194 Edr Jobs - Page 3

So, whats the job? Red Team (70%) You'll lead the Vulnerability Management Program, providing strategic guidance to regional technology teams to address cyber risks. You'll initiate and execute Red Teaming Exercises across global Business Units, testing security controls and delivering actionable feedback. You'll manage the External Attack Surface Platform, assess risks, coordinate remediation efforts, and report on enterprise-wide security posture. You'll perform regular penetration tests to identify and exploit weaknesses in the external attack surface. You'll establish a Counter-Adversary capability in the Global SOC, maintaining sandboxes, identifying attacker TTPs, and performing advanced threat hunting. You'll manage Threat Intelligence feeds and respond to Zero-Day vulnerabilities by configuring alerts and defining automated response actions. You'll track and ensure completion of security improvements discovered during critical incidents or P1 investigations. You'll document and maintain a robust Incident Response Plan, aligning with best practices and evolving threat landscapes. You'll stay ahead of the curve through research on emerging threats, new defensive technologies, and evolving industry standards. Blue Team (30%) You'll lead and facilitate Security Incident Response Drills and Tabletop Exercises, enhancing organizational readiness. You'll serve as the technical escalation point for complex detections across the enterprise security stack. You'll collaborate with the Global SOC to optimize and evolve defensive control strategies. You'll support ISO27001 and SOC 2 audits, providing technical evidence and ensuring compliance. You'll assist with the deployment of standard security tools, ensuring consistent implementation across regions. You'll manage security vendors, attend QBRs, and drive improvements in their services. You'll create and maintain Blue Team playbooks, ensuring up-to-date CrowdStrike Fusion SOAR automations. You'll ensure all security tools are fully integrated into the NextGen SIEM, with reliable log ingestion and correlation. You'll conduct proactive threat hunting using CrowdStrike Query Language and develop Fusion Workflows to detect IOCs, alert teams, and automate responses. You'll perform daily health checks to validate the functionality and reliability of all deployed security tools. And what are we looking for? Youll have major experience in Red teaming, along with pen testing Youll have experience with security incident management and network monitoring in medium to large-scale enterprise environments. Youll bring over 6 years of general Information Security experience, with proven exposure to both strategic and hands-on roles. Youll have strong communication skills and demonstrated success collaborating across business and technical teams in large organisations. Youll have a solid understanding of core security technologies, including endpoint protection, data loss prevention, network security, and identity access controls. Youll ideally have experience working with tools like CrowdStrike, Netskope, and Vectra or similar EDR, SASE, and NDR platforms. Youll be familiar with SIEM technologies, with working knowledge of log correlation, threat detection, and rule creation. Youll have experience in scripting (e.g., Python, PowerShell) and developing or integrating security tooling via APIs to automate tasks or enhance capabilities

Why you'll LOVE Sagent: You could work anywhere. We know you are talented and looking for something inspiring and impactful. A place where you will make a difference and have a great time doing it! By choosing Sagent, you can be part of our mission to make loans and homeownership simpler and safer for all US consumers. Sagent powers servicers and consumers. You power Sagent! About the Opportunity: Sagent is seeking a Senior Threat Analyst to join a growing team responsible for securing next-generation, cloud-native financial technology systems. We are seeking a skilled and motivated Threat Analyst to join our growing team. This role offers the opportunity to work in a dynamic environment where your expertise will play a critical role identifying, analyzing, and mitigating security threats. You will be responsible for monitoring, analyzing, and responding to potential security incidents, performing in-depth security investigations, and executing regular threat hunting campaigns across the organization. If you are passionate about information security, possess a keen eye for detail, we encourage you to apply and be a part of our mission to safeguard our digital landscape. We'd love to hear from you if you have: Willingness to work outside of standard business hours during critical incidents. Prior experience administrating and securing IT systems or networks (~5+ years), preferably with both in public cloud environment(s) and physical data center location(s). Proven mastery of SQL-like query languages, and proficient in data manipulation and analysis techniques to extract actionable insights from large and complex cybersecurity datasets. Demonstrated ability to maintain collected demeanor under high-pressure security incident response scenarios. Proficiency of MITRE ATT&CK framework and its application to threat hunting campaign scenarios, as a bonus in hybrid cloud environments. Hands-on experience professionally administrating and securing both Windows and Unix/Linux operating systems, and common threats that each are susceptible to. Proven expertise in identifying, analyzing, and mitigating threats that could impact cloud-based and containerized workloads. Experience administrating cloud IaaS and PaaS infrastructure is a plus. Deep understanding of the OSI model and a wide range of common network protocols, enabling effective analysis, detection, and mitigation of security threats at various layers of the network stack. Extensive experience working within Security Information and Event Management (SIEM) platforms, especially building, and optimizing custom detection rules. Excellent communication skills with ability to effectively translate complex technical concepts and findings into clear and concise insights for non-technical stakeholders, fostering collaboration and informed decision-making across cross functional teams. Expertise of scripting languages such as Python (preferred), Bash scripting, or Powershell; prior experience using scripting to automate tasks. Extensive experience working with modern defense-in-depth security tools and technologies such as Intrusion Detection and Prevention (IDS/IPS), Endpoint Detection and Response (EDR) solutions, Cloud Native Application Protection Platform (CNAPP) and Web Application Firewalls (WAF) Enthusiasm for security automation and creative technical ability to identify time-saving or novel automation workflows. Proven understanding of common web-based attacks at runtime, such as those found OWASP Top 10, and how to respond/mitigate each from an operational standpoint. Extensive experience detecting and mitigating email-based threats, including phishing, malware, and spoofing, and as a bonus, hands-on experience in administering and configuring email security tools and protocols to safeguard against these threats. Thorough understanding of threat modeling concepts and methodologies, with the ability to identify compound attack vectors. Support the larger Information Security team & IT teams with security expertise and assistance as needed. Perks! As a Sagent Associate, you will be eligible to participate in our benefit programs beginning on Day #1! We offer a comprehensive package including Remote/Hybrid workplace options, Group Medical Coverage, Group Personal Accidental, Group Term Life Insurance Benefits, Flexible Time Off, Food@Work, Career Pathing, Summer Fridays and much, much more!

Hi everyone. Open Positions in the SOC Lead Analyst Role Greetings from Tekaccel! This is an excellent opportunity with us. If you have that unique and unlimited passion for building world-class enterprise software products that turn into actionable intelligence, then we have the right opportunity for you and your career. What are we looking for? Job Title: SOC Lead Analyst Location: Hyderabad (Work from Office) Experience Required: 5 to 7 years Shift: Rotational shifts (24x7) Contract Key Responsibilities: Incident Response: Respond to alerts across the global technology environment to detect, analyze, contain, and mitigate security incidents. Work in collaboration with Cybersecurity Incident Response teams to manage serious security events. Threat Detection & Analysis: Develop, test, and implement new detection use cases and response playbooks. Conduct root cause analysis and participate in post-incident reviews. Stay current with emerging threats and vulnerabilities. Process & Tooling: Continuously improve analysis workflows, tools, and playbooks. Identify opportunities for automation to enhance operational efficiency. Ensure detection rules are optimized for maximum coverage and minimum false positives. Leadership & Collaboration: Provide expert-level guidance to team members and stakeholders. Mentor and coach junior analysts to improve overall team capability. Collaborate with IT and Cybersecurity teams to ensure effective security controls are in place. Support shift handovers and ensure seamless incident management coverage. Strategic Contribution: Promote a culture of continuous improvement and proactive risk management. Support broader cybersecurity awareness initiatives across the organization. Required Skills & Qualifications: 5+ years of technical experience in IT or IT Security (e.g., network/system administration, SOC analyst). Expertise in SIEM platforms, EDR solutions, log management, and cybersecurity tools. Strong knowledge of IDS/IPS, HIPS, anti-malware, firewalls, proxies, MSS. Experience with cloud platforms (AWS, Azure, Google Cloud). In-depth understanding of operating systems (Windows, Linux, UNIX, iOS, OSX, etc.). Proficiency in network protocols (TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc.). Hands-on experience in scripting/programming for automation and tool development. Familiarity with security frameworks and standards (OWASP, ISO 2700x, PCI DSS, NIST, etc.). Proven experience in incident response, threat containment, and remediation processes. Relevant certifications (CEH, EnCE, SANS GSEC, GCIH, GCIA, CISSP, or equivalent). Education: Bachelors or advanced degree in Computer Science, Cybersecurity, or equivalent experience. If interested, candidates, please share your updated resume at naveen@tekaccel.com or WhatsApp at +91 7997763537 Tekaccel Software Services India

Responsibilities : Technical and operational escalation point for investigations, incidents, and other elements of the MDR service. Assist in the development, documentation, analysis, testing, and modification of Varonis threat detection systems, playbooks, runbooks, and MDR team operations. Continuously train the team so they are equipped with the required skills and knowledge to effectively execute the MDR service. Validate findings and coordinate investigative efforts with customers and internal teams. Ensure all investigative findings are documented and communicated appropriately by the team, including tracking in CRM. Maintain up-to-date knowledge of all aspects of Varonis MDR service. Oversee and execute programs, projects, operational tasks, and responsibilities related to the MDR service. Conduct regular performance reviews and quarterly SWOT analyses to drive team growth and development. Requirements: Proven success in leading and managing within a team-oriented environment. 5+ years of experience working in cybersecurity operations in a global cybersecurity company 2+ years of experience leading a team. Degree or certification(s) in cybersecurity and/or proven ability to execute across cybersecurity operations disciplines, including monitoring, detection, investigation, and incident response. Proven ability to deliver security operations service while meeting SLA and other operational requirements. Knowledge of common security technologies and tools including network-based (firewall and IDS), host-based (EDR and AV), data-based (DLP and DSPM), and identity-based (PAM and IAM). Proven ability to creatively problem-solve when handling complex issues. Strong analytical and critical thinking skills. Excellent communication skills in English (written and oral) and interpersonal skills (direct reports, colleagues, and customers). Attention to detail and the capability to deliver outcomes autonomously.

Job Title: FortiSIEM Administrator Location: Gurgaon Experience: 36 Years Job Summary: We are hiring a FortiSIEM Administrator to manage and maintain our SIEM infrastructure and security tools. The ideal candidate will have deep experience in SIEM architecture (FortiSIEM) , EDR , DLP , and a sound understanding of cybersecurity frameworks like MITRE ATT&CK, NIST, CIS Controls , and ISO 27001 . The role requires someone who can ensure complete visibility and protection of IT assets while supporting incident response and compliance. Key Responsibilities: Deploy, configure, and maintain the FortiSIEM platform for real-time monitoring and alerting. Integrate log sources across firewalls, servers, endpoints, and cloud environments. Develop and manage SIEM rules, parsers, dashboards, and alerts. Operate and optimize EDR , DLP , and other advanced security tools. Conduct incident triage, investigation, and provide root cause analysis. Align monitoring and response activities with MITRE ATT&CK, NIST, CIS Controls , and ISO 27001 frameworks. Collaborate with SOC, infrastructure, and application teams for end-to-end threat visibility. Maintain updated documentation and support internal and external security audits. Ensure regular health checks, version upgrades, and platform tuning for performance. Required Skills & Qualifications: 3–6 years of experience in cybersecurity with a focus on SIEM administration (preferably FortiSIEM) . Hands-on expertise in deploying and managing EDR , DLP , and other endpoint security tools. Good understanding of SIEM architecture , log ingestion, and threat correlation. Knowledge of networking fundamentals, TCP/IP, firewalls, VPNs, and IDS/IPS. Familiarity with security frameworks like MITRE ATT&CK, NIST, CIS Controls , and ISO 27001 . Scripting knowledge (PowerShell, Python, Bash) is an advantage. Fortinet certification (e.g., NSE 5/7) is a plus. Nice to Have: Experience with cloud platforms (AWS, Azure) and cloud security monitoring. Exposure to other SIEM tools (Splunk, QRadar, etc.) is beneficial. Experience in compliance-driven environments (PCI-DSS, SOC 2, etc.). Interested candidates can apply share your updated CV at Rachita.dhiman@progression.com

Lead Consultant (Cyber Security) Job Summary: The Lead consultant for Cyber Security (B2B SOC MSS) provides the advance level of support for Product Implementation & Services in the Security Operations. In this position, the consultant will be to lead the project (technical) consultants team for successful migration/ implementation of the Cyber Security Products (and Services). Mini.2years of experience implementation & operations. The resource should have implemented at least 4-5 projects in customer environment. Working Knowledge of SOC/ SIEM tools and operational understanding Must have lead team of Security Consultants/ Analysts Should have sound knowledge of products & should be able to carry out the POCs, Implementation and Operations support Should lead the delivery of multiple projects at customer locations Should have knowledge of following products (with Operations and Implementation) DLP/ Proxy Forcepoint, Symantec, Cisco, McAfee Email Security Symantec, Forcepoint, Cisco NAC Solutions – Cisco ISE, Forcescout EDR/ XDR Solution – Trend Micro, Crowdstrike SOC SIEM Solution (Arcsight, Qradar, RSA or Seceon) ( Must have hands-on experience from any two of above) Product certification from any of the above products will be added advantage Must be able to execute strategic and tactical direction for solutions offerings Experience in supporting a multiple customer base systems and network environments Provides timely and adequate response to threats/alerts, including off-hour support. Develop functional specifications for integrating/ adopting requirements into enterprise target state architecture or specific application Collaborate with business groups to help them to identify, classify, and secure high value data Provide feedback via periodic reports based on rule parameters; Ability to write regular expressions Ability to self- direct and work independently when necessary, and clearly articulate technical concepts/ issues to both technical and non- technical peers and management The ability to assess security events to drive to a resolution. Demonstrate Understand Critical Data Types such as PII, NPI, PCI, HIPAA, etc Demonstrate Understanding of Mass Storage, USB, Removable Media, for example allow charge but do not allow data copy Excellent English communication skills mandatory Excellent documentation skills mandatory Understand reporting capabilities Required Technical Expertise Process and Procedure adherence General network knowledge and TCP/IP Troubleshooting Ability to trace down an endpoint on the network, based on ticket information Familiarity with system log information and what it means Understanding of common network services (web, mail, DNS, authentication) Knowledge of host based firewalls, Anti-Malware, HIDS General Desktop OS and Server OS knowledge TCP/IP, Internet Routing, UNIX / LINUX & Windows NT Good to have industry certifications on SIEM Platform, CCNA, CEH, MCSE & Others Bachelor’s Degree in Computer Science or equivalent required Good communication skills Strong level of customer service required

1. SIEM Administration and Engineering Oversee the installation, configuration, and maintenance of IBM Qradar. Develop and implement SIEM architecture and engineering strategies. 2. Rule & Use Case Development Design, implement, and optimize custom rules, searches and dashboards. Develop and maintain advanced use cases for threat detection and incident response 3 . Incident Response and Forensics Lead the investigation of complex security incidents escalated by L1 & L2 analyst. Perform deep-dive analysis of security events and conduct forensic investigations 4. Performance and Optimization Monitor and manage the performance QRadar environment. Conduct regular health checks and audits to ensure optimal SIEM Performance. 5. Collaboration and Mentoring Work closely with SOC analysts, IT, and security teams to enhance detection capabilities. Providing training and mentorship to L1 & L2 analysts on QRadar functionalities and best practices. 6. Documentation and Reporting Develop and maintain comprehensive documentation for SIEM configurations, procedures, and incident responses. Generate detailed reports and metrics on SIEM performance and security incidents. 7. Continuous Improvement Stay updated with the latest security trends, vulnerabilities, and technologies. Contribute to the development of security policies, standards, and guidelines. Preferred Mumbai/Pune based candidates ONLY.

Pre-sales solution architect Network security Job Description Pre-sales solution architect will help develop solution strategies, sales plays and present to client sponsors, which can include the CISO and Line of Business sponsors. As a pre-sales solution architect for 1) Network Security and SASE (Secure Access Service Edge) 2) EDR (Endpoint Detection and Response) & 3) Cloud Security offerings you will be responsible for driving opportunities, bookings and revenue for Infosys managed service offerings. In this role, you will serve as the “go-to” solution expert on Network Security, SASE, EDR & Cloud Security for customers and the account sales teams working with those customers. The ideal candidate will possess both a hunter mindset and solution architect background to drive engagement with decision-makers and influencers within security, networking, IT and operations. Tools like Zscaler, Palo Alto, Cisco, Fortinet, Netskope, etc. Responsibilities You will provide complete and appropriate solutions using partner products to meet customer requirements in order to boost top-line revenue growth Create solution architecture and prepare proposal deck along with commercials (provided by partner) Present solution to customers as an expert of our Network Security, SASE, EDR & Cloud Security offerings with a focus on zero trust approach and convince them of benefits of the solution. Tools like Zscaler, Palo Alto, Cisco, Fortinet, Netskope, etc. Present a compelling business case at all levels in the customer hierarchy, from security professionals to CXOs planning to address transformational events such as cloud migration, remote worker shift and the adoption of zero trust security architecture Develop a sales plan that is based on regional strategies and pipeline focusing on Network Security, SASE, EDR & Cloud Security Foster growth and track the solution offerings pipeline by engaging with internal account teams, existing customers, net new prospects and key technology partners The Pre-sales solution architect leads and supports sales delivery of solution specific GTM plans. In order to be successful, you will need to become a thought leader, trusted advisor, and spokesperson for Infosys packaged service offerings. Requirements and skills 10+ years of experience selling or supporting the sales of cyber security, network security or cloud security solutions. Subject matter expert in designing and architecting solution in the cyber technologies areas such as network security, IT security and zero trust, SASE, EDR, Cloud security, etc. Tools like Zscaler, Palo Alto, Cisco, Fortinet, Netskope, etc. Knowledge of key market players/competitors in the cybersecurity and Zero Trust solution spaces. Demonstrated ability to think strategically and develop/execute corresponding objectives. Strong verbal and written communications, as well as the ability to work effectively across internal and external organizations.

Architect, implement, and maintain secure, high-performance network infrastructure. Deploy and manage firewalls, routers, switches, VPNs, IDS/IPS, and secure wireless environments. Lead network security initiatives including segmentation, policy enforcement, and hardening. Conduct network security audits and vulnerability assessments with detailed reporting. Proactively monitor for threats, perform incident response, and mitigate risks. Ensure compliance with cybersecurity best practices, industry frameworks, and client policies. Help deploy, configure, and maintain SIEM platforms (e.g., Splunk, LogRhythm, Sentinel, etc) to aggregate logs and detect anomalies. Perform log analysis, threat hunting, and correlation rule tuning within SIEM systems. Help manage and monitor endpoint protection platforms (e.g., CrowdStrike, SentinelOne, Sophos, EDR/XDR solutions). Collaborate with internal teams and clients to develop tailored network and endpoint security solutions. Act as a subject matter expert (SME) on networking and cybersecurity during sales, planning, and strategy sessions. Document network architectures, policies, configurations, and processes. Manage and lead infrastructure upgrades, migrations, and disaster recovery planning. Stay current with emerging threats, technologies, and compliance regulations. Requirements Degree in Information Systems, Computer Science, Cybersecurity, or equivalent work experience. 8-10 years of enterprise networking and infrastructure experience.

Responsibilities: * Ensure compliance with PCI DSS, NIST, HIPAA & ISO standards. * Design, implement & maintain secure systems using Infosec principles. * Conduct regular security audits & risk assessments. * Experience in SOC and SIEM tools-Qradar

ANZEN Technologies Private Limited. stands as an unparalleled powerhouse, empowering organizations across industries with our visionary services, cutting-edge solutions, and ground-breaking services in the realm of Cyber Security, IT Governance, Risk Management, and Compliance. As your trusted partner, we offer a comprehensive suite of End-to-End security services and consultancy, tailored to safeguard critical infrastructure installations, elevate the standards of BFSI, eCommerce, IT/ITES, Pharmaceuticals, and an array of other sectors. JD :- 1. Designing and deploying a SIEM system. 2. Managing the day-to-day operations of the SIEM system. 3. Perform detailed security event/incident analysis/RCA. 4. Create Correlation Rules in SIEM. Create, Modify and fine tune the SIEM rules to adjust the specifications of alerts and incidents. 5. Perform device integration with SIEM. 6. Develop reports from SIEM for compliance requirements. 7. Monitor Correlated Security Event/Incident and perform investigation along with respective team. 8. Troubleshoot with other support group on the systems that are not logging into the SIEM. Assist customers to fully optimize the SIEM system capabilities. 9. Integration of customized threat intelligence content feeds provided by the Threat Intelligence & Analytics service. 10. Good knowledge and experience of Security Monitoring tools 11. Good knowledge and experience of Cyber Incident Response 12. Good communication and advocacy skills, both verbal and written, with the ability to express complex technical issues in an easily understood manner. 13. Knowledge regarding the security solutions is must such as IPS/IDS, WAF, Proxy, Firewall, AV, EDR etc. 14. Understanding of common network services (Web, Mail, FTP, etc.), network vulnerabilities, and network attack patterns. 15. Experienced in working with both Windows and Unix based server environments. 16. Knowledge of Threat Intelligence platforms and should know about Threat hunting

ANZEN Technologies Private Limited. stands as an unparalleled powerhouse, empowering organizations across industries with our visionary services, cutting-edge solutions, and ground-breaking services in the realm of Cyber Security, IT Governance, Risk Management, and Compliance. As your trusted partner, we offer a comprehensive suite of End-to-End security services and consultancy, tailored to safeguard critical infrastructure installations, elevate the standards of BFSI, eCommerce, IT/ITES, Pharmaceuticals, and an array of other sectors. Position : Associate Consultant Key Responsibilities: Knowledge regarding Incidents and SOC. Knowledge regarding security solutions such as WAF, IPS/IDS, Proxy, Firewall, AV, EDR etc. Knowledge regarding Logs and should be familiar with log analysis. Qualifications & Certifications : Graduated from IT Stream Experience: Candidate with 1 to 1.5 Years of experience. Excellent communication and interpersonal skills. Ability to work in a fast-paced environment Preferred Skills & Location Experience in Cybersecurity, IT Industry from Navi Mumbai Office Address : ANZEN Technologies Private Limited Akshar Business Park, H - 3025, 3rd Floor, Plot No. 3, Sector-25, Vashi, Navi Mumbai 400703 https://anzentech.com Immediate Joiner may apply for this position

Security Engineering & Cyber Defense Operations Architect, implement, and optimize SIEM, SOAR, XDR, and EDR solutions for effective threat detection and response. Develop and maintain security controls, logging, and monitoring strategies to ensure comprehensive threat visibility. Evaluate and integrate AI and Machine Learning-based cybersecurity tools for enhanced detection and automated response. Implement MITRE ATT&CK Framework to improve detection logic and adversary tactics coverage. Automation & AI-Driven Security Design and implement SOAR (Security Orchestration, Automation, and Response) workflows to automate threat response. Develop and fine-tune AI/ML models to enhance anomaly detection, alert correlation, and predictive threat analysis. Automate threat hunting processes using AI-based behavior analytics and security automation tools. Threat Hunting & Threat Intelligence Lead proactive threat-hunting activities using MITRE ATT&CK, TTP-based detection, and hypothesis-driven approaches. Utilize threat intelligence platforms (TIPs) to enrich SOC alerts, correlate IoCs, and enhance incident response. Establish hunting methodologies using behavioral analytics, network telemetry, and endpoint forensics. Collaborate with intelligence-sharing platforms and industry peers to stay updated on emerging threats. Use Case Development & Optimization Design and maintain SIEM use cases based on threat modeling, attack surface analysis, and business risk. Continuously refine detection logic, correlation rules, and alerting thresholds to reduce false positives. Leverage MITRE D3FEND and MITRE ATT&CK to develop advanced attack detection strategies. Incident Response & Forensic Analysis Provide engineering support for incident response teams, helping with log analysis, forensics, and root cause analysis. Develop custom threat detection scripts and automation workflows to accelerate IR capabilities. Assist in post-incident investigations by collecting and analyzing digital evidence. Security Architecture & Compliance Work closely with security architects to integrate cyber defense controls into enterprise security architecture. Ensure adherence to NIST, ISO 27001, and regulatory frameworks in cyber defense implementations. Conduct security tool assessments and evaluate new cybersecurity technologies for continuous improvement. Leadership & Stakeholder Collaboration Lead a team of security engineers and analysts, mentoring them in advanced detection and response techniques. Collaborate with IT, DevOps, and business units to align security engineering with enterprise objectives. Conduct cybersecurity awareness programs for cross-functional teams to strengthen cyber resilience. Candidates preferred from Mumbai location ONLY.

5+ years of experience with proactive threat detection using EDR, SIEM, and network forensics tools. 5+ years of experience investigating adversary tactics, techniques, and procedures (TTPs) based on frameworks like MITRE Telecommunication & CK. 5+ years of experience investigating indicators across endpoints, networks, cloud, and identity systems to uncover widespread malicious activity. Strong analytical skills for investigating advanced persistent threats (APT) and identifying sophisticated attack patterns. Experience conducting or participating in threat simulations and red team exercises to improve detection capabilities. Work Location given in ECMS ID

About The Role Minimum 2-4 years of experience in Security Operations Centre Experience across SOC domains use case creation, incident management, threat hunting, threat intelligence etc. Solid understanding of cyber security, network security, end point security concepts Good understanding of recent cyber threats, latest attack vectors Must have experience in any one SIEM (Splunk), EDR and SOAR solution Must have experience in leading/managing SOC shifts Experience in shift roster creation, resource management etc. Will be responsible for critical incident investigation, use case review, mentoring Shift Leads, SLA management etc.

Role: The Security Operations (SOC) - Engineer is responsible for monitoring the environment, identifying, reporting, and responding to security threats that put the organization at risk. The primary function of this position is to monitor the security tools and perform alert management and initial incident qualification. Job Description Acknowledge, analyze, and validate incidents triggered from multiple security tools like IDS/IPS, Web Application Firewall, Firewalls, Endpoint Detection & Response tools, and events through SIEM solution Acknowledge, analyze, and validate incidents received through other reporting mechanisms such as email, phone calls, management directions, etc. Collection of necessary logs that could help in the incident containment and security investigation Escalate validated and confirmed incidents to Security administrators Undertake first stages of false positive and false negative analysis Understand the structure and the meaning of logs from different log sources such as FW, IDS/IPS, WAF, Windows DC, Cloudflare, AV and antimalware software, O365 email security etc. Open incidents in ticketing platform to report the alarms triggered or threats detected. Track and update incidents and requests based on updates and analysis results Report infrastructure issues to the IMS Team Working with vendors to work on security issues. Perform other duties as assigned Skills: Strong security knowledge Should have expertise on TCP/IP network traffic and event log analysis Experience with Linux, Windows and Network Operating Systems required. Knowledge and hands-on experience in management of IDS/IPS, Firewall, VPN, and other security products Experience in Security Information Event Management (SIEM) tools, creation of basic co-relation rules, and administration of SIEM Knowledge and hands-on experience in Log management & Endpoint detection and response tools Knowledge of ITIL disciplines such as Incident, Problem and Change Management Strong interpersonal skills including excellent written/verbal communication skills Interview Process: Technical Interview HRBP Interview Consent: Consent: we will use your resume for current full-time job openings with us and retain it for future opportunities

Proactively lead and support incident response team during an incident. Experience in advance investigation, triaging, analysis and escalation of security incidents with recommendations Hands-on basic experience with configurations and management of SIEM tools(Qradar)including log source integrations, custom parser built, fine tuning and optimizing the correlation rules and use cases recommendations Is MUST. Proven Experience on any of the Security information and event management (SIEM) tools using Qradar Data-driven threat hunting using SIEM, EDR and XDR tools Basic Experience is SOAR tools such as Qradar Resilient, PaloAlto XSOAR Identify quick defence techniques till permanent resolution. Recognize successful intrusions and compromises through review and analysis of relevant event detail information. Review incidents escalated by Level 1 analysts. Launch and track investigations to resolution. Recognize attacks based on their signatures, differentiates false positives from true intrusion attempts. Actively investigates the latest in security vulnerabilities, advisories, incidents, and penetration techniques and notifies end users when appropriate. Identify the gaps in security environment & suggest the gap closure Drive & Support Change Management Performs and reviews tasks as identified in a daily task list. Report Generation and Trend Analysis. Participate in the Weekly and Monthly governance calls to support the SOC metrics reporting Good to have hands on experience with managing SIEM solutions on public/private clouds like Amazon AWS, Microsoft Azure, etc. Willing to work in 24x7 rotational shift model including night shift. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 5+ Years Hands-on experience required in Qradar SIEM and SOAR. Desired experience in Threat hunting, Threat intelligence. Worked on tools belongs to Qradar, UEBA, UAX. Bachelor’s degree in engineering/information security, or a related field. Relevant certifications such as CEH, CISSP, CISM, CompTIA CASP+, or equivalent. Proven experience to work in a SOC environment. Preferred technical and professional experience Proven experience in managing and responding to complex security incidents. Strong analytical and problem-solving skills. Excellent communication and collaboration abilities. Ability to work in a fast-paced, dynamic environment. Deep technical knowledge of security technologies and advanced threat landscapes.

Dear Candidate, We are seeking a Security Operations Engineer to monitor, detect, investigate, and respond to security incidents and threats across systems and networks. Key Responsibilities: Monitor alerts and logs using SIEM tools (Splunk, QRadar, Sentinel). Analyze security incidents, conduct root cause analysis, and coordinate response. Support threat hunting and vulnerability assessments. Maintain and tune security tools (IDS/IPS, endpoint protection, firewalls). Document incident reports and provide remediation recommendations. Required Skills & Qualifications: Experience in a Security Operations Center (SOC) or similar role. Strong knowledge of cybersecurity concepts and incident response. Familiarity with EDR tools (CrowdStrike, Carbon Black) and log analysis. Scripting and automation skills for detection and response tasks. Security certifications such as CEH, CompTIA Security+, or GCIA are beneficial. Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Srinivasa Reddy Kandi Delivery Manager Integra Technologies

Role & responsibilities: The candidate should be hands-on in managing Security Operations, SOC, Identify access management, Risk Management Should have worked on Blueprinting and Designing of SOC frameworks and implementation of SOC/SIEM solution and Enterprise Architecture Should be hands-on on security processes with good client and Market facing experience in India geography Should have worked on Designing, solutioning and Implementation of Cyber Security Frameworks - Security Operations Strategy, Vulnerability Management - Application & Infrastructure and Threat Intelligence and Analytics Preferred candidate profile : Should have worked on the below - M&A experience - Actively monitoring, analyzing & escalating SIEM alerts based on correlation rules, Active threat hunting on network flow, user behavior and threat intelligence Candidate should have expert level domain knowledge (Cyber Security), Threat Hunting, SIEM - Azure Sentinel, SIEM - (RSA / Splunk / LogRhythm), Ability to Comprehend Logs (HTTP, SMTP, Network), Operating systems and servers, Organizes Technical Sessions / Talks. Candidate should able to familiar with python Scripting & Windows Active Directory (Optional). Vulnerability Management Services - External & internal Vulnerability scanning, VMS tool Qualys & Kenna Administration, Application server & Vulnerability scanning Candidate should have expert level domain knowledge (Cyber Security), Vulnerability scans and recognizing vulnerabilities in security systems, Network analysis tools to identify vulnerabilities, Develop insights about the context of an organizations threat environment, Risk management processes, Network attack and a network attacks relationship to both threats and vulnerabilities. Candidate should have advance level understanding of Impact/risk assessments. Security Operations and Management experience - SOC Experience in Identity access, privilege access, vulnerability management Client facing - front end with the client- focused on engagements + Sales, BD + Capability Development

Role & responsibilities Understand the existing security controls (including Endpoint Detection & Response, anti-malware and incident response) Engage with other IT teams including Network Engineering, Data Center, Service Desk to ensure a consistent approach for organizational support across the enterprise Understand the current state of the technology components in the IT stack ranging from networking, storage, compute (virtualization, containers), applications & security mgmt Establish non-production and production environments for testing and hosting the applications Adhere to the Scaled Agile Framework methodologies and tools that exists in the environment Participate in daily stand-up of Compliance & Security release train and contribute to bi-weekly sprints Learn System Engineering concepts to analyze existing environment and find more efficient ways Identify ways of doing things with full automation, AI and ML which needs knowing/learning the concepts of these technologies. Maintain regular communication with supervisor and continually update needs & priorities to Preferred candidate profile Hands-on experience in managing CrowdStrike, McAfee and TrendMicro platforms using the console, scripting and automation frameworks Hands-on expertise programming in Python Experience in L1/L2/L3 support and understanding of common corporate IT issues Have a sense of urgency in production issues and be a proactive speaker and listener Hands-on experience in programming with networking stack, TCP/IP stack, compute technologies (virtualization, containerization), storage Knowledge of technical design of the security controls (especially in the Windows OS)

What youll do: Security Operations Management: Manage and support large-scale systems, complex cloud environments, and mission-critical business applications, ensuring secure and efficient operations. Security Solution Implementation: Implement and manage at least four security solutions, including but not limited to EDR, DLP, DNS, Email Protection (Mail Relay), MDM, Identity Protection, Firewall, Cloud Security, and OCR technologies. Security Monitoring & Analysis: Interpret alert logs and network traffic to identify attack patterns, recognizing typical attack scenarios to prevent or mitigate potential threats. Vulnerability Management: Lead vulnerability management efforts, create comprehensive dashboards and reports, present findings to stakeholders, and validate remediation strategies. Interpret vulnerabilities/CVEs. Conduct vulnerability assessments and provide actionable insights for remediation Platform Security Expertise: Apply in-depth knowledge of security vulnerabilities and mitigation strategies across Windows, Mac, and Linux platforms. Security Solutions Expertise: Leverage experience with tools like CrowdStrike, Cisco Umbrella, Palo Alto & Fortinet Firewalls, Forcepoint, Trend Micro, and other leading security technologies. Cloud Security: Demonstrate expertise in cloud security posture management (CSPM) and applying security best practices in cloud environments (Azure, AWS, GCP). Office 365 & Identity Security: Manage and secure Office 365 environments, ensuring effective security controls are implemented. Implement modern authentication mechanisms, such as cloud IDP, SSO, and MFA. Security Compliance & Hardening: Oversee security compliance and system hardening processes, particularly within Azure, based on known security standards (e.g., CIS, NIST). What to Have for this position: Must have Skills: - Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience). Minimum of 6-8 years of experience in cybersecurity or IT security operations. Experience: Proven track record of managing large-scale systems and complex cloud environments in a security operations context. Security Solutions Expertise: Deep understanding and hands-on experience with a variety of security technologies, including EDR, DLP, DNS protection, firewalls (Palo Alto, Fortinet), cloud security tools, and more. Alert & Traffic Analysis: Ability to interpret security alerts, network traffic logs, and identify attack vectors and patterns effectively. Vulnerability Management: Proficiency in managing vulnerability scanning and remediation workflows, with experience in dashboard creation and report generation. The ability to assess CVEs, vulnerabilities, and gaps in security controls. Platform Security: Strong knowledge of security across Windows, Mac, and Linux platforms, including server/laptop administration, and resolving platform-specific vulnerabilities. Cloud Security: Expertise in cloud security posture management (CSPM) and securing cloud environments with an emphasis on compliance and security best practices. Authentication & Identity Management: Expertise in implementing modern authentication technologies, including cloud-based Identity Providers (IDPs), Single Sign-On (SSO), and Multi-Factor Authentication (MFA). Compliance & Hardening: Experience with security compliance, hardening systems, and working with Azure security standards. Toolset Proficiency: Hands-on experience with security tools like CrowdStrike, Cisco Umbrella, Palo Alto & Fortinet firewalls, Forcepoint, Trend Micro, and Office 365 security products. Personal Traits:- Independent & Self-Managed: Strong time management skills with the ability to work independently and manage competing priorities. Proactive & Solution-Oriented: A proactive, "can-do" attitude, contributing effectively to team goals and overall organizational security. Communication Skills: Excellent verbal, written, and interpersonal communication skills with the ability to work across departments and with distributed global teams. Customer-Centric: Outstanding customer service mindset with the ability to interact with stakeholders and address security concerns in a collaborative manner. Multitasking & Stress Management: Ability to juggle multiple tasks, maintain organization, and perform effectively under pressure in a fast-paced environment. Team Player: A collaborative approach with the ability to work independently or as part of a highly proactive security team. Fluent English: Strong proficiency in both written and spoken English is a must. Security Certifications: Security-related certifications (CISSP, CISM, CEH, etc.) or specialized training is highly desirable. Networking Knowledge: Familiarity with networking and protocols (Layer 2-7, Switching, Routing) is an advantage.

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Accenture MxDR Ops Security Threat Analysis Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build, and protect enterprise systems, applications, data, assets, and people. You will provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Be a crucial part of ensuring the security of the organization's digital assets and operations. Roles & Responsibilities:Perform security monitoring by analyzing logs, traffic and alerts generated by variety of device technologiesTimely response to customer requests like detection capabilities, tuning, etc.Research new threats and provide recommendations to enhance detection capabilitiesStrong desire for continuous learning on vulnerabilities, attacks and countermeasures Identify opportunities for process improvement Professional & Technical Skills: Experience in SOC operations with customer-facing responsibilitiesDeep understanding on cyber security fundamentals, security devices, network defense concepts and threat landscapeHands-on experience in SIEM and threat hunting tools Added advantage in working with any SOAR platformDesirable knowledge in any scripting language and EDR productsStrong customer service and interpersonal skillsStrong problem-solving skillsAbility to communicate clearly at all levels, demonstrating strong verbal and written communication skills.Adaptability to accept change Additional Information:Work as part of analysis team that works 24x7 on a rotational shift Minimum a bachelors or a masters degree in addition to regular 15- year full time educationThe candidate should have minimum 2 years of experience This position is based at our Chennai office. Qualification 15 years full time education

Job Description: 5+ years of experience in Security Operations Center and Threat Hunting. Develop and refine threat hunting techniques and tools. Experience in monitoring and alert handling in QRadar SIEM. In-depth knowledge of advanced persistent threats (APTs) and attack vectors. Collaborate with threat intelligence teams to integrate new threat data into hunting processes. Security incident handling and reporting. Experienced in EDR alert analysis, preferably Sentinel One. Preferred candidate profile Bachelor's degree in computer science, Information Security, or related field. Should be flexible to work in 24/7 rotational shifts. Should possess good communication skills.

We are seeking an experienced Associate skilled in Zscaler Proxy, Firewalls, Data Loss Prevention (DLP), and Endpoint Detection & Response (EDR) solutions. The successful candidate will play a pivotal role in ensuring the security, availability, and performance of our IT infrastructure by implementing both proactive and reactive measures to secure our network and endpoint environments. Key Responsibilities Zscaler Proxy Management Configure, manage, and optimize Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) solutions. Implement and enforce web security policies to ensure compliance with organizational standards. Troubleshoot and resolve Zscaler-related issues to ensure continuous internet and private application access. Conduct periodic health checks and performance tuning of the Zscaler infrastructure. Firewall Administration Manage and configure firewalls to secure internal and external network traffic. Create and maintain firewall rules, Network Address Translation (NAT) configurations, and VPN setups as per business requirements. Monitor and analyze firewall logs to detect and respond to potential security incidents. Regularly review firewall policies to ensure adherence to industry best practices and compliance standards. Endpoint and Data Protection Monitor endpoint activity for suspicious behavior and respond to threats promptly. Provide incident response support and recommend corrective actions for endpoint security incidents. Participate in vulnerability assessments and implement remediation plans. Collaborate with cross-functional teams to ensure seamless integration of security tools. Prepare and maintain technical documentation, configurations, and standard operating procedures. Experience 3-5 years of hands-on experience with Zscaler Proxy, Firewalls, DLP, and EDR solutions in an enterprise environment. Technical Skills: Strong knowledge of Zscaler technologies, including policy configuration, SSL inspection, and application control. Proficiency in managing firewalls, creating security rules, and implementing VPNs. Expertise in deploying and managing EDR tools for threat detection and response. Understanding of network protocols, IP subnetting, and traffic analysis tools. Familiarity with SIEM solutions and their integration with security tools. Strong understanding of security operations and incident management. Knowledge of endpoint security, malware detection, and response. Soft Skills: Strong problem-solving and analytical skills. Excellent verbal and written communication abilities. Capability to work independently and collaboratively in a fast-paced environment. Proactive attitude towards learning and adapting to new technologies. We are looking an experienced Associate skilled in Zscaler Proxy, Firewalls, Data Loss Prevention (DLP), and Endpoint Detection & Response (EDR) solutions. The candidate will play a pivotal role in ensuring the security, availability, and performance of our IT infrastructure by implementing both proactive and reactive measures to secure our network and endpoint environments. Key Responsibilities Zscaler Proxy Management Configure, manage, and optimize Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) solutions. Implement and enforce web security policies to ensure compliance with organizational standards. Troubleshoot and resolve Zscaler-related issues to ensure continuous internet and private application access. Conduct periodic health checks and performance tuning of the Zscaler infrastructure. Firewall Administration Manage and configure firewalls to secure internal and external network traffic. Create and maintain firewall rules, Network Address Translation (NAT) configurations, and VPN setups as per business requirements. Monitor and analyze firewall logs to detect and respond to potential security incidents. Regularly review firewall policies to ensure adherence to industry best practices and compliance standards. Endpoint and Data Protection Monitor endpoint activity for suspicious behavior and respond to threats promptly. Provide incident response support and recommend corrective actions for endpoint security incidents. Participate in vulnerability assessments and implement remediation plans. Collaborate with cross-functional teams to ensure seamless integration of security tools. Prepare and maintain technical documentation, configurations, and standard operating procedures. Experience 3-5 years of hands-on experience with Zscaler Proxy, Firewalls, DLP, and EDR solutions in an enterprise environment. Technical Skills: Strong knowledge of Zscaler technologies, including policy configuration, SSL inspection, and application control. Proficiency in managing firewalls, creating security rules, and implementing VPNs. Expertise in deploying and managing EDR tools for threat detection and response. Understanding of network protocols, IP subnetting, and traffic analysis tools. Familiarity with SIEM solutions and their integration with security tools. Strong understanding of security operations and incident management. Knowledge of endpoint security, malware detection, and response. Soft Skills: Strong problem-solving and analytical skills. Excellent verbal and written communication abilities. Capability to work independently and collaboratively in a fast-paced environment. Proactive attitude towards learning and adapting to new technologies.

- Design, develop & maintain playbooks within Cortex XSOAR - Integrate security tools & threat intelligence sources with XSOAR - Implement & manage security alerts using XSIAM, SIEM & SOAR platforms - Fine-tune & optimize securty automation processes Required Candidate profile Exp. : 6+ yrs CTC : Upto 30 Lacs Location : Remote WFH (1 Opening) / Central Mumbai WFO (2 Open) Comm. Skills - Excellent Strong in Cortex XSOAR along with automation and XSIAM, SOAR, and SIEM tools.