cybersecurity awareness programs for cross-functional teams to strengthen cyber resilience. Candidates preferred from Mumbai location ONLY.

5+ years of experience with proactive threat detection using EDR, SIEM, and network forensics tools. 5+ years of experience investigating adversary tactics, techniques, and procedures (TTPs) based on frameworks like MITRE Telecommunication & CK. 5+ years of experience investigating indicators across endpoints, networks, cloud, and identity systems to uncover widespread malicious activity. Strong analytical skills for investigating advanced persistent threats (APT) and identifying sophisticated attack patterns. Experience conducting or participating in threat simulations and red team exercises to improve detection capabilities. Work Location given in ECMS ID

About The Role Minimum 2-4 years of experience in Security Operations Centre Experience across SOC domains use case creation, incident management, threat hunting, threat intelligence etc. Solid understanding of cyber security, network security, end point security concepts Good understanding of recent cyber threats, latest attack vectors Must have experience in any one SIEM (Splunk), EDR and SOAR solution Must have experience in leading/managing SOC shifts Experience in shift roster creation, resource management etc. Will be responsible for critical incident investigation, use case review, mentoring Shift Leads, SLA management etc.