757 Incident Response Jobs - Page 16

About the Role We are seeking a highly skilled Security Analyst (Level 2) to join our MSSP SOC team. The ideal candidate will have expertise in SIEM (Splunk, QRadar), XDR/EDR solutions, and security analysis with hands-on experience in investigating and responding to security alerts. This role requires proficiency in reviewing and analyzing Level 1 alerts, providing detailed recommendations, and engaging with customers for incident handling. The candidate should also have basic SIEM administration knowledge and Python scripting skills for troubleshooting and playbook development. Key Responsibilities Threat Detection & Response: Analyze and investigate security alerts, events, and incidents generated by SIEM, XDR, and EDR solutions. Incident Investigation & Handling: Conduct in-depth security incident investigations, assess impact, and take appropriate actions. Incident Escalation & Communication: Escalate critical incidents to Level 3 analysts or senior security teams while maintaining detailed documentation. Content Management: Develop and fine-tune correlation rules, use cases, and alerts in SIEM/XDR platforms to improve detection accuracy. Malware Analysis: Perform basic malware analysis and forensic investigation to assess threats. Customer Request Handling: Collaborate with customers to address security concerns, provide recommendations, and respond to inquiries. SIEM Administration: Assist in the administration and maintenance of SIEM tools like Splunk or QRadar, ensuring smooth operations. Automation & Playbooks: Utilize Python scripting for automation, troubleshooting, and playbook development to enhance SOC efficiency. Reporting & Documentation: Prepare detailed reports on security incidents, trends, and mitigation strategies. Basic Qualifications B.E/B. Tech degree in computer science, Information Technology, Masters in Cybersecurity 3+ years of experience in a SOC or cybersecurity operations role. Strong knowledge of SIEM tools (Splunk, QRadar) and XDR/EDR solutions. Hands-on experience in threat detection, security monitoring, and incident response. Knowledge of network security, intrusion detection, malware analysis, and forensics. Basic experience in SIEM administration (log ingestion, rule creation, dashboard management). Proficiency in Python scripting for automation and playbook development. Good understanding of MITRE ATT&CK framework, security frameworks (NIST, ISO 27001), and threat intelligence. Strong analytical, problem-solving, and communication skills. Ability to work in a 24x7 SOC environment (if applicable) Preferred Qualifications Certified SOC Analyst (CSA) Certified Incident Handler (GCIH, ECIH) Splunk Certified Admin / QRadar Certified Analyst CompTIA Security+ / CEH / CISSP (preferred but not mandatory

Lead Security Analyst (P4) Must Have skills: SOC, End to end investigation, L4 ticket investigation, IDR ( Incident Response) , Digital Forensics, Public Cloud Experience: 10 to 14 years Shift: Rotational Job Responsibilities: As a Level 4 (L4) Lead Security and Threat Monitoring Analyst, you will be part of UKGs Global Security Operations Center (GSOC) team investigating events of interest and incidents as they are validated, prioritized, and categorized by UKGs 24x7 L1, L2 and L3 analyst teams. You will facilitate and follow UKG’s standard processes to investigate, contain, eradicate, and respond in a continued and unified effort to protect the confidentiality, integrity, and availability of UKG, our partners’ and customers’ data and services. You will be an escalation point for all incidents, either regionally or during shift assignment; analyzing, confirming, re-prioritizing if necessary and/or escalating/remediating those identified threats within the UKG computing environment. Having handson experience into Digital Forensics and Public cloud. You will work closely with UKG’s GSOC teams in the US, Europe, and India to promote an integrated, uniform, and holistic threat detection and response capability to facilitate and enable a robust and proactive security posture. You will leverage your skills, experience, and creativity to perform initial, forensically sound collection and analysis, methodologies to contain, eradicate, and recover from realized threats such as zero-day, ransomware, malware and other APT’s. Additionally, you will be responsible for participating in incident response activities as part of the Cyber Incident Response Team (CIRT) or as the Cyber Incident Response Lead (CIRL), post incident reporting and continuous improvement recommendations to enhance UKG’s security posture through process development, tool rationalization, detection technique and automation enhancement opportunities and enablement/training possibilities. Due to the nature of the work, you are required to have occasional on-call duties on weekends and/or holidays. Additional work hours may also be required during an incident investigation. Primary/Essential Duties and Key Responsibilities: • Review tickets escalated from L1 or L2 analysts to confirm the priority, category and accuracy of the details and conditions. • Pivot to additional security tools to obtain and ascertain context or information and any other pertinent information to inform on the most effective and efficient mitigation/remediation actions. • Escalate tickets as required to GSOC Director for additional scrutiny and incident declaration. • Collaborate with UKG internal and external groups to develop and execute containment, eradication, and recovery strategies for lower priority incidents. • Identify, approve, and implement blocking, listing and other mechanisms to promote a robust security posture. • Participate in the Cyber Incident Response Plan (CIRP) process as part of the Cyber Incident Response Team (CIRT) or as the Cyber Incident Response Lead (CIRL) to lead and/or support mitigating and/or remediating critical incidents. • Participate in post-incident activities including coordinating and providing input within the requisite reports and identifying areas for continuous improvements within the GSOC enablement, processes or technology. • Provide mentoring and enablement of junior analysts globally to expand and extend UKG’s GSOC capabilities and experiential capacities. Qualification (Experience, Education, Certification, License and Training): • Bachelor's degree in computer science or a related discipline • CISSP, CCSP, GIAC or other relevant cyber security certifications • Working professional with 9+ years of relevant Security/SOC experience Required Qualifications: • Knowledge of the common attack vectors on the network layer, different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks). • Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored) and cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). • Knowledge of cybersecurity, incident response methodologies, privacy principles, cyber threats, vulnerabilities, and detection methodologies and techniques for detecting intrusions. • Experience with Splunk, Google Chronicle, Elastic Search, EDR solutions, email security tools, and cloud environments (GCP, Azure). • Knowledge and experience in reverse engineering to understand how an information asset works and analyzing system components to identify potential vulnerabilities. • Knowledge and experience in developing automations using scripting languages like Python and PowerShell to automate various tasks and improve accuracy, enhance task consistency, and increase scalability. • Knowledge and experience in Security Information and Event Management (SIEM) use case and content development techniques and objectives. • Knowledge and experience in conducting and participating in security audits and assessments. • Understanding and experience in developing, and delivering relevant and value-add operational metrics to support and provide visibility into the GSOC program. • Communicate in English: write clearly and speak authoritatively to different audiences (business leaders and engineers). Preferred Qualifications: • Knowledge of new and emerging cybersecurity technologies, threats, and threat vectors. • Knowledge and experience in designing, executing, and reporting threat hunting activities. • Knowledge and experience around offensive security (ethical hacking) techniques to identify and mitigate/remediate vulnerabilities in the UKG environment. • Knowledge and experience in cyber forensic procedures and how to extract information and generate reports in support of incident response and other advanced requirements.

As a professional services firm affiliated with KPMG International Limited, KPMG in India has been a prominent presence since its establishment in August 1993. Leveraging the extensive global network of firms, our professionals possess in-depth knowledge of local laws, regulations, markets, and competition dynamics. With offices spanning across major cities in India including Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara, and Vijayawada, we are dedicated to offering a wide range of services to both national and international clients in various sectors. At KPMG in India, we are committed to delivering rapid, performance-based, industry-focused, and technology-enabled services. Our approach is rooted in a deep understanding of global and local industries, coupled with extensive experience in navigating the complex Indian business environment. We strive to ensure that our clients benefit from our shared knowledge and expertise, enabling them to thrive in a constantly evolving marketplace. As an equal opportunity employer, we value diversity and inclusion in our workforce. We believe in providing a supportive and inclusive work environment where all individuals are respected, valued, and given equal opportunities to grow and contribute to our collective success. Should you choose to be a part of KPMG in India, you will join a dynamic team of professionals who are passionate about delivering high-quality services and making a positive impact in the business landscape. Together, we aim to drive innovation, foster collaboration, and achieve excellence in everything we do.,

JOB DESCRIPTION About KPMG in India KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. i. BE/B. TECH/BCA/B.SC/M.SC/MCA/M. Tech-(Computers/Electronics/IT) ii. Minimum one certification such as CEH/OSCP and/or equivalent. iii. Having at least 5+ years of post-qualification relevant work experience including appearance before court of law while presenting the extracted cyber evidence. iv. Experience in all kinds of digital forensic work- Computer, macbook, Mobile, Cloud APIs, CCTV and AV, Database, Network etc including reporting v. Experience in analysis of malware, incident response, email and log analysis, threat modeling and assessments vi. Experience in Ethical Hacking, VAPT, OSINT etc. vii. Experience in handling cyber- crime cases, website defacement, email and VOIP analysis, image and video forensic viii. Dynamic and Static Malware analysis QUALIFICATIONS Graduation from premier institutes is preferred. Proficiency in Marathi language is must. Knowledge of IT Act, DPDP Act, CrPC, IPC, etc, laws is preferred,

The company Armada is an edge computing startup that specializes in providing computing infrastructure to remote areas with limited connectivity and cloud infrastructure. They also focus on processing data locally for real-time analytics and AI at the edge. Armada is dedicated to bridging the digital divide by deploying advanced technology infrastructure rapidly. As they continue to grow, they are seeking talented individuals to join them in achieving their mission. As a DevOps Lead at Armada, you will play a crucial role in integrating AI-driven operations into the DevOps practices of the company. Your responsibilities will include leading a DevOps team, designing scalable systems, and implementing intelligent monitoring, alerting, and self-healing infrastructure. The role requires a strategic mindset and hands-on experience with a focus on Ops AI. This position is based at the Armada office in Trivandrum, Kerala. As the DevOps Lead, you will lead the DevOps strategy with a strong emphasis on AI-enabled operational efficiency. You will architect and implement CI/CD pipelines integrated with machine learning models and analytics. Additionally, you will develop and manage infrastructure as code using tools like Terraform, Ansible, or CloudFormation. Collaboration is key in this role, as you will work closely with data scientists, developers, and operations teams to deploy and manage AI-powered applications. You will also be responsible for enhancing system observability through intelligent dashboards and real-time metrics analysis. Furthermore, you will mentor DevOps engineers and promote best practices in automation, security, and performance. To be successful in this role, you should have a Bachelor's or Master's degree in Computer Science, Engineering, or a related field. You should also have at least 7 years of DevOps experience with a minimum of 2 years in a leadership role. Proficiency in cloud infrastructure management and automation is essential, along with experience in AIOps platforms and tools. Strong scripting abilities, familiarity with CI/CD tools, and expertise in containerization and orchestration are also required. Preferred qualifications include knowledge of MLOps, experience with serverless architectures, and certification in cloud platforms. Demonstrable experience in building and integrating software and hardware for autonomous or robotic systems is a plus. Strong analytical skills, time-management abilities, and effective communication are highly valued for this role. In return, Armada offers a competitive base salary along with equity options for India-based candidates. If you are a proactive individual with a growth mindset, strong problem-solving skills, and the ability to thrive in a fast-paced environment, you may be a great fit for this position at Armada. Join the team and contribute to the success and growth of the company while working collaboratively towards achieving common goals.,

About the Opportunity Job Type: PermanentApplication Deadline: 31 August 2025 Title Cyber Security Operational Incident Manager - Technical Consultant Department Cyber Defence Operations - GCIS Location Kingswood, Surrey, Gurgaon, Bangalore Reports To Senior Manager - CDO Level 5 > About your team Technology function across FIL is responsible for all global aspects of Technology, Digital, Cybersecurity, and Innovation. Fidelity is a value-driven, customer-obsessed organization and in Technology we are fortunate to play a direct role in helping our clients with one of the most important aspects of their lives their financial well-being. Within the Technology function is our Global Cyber & Information Security (GCIS) that operates enterprise security services and controls. These are designed to mitigate Cyber and Information Security risks ensuring that Fidelity's business operates securely. The Technical Cybersecurity teams monitor both the internal and external threat environment, responding to security alerts and events in close to real time, as well as providing security assurance and access management services across the enterprise technology and business environment. Our global innovative Cyber Defence Operations team sits within GCIS and provides proactive, cutting-edge solutions to protect clients digital assets and infrastructure against evolving cyber threats. The Cyber Security Operational Incident Manager will be responding to and managing widespread security events and should have an understanding on how best to maintain CIRT teams skills and knowledge. The role will be supported by a global team of CIRT analysts who are looking at this role to provide them with direction and guidance during serious incidents. It will also be supported by a strong security leadership team and global incident management process who are keen to develop this capability. Our leadership team will be looking at this role to report on a number of key incident KPIs and provide assurance to our customers on the global operational security response process. About your role The successful candidate will be experienced in operational security incident management, including vulnerability management, understanding the value of rigorous planning, tested procedures and playbooks and quick response to critical security incidents. This is a critical role expected to develop and maintain our operational security incident management capability and help mature our global response processes. The successful candidate will be comfortable working at a technical level, proactively suggesting improvements to the incident playbooks whilst also being able to co-ordinate our front-line CIRT team during major events. The successful candidate will be able to demonstrate understanding of incident response tools and techniques, experience in responding to and managing widespread security events and an understanding on how best to maintain CIRT teams skills and knowledge. The role will be supported by a global team of CIRT analysts who are looking at this role to provide them with direction and guidance during serious incidents. It will also be supported by a strong security leadership team and global incident management process who are keen to develop this capability. Our leadership team will be looking at this role to report on a number of key incident KPIs and provide assurance to our customers on the global operational security response process. About you Key Responsibilities Own and be accountable for security incidents; taking the lead in driving global remediation activities Ensure simple, repeatable, manual tasks are automated within the Incident Response process Ensure a best-practice program is in place to manage and maintain our security response procedures Proactively develop and deliver new incident response capabilities, tooling and processes. Develop an incident management strategy, focussing on regular reviews and exercises. Create and deliver table-top and simulated exercises focussing on areas of risk identified by our Threat Intelligence team. Ensure the operational security process is consistently maintained across our global regions, taking into account different regulatory requirements and rules. Acting as the point of contact for our global business incident management team for all security related incidents. Run Post Incident Reviews and track and manage outcomes to delivery. Experience and Skills Required Experience and strong understanding of frontline security operations Experience running a vulnerability remediation programme or overseeing vulnerability teams would be advantageous Experience running complex security incidents at a global scale Experience creating or continually improving an incident management program Strong reporting ability, with an understanding on how to tailor reports to show improvements and learnings In depth understanding of modern attack techniques and flows Clear and demonstratable understanding of NIST and MITRE Att&ck Methodologies Experience in cloud environments (Ideally Azure) Strong communication skills with evidence of being in a position responsible for taking feedback from technical teams and turning this into improvements. Banking or Finance industry related experience desirable Security Incident Management Qualifications preferred Security Incident related qualifications (e.g SANS 504) At least 3 years of experience working in an Incident Response position. Experienced responding to global complex security events Experienced using NIST or MITRE frameworks to deploy defensive plans and/or actions Experience explaining the risk of security threats and creating mitigations. Experience of general IT infrastructure technologies and principles. Experience of using vulnerability management tooling e.g Nexpose, Qualys etc. Understanding of the underlying protocols including: HTTP, HTTPS, SMTP, SQL. Understanding of Networking Architecture (OSI Model). Analytical skills Challenge the current processes Passion for the cybersecurity field Time management Able to organize others Nice to Have Certifications - Security+, Network+, GCIA, GCIH, GCFA, GMON, GNFA, SSCP, OSCP For starters, well offer you a comprehensive benefits package. Well value your wellbeing and support your development. And well be as flexible as we can about where and when you work finding a balance that works for all of us. Its all part of our commitment to making you feel motivated by the work you do and happy to be part of our team.

Role & responsibilities Overview: The Team Lead - Information Security ensures the efficient execution of security operations by driving proactive incident management and strategic security initiatives. This role demands strong technical expertise and analytical thinking to enhance security posture and operational efficiency. Key Responsibilities: Lead the classification, documentation, and resolution of security incidents. Analyze, assign, and escalate high-complexity security issues as needed. Establish incident response protocols and ensure adherence to response timelines. Investigate complex security issues, determine root causes, and implement preventive measures. Collaborate with third-party vendors and escalate unresolved security incidents. Conduct vulnerability assessments and evaluate security risks. Enhance existing security controls and recommend risk mitigation strategies. Provide regular updates on security incidents, mitigation actions, and operational improvements. Develop executive-level security reports and presentations. Provide guidance on security tool optimization and integration into the organizations security framework. Lead security incident investigations and provide strategic recommendations. Cross-Functional Collaboration: Work with IT, compliance, and security teams to integrate security solutions into business operations. Lead the coordination of security initiatives with various departments. Technical Leadership and Mentorship: Provide technical guidance and mentorship to security analysts and team members. Foster a culture of continuous learning and development within the team. Stay updated on emerging cybersecurity threats, trends, and best practices. Recommend and implement security enhancements based on evolving threat landscapes. Experience Requirements: 6-8 years of experience in security operations, incident response, and risk management. Hands-on experience with SIEM tools like CrowdStrike, MS Sentinel, Splunk, QRadar, or LogRhythm. Expertise in EDR tools, Email Security tools, and forensic network analysis. Strong background in SOC operations, including triage, alert investigation, and incident qualification. In-depth knowledge of security technologies: DLP, IDS/IPS, Email Security, SWG/Proxy, CASB, CSPM, SASE, SSE, and SIEM. Experience with cloud security solutions and platforms such as AWS, Azure, or Google Cloud Platform. Proficiency in operating system security for Windows, MacOS, and Linux distributions. Strong problem-solving skills with the ability to analyze and resolve complex security issues. Strong expertise in ITIL and Change Management. Skills and Competencies: Strong technical knowledge in SIEM, EDR, Incident Response, and Email Security tools (ProofPoint, FireEye, CrowdStrike). Ability to optimize SOC operations and security workflows. Excellent communication and collaboration skills. Proficiency in MS Office for reporting and documentation. Relevant certifications such as CS, Threat Hunting, or equivalent technical certifications. Qualifications: Bachelor’s degree in computer science, Information Security, Electronics & Communication, or a related field & 8+ years of experience in managing and operating security solutions in enterprise environments. Preferred candidate profile

Overview: The Information Security Specialist ensures the seamless functioning of security operations by emphasizing proactive incident management. This role requires a mix of technical expertise, analytical thinking, and a proactive approach to improve operational efficiency. Key Responsibilities: Incident Identification and Escalation: Detect and log incidents with detailed and timely documentation. Analyze, assign, and escalate high-complexity tickets as needed. Problem Resolution: Investigate third-line support calls and determine root causes. Escalate unresolved issues to third-party vendors when necessary. Vulnerability Analysis and Risk Assessment Perform vulnerability analysis and asses the vulnerability risk by analyzing existing security controls Stakeholder Reporting: Prepare and deliver regular updates on security activities and incident reports to senior stakeholders. Collaboration: Partner with IT and security teams to create a cohesive security strategy. Ticket Queue Management: Monitor and action ticket queue, rapidly resolve technology incident issues for internal users. Security Platform Maintenance: Maintain/monitor security platforms and services, resolve issues and support SOC/IR (Incident Response) as needed. Provide analysis, review, and reporting of the operating state for security platforms, make recommendations for any environmental changes to reduce incident volumes and downtime. Maintain, test, and implement security policies and procedures to ensure compliance with company policy, industry standards, and regulatory requirements. Rapidly fulfill any SOC/IR requests in response to security incidents. Cross-Functional Collaboration: Collaborate with cross-functional teams to integrate security solutions into existing infrastructure and workflows. Mentorship: Mentor junior team members to enhance their skills. Continuous Learning: Stay up to date with the latest cybersecurity threats, trends, and technologies, and recommend appropriate security controls and countermeasures. Experience Requirements: 4-6 years of experience with SIEM tools like MS Sentinel, Splunk, QRadar, or LogRhythm. Proficiency in, EDR tools, Email Security tools. Strong background in SOC analysis, including triage, alert investigation, and incident qualification. Demonstrated expertise in incident prioritization and in-depth analysis. In-depth knowledge of most of the following security technologies: Network DLP, IDS/IPS, Email Security, SWG/Proxy, CASB, CSPM, SASE, SSE, SIEM and forensic network Understanding of operating system technology, including Microsoft Windows, MacOS and various Linux distributions. Knowledge of virtualization platforms both centrally managed as well as locally managed as well as the means to provide visibility and control to guest systems. An understanding of cloud-based endpoint security solutions and experience with public cloud platforms such as AWS, Azure, or Google Cloud Platform. Excellent analytical and problem-solving skills, with the ability to troubleshoot complex network security issues. Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams. Skills and Competencies: Proficient in SIEM tool, Email Security Tool (ProofPoint, FireEye), Incident Response, and CrowdStrike EDR Strong leadership and stakeholder management skills. Ability to analyze and optimize SOC operations effectively. Proficiency in MS Office. CEH/Security+ certification. Qualifications: Bachelors degree in computer science, Information Security, Electronics & Communication or related field. 8+years of proven experience in operating and managing security solutions in enterprise environments.

: Job Title Information Security Specialist Corporate Title Assistant Vice President LocationPune, India Role Description Everyday DB observes thousands of cyber security intrusion attempts. Deutsche Banks COO Chief Security Office (CSO) integrates both Corporate Security (CS) and Information Security (CISO) as both teams are responsible for mitigating these risks. The CSO team enables the business of Deutsche Bank by providing agile security operational capabilities. With their expertise in Threat Intelligence, Cyber Threat Analytics, Malware Response & Research, Security Monitoring, Incident Response, Forensics and Vulnerability Management, they provide global services from key locations in Frankfurt, Jacksonville and Singapore while leveraging offshore capabilities in Pune and Bucharest. Deutsche Bank AG is looking for Cyber Security professional to support the banks global security monitoring and threat detection capabilities. This role requires a heavy focus on all areas of security monitoring, risk management on privileged access management and familiarity with regulations impacting technology (e.g. MAS TRM Guidelines), requiring at least 5 to 8 years of experience. Candidate will be responsible to provide an oversight of the various security monitoring process to manage security risks and to drive the organizations compliance to regulatory and audit requirements including facilitation of audit activities, address process related queries and drive automation and audit remediation projects. The candidate will need to drive process improvements, procedure document updates, KPI monitoring and operations team management. Candidate will engage across all functional areas of business, operations, and global technologies working in a dynamic, multi-OS environment. This role will play a vital role in present organizations compliance to regulators and managing interactions with auditors. The chosen candidate will be required to provide a degree of strategic, tactical, and day-to-day operational experience to enhance the overall security monitoring, detection, and mitigation process. Candidate must also possess excellent soft skills and verbal communications dealing with senior executive management, customers, clients, auditors, and third-party vendors. What well offer you , 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Oversee the performance, efficiency, and accuracy of security monitoring operations team ensuring SLAs are met. Proactively review, propose, and implement process changes and monitoring improvements to remediate most significant risks including audit findings, self-identified issues, compliance issues, control gaps and regulatory requirements. Identify opportunities for streamlining of control processes, develop and socialize potential risk mitigation strategies particularly in privileged access management (e.g., bypass monitoring, session log review), and work with various divisions to execute. Improve the delivery of effective control process through technical review and process quality checks. Provide support in the delivery of effective governance including tracking and reporting. Ensure proper training of monitoring teams on new coverage and use cases. Offer subject-matter expertise and act as escalation point when required. Prepare and present monthly functional and operational report. Manage stakeholder queries, facilitate audit activities, and address data requests in a timely manner. Collaborate across CSO and technology teams to respond to internal and external audits, and regulatory inquiries and assessments. Drive automation projects and manage audit remediation deliverables to closure. Practice and promote good risk culture and risk management to manage the risks within banks appetite. Act as primary point-of-contact for regulatory inquiries and engagements. Collaborate with internal and external auditors and stakeholders, providing necessary evidence and artefacts, to facilitate audit processes. Your skills and experience Minimum 5 to 7 years of working Experience with security monitoring platforms and workflows. Proven Experience in area of privileged access management specifically in session log review and bypass monitoring. Proven experience and In-depth knowledge of technology regulations and understanding of regulatory risk management specially of MAS requirements and guidelines. Proven experience and strong understanding of audit process and compliance monitoring and reporting. Analytical mindset and ability to identify, assess and address compliance gaps and security risks. Strong operational background in risk analysis and risk identification. Degree from a university or major course work in computer science, networking, engineering, or other computer-related field of study. One of the following certifications will be an advantageCISSP, CISM, CISA, CRISC Expectations It is the Banks expectation that employees hired into this role will work in the office at least 2-3 days a week in accordance with the Banks hybrid working model. How well support you . . . .

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L2 Analyst has responsibility to closely track the incidents and support for closure. 10.Working with logsource and usecase management in integrating log sources and developing & testing usecase 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Developing SOP / instruction manual for L1 team 13.Guiding L1 team for triage/analysis and assist in clousure of cybersecurity alert and incidents 14.Handle XDR alerts and followup with customer team for agent updates 15.Escalate more complex incidents to L3 SME for deeper analysis. Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.3-7 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques. Preferred technical and professional experience Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L1 Analyst has responsibility to closely track the incidents and support for closure. 10.Escalate more complex incidents to L2 analysts for deeper analysis. 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Handle XDR alerts and followup with customer team for agent updates Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Preferred technical and professional experience Required Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.2 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques.Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications"

Position Summary We are seeking an experienced SOC Analyst to join our Security Operations team. This role demands an individual with a strong technical background in incident analysis, SIEM administration, and rule fine-tuning. The ideal candidate will have experience working with diverse environments, including Windows, Linux, and network security, and will be well-versed in ELK stack management and troubleshooting beats agents. Key Responsibilities 1. Incident Detection and Analysis: o Conduct deep-dive analysis on security incidents, assessing root causes, and recommending solutions. o Proactively monitor and respond to security alerts, managing incident escalation and resolution processes. o Prepare detailed reports and document incidents to support future analysis and security measures. 2. SIEM Administration and Rule Fine-Tuning: o Oversee SIEM configurations, including tuning rules to optimize alerting and reduce false positives. o Conduct SIEM platform upgrades, troubleshoot performance issues, and ensure platform availability. o Collaborate with IT teams to integrate new data sources into SIEM and enhance visibility. 3. System and Network Security: o Perform continuous monitoring and analysis across Windows and Linux systems and network infrastructures. o Utilize tools for traffic analysis, anomaly detection, and threat identification. o Support configurations and policies within the IT and network environment to strengthen security. 4. ELK Stack and Beats Agent Management: o Manage and troubleshoot ELK Stack components (Elasticsearch, Logstash, and Kibana) to ensure seamless data flow. o Perform regular maintenance and troubleshooting of beats agents, ensuring reliable log ingestion and parsing. 5. Security Policies and Compliance: o Contribute to policy updates, ensuring adherence to organizational and industry compliance standards. o Document and enforce security controls aligned with best practices and regulatory requirements. Skills and Qualifications Education: Bachelors degree in Information Security, Computer Science, or a related field. Experience: o Minimum of 5+ years in SOC operations or a similar cybersecurity role. o Proven experience in SIEM administration, incident analysis, and configuration fine-tuning. o Proficiency in monitoring and troubleshooting Windows and Linux systems and managing network security protocols. o Hands-on experience with the ELK Stack, with expertise in troubleshooting beats agents. Technical Skills: o Familiarity with SIEM tools (e.g., Splunk, QRadar) and network protocols. o Strong command of incident response processes, security frameworks, and best practices. o Knowledge of communication protocols and system integrations for data protection. Certifications (preferred): CISSP, CompTIA Security+, CEH, or similar security certifications. Competencies Strong analytical skills with attention to detail. Excellent verbal and written communication abilities. Ability to work independently and collaboratively in a fast-paced environment. Additional Preferred Skills Knowledge of regulatory compliance standards. Experience in using EDR solutions. Ability to document processes and create incident playbooks. This role offers an opportunity to work on advanced cybersecurity initiatives within a dynamic SOC environment, contributing to enhanced organizational security.

Job Summary As a Cyber Security Specialist you will play a critical role in safeguarding our organizations digital assets. With a focus on Cyber Threat Intelligence Services you will work to identify and mitigate potential threats. Your expertise in Cyber Security and Cloud along with experience in CrowdStrike will be essential in ensuring the security of our systems. This hybrid role offers the flexibility of working both remotely and on-site during day shifts. Responsibilities Lead the development and implementation of advanced cyber threat intelligence strategies to protect organizational assets. Oversee the monitoring and analysis of security threats using CrowdStrike and other advanced tools. Provide expert guidance on cloud security best practices to ensure data integrity and confidentiality. Collaborate with cross-functional teams to design and implement robust security architectures. Conduct regular security assessments and audits to identify vulnerabilities and recommend improvements. Develop and maintain incident response plans to effectively manage and mitigate security breaches. Coordinate with external partners and stakeholders to enhance threat intelligence capabilities. Implement security policies and procedures to comply with industry standards and regulations. Analyze security incidents and provide detailed reports to senior management. Train and mentor junior security team members to build a strong security culture within the organization. Stay updated with the latest cyber security trends and technologies to proactively address emerging threats. Support the integration of security solutions into existing IT infrastructure to enhance overall protection. Drive continuous improvement initiatives to optimize security operations and reduce risk exposure. Qualifications Possess a deep understanding of cyber threat intelligence services and their application in a corporate environment. Demonstrate proficiency in using CrowdStrike for threat detection and response. Exhibit strong knowledge of cloud security principles and practices. Have a proven track record of conducting security assessments and audits. Show experience in developing and implementing incident response plans. Display excellent communication skills for effective collaboration with cross-functional teams. Hold a relevant degree in Cyber Security Information Technology or a related field. Certifications Required Certified Information Systems Security Professional (CISSP) Certified Cloud Security Professional (CCSP)

Role Purpose The purpose of the role is to govern and manage the risk assessment, remediation and monitoring of information and technology process risks. Responsibilities Governance on risk and compliance performed by various technology and control functions. Managing the risk assessment, remediation and monitoring of information and technology process risks Serve as an internal risk consultant to the operating functions and business lines. Ensure process risk identification, assessment, quantification, reporting, communication, mitigation, and monitoring. Support implementation of information security policies as applicable Drive risk closure/ mitigation/ acceptance with stakeholders of business function and technology leaders Ensure periodic calendarized entitlement reviews are completed and risks are brought to an acceptable level. Working with various control functions to ensure all identified risks are tracked and mitigated. Working with the technology leaders to identify the control gaps. Work as a SME for risk and controls applicable to the operations performed by the function. Maintain strong working relationship with the stakeholders. Review and fine tune the policies and processes as per the industry best practices. Tracking of all identified risks by various control function and ensuring closure of the risks within the defined timelines. Prepare and maintain risk heat map and risk registers. Build the team and mentor the team members. Required Skill Excellent executive level communication skills Maintain strong working relationship with the team members and should be able to motivate the team members to achieve the goals and objective of the function Self-starter and decision maker with strong analytical skills Knowledge on following area with solid understanding of Risk Management Lifecycle Application Security Data Security Identity Access Management Cloud risk management Sound domain knowledge in risk assessment and treatment and exposure to standards such as ISO27001, PCI-DSS, NIST Control etc Knowledge and understanding of security incident response aspects is desirable Ability to negotiate with people for aligning towards closure of IT risks and issues Proficient in preparation of reports, dashboards, and documentation Should have high level knowledge and experience on Technology in general Performance Parameters Tracking and closure of risks and audit actions Ensure all risks and issues are tracked and updated on a weekly basis along with the closure timeline. Ensure all risks are tracked and closed within the defined timelines Ensure average aging of the open risks should not go beyond 30 days. Applications from people with disabilities are explicitly welcome.

Visionet system private limited is looking for a highly motivated and talented Information Security Analyst to join a fast-paced, dynamic, and challenging environment. The ideal candidate must have in-depth experience assessing, designing and implementing enterprise scale solutions. You will monitor our computer networks for security issues, install security software, and document any security issues or breaches you find. To do well in this role you should have a bachelor's degree in computer science and experience in the information security field. Roles and Responsibilities As the Information Security Lead ( L2+ / L3 Level), your responsibilities will include but are not limited to, the following: Monitor security alerts and logs to detect and analyze potential security incidents. Investigate and respond to security events, ensuring timely identification and resolution. Develop and execute incident response plans to contain and eradicate security threats. Coordinate with cross-functional teams to implement security measures and prevent future incidents. Conduct post-incident analysis and documentation for continuous improvement. Perform digital forensics to analyze and understand the scope and impact of security incidents. Preserve and document evidence for potential legal and regulatory requirements. Work closely with IT, network, and application teams to ensure a cohesive approach to cybersecurity. Work with other teams to ensure company policies are followed and constantly improve the security of the organization and its customers Raise awareness of security policies and develop corresponding procedures. Design and conduct training for corporate security education and awareness programs. Define security requirements and review systems to determine compliance with established security standards. Establish and manage relations with vendors and related equipment suppliers Logical, analytical, investigative and auditing skills Communicate effectively with stakeholders, providing updates and recommendations. Maintain detailed records of security incidents, investigations, and resolutions. Prepare incident reports for management and regulatory compliance. Proficiency in using incident response tools and technologies. Strong knowledge of networking protocols, systems, and applications. Experience with security information and event management (SIEM) systems. Required Skills: Microsoft Sentinel and Microsoft Defender, Expertise in KQL Crowd Strike: EDR /XDR Threat Intelligence tools Recorded feature, Force point, Zscaler, Guard duty ITSM Tools (Preferably Service Now or similar) Knowledge of firewalls, antivirus and IDS/ IPS concepts Excellent analytical and problem-solving skills. Effective communication and interpersonal skills. Ability to work collaboratively in a team environment

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Network Security Operations Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and overseeing the transition to cloud security-managed operations. You will engage in strategic discussions to align security measures with organizational objectives, ensuring a robust security posture in the cloud environment. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Expected to provide solutions to problems that apply across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in security practices.- Monitor and evaluate the effectiveness of implemented security measures and recommend improvements. Professional & Technical Skills: - Must To Have Skills: Proficiency in Network Security Operations.- Strong understanding of cloud security principles and frameworks.- Experience with security compliance standards and regulations.- Ability to design and implement security architectures for cloud environments.- Familiarity with incident response and threat management processes. Additional Information:- The candidate should have minimum 12 years of experience in Network Security Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 15 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitate the transition to cloud security-managed operations, ensuring that all security measures align with organizational objectives and compliance standards. You will engage in strategic discussions to enhance security protocols and provide guidance on best practices, contributing to a secure cloud environment that supports the organization's growth and innovation. Roles & Responsibilities:- Expected to be a Subject Matter Expert with deep knowledge and experience.- Should have influencing and advisory skills.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Expected to provide solutions to problems that apply across multiple teams.- Facilitate training sessions to enhance team understanding of cloud security practices.- Evaluate emerging security technologies and recommend improvements to existing security frameworks. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Information and Event Management (SIEM).- Strong understanding of cloud security principles and best practices.- Experience with security incident response and management.- Knowledge of compliance frameworks such as ISO 27001, NIST, or GDPR.- Familiarity with risk assessment methodologies and tools. Additional Information:- The candidate should have minimum 15 years of experience in Security Information and Event Management (SIEM).- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Role & responsibilities Incident Management: Lead the end-to-end incident response lifecycle, including detection, analysis, containment, eradication, and recovery. Threat Investigation: Analyze and investigate a variety of attack vectors, such as: Identity attacks include credential abuse, privilege escalation, and MFA bypass. Web Attacks: SQL injection, cross-site scripting (XSS), remote code execution. Network Attacks: DDoS, lateral movement, traffic manipulation. Cloud Threats: IAM misconfigurations, exposed services, container security vulnerabilities. Collaboration & Coordination: Work closely with SOC analysts, threat intelligence teams, forensics, and engineering groups during and after security incidents. Root Cause Analysis: Conduct comprehensive investigations to determine the root cause of incidents and provide actionable remediation recommendations. Preferred candidate profile A minimum of 5 years of hands-on experience in cybersecurity incident response or security operations. Proven expertise in investigating and mitigating incidents across one or more areas: identity, web, network, or cloud. Proficiency with SIEM, EDR, and SOAR tools (e.g., Splunk, Sentinel, CrowdStrike). Experience in hybrid or cloud-first environments (AWS, Azure, or GCP). Strong understanding of frameworks and methodologies such as MITRE ATT&CK, the cyber kill chain, and threat modeling.

Level 3 SOC Responder Role Overview: A Level 3 SOC Analyst is responsible for advanced threat detection, incident response, and continuous monitoring of security events. They lead investigations, coordinate responses, and mentor junior analysts, ensuring the security and integrity of information systems. Key Responsibilities: Lead the investigation and response to complex security incidents, including advanced persistent threats (APTs), malware outbreaks, and insider threats Liaison between SOC and customer Incident response team to handle complex incidents Document security incidents, investigative findings, and remediation activities in accordance with established incident response procedures and protocols Suggest SIEM rule finetuning to reduce false positive alerts Develop standard operating procedures (SOPs) Perform quality review of the alerts handled by L1 and L2 Track KPIs and create dashboards for executive briefing Provide guidance and mentorship to junior SOC analysts, imparting knowledge and best practices in incident detection, analysis, and response. Conduct training sessions and workshops to enhance the skills and capabilities of SOC team members Skills and Qualifications: Education: Bachelors degree in Cybersecurity, Information Technology, Computer Science, or a related field. Experience: 7+ years of experience in SOC operations, incident response, and threat hunting. Experience in CrowdStrike SIEM and EDR preferred. Certifications (Preferred): Relevant certifications such as CISSP, CEH, GCIH, or similar. Problem-Solving Skills: Excellent problem-solving skills and attention to detail. Communication Skills: Strong communication skills, both written and verbal. Work Environment: Typically works in a security operations center. May require shift work to provide 24/7 monitoring. Looking for immediate joiner

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Splunk Security Information and Event Management (SIEM) Good to have skills : Microsoft Azure SentinelMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your security expertise to design, build, and protect enterprise systems, applications, data, assets, and people. Your typical day will involve collaborating with various teams to implement security measures, conducting risk assessments, and ensuring compliance with security policies. You will also monitor security systems and respond to incidents, all while staying updated on the latest cyber threats and security technologies to effectively safeguard the organizations information and infrastructure. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct regular security assessments and audits to identify vulnerabilities.- Develop and implement security policies and procedures to enhance the organization's security posture. Professional & Technical Skills: - Must To Have Skills: Proficiency in Splunk Security Information and Event Management (SIEM).- Good To Have Skills: Experience with Microsoft Azure Sentinel.- Strong understanding of security protocols and best practices.- Experience in incident response and threat hunting.- Familiarity with network security technologies and tools. Additional Information:- The candidate should have minimum 3 years of experience in Splunk Security Information and Event Management (SIEM).- This position is based at our Noida office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Managed Cloud Security Services Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Senior Security Engineer your typical day will involve security platform related activities on Microsoft Sentinel, providing end to end investigation on health monitoring and platform monitoring. You will also engage in proactive monitoring of security systems to analyze and respond to incidents effectively and normalize the log source and use case finetuning activities. Roles & Responsibilities:- Develop and deploy use case -New log source onboarding to SIEM-Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct regular security assessments and audits to identify gaps in the configuration and detections of false positives.- Develop and implement security policies and procedures to safeguard information, inclusive of optimization of analytic rules. Professional & Technical Skills- Microsoft Sentinel:Hands-on experience with SIEM/SOAR, including KQL query development, alert tuning, and automation with Logic Apps.- Expertise in Devops and Terraform to mange pipeline and infrastructure deployment.-Platform and Healthmonitorng incident investigation and deployment. -Required knowledge Entra ID management.-Managing Cribl and Logstash pipeline for log source onboarding.-Strong understanding of incident response and threat management.-Experience with security monitoring tools and technologies.-Able to manage requests, incidents, and changes on ServiceNow as per service management process.-Familiarity with scripting (PowerShell, KQL), infrastructure-as-code, and automation tools is a plus.-Required active participation/contribution in team discussions-To be a part of audits and service improvement activities within the team- threat hunting, MDE and use case engineering experience- Knowledge of security frameworks like MITRE.- Deliver security solutions using Microsofts security stack, with a focus on Microsoft Defender for Cloud, Endpoint, Identity, Azure Firewall, and Microsoft Sentinel.-Implement and operationalize MDC for cloud security posture management and workload protection.-Support deployment and ongoing management of MDE for endpoint threat detection and response.-Integrate MDI into customer environments to monitor identity-related threats and provide remediation recommendations.- Ability to analyze security incidents from L2/L3 perspective as well as developing effective response strategies.-Knowledge of network security protocols and best practices. Additional Information:- The candidate should have minimum 6 years of experience in Microsoft Azure Security suite.- This position will be operated from Bengaluru location.-A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : SailPoint IdentityIQ Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations, ensuring that all security measures align with organizational objectives and compliance standards. You will engage in discussions to refine security strategies and provide guidance on best practices, contributing to a secure and efficient cloud environment. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge on cloud security practices.- Monitor and evaluate the effectiveness of implemented security measures and recommend improvements. Professional & Technical Skills: - Must To Have Skills: Proficiency in SailPoint IdentityIQ.- Good To Have Skills: Experience with cloud security frameworks and compliance standards.- Strong understanding of identity governance and administration.- Experience with risk assessment and management methodologies.- Familiarity with security incident response and management. Additional Information:- The candidate should have minimum 7.5 years of experience in SailPoint IdentityIQ.- This position is based at our Coimbatore office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Managed Cloud Security Services Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are looking for an experienced and detail-oriented Security Delivery Associate Manager to support the planning, implementation, and delivery of cybersecurity services across Microsoft security technologies. will play a key role in delivering secure, scalable, and compliant security solutions for internal stakeholders or clients. Roles & responsibilities:The ideal candidate will have practical expertise in Microsoft Sentinel, Cribl, Logstash, Devops, Terraform, Logsource onboarding, ASIM Parsing Deliver security solutions using Microsofts security stack, with a focus on Microsoft Sentinel Platform Management.Translate business and technical requirements into well-architected security solutions and support delivery from design to deployment.Managing Cluster with multiple clients Lead and manage cross-functional teams, ensuring effective collaboration, communication, and alignment with business objectives. Responsible for team decisions.Engage with multiple teams and contribute on key decisions.Develop and implement security strategies.Conduct security assessments and audits.Stay updated on the latest security trends and technologies.Configure and fine-tune Microsoft Sentinel, develop analytics rules, workbooks, playbooks, and maintain alerting mechanisms.Coordinate with engineering, operations, and risk teams to ensure consistent and secure delivery of services.Create technical documentation, deployment guides, and knowledge transfer materials for clients or internal teams.Collaborate with project managers and stakeholders to ensure timely and successful delivery of security services.Contribute to continuous improvement initiatives and automation of delivery processes. Professional & Technical Skills: Strong client-facing and stakeholder engagement capabilities.Excellent organizational and project coordination skills.Ability to clearly communicate technical information to both technical and non-technical audiences.Proactive mindset with a focus on security service quality and consistency.Experience working in delivery frameworks such as Agile, ITIL. Microsoft Sentinel:Hands-on experience with SIEM/SOAR, including KQL query development, alert tuning, and automation with Logic Apps.Configure and fine-tune Microsoft Sentinel, develop analytics rules, workbooks, playbooks, and maintain alerting mechanisms.Able to manage key vault and secret rotation Required knowledge Entra ID management.Required knowledge in Log source optimizationASIM parsing and normalizationManaging Cribl and Logstash pipeline for log source onboarding.Strong understanding of incident response and threat management.Familiarity with scripting (PowerShell, KQL), infrastructure-as-code, and automation tools is a plus.Able to manage requests, incidents, and changes on ServiceNow as per service management process.Required active participation/contribution in team discussionsTo be a part of audits and service improvement activities within the teamSentinel data modelling experienceExperience in designing and implementing security solutions. Deliver security solutions using Microsofts security stack, with a focus on Microsoft Defender for Cloud, Endpoint, Identity, Azure Firewall, and Microsoft Sentinel.Implement and operationalize MDC for cloud security posture management and workload protection.Support deployment and ongoing management of MDE for endpoint threat detection and response.Integrate MDI into customer environments to monitor identity-related threats and provide remediation recommendations.Knowledge of network security protocols and best practices.Hands-on experience with security tools and technologies. Additional Information:The candidate should have a minimum of 10+ years of experience in Managed Cloud Security Services.This position will be operated from Bengaluru location.A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Threat Hunting Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure that the architecture aligns with organizational objectives, while also addressing any emerging security challenges in the cloud environment. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in security practices.- Evaluate and recommend new security technologies and tools to improve the overall security posture. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Threat Hunting.- Strong understanding of cloud security principles and best practices.- Experience with threat detection and incident response methodologies.- Familiarity with security frameworks such as NIST, ISO 27001, and CIS.- Ability to analyze security incidents and develop effective remediation strategies. Additional Information:- The candidate should have minimum 7.5 years of experience in Security Threat Hunting.- This position is based in Pune.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Governance, Email Security Good to have skills : Security Information and Event Management (SIEM)Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Expand your expertise in security governance and contribute to enhancing organizational security measures. Roles & Responsibilities:- Expected to be an SME- Collaborate and manage the team to perform- Responsible for team decisions- Engage with multiple teams and contribute on key decisions- Provide solutions to problems for their immediate team and across multiple teams- Enhance security protocols for data protection- Conduct regular security audits and risk assessments- Implement and maintain security governance policies Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Governance, Email Security- Good To Have Skills: Experience with Security Information and Event Management (SIEM)- Strong understanding of security frameworks and compliance standards- Knowledge of threat intelligence and incident response- Experience in implementing security controls and measures- Ability to analyze and mitigate security vulnerabilities Additional Information:- The candidate should have a minimum of 7.5 years of experience in Security Governance.- This position is based at our Chennai office.-A 15 years full time education is required. Qualification 15 years full time education