188 Edr Jobs - Page 4

Your day at NTT DATA The Security Managed Services Engineer (L2) is a developing engineering role, responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational. Through the proactive monitoring, identifying, investigating, and resolving of technical incidents and problems, this role is able to restore service to clients. The primary objective of this role is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA) and focuses on second-line support for incidents and requests with a medium level of complexity. The Security Managed Services Engineer (L2) may also contribute to support on project work as and when required. What you'll be doing Key Responsibilities: Min 4+ Years exp in Soc along with SIEM (Splunk). Min 2 years Hands on exp in Splunk. Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD, PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities. Identify log sources and examine system logs to reconstruct event histories using forensic techniques. Align SIEM rules and alerts with the LICs security policies and compliance requirements. Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans. Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively. Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits. Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive. Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Knowledge and Attributes: Ability to communicate and work across different cultures and social groups. Ability to plan activities and projects well in advance, and takes into account possible changing circumstances. Ability to maintain a positive outlook at work. Ability to work well in a pressurized environment. Ability to work hard and put in longer hours when it is necessary. Ability to apply active listening techniques such as paraphrasing the message to confirm understanding, probing for further relevant information, and refraining from interrupting. Ability to adapt to changing circumstances. Ability to place clients at the forefront of all interactions, understanding their requirements, and creating a positive client experience throughout the total client journey. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). Active CEH certification is Must. Required Experience: Moderate level of relevant managed services experience handling Security Infrastructure. Moderate level of knowledge in ticketing tools preferably Service Now. Moderate level of working knowledge of ITIL processes. Moderate level of experience working with vendors and/or 3rd parties. Workplace type : On-site Working

Your day at NTT DATA The Security Managed Services Engineer (L2) is a developing engineering role, responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational. Through the proactive monitoring, identifying, investigating, and resolving of technical incidents and problems, this role is able to restore service to clients. The primary objective of this role is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA) and focuses on second-line support for incidents and requests with a medium level of complexity. The Security Managed Services Engineer (L2) may also contribute to support on project work as and when required. What you'll be doing Key Responsibilities: Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD, PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities. Identify log sources and examine system logs to reconstruct event histories using forensic techniques. Align SIEM rules and alerts with the LICs security policies and compliance requirements. Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans. Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively. Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits. Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive. Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). CEH certification is Must. Workplace type : On-site Working

Your day at NTT DATA The Senior Associate Collaboration Technical Services (TS) Systems Integration Specialist is a developing subject matter expert, responsible for ensuring that client solution requirements are resolved in line with Service Level Agreements (SLAs). This role performs configurations, actions installations and attends to break/fix events. This role works towards associate to professional level certification, whilst at the same time developing business knowledge. What you'll be doing Key Responsibilities: Owns larger portions of an installation, break/fix incidents at a low to medium level of complexity during project lifecycle Takes responsibility for problem resolution and troubleshooting during project lifecycle Escalates complex problems to the relevant third parties. Assists with the documentation of standard operating procedures relating to installations and fixes during ops handover Compiles and maintains project administration (Time Capture and feedback to stakeholders) Conducts elementary presentations within the customer's organization. Expected to take leadership from senior resources on relevant technologies according to specialization and best practice. Performs any other related task as required. Knowledge and Attributes: Developing fundamental project and administration ability Developing understanding and appreciation of technical design principles and compute layers. Ability to develop an understanding of fundamental project and administration processes. Display a strong learning orientation. Good verbal communication skills. Demonstrate a client service orientation. Hands-on proactive in approach. Knowledge on security concepts and application of those concepts. Ability in configuring/managing security controls, such as SIEM, Firewall, IDS/IPS, EDR, NDR, UTM, Proxy, SOAR, Honeypots, decoys, and other security tools. Developing knowledge on log collection mechanism such as Syslog, Log file, DB API. Developing knowledge in security architecture. Developing knowledge on log collection mechanism such as Syslog, Log file, DB API. Developing knowledge in security architecture. Developing knowledge in ETL concepts, data processing at scale and data stream pipelines through Terraform. Ability in cloud services on at least one of the following providers: AWS, Azure, GCP. Developing knowledge web service protocols and frameworks for high-availability, low-latency, resiliency, and auto-scaling. Developing understanding any of the following - Java, Python, TypeScript, JavaScript, R, .NET, PowerShell. Developing knowledge in serverless development. Analytical skills and ability to communicate effectively. Ability to solve problems in innovative ways while adhering to industry standards and practices. Developing understanding practices on securing data and systems by applying appropriate authentication and authorization controls. Developing understanding of Event Driven Development and asynchronous operations. Developing understanding project fundamentals which are demonstrated in the execution of installations and other assignments. Developing knowledge of security technologies and understanding of managed services concepts Academic Qualifications and Certifications: Bachelor's degree or equivalent in Information Technology or Computing or a related field. Vendor certification is mandatory. Azure Certified Security Engineer PCNSA FCA CCNA Security. Cloud Security certifications and certifications like AZ-500, SC-200, Security+, CEH, CISSP, CISM or similar Certification in different networking technologies such as CCDPCCNP Security, JNCIA, ACCA, PCNSE, PCNSA, FCP, CCSA, ITIL, Azure Security Engineer, Azure Certified DevOps Engineer, Azure Certified Network Engineer, Azure Administrator Associate, will be an advantage. Certifications relevant to the services provided (certifications carry additional weightage on a candidates qualification for the role) Terraform, Azure, Sentinel, EDR Defender for Cloud, Microsoft Security, Devops Ci/CD Pipelins, Azure Governance (Defender for Cloud, Azure Policies, Secure Score and Compliance), Version Control (Git), Microservices (Kubernetes, Azure Containers), Azure AWS/ GCP Infrastructure (IaaS, PaaS, SaaS), Azure Infrastructure as Code, Azure Administration, Hybrid Cloud, Networking (Firewalls, LAN, VPN), Automation, MS Office365, Power BI Administration, Scripting (PowerShell), ZTNA. Required Experience: Moderate level experience in SOC Analysis Operations. Moderate level experience in SIEM usage for Moderate level experience in Azure or AWS or GCP. Moderate level experience in Security technologies like Firewall, IPS, IDS, Proxy etc. Moderate level experience in technical support to clients. Moderate level experience in handling security incidents end to end. Moderate level experience in Security Analysis or Engineering Moderate level experience in configuring/managing security controls, such as SIEM, Firewall, IDS/IPS, EDR, NDR, UTM, Proxy, SOAR, Honeypots, and other security tools. Workplace type : On-site Working.

Your day at NTT DATA The Security Managed Services Engineer (L2) is a developing engineering role, responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational. Through the proactive monitoring, identifying, investigating, and resolving of technical incidents and problems, this role is able to restore service to clients. The primary objective of this role is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA) and focuses on second-line support for incidents and requests with a medium level of complexity. The Security Managed Services Engineer (L2) may also contribute to support on project work as and when required. What you'll be doing Key Responsibilities: Min 4+ Years exp in Soc along with SIEM (Splunk). Min 2 years Hands on exp in Splunk. Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD, PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities. Identify log sources and examine system logs to reconstruct event histories using forensic techniques. Align SIEM rules and alerts with the LICs security policies and compliance requirements. Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans. Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively. Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits. Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive. Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Knowledge and Attributes: Ability to communicate and work across different cultures and social groups. Ability to plan activities and projects well in advance, and takes into account possible changing circumstances. Ability to maintain a positive outlook at work. Ability to work well in a pressurized environment. Ability to work hard and put in longer hours when it is necessary. Ability to apply active listening techniques such as paraphrasing the message to confirm understanding, probing for further relevant information, and refraining from interrupting. Ability to adapt to changing circumstances. Ability to place clients at the forefront of all interactions, understanding their requirements, and creating a positive client experience throughout the total client journey. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). Active CEH certification is Must. Required Experience: Moderate level of relevant managed services experience handling Security Infrastructure. Moderate level of knowledge in ticketing tools preferably Service Now. Moderate level of working knowledge of ITIL processes. Moderate level of experience working with vendors and/or 3rd parties. Workplace type : On-site Working

Key Responsibilities: Min 3 Years exo in EDR and Trend Micro. The vendor should assess the existing endpoint security infrastructure and identify any gaps or vulnerabilities. The vendor should deploy EDR agents on endpoints, servers, and critical systems within the organization's network. The vendor should configure EDR agents to collect and analyze security events and activities on endpoints. The solution should monitor endpoints for suspicious activities, such as malware infections, unauthorized access attempts, and unusual user behavior. The solution should use behavioral analysis and machine learning to detect advanced threats and zero-day attacks. The solution should generate real-time alerts for potential security incidents and provide guidance for incident response and remediation. The vendor should enable endpoint forensics capabilities to investigate security incidents and identify the root cause of attacks. The solution should capture and store detailed endpoint activity logs and artifacts for further analysis. The vendor should integrate the tool with vulnerability management systems to assess the endpoint's security posture. The EDR solution should be able to rollout patches or upgrades from the EDR management console for agents onboarded on the platforms. The solution should alert and remediate endpoints with outdated or vulnerable software configurations. The solution should provide real-time alerts for anomalies that could indicate potential threats. The vendor should ensure the compatibility with other security systems, such as (but not limited to) SIEM, incident response tools, etc. The solution should correlate network anomalies with potential threats, aiding in early threat detection. The vendor is expected to deliver reports at periodic intervals as per Clients requirements. The vendor should re-deploy the agent as and when there is a change in the infrastructure or the operating systems. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). CEH certification is must. Required Experience: Entry-level experience with troubleshooting and providing the support required in security network/ data center/ systems/ storage administration and monitoring Services within a medium to large ICT organization. Basic knowledge of management agents, redundancy concepts, and products within the supported technical domain (such as Security, Network, Data Centre, Telephony, etc.). Working knowledge of EDR processes.

Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion its a place where you can grow, belong and thrive. Your day at NTT DATA The Security Managed Services Engineer (L1) is an entry level engineering role, responsible for providing a managed service to clients to ensure that their Firewall infrastructure remain operational through proactively identifying, investigating, and routing the incidents to correct resolver group. The primary objective of this role is to ensure zero missed service level agreement (SLA) conditions and focuses on first-line support for standard and low complexity incidents and service requests. The Security Managed Services Engineer (L1) may also contribute to / support on project work as and when required. What youll be doing Key Responsibilities: Min 3 Years exo in EDR and Trend Micro. The vendor should assess the existing endpoint security infrastructure and identify any gaps or vulnerabilities. The vendor should deploy EDR agents on endpoints, servers, and critical systems within the organizations network. The vendor should configure EDR agents to collect and analyze security events and activities on endpoints. The solution should monitor endpoints for suspicious activities, such as malware infections, unauthorized access attempts, and unusual user behavior. The solution should use behavioral analysis and machine learning to detect advanced threats and zero-day attacks. The solution should generate real-time alerts for potential security incidents and provide guidance for incident response and remediation. The vendor should enable endpoint forensics capabilities to investigate security incidents and identify the root cause of attacks. The solution should capture and store detailed endpoint activity logs and artifacts for further analysis. The vendor should integrate the tool with vulnerability management systems to assess the endpoints security posture. The EDR solution should be able to rollout patches or upgrades from the EDR management console for agents onboarded on the platforms. The solution should alert and remediate endpoints with outdated or vulnerable software configurations. The solution should provide real-time alerts for anomalies that could indicate potential threats. The vendor should ensure the compatibility with other security systems, such as (but not limited to) SIEM, incident response tools, etc. The solution should correlate network anomalies with potential threats, aiding in early threat detection. The vendor is expected to deliver reports at periodic intervals as per Clients requirements. The vendor should re-deploy the agent as and when there is a change in the infrastructure or the operating systems. Academic Qualifications and Certifications: Bachelors degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). CEH certification is Must

Key Responsibilities: Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources.Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD,PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis.Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities.Identify log sources and examine system logs to reconstruct event histories using forensic techniques.Align SIEM rules and alerts with the LICs security policies and compliance requirements.Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging.Maintain and support the operational integrity of SOC toolsets.Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness.Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans.Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner.Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively.Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits.Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive.Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency.

Key Responsibilities: Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD, PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities. Identify log sources and examine system logs to reconstruct event histories using forensic techniques. Align SIEM rules and alerts with the LICs security policies and compliance requirements. Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans. Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively. Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits. Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive. Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). CEH certification is Must.

Key Responsibilities: Min 4+ Years exp in Soc along with SIEM (Splunk). Min 2 years Hands on exp in Splunk. Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD, PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities. Identify log sources and examine system logs to reconstruct event histories using forensic techniques. Align SIEM rules and alerts with the LICs security policies and compliance requirements. Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans. Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively. Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits. Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive. Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Knowledge and Attributes: Ability to communicate and work across different cultures and social groups. Ability to plan activities and projects well in advance, and takes into account possible changing circumstances. Ability to maintain a positive outlook at work. Ability to work well in a pressurized environment. Ability to work hard and put in longer hours when it is necessary. Ability to apply active listening techniques such as paraphrasing the message to confirm understanding, probing for further relevant information, and refraining from interrupting. Ability to adapt to changing circumstances. Ability to place clients at the forefront of all interactions, understanding their requirements, and creating a positive client experience throughout the total client journey. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). Active CEH certification is Must. Required Experience: Moderate level of relevant managed services experience handling Security Infrastructure. Moderate level of knowledge in ticketing tools preferably Service Now. Moderate level of working knowledge of ITIL processes. Moderate level of experience working with vendors and/or 3rd parties.

Your day at NTT DATA The Security Platform Engineer is a seasoned subject matter expert, responsible for facilitating problem resolution and mentoring for the overall team. This role performs operational security tasks such as performance and availability monitoring, log monitoring, security incident detection and response, security event reporting, and content maintenance (tuning). The Security Platform Engineer is responsible for detecting and monitoring escalated threats and suspicious activity affecting the organization's technology domain (servers, networks, appliances and all infrastructure supporting production applications for the enterprise, as well as development environments). What you'll be doing Key Responsibilities: Works as part of a 24/7 team working on rotational shifts. Works as part of Platform and Content Engineering handling tunings, stake holder requests, escalations, reporting, trainings. Administers the organization's security tools to gather security logs from environment. Performs lifecycle management of the supported security tools/technologies, Break-fix, Patching, Live update. Adheres to SOPs and notify stake holders on log flow/log format issues. Documents best practices. Identifies opportunities to make automations which will help the incident response team. Performs security incident handling and response from several vectors including End Point Protection and Enterprise Detection and response tools, attack analysis, malware analysis, network forensics, computer forensics, and a broad range of skills in LAN technologies, Windows and Linux O/Ss, and general security infrastructure. Carries out agreed maintenance tasks. Ensures usage of knowledge articles in incident diagnosis and resolution and assist with updating as and when required. Performs defined tasks to monitor service delivery against service level agreements and maintains records of relevant information. Investigates causes of incidents and seeks resolution. Escalates unresolved incidents and follow up until incident is resolved. Provides service recovery, following resolution of incidents. Documents and closes resolved incidents according to agreed procedures. Investigates and identifies root cause of incidents and assist with the implementation of agreed remedies and preventative measures. Maintains knowledge of specific specialisms, provides detailed advice regarding their application. Ensures efficient and comprehensive resolution of incidents, including ensuring that repairs are carried out by coordinating product requests, working with other team members. Logs all such incidents in a timely manner with the required level of detail with all the necessary. Cooperates with all stakeholders including client IT environments, vendors and carriers to expedite diagnosis of errors and problems and to identify a resolution. Knowledge and Attributes: Seasoned working knowledge on implementation and monitoring of any SIEM or security tools/technologies. Seasoned knowledge on security architecture, worked across different security technologies. Customer service orientated and pro-active thinking. Problem solver who is highly driven and self-organized. Great attention to detail. Good analytical and logical thinking. Excellent spoken and written communication skills. Team player with the ability to work well with others and in group with colleagues and stakeholders. Academic Qualifications and Certifications: Bachelor's degree or equivalent in Information Technology or related field. Relevant level of Networking certifications such as CCNA, JNCIA, ACCA, PCNSA, CCSA etc. preferred. Relevant level of Security certifications such as AZ-500, SC-200, Security+, CEH, CISSP, CISM etc. will be added advantage. Required Experience: Seasoned experience in Security technologies like (Firewall, IPS, IDS, Proxy etc.). Seasoned experience in technical support to clients. Seasoned experience in diagnosis and troubleshooting. Seasoned experience providing remote support in Security Technologies. Seasoned experience in SOC/CSIRT Operations. Seasoned experience in handling security incidents end to end. Knowledge on networking, Linux and security concepts. Seasoned experience in configuring/managing security controls such as Firewall, IDS/IPS, EDR, NDR, UTM, Proxy, SOAR, HoneyPots and other security tools. Knowledge on log collection mechanism such as Syslog, Log file, DB API. Knowledge in security architecture. Seasoned experience in Security engineering.

Job description: TCS has always been in the spotlight for being adept in the next big technologies. What we can offer you is a space to explore varied technologies and quench your techie soul. What we are looking for: Deep technical expertise in Endpoint security technology domain with demonstrated expertise in one or more of the following areas EDR, HIPS, Anti-Malware, FIM, Server Protection Proven experience in maintaining endpoint security solutions across enterprise environments. Provide compliance reports (monthly and based on need) Performing analysis of end-point security needs that contribute to the design, integration, and installation of hardware and software. Analysis, troubleshooting and development of solutions to end-point security problems. Excellent troubleshooting skills Creation of SOPs for daily operations of endpoint security tools and services Monitoring security advisory groups to ensure all necessary security updates, patches and preventive measures are in place. Support forensics activates and requirements. Good soft skills and multi-tasking abilities

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Governance Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and overseeing the transition to cloud security-managed operations. You will engage in discussions to align security strategies with organizational objectives, ensuring that all security measures are effectively integrated into the cloud environment. Your role will also require you to stay updated on the latest security trends and technologies to enhance the overall security posture of the organization. Roles & Responsibilities:- Lead and mentor a team of Tier 1, Tier 2, and Tier 3 SOC analysts.- Define and enforce SOC processes, workflows, SLAs, and escalation protocols.- Provide regular performance feedback and conduct training to upskill the team.- Collaborate with IT, DevOps, Risk, and Compliance teams on security initiatives.- Oversee daily security monitoring, triage, and incident response activities.- Ensure timely detection, investigation, and resolution of security incidents.- Maintain incident tracking and reporting for internal stakeholders and audits.- Conduct root cause analysis and ensure lessons learned are documented and implemented.- Manage and optimize SIEM, SOAR, EDR, and other monitoring tools.- Define and tune detection rules, playbooks, and alerts to reduce false positives.- Evaluate and recommend new tools and technologies to improve SOC capabilities.- Ensure log sources and telemetry are complete and properly ingested.- Ensure SOC operations support compliance requirements (ISO 27001, NIST, PCI DSS, GDPR).- Prepare and deliver regular security metrics and executive reports.- Coordinate with internal and external auditors during assessments. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Governance.- Strong understanding of risk management frameworks and compliance standards.- Experience with cloud security architecture and implementation.- Ability to conduct security assessments and audits.- Familiarity with security tools and technologies for threat detection and response. Additional Information:- The candidate should have minimum 12 years of experience in Security Governance.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Accenture MxDR Ops Security Threat Analysis Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your security skills to design, build, and protect enterprise systems, applications, data, assets, and people. A typical day involves collaborating with various teams to implement security measures, conducting assessments to identify vulnerabilities, and ensuring that all systems are fortified against potential cyber threats. You will also engage in continuous learning to stay updated on the latest security trends and technologies, contributing to a safer digital environment for the organization. Roles & Responsibilities:Perform security monitoring by analyzing logs, traffic and alerts generated by variety of device technologiesTimely response to customer requests like detection capabilities, tuning.Research new threats and provide recommendations to enhance detection capabilitiesStrong desire for continuous learning on vulnerabilities, attacks and countermeasures Identify opportunities for process improvement Professional & Technical Skills: Experience in SOC operations with customer-facing responsibilitiesDeep understanding on cyber security fundamentals, security devices, network defense concepts and threat landscapeHands-on experience in SIEM and threat hunting tools Added advantage in working with any SOAR platformDesirable knowledge in any scripting language and EDR productsPreferable GCIA, GCFA, CISSPStrong customer service and interpersonal skillsStrong problem-solving skillsAbility to communicate clearly at all levels, demonstrating strong verbal and written communication skills. Additional Information:Work as part of analysis team that works 24x7 on a rotational shift The candidate should have minimum 2 years of experience This position is based at our Chennai office.Minimum a bachelors or a masters degree in addition to regular 15- year full time educationAdaptability to accept change Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Accenture MxDR Ops Security Engineering Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build, and protect enterprise systems, applications, data, assets, and people. Your typical day will involve collaborating with various teams to implement security measures, conducting assessments to identify vulnerabilities, and ensuring that the organization's information and infrastructure are safeguarded against potential cyber threats. You will also engage in continuous learning to stay updated on the latest security trends and technologies, contributing to a secure environment for all stakeholders. Roles & Responsibilities:Work as part of Security Engineering handling tunings, customer requests, escalations, reporting, trainings.Administration of the Accenture proprietary SIEM to gather security logs from customer environment.Life cycle management of the SIEM Adhering to SOPs and notify customers on log flow/log format issuesDocument best practices and writing KB articlesIdentify opportunities for process improvements Professional & Technical Skills: Experience in SOC OperationsKnowledge on networking, Linux and security concepts Experience in configuring/managing security controls such as Firewall, DS/IPS, EDR, UTM, ProxyKnowledge on log collection mechanism such as Syslog, Log file, DB & API and build collector Knowledge in device onboarding and integrationPassion for cyber security, learning, and knowledge sharing Strong Verbal & written communication skillsProven customer service skills, problem solving and interpersonal skills Ability to handle high pressure situationsConsistently exhibit high levels of teamwork Additional Information:Work as part of a global technical services team that works 24/7 on rotational shiftThe candidate should have minimum 2 years of experience in Accenture MxDR Ops Security Engineering.This position is based at our Chennai office.A 15 years full time education is required. Qualification 15 years full time education

About Organization: Larsen & Toubro Ltd, commonly known as L&T, is an Indian multinational conglomerate company, with business interests in engineering, construction, manufacturing, technology, information technology and financial services, headquartered in Mumbai. The company is counted among world's top five construction companies. The L&T Group comprises of 93 subsidiaries, 5 associate companies, 27 joint ventures and 35 jointly held operations, operating across basic and heavy engineering, construction, realty, manufacturing of capital goods, information technology, and financial services. Specialties: Aerospace, Infrastructure, Shipbuilding, Construction, Defense, Finance, Forging, Hydrocarbon, Information Technology & Engineering Services, Construction Equipment, Railways, Boilers, Process Plant, Turbines, Power, Renewable Energy, Manufacturing, and Green Hydrogen. Job Title: Assistant Manager/Manager - Technology support & excellence Job Location: Powai, Mumbai Working Model: Work from office Operating Model: 6 days (2nd and 4th Saturdays Off) EDUCATIONAL QUALIFICATIONS: B.Tech/B.E./MCA/M.Sc. In Cyber Security Specialization EXPERIENCE: Min 4-6 years in Information Security Job Profile: Should have handled latest security tools, technologies (EDR, PIM, WAF, SASE, Proxy etc) & maintained compliance to standards (e.g. ISO27001:2022) Remediate cyber security incidents as per agreed service levels with Central Cyber Security operation Center As SME of security technology, evaluate & deploy security technologies Establish vendor selection criteria (RFP, Evaluation, Short listing, Selection) Ensure implementation of security tools & technologies as per project plans Managing & ensuring service delivery of partners with agreed SLA & payments as per schedule Conducting security awareness trainings for stakeholders in respective areas Run technology excellence program (CoE) with KPIs in line with industry standards Adherence to Budgets (Capex, Opex)

Hi, We are having an opening for Network Security Operations Manager at our Mumbai location. Job Summary : We are looking for a highly capable Network Security Operations Manager to lead, manage, and enhance the organizations network security infrastructure and operations. This role will be responsible for managing key security technologies such as firewalls, proxies, VPNs, NAC, DNS security, WAF , EDR & Data Security and ensuring operational governance and compliance. The ideal candidate should have hands-on experience managing large-scale network security operations and coordinating with cross-functional and incident response teams. Areas Of Responsibility : Security Operations Management Lead day-to-day operations of all network security tools and platforms , including: Firewalls (NGFW Palo Alto, Fortinet, Cisco)- Policy governance, segmentation, and high-availability Web Proxy & Cloud Proxy (e.g., Zscaler, Netskope)- URL filtering, threat prevention, and data leak protection VPN (IPSec, SSL VPN, Remote Access Solutions)- Strong encryption and access control for workforce and partner Network Access Control (NAC)- Role-based access, posture checks, and OT/IoT security DNS Security & Filtering- DNS-layer protection, malicious domain filtering, and response management Web Application Firewall (WAF) On-prem & Cloud-based- Protection of patient data, portals, financial apps, and APIs Ensure continuous monitoring, tuning, and updating of policies and signatures across platforms. Manage security device configurations, rule optimization, and lifecycle management. Compliance, Audit & Governance Ensure adherence to security compliance requirements such as ISO 27001, NIST, GDPR, and internal IT security policies . Ensure full compliance with sector-specific regulations ( Pharma: GxP, 21 CFR Part 11, HIPAA) Prepare and present periodic audit reports, incident reports, and configuration review summaries . Drive risk assessments and remediation plans for security operations. Maintain security documentation, SOPs, and audit trails Team & Vendor Management Lead and mentor a team of network security engineers and analysts. Oversee vendor engagements, support contracts, SLAs, and AMC renewals for security technologies. Engage with audit, QA, compliance, and legal teams for incident reporting and regulatory inspections Coordinate with for integrated security coverage (EDR/DS, if escalation/overlap arises). Incident Response & Troubleshooting Collaborate with SOC for effective investigation and response to network security incidents . Coordinate the response to security incidents, including detection, analysis, containment, eradication, and recovery. Lead root cause analysis and containment for network-based threats (e.g., suspicious VPN activity, firewall rule violations). Manage escalations and coordinate with external vendors or OEMs for critical issues. Projects & Improvements Drive security hardening and optimization projects related to network security tools. Lead or support security hardening, firewall rule optimization, and proxy architecture redesign projects Lead or contribute to technology upgrades, migration projects, mergers, acquisitions, data center shifts. Maintain security documentation, playbooks, and standard operating procedures. Prepare and validate BOM, BOQ, and risk registers for new deployments Educational Qualification : Bachelor's or Masters in Computer Science, Information Security, or related field Specific Certification : CISSP, CISM, CCNP Security, CP, Palo Alto PCNSE, Fortinet NSE, ISO 27001 LA Experience : 10-12 years of experience in network operations, with 3-5 years in leadership or managerial role Skill (Functional & Behavioural): Firewalls: Checkpoint, Fortinet, Palo Alto, Cisco Firepower Proxies: Netskope, Forcepoint, Zscaler VPN: Cloudflare, Cisco AnyConnect, FortiClient, GlobalProtect NAC: Forescout, Cisco ISE, Aruba ClearPass DNS Security: Cisco Umbrella, Infoblox, Cloudflare DNS WAF: AWS/Azure WAF, F5, Imperva, Akamai, Cloudflare EDR & DS: Crowdstrike, Falcon, Trellix, MS Defender, Sentinel, etc.

Job description Job Title: Senior SDET Role Overview: Trellix is looking for SDETs who are self-driven and passionate to work on Endpoint Detection and Response (EDR) line of products. The team is the ultimate quality gate before shipping to Customers. Tasks range from manual and, automated testing (including automation development), non-functional (performance, stress, soak), solution, security testing and much more. Work on cutting edge technology and AI driven analysis. About the role: Peruse requirements documents thoroughly and thus design relevant test cases that cover new product functionality and the impacted areas. Execute new feature and regression cases manually, as needed for a product release. Identify critical issues and communicate them effectively in a timely manner. Familiarity with bug tracking platforms such as JIRA, Bugzilla, etc. is helpful. Filing defects effectively, i.e., noting all the relevant details that reduces the back-and-forth, and aids quick turnaround with bug fixing is an essential trait for this job. Identify cases that are automatable, and within this scope segregate cases with high ROI from low impact areas to improve testing efficiency. Hands-on with automation programming languages such as Python, Java, etc. is advantageous. Execute, monitor and debug automation runs. Author automation code to improve coverage across the board. Lead fellow team members and also aspects of the product end-to-end, while thinking of all aspects including enhancements, automation, performance, and others. About you: 5-7 years of experience in a SDET role with a relevant degree in Computer Science or Information Technology is required. Show ability to quickly learn a product or concept, viz., its feature set, capabilities, functionality and nitty-gritty. Hands-on experience working on SaaS based applications and platforms. Understanding of any Cloud Platforms - CSPs such as AWS, GCP, etc. and microservices architecture is desired. Exposure to non-functional testing, such as, performance and load, is desired. Understanding of Endpoint security concepts around Endpoint Detection and Response (EDR) would be advantageous. Proven track record of taking ownership and driving aspects of product enhancements end-to-end. Company Benefits and Perks: We work hard to embrace diversity and inclusion and encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees. Retirement Plans Medical, Dental and Vision Coverage Paid Time Off Paid Parental Leave Support for Community Involvement Were serious about our commitment to diversity which is why we prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.

Knowledge of Information Security technologies (EDR, NDR, IPS, WAF, SIEM) Understanding of networking protocols (TCP/IP) security methodologies (ACL/NAC) & topologies Working knowledge of Windows and Linux OS, security incident response processes Required Candidate profile Working knowledge of analyzing, responding & remediating network intrusions, web app, & server attacks, scripting ,root cause determination, containerization concepts & tools

Advanced Technical Proficiency: Manage and troubleshoot endpoint security tools such as EDR, EPP, antivirus, and MDM solutions Conduct endpoint vulnerability assessments and drive remediation plans Support secured configuration management and endpoint encryption activities Automate routine monitoring and response tasks using scripting tools Strategic Oversight & Integration: Define and implement endpoint security policies and deployment strategies Monitor performance metrics and ensure alignment with enterprise security goals Collaborate with IT, compliance, and network security teams to ensure integrated defenses Incident & Breach Response: Participate in L2/L3 level response to endpoint-related security incidents Support root cause analysis and documentation of incidents and remediations Ensure timely containment and recovery of endpoint security breaches Communication & Documentation: Clearly communicate complex security issues and technical risks to stakeholders Document security events, investigations, configuration changes, and response outcomes Continuous Improvement & Learning: Stay current with evolving threat landscapes and industry best practices Recommend enhancements to endpoint security processes and tools Pursue relevant certifications and training to maintain technical excellence Leadership & Mentorship: Mentor junior analysts and support their technical growth Contribute to team knowledge sharing and cross-training efforts

As an L1 Threat Hunter, you will work closely with SOC analysts and incident responders to identify, analyze, and escalate suspicious activity using a variety of tools and threat intelligence sources.

• Strong expertise with SIEM platforms (e.g., QRadar, Sentinel, LogRhythm , Splunk,). • Proficient in EDR and XDR tools (e.g., CrowdStrike, SentinelOne, Carbon Black).

As an L1 SOC Analyst, you will be responsible for monitoring alerts and triaging basic security events from SIEM, EDR, and NDR platforms. Your role includes identifying suspicious activities, escalating incidents as per defined SOPs, and supporting the security operations team in daily monitoring tasks. Key Responsibilities: Monitor alerts from SIEM (QRadar, Microsoft Sentinel), EDR (Microsoft Defender for Endpoint), and NDR (LinkShadow/Darktrace) platforms Triage basic security events and validate incidents using established playbooks Escalate potential threats to L2 analysts based on severity and context Review and respond to AV/EDR alerts and execute predefined security queries Log incidents, document actions, and maintain ticketing system with accurate updates Enrich alerts with known threat intelligence and IOCs (IP, domain, file hashes) Support incident response efforts for phishing, malware, brute-force attacks, etc. Collaborate with team members and shift leads to ensure 24x7 monitoring coverage Tool Experience (Preferred): SIEM Tools: Basic use of QRadar and Microsoft Sentinel EDR/XDR: Microsoft Defender for Endpoint, Antivirus consoles NDR: LinkShadow or Darktrace (basic familiarity) Other Tools: Microsoft Exchange Online Protection (EOP), Azure AD Sign-In Logs (optional) Certifications (Preferred): CompTIA Security+ Microsoft SC-900 Shift Readiness: This role requires flexibility to work in 24x7 rotational shifts , including nights, weekends, and holidays. Required Skills: Understanding of basic cybersecurity concepts Familiarity with security alert triage and incident logging Basic knowledge of Indicators of Compromise (IOCs) Fast learner with strong attention to detail Effective communicator and team player

Greetings from Peoplefy Infosolutions !!! We are hiring for one of our reputed MNC client based in Pune . The Security Analyst position is part of the Groups Computer Emergency Response Team (CERT) , the organizations cyber defense division. The mission of this team encompasses three critical areas: Threat Prevention & Crisis Preparedness – Proactively anticipate and mitigate threats while preparing for cyber crises. Threat Detection & Analysis – Identify vulnerabilities, detect threats, and uncover attacks. Incident Response – Investigate, manage, and resolve security incidents while mitigating their impact on the IT ecosystem. Key Responsibilities: 1. Security Incident Handling: Analyze and confirm the severity of security incidents based on available data. Follow documented incident response procedures to resolve threats efficiently. Collaborate with technical experts to develop and implement remediation plans. Track and monitor corrective actions, ensuring stakeholders are informed and engaged. Write detailed incident reports, including "hot" and "cold" feedback, for major incidents. Participate in crisis management, including artifact collection, risk analysis, and first-level threat assessments. 2. Projects, Continuous Improvement, and Expertise Sharing: Stay updated on the latest incident response techniques through training and daily monitoring. Provide technical expertise for projects, including tool evaluations, risk analysis assistance, and technical audits. Propose and develop new detection scenarios, automation tools, or enhancements to improve productivity. Conduct team knowledge-sharing sessions by presenting in-depth technical topics. Contribute to the broader expertise missions within the team based on skillsets. Experience Requirements: 10–12 years of relevant experience in cyber security, with a focus on security incident handling, detection, and analysis. Qualifications and Skills: Technical Skills: Data Analysis & SIEM Tools : Proficient in SPL (Search Processing Language) for data analysis, threat hunting, and creating dashboards. Strong experience with SIEM tools like Splunk (Preferred) , Q Radar or Sentinel. Endpoint Protection (EPP) & Endpoint Detection and Response (EDR): Hands-on experience with tools such as: Trend Micro Deep Security Microsoft Defender Palo Alto Cortex Tehtris eGambit Network Security & Firewalls: Knowledge of firewalls , IDS/IPS , VPNs , and network devices such as: Cisco Palo Alto Global Protect Proficiency in analyzing firewall logs and interpreting PCAPs using tools like Wireshark . Operating Systems & Programming: Working knowledge of Windows and Linux will be an added advantage. Knowledge of PowerShell scripting and other system scripting languages. Knowledge on software programming and SDLC will be added advantage. Investigative Skills: Ability to autonomously investigate alerts from detection to resolution. Key Traits and Competencies: Strong analytical and problem-solving skills. Ability to work independently while collaborating with a global team. Excellent communication and report-writing skills. Passion for continuous learning and knowledge sharing. Flexibility to work in a fast-paced environment and support on-call rotations. Interested candidates for above position kindly share your CVs on pranita.th@peoplefy.com with below details - Experience : CTC : Expected CTC : Notice Period : Location :

Your key responsibilities Administration and management support of CrowdStrike Next-Gen SIEM/EDR Perform as the subject matter expert on any of the above solutions for the customer, use the capabilities of the solution in the daily operational work for the end customer. Advise customers on best practices and use cases on how to use this solution to achieve customer end state requirements. Content development (Use case development) which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Skills and attributes for success Customer Service oriented - Meets commitments to customers; Seeks feedback from customers to identify improvement opportunities. Experience in managing and administering security solution CrowdStrike Next-Gen SIEM/EDR Hands-on expertise in Security use case development and log source integration Good knowledge of SIEM technologies such as Splunk, Azure Sentinel from a Security Analysts point of view Exposure to IOT/OT monitoring (Claroty, Nozomi Networks etc.) is a plus Good knowledge and experience in Security Monitoring Good knowledge and experience in Cyber Incident Response Knowledge in ELK Stack Knowledge in Network monitoring technology platforms such as Fidelis XPS or others Knowledge in endpoint protection tools, techniques, and platforms such as Carbon Black, Tanium, CrowdStrike, Defender ATP or others To qualify for the role, you must have B. Tech./ B.E. with sound technical skills Strong command on verbal and written English language. Demonstrate both technical acumen and critical thinking abilities. Strong interpersonal and presentation skills. Minimum 4 years of Hands-on experience of operating/implementing the above security tools. Certification in any of the SIEM platforms is a plus Knowledge of RegEx, Perl scripting and SQL query language. Certification - CCSA, CEH, CISSP, GCIH, GIAC.

Role Description: This role is a senior position equivalent to a Level 3 SOC analyst. In this role, You are expected to manage the Cyber Defence Centre (SOC), which is a 24/7 environment. Handle security incidents and able to provide rapid response with a deep understanding of IT Network Infrastructure tools and Technologies. Primary Responsibilities: u25CF Member of a critical role in our cyber security function to ensure enterprise and client data is secure and private. You will help provide 24x7 monitoring for the organization by acting as the first line of defense against potentially malicious events. Support the Security Operations Centre with enhancing SOC tools including the design/improvement of working practices and incident responses Threat Hunting - Analyses security system logs, security tools, and available data sources on a day-to-day basis to identify attacks against the enterprise and report on any irregularities, issues related to improper access patterns, trending, and event correlations and make suggestions for detection rules and system tuning. Performs research into emerging threat sources and develops threat profiles. Keep updated on the latest cybersecurity threats. Has a sound understanding of SIEM, PAM, CASB, EDR, other threat detection platforms, and Incident Response tools. Develop and execute a crisis communication plan for CXO and other stakeholders. Measures SOC performance metrics and communicates the value of security operations to business leaders.