325 Incident Response Jobs - Page 7

Overview 170+ Years Strong. Industry Leader. Global Impact. At Pinkerton, the mission is to protect our clients. To do this, we provide enterprise risk management services and programs specifically designed for each client. Pinkerton employees are one of our most important assets and critical to the delivery of world-class solutions. Bonded together, we share a commitment to integrity, vigilance, and excellence. Pinkerton is an inclusive employer who seeks candidates with diverse backgrounds, experiences, and perspectives to join our family of industry subject matter experts. The Senior Security Specialist will be responsible for assessing client security needs, developing customized security strategies, and implementing solutions to mitigate risks. This role requires strong analytical skills, technical expertise, and the ability to communicate effectively with clients Responsibilities Represent Pinkerton’s core values of integrity, vigilance, and excellence. Proven project management expertise with a strong understanding of security design principles. Demonstrated ability to develop and implement standardized security processes and best practices in collaboration with subject matter experts. This includes defining project scope, documentation, metrics, communication strategies, and successful implementation. Excellent time management and prioritization skills to meet client needs and deadlines. Adept at creating clear and concise security documentation, including SOPs, guidelines, presentations and Skilled in creating high-quality reports Strong communication and interpersonal skills. Holds a Project Management Professional (PMP)/CPP certification. 5 to 7 years of relevant experiences. Collaborate with stakeholders to define project scope, objectives, and deliverables. Develop and implement comprehensive security solutions, including physical security design, access control systems, and surveillance technologies. Create and maintain accurate documentation, including project plans, risk assessments, and incident reports. Communicate effectively with clients, security leaders, and other team members Proactively identify and mitigate security risks. Prioritize tasks and manage workload to meet deadlines and client expectations. Develop and deliver security awareness training to employees. Perform other security-related duties as assigned by the client. All other duties, as assigned. Qualifications Proven experience as a Security Consultant or in a similar role. • Strong understanding of security protocols, risk management, and incident response. • Excellent analytical, problem-solving, and communication skills. • Relevant certifications such as CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) are preferred. Working Conditions: With or without reasonable accommodation, requires the physical and mental capacity to effectively perform all essential functions; Regular computer usage. Occasional reaching and lifting of small objects and operating office equipment. Frequent sitting, standing, and/or walking. Travel, as required. Pinkerton is an equal opportunity employer to all applicants and positions without regard to race/ethnicity, color, national origin, ancestry, sex/gender, gender identity/expression, sexual orientation, marital/prenatal status, pregnancy/childbirth or related conditions, religion, creed, age, disability, genetic information, veteran status, or any protected status by local, state, federal or country-specific law.

Your day at NTT DATA The Senior Associate Information Security Analyst is a developing subject matter expert, responsible for designing and implementing security systems to protect the organization's computer networks from cyber-attacks, and to help set and maintain security standards. This role is required to monitor the organization's computer networks for security issues, install security software, and document any security issues or breaches found. The Senior Associate Information Security Analyst is responsible for assisting in the planning, implementation, and management of information security measures to safeguard the organization's digital assets and systems and contributes to maintaining a secure and compliant environment. What you'll be doing Key Responsibilities: Monitors security alerts and events from various sources, investigates potential threats, and escalates incidents as necessary. Assists in the implementation and monitoring of security controls, including firewalls, intrusion detection systems, and access controls. Performs regular vulnerability assessments, analyses scan results, and assists in prioritizing and remediating identified vulnerabilities. Supports the incident response team in investigating security incidents, documenting findings, and participating in remediation efforts. Assists in ensuring compliance with industry standards (for example, GDPR, ISO 27001) by conducting assessments and implementing necessary controls. Installs security measures and operates software to protect systems and information infrastructure, including firewalls and data encryption programs. Documents security breaches and assess the damage they cause. Works with the security team to perform tests and uncover network vulnerabilities. Fixes detected vulnerabilities to maintain a high-security standard. Develops organizational best practices for IT security. Performs penetration testing and upgrades systems to unable security software. Installs and upgrades antivirus software and tests and evaluates new technology. Assists with the installation of security software and understands information security management. Researches security enhancements and makes recommendations to management. Stays abreast of information technology trends and security standards. Contributes to security awareness initiatives by creating training materials, conducting workshops, and educating employees about best security practices. Maintains accurate records of security incidents, assessments, and actions taken for reporting and audit purposes. Assists in the management and maintenance of security tools, including antivirus software, encryption tools, and security information and event management (SIEM) systems. Participates in risk assessments to identify potential security threats, vulnerabilities, and associated risks to the organization. Collaborates with cross-functional teams, IT, and other teams to ensure security measures are integrated into the organization's processes and projects. Performs any other related task as required. Knowledge and Attributes: Good communication skills to effectively convey technical information to non-technical stakeholders. Good analytical thinking and problem-solving skills to prevent hacking on a network. Ability to identify and evaluate potential risks and to develop solutions. Ability to identify and mitigate network vulnerabilities and explain how to avoid them. Understands firewalls, proxies, SIEM, antivirus, and IDPS concepts. Understands patch management with the ability to deploy patches in a timely manner whilst understanding business impact. Developing proficiency with MAC and OS. Familiarity with security frameworks, standards, and regulations (for example, NIST, CIS, GDPR). Basic understanding of network and system architecture, protocols, and security controls. Ability to analyze security incidents and assess potential risks. Ability to work both independently and collaboratively in a fast-paced environment. Academic Qualifications and Certifications: Bachelor's degree or equivalent in information security, cybersecurity, computer science, or related. Security certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM) are advantageous. Required Experience: Moderate level of demonstrated experience in information security or cybersecurity, or related roles. Moderate level of demonstrated experience working in a global IT organization. Moderate level of demonstrated experience with computer network penetration testing and techniques. Moderate level of demonstrated experience with security assessment and vulnerability scanning tools. Workplace type : On-site Working

Your day at NTT DATA The Senior Information Security Incident Response Analyst is an advanced subject matter expert, responsible for detecting and monitoring escalated threats and suspicious activity affecting the organization's technology domain (servers, networks, appliances and all infrastructure supporting production applications for the enterprise, as well as development environments). This role acts as the technical second responder for the team and supports the work of technical staff from various business areas, as well as third-party technical experts. The Senior Information Security Incident Response uses their technical competencies of systems and automated mechanisms to detect unauthorized activity on company information assets. What you'll be doing Key Responsibilities: Manages the prevention and resolution of security breaches and ensure incident and problem management processes are initiated. Performs access management activities according to the policy. Implements and discusses security service audit schedules, review access authorization and perform the required access controls and testing to identify security weaknesses. Interacts with a global team of Cyber Security Analysts and specialists. Manages 2nd level triaging of security alerts, events, and notifications. Manages notifications of internal and/or external teams according to agreed alert priority levels, and escalation trees. Communicates status of response, resolution and final root cause analysis to the appropriate stakeholders. Follows and updates established and/or ad-hoc processes and work instructions and create procedures where deficiencies are identified. Logs, manages and coordinates service requests through to resolution including the identification, isolation, resolution and escalation of IT infrastructure faults. Maintains an understanding of current and emerging threats, vulnerabilities, and trends. Knowledge and Attributes: Advanced understanding of End Point Protection Software. Advanced understanding of Enterprise Detection and Response software. Advanced knowledge of technological advances within the information security arena. Advanced understanding of inter-relationships in an overall system or process. Advanced knowledge of information security management and policies. Advanced understanding risk management principles and frameworks is crucial for prioritizing and addressing security incidents Advanced understanding of the organization's business operations, goals, and objectives enables the analyst to align incident response efforts with the broader business strategy. Ability to effectively communicate technical information to both technical and non-technical stakeholders, and end-users, as well as working with cross-functional teams during incident response. Ability to think critically, analyze information, and solve medium to complex problems. Academic Qualifications and Certifications: Bachelors degree or equivalent in Information Technology, Computer Science or related preferred. SANS GIAC Security Essentials (GSEC) or equivalent preferred. SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent preferred. SANS GIAC Certified Incident Handler (GCIH) or equivalent preferred Required Experience: Advanced experience in a Technology Information Security Industry. Advanced experience or knowledge of SIEM and IPS technologies. Advanced experience with Wireshark or tcpdump to identify normal and abnormal/malicious traffic patterns and behaviors. Workplace type : Remote Working.

Your day at NTT DATA The Associate Security Platform Engineer is an entry level subject matter expert, responsible for learning how to facilitate problem resolution and mentoring for the overall team. This role performs operational security tasks such as performance and availability monitoring, log monitoring, security incident detection and response, security event reporting, and content maintenance (tuning). The Associate Security Platform Engineer is responsible for detecting and monitoring escalated threats and suspicious activity affecting the organization's technology domain (servers, networks, appliances and all infrastructure supporting production applications for the enterprise, as well as development environments). What you'll be doing Key Responsibilities: Works as part of a 24/7 team working on rotational shifts. Works as part of Platform and Content Engineering handling tunings, stake holder requests, escalations, reporting, trainings. Administers the organization's security tools to gather security logs from environment. Lifecycle management of the supported security tools/technologies, Break-fix, Patching, Live update. Adheres to SOPs and notify stake holders on log flow/log format issues. Documents best practices. Identifies opportunities to make automations which will help the incident response team. Performs security incident handling and response from several vectors including End Point Protection and Enterprise Detection and response tools, attack analysis, malware analysis, network forensics, computer forensics, and a broad range of skills in LAN technologies, Windows and Linux O/Ss, and general security infrastructure. Knowledge and Attributes: Entry level knowledge on implementation and monitoring of any SIEM or security tools/technologies. Entry level knowledge on security architecture, worked across different security technologies. Customer service orientated and pro-active thinking. Ability to problem solve and is highly driven and self-organized. Great attention to detail. Good analytical and logical thinking. Excellent spoken and written communication skills. Team player with the ability to work well with others and in group with colleagues and stakeholders. Academic Qualifications and Certifications: Bachelor's degree or equivalent in Information Technology or related field. Relevant level of Networking certifications such as CCNA, JNCIA, ACCA, PCNSA, CCSA etc. preferred. Relevant level of Security certifications such as AZ-500, SC-200, Security+, CEH etc. will be added advantage. Required Experience: Entry level experience in Security technologies like (Firewall, IPS, IDS, Proxy etc.). Entry level experience in technical support to clients. Entry level experience in diagnosis and troubleshooting. Entry level experience providing remote support in Security Technologies. Entry level experience in SOC/CSIRT Operations. Entry level experience in handling security incidents end to end. Entry level experience in Security engineering.

Knowledge and application: Seasoned, experienced professional; has complete knowledge and understanding of area of specialization. Uses evaluation, judgment, and interpretation to select right course of action. Problem solving: Works on problems of diverse scope where analysis of information requires evaluation of identifiable factors. Resolves and assesses a wide range of issues in creative ways and suggests variations in approach. Interaction: Enhances relationships and networks with senior internal/external partners who are not familiar with the subject matter often requiring persuasion. Works with others outside of own area of expertise, with the ability to adapt style to differing audiences and often advises others on difficult matters. Impact: Impacts short to medium term goals through personal effort or influence over team members. Accountability: Accountable for own targets with work reviewed at critical points. Work is done independently and is reviewed at critical points. Workplace type : Hybrid Working

Work experience: 8 + years Location : Bengaluru Essential Duties and responsibilities: Participate in governance, risk and compliance related assessments, policy and procedures, awareness and training for end users, change management, internal control identification and measurement per applicable guidelines and frameworks Conduct comprehensive security assessment and implementation support based on ISO 27001:2022, NIST 800, NIST CSF, PCI DSS and HITRUST. Perform gap analysis, identify risks, and provide actionable recommendations for compliance and security improvement. Lead risk methodology development and execution maintain updates and mapping of governance, risk and compliance (GRC) assessments for changing requirements/criteria related to SOC1, SOC2, in addition to other regulatory or industry requirements Work across matrix business environments both internal and external for risk and compliance (audit) readiness. Work with business units in a consulting role to assist in their understanding of internal controls and measurements in addressing strategic initiatives, business/client drivers and concerns, future audits and compliance requirements. Lead governance, risk and compliance (GRC) liaison with internal and external audit resources, external customers and government regulators, domestic and international. Actively support business units request for information and data security risk, technology risk, technical vendor relationship management, product selection and design related to the authority and responsibility of GRC within an Enterprise Risk Management (ERM) model. Promote a positive, entrepreneurial, consulting, performance focused culture within organisation that works effectively with stakeholders in the development and launch of services and programs that support compliance and company growth. Support the coordination, tracking and reporting on divisional and business units' metrics, results, data modelling, processing, calculating and transformation into meaningful risk metrics and reports. Roles and Responsibilities Job Qualifications: Bachelor’s degree in Computer Science/ Information Technology, Risk Management or equivalent years in experience Certifications required (two), preferred certifications: Certified Information Systems Auditor (CISA, Certified in Risk and Information System Controls (CRISC), Certified Information System Security Professional (CISSP), or equivalents. 8+ years of combined experience with consulting, external audit, company in house and outsourced internal audit, assurance services, contracts; experience with a Big 4 is required. 8+ years of hands-on combined experience with designing and implementing technology controls in diverse technology environments, including auditing, risk assessments and providing recommendations for remediation. 5+ years of hands-on combined experience, preferred in business process design, system integration, identity access & management, data privacy and protection, system development life cycle (SDLC), vulnerability assessment, information technology security, incident response, vendor management, backup and recovery and continuity planning. 8+ years of operational leadership roles that include domestic and international; diverse industry experience preferred, consulting services, financial services and banking, insurance and healthcare, risk and compliance. 8+ years of audit experience with SOC1, SOC2, and regulatory compliance. 8 years of combined hands-on operational experience in; accounting, tax, payroll, human resources, information technology operations, information technology security, risk management. 8+ years as a Subject Matter Expert (SME); working with industry frameworks including COSO, ISO, NIST 800-53, NIST/CSF, PCI, HITRUST, and GDPR. Experience leading engagements, establishing budgets, developing work programs/plans, building relationships, mentoring staff, providing performance feedback, and monitoring workloads of team(s) while meeting stakeholder and client expectations. Advanced written, verbal and presentation skills; including interactions with key stakeholders, internal executive management and external executive management and senior leaders. Experienced working in remote environments. Independent, motivated self-starter with the ability to analyse complex problems, think critically, problem solve, influence change, provide thought leadership. Excellent interpersonal skills, including the ability to work across a highly matrixed organization, interacting, influencing, negotiating effectively with all levels of leadership and peers Experienced with vendor and managed security services with ability to identify continuous improvement opportunities to drive risk assessment effectiveness and efficiency.

About the Role: Uber's Security Response and Investigations (SRI) team is the cybersecurity incident response body at Uber. SRI responds to security incidents and mitigates security threats across the company. The SRI team is made of three teams: vSOC (virtual Security Operations Center), Investigations and Automation, and Incident Command. You will be joining the vSOC team. As a Security Analyst on the vSOC team, You will be on the front-line of defence for the Uber Security Incident Response program. You will be handling triage for all security alerts for Uber globally across all environments (cloud, prod, corp). You will build Standard Operating Procedures (SOP) and help improve the incident response program. You will serve as an incident coordinator during high and critical severity incidents. Expect to work weekend shift (Saturday / Sunday) Basic Qualifications: Good understanding of cybersecurity fundamentals. This includes but is not limited to network protocols (e.g. TCP/IP stack) and security, system security, email security, etc. 2+ years of hands-on experience in a cybersecurity role. 1+ year of hands-on experience with security monitoring and response in a SOC environment. Strong problem-solving skills. Good communication skills. Preferred Qualifications: Experience with cybersecurity forensic methodologies and software. Experience driving complex incidents or leading investigations end-to-end. Threat hunting and Automation experience(SOAR/Python). Applied knowledge of cyber intel frameworks such as ATT&CK framework and kill-chain model. Experience working crisis events for a global company. Ability to work across geographically distributed teams. Certifications in Security is a plus

Wipro Limited (NYSEWIT, BSE507685, NSEWIPRO) is a leading technology services and consulting company focused on building innovative solutions that address clients’ most complex digital transformation needs. Leveraging our holistic portfolio of capabilities in consulting, design, engineering, and operations, we help clients realize their boldest ambitions and build future-ready, sustainable businesses. With over 230,000 employees and business partners across 65 countries, we deliver on the promise of helping our customers, colleagues, and communities thrive in an ever-changing world. For additional information, visit us at www.wipro.com. About The Role Job Summary: We are seeking a skilled and experienced Network and Security Consultant to join our team. The ideal candidate will have a strong background in network security, risk assessment, and the implementation of security protocols. This role involves evaluating security needs, designing robust security systems and ensuring the protection of sensitive data. ? Key Responsibilities: Evaluate the enterprise network and security standards and create solutions that meet the required benchmarks for new infrastructure set ups. Design and implement robust network and security policies and procedures to protect the enterprise infrastructure. Install, configure, and upgrade security software (CC, DS, RF, AS device, on prem and cloud FWs and related networking solutions. Train and mentor team members to upskill them and perform KE sessions for overall team betterment. Respond to security breaches and provide incident response solutions. Stay up to date on the latest intelligence, including hackers’ methodologies, to anticipate security breaches. Ensure compliance with changing laws and applicable regulations. ? Required Skills: Technical level experience in Ethernet/Voice/Security/Cloud/VOIP, WIFI, etc. Strong understanding of End-to-End network device set up to support existing infrastructure. Experience with customer relationship management and interaction with internal and external customers. Proficiency in data analysis tools, data gathering, and reporting, Data Migrations and Storage solutions. Mandatory knowledge of CISCO, HP infrastructure along with networking requirements for Azure, GCP and AWS CSP’s. Preferred Knowledge of CP and PA FW’s (on Prem and Cloud) along with VPC and Public Cloud set ups Excellent presentation skills to interact at multiple organizational levels. Remarkable interpersonal skillsempathy, respectfulness, persuasiveness, and diplomacy. ? Internal - General Use Ability to multitask and deliver to timescales. Preferred bachelor’s degree or equivalent with at least 5 years of related experience. Fluent in English, including excellent written English ? Preferred Qualifications: Familiarity with a wide range of security frameworks and a deep understanding of threat. Reinvent your world. We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention. Come to Wipro. Realize your ambitions. Applications from people with disabilities are explicitly welcome.

? Identify gaps and weaknesses on current alerting platforms and recommend improvements to ensure evolving capabilities. Identify gaps and weaknesses on Data Loss Prevention platforms. Continually review existing risk scoring models and adjust accordingly to ensure proper focus on significant security events and business needs. Administrate of DLP solution and liaising with GRC & CISO function to configure policies and work on reporting, monitor and respond to different alerts generated from the DLP solution. Demonstrate a good understanding of incident response process and event escalations, repone to DLPs escalations reported by incident response team. Share recommendations to further identify sensitive data and strengthen security controls. Collaborate & partner with legal, compliance team to support customer privacy initiative and continue compliance with different regulations, to mature company data life cycle management with focus on data security. Ability to independently research and solve technical issues and Demonstrated integrity in a professional environment.

About The Role :About The Role : Technology GRC Manager C1 Role Purpose: As GRC (Governance, Risk, and Compliance) Manager is responsible for overseeing and managing the risk assessment, remediation, and monitoring of information and technology process risks. This role involves ensuring that all risk and compliance activities are performed effectively by various control functions. The GRC Manager also serves as an internal consultant, providing guidance to operating functions and business lines on risk-related matters. Additionally, they are tasked with identifying, assessing, quantifying, reporting, communicating, mitigating, and monitoring process risks to ensure the organization''s overall security and compliance posture. Responsibilities: Ensure strong governance on risk and compliance performed by various control functions. Manage risk assessment, remediation, and monitoring of information and technology process risks. Serve as an internal risk consultant to operating functions and business lines. Identify, assess, quantify, report, communicate, mitigate, and monitor process risks. Support the implementation of information security policies. Discuss risk closure, mitigation, and acceptance with stakeholders. Ensure periodic entitlement reviews are completed, and risks are managed to an acceptable level. Collaborate with control functions to track and mitigate identified risks. Work with technology leaders to identify control gaps. Act as a subject matter expert for risk and controls related to operations. Maintain strong working relationships with stakeholders. Review and refine policies and processes based on industry best practices. Track identified risks and ensured their closure within defined timelines. Prepare and maintain risk heat maps and risk registers. Required Skills: Excellent executive-level communication skills. Strong working relationships with team members and the ability to motivate them. Knowledge in areas such as Application Security, Data Security, Identity Access Management, Information, Infrastructure Technology, GDPR, and ISO Audits. Solid understanding of Risk Management Lifecycle and exposure to standards like SOX, COBIT, PCI-DSS, NIST Control, etc. Understanding of Security incident response aspects is desirable. Good analytical, problem-solving, and interpersonal skills. B.E in Computer Science/Information Technology or equivalent qualification with 8-12 years of experience. Industry-recognized certification in information security such as CISSP, CISM, CISA, etc.

The Group Security (GS) Cybersecurity Defense Center (CDC) team is looking for a Security Operations Center (SOC) Analyst, responsible for execution of incident response, investigative analysis of security incidents, reporting, continuous improvement, and post-incident activities. Will work closely with the CDC Engineering Team, internal Nokia teams, external Security Suppliers, and various technology vendors. Group Security (GS) is part of Strategy & Technology and Nokias central knowledge center for Nokias cybersecurity policies and standards, the cybersecurity architecture and roadmap, and the monitoring and alerting of security incidents. You have: 5+ years of experience in a Security Operations Center (SOC) or similar role 2+ years of experience working with one or more of following systemsMicrosoft Sentinel, Microsoft Defender for Endpoint (MDE), Microsoft Defender for Identity (MDI), SentinelOne or Rapid7 Deep knowledge of incident response methodologies and forensic analysis techniques Strong understanding of cloud security principles and experience with major cloud platforms (AWS, Azure, GCP) Expertise in leveraging automation tools for enhancing security operations It would be nice if you also had: Certifications such as CompTIA Cybersecurity Analyst (CySA+), GIAC Certified Incident Handler (GCIH), or Certified SOC Analyst (CSA) Mentoring experience with junior analysts Execute complex security investigations using log analysis and threat intelligence across all Nokia assets Collaborate with SOC Engineers to drive automation and implement AI-powered security solutions Apply cloud security best practices and zero-trust architecture principles in security operations Engage with senior stakeholders to communicate security risks and improve incident response efforts Lead advanced threat hunting initiatives leveraging expertise in security tools and techniques Contribute to the continuous development of SOC processes, technologies, and techniques for enhanced security Mentor and guide junior analysts to foster a culture of learning and professional growth Facilitate post-incident activities, ensuring comprehensive reporting and continuous improvement of security measures

Assist in document verification, fingerprint analysis, and digital evidence collection. Support forensic investigations across physical and cyber domains with proper documentation. Stay updated on forensic tools, techniques, and legal standards. Performance bonus Retention bonus

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Splunk Security Information and Event Management (SIEM), Splunk Administration, Splunk Enterprise Security, Splunk Phantom Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Splunk Engineer, you will be working within the Security Engineering & Technology Services team, responsible for understanding, researching, designing, developing, operating, and enhancing security solutions with the products client has acquired for consumption as a service offering across all of client. You will collaborate with Security Operations (mainly Cyber) teams to support in implementation of new technical solutions, on-board new data into Splunk and develop use cases to meet the business requirements Roles & Responsibilities:Building, maintaining, and operating Splunk Enterprise and Splunk Enterprise Security SaaS SolutionBuilding Co-relation searches for Cyber Operation requirementsEvaluating and analysing business requirements and designing suitable solutions, challenging requirements where necessary Managing, co-ordinating and implementing technical project activities and enhancements to services Conducting Incident/ Problem/ Recovery activities Supporting the Joint Operations Centre and incident response teams for detected security events. Creating and maintaining accurate and high-quality documentation Supporting Operational effectiveness auditStructure phased deliverables to link long term vision with time-boxed activities.Support the project delivery phase including testing and training, to ensure the agreed business solutions are delivered successfully.Work closely with developers and testers, to ensure delivery of the functionality on time and with quality. Professional & Technical Skills: Knowledge of Splunk Enterprise architecture, distributed components (indexer clusters, forwarders, search head clusters, deployment servers) , knowledge of Splunk Cloud & SOARKnowledge of Splunk Enterprise Security at administration and use case level Knowledge on on-boarding new data into Splunk, Splunk Forwarders - data ingestion, extraction.Knowledge of the Common Information Model, data models, enrichment, and automationGood experience on Splunk add-Ons installation / configuration to bring security logs into Splunk.Good understanding of the Security Domain.Documentation skills in order to provide high quality documentation for internal customers and technical teams. Additional Information:- The candidate should have a minimum of 8+ years of experience in Security Information and Event Management (SIEM) with 5+ yrs experience on Splunk SIEM.- The ideal candidate will possess a strong educational background in computer science, information technology, or a related field, along with a proven track record of delivering impactful security solutions.- This position is based at our Pune office with flexible locations as banglore and Chennai. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Identity Access Management (IAM) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud technologies and security threats. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct regular assessments of cloud security measures to identify areas for improvement.- Collaborate with cross-functional teams to ensure alignment of security practices with business objectives. Professional & Technical Skills: - Must To Have Skills: Proficiency in Identity Access Management (IAM).- Strong understanding of cloud security principles and best practices.- Experience with identity governance and administration tools.- Knowledge of regulatory compliance frameworks related to cloud security.- Familiarity with risk assessment methodologies and security incident response. Additional Information:- The candidate should have minimum 3 years of experience in Identity Access Management (IAM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Splunk Security Information and Event Management (SIEM) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and facilitating the transition to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud security challenges. Roles & Responsibilities:- Expected to perform independently and become an SME.- Flexible to work in 24x7 Shifts to provide required coverage.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Collaborate with cross-functional teams to ensure security measures are in place.- Stay updated on the latest security trends and technologies.- Provide guidance and mentorship to junior security professionals. Professional & Technical Skills: - Proficiency in Splunk Security Information and Event Management (SIEM) administration and Incident Response - Strong understanding of security principles and practices.- Knowledge of general security best practices.- Hands-on experience with security tools and technologies. Additional Information:- The candidate should have minimum 3 years of experience in Splunk Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Operation Automation Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud technologies and security threats. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Develop and maintain comprehensive documentation of security architecture and frameworks.- Conduct regular assessments and audits to ensure compliance with security policies and standards. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Operation Automation.- Strong understanding of cloud security principles and best practices.- Experience with security incident response and management.- Familiarity with security compliance frameworks such as ISO 27001, NIST, or CIS.- Knowledge of automation tools and scripting languages to enhance security operations. Additional Information:- The candidate should have minimum 5 years of experience in Security Operation Automation.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Network Security Operations Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations. You will engage in discussions to align security strategies with organizational objectives, ensuring that all security measures are effectively integrated into the cloud environment. Your role will also require you to stay updated on the latest security trends and technologies to enhance the overall security posture of the organization. Roles & Responsibilities:- Expected to be an SME in design and implementation of Network security using multiple products.- Develop and execute robust security protocols to prevent security breaches.- Facilitate cross-departmental collaboration to ensure cohesive security policies across the organization- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Expected to provide solutions to problems that apply across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in security practices.- Conduct regular assessments of security measures to identify areas for improvement. Professional & Technical Skills: - Must To Have Skills: Proficiency in Network Security Operations and proven experience on Palo Alto and Cisco firewalls, Palo Alto Prisma Access, Cisco ISE- Good to have Skills: Network Load balancers preferably F5-BigIP, WAF- Strong understanding of cloud security principles and frameworks.- Experience with security incident response and management.- Knowledge of compliance standards and regulations related to cloud security.- Familiarity with security tools and technologies for threat detection and prevention. Additional Information:- The candidate should have minimum 10 years of continuous experience in Network Security Operations.- This position is based at our Bengaluru office.- 15 years full time education is required.- Willing to work in US Shift timings and WFH policy adherence. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Governance Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and overseeing the transition to cloud security-managed operations. You will engage in discussions to align security strategies with organizational objectives, ensuring that all security measures are effectively integrated into the cloud environment. Your role will also require you to stay updated on the latest security trends and technologies to enhance the overall security posture of the organization. Roles & Responsibilities:- Lead and mentor a team of Tier 1, Tier 2, and Tier 3 SOC analysts.- Define and enforce SOC processes, workflows, SLAs, and escalation protocols.- Provide regular performance feedback and conduct training to upskill the team.- Collaborate with IT, DevOps, Risk, and Compliance teams on security initiatives.- Oversee daily security monitoring, triage, and incident response activities.- Ensure timely detection, investigation, and resolution of security incidents.- Maintain incident tracking and reporting for internal stakeholders and audits.- Conduct root cause analysis and ensure lessons learned are documented and implemented.- Manage and optimize SIEM, SOAR, EDR, and other monitoring tools.- Define and tune detection rules, playbooks, and alerts to reduce false positives.- Evaluate and recommend new tools and technologies to improve SOC capabilities.- Ensure log sources and telemetry are complete and properly ingested.- Ensure SOC operations support compliance requirements (ISO 27001, NIST, PCI DSS, GDPR).- Prepare and deliver regular security metrics and executive reports.- Coordinate with internal and external auditors during assessments. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Governance.- Strong understanding of risk management frameworks and compliance standards.- Experience with cloud security architecture and implementation.- Ability to conduct security assessments and audits.- Familiarity with security tools and technologies for threat detection and response. Additional Information:- The candidate should have minimum 12 years of experience in Security Governance.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

The primary responsibility of this role is to provide advanced incident analysis and management within our SOC environment, while also leading the development and training of the L1 SOC team in incident analysis, parsers creation, rule views, and report management. The ideal candidate will have a strong background in cybersecurity, incident response, and leadership skills. Responsibilities: Advanced Incident Analysis: Utilize advanced tools and techniques to analyze and investigate security incidents detected within the organization's networks and systems. Incident Response: Lead incident response efforts, coordinating with internal and external stakeholders to mitigate and remediate security incidents promptly. Team Leadership: Provide mentorship and guidance to the L1 SOC team, assisting in the development of their skills in incident analysis, parser creation, rule views, and report management. Parser Creation: Develop and maintain parsers to enhance the capability of the SOC's security information and event management (SIEM) system in detecting and correlating security events. Rule View Management: Manage and optimize rule views within the SIEM platform to ensure accurate and timely detection of security threats. Report Management: Oversee the generation and distribution of security reports, including incident reports, trend analysis, and recommendations for improvement. Collaboration: Work closely with other teams within the organization, including IT operations, network engineering, and application development, to improve overall security posture and incident response capabilities. Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field. Equivalent work experience may be considered. Minimum of 3 years of experience in a SOC environment, with a focus on incident analysis and response. Strong understanding of cybersecurity principles, including threat detection, malware analysis, and vulnerability management. Experience with SIEM platforms (e.g., Securonix, QRadar) and familiarity with creating and managing parsers and rule views. Leadership experience, with the ability to mentor and motivate team members effectively. Excellent communication skills, both written and verbal, with the ability to convey complex technical concepts to non-technical stakeholders.

Advanced Incident Analysis: Utilize advanced tools and techniques to analyze and investigate security incidents detected within the organization's networks and systems. Incident Response: Lead incident response efforts, coordinating with internal and external stakeholders to mitigate and remediate security incidents promptly. Team Leadership: Provide mentorship and guidance to the L1 SOC team, assisting in the development of their skills in incident analysis, parser creation, rule views, and report management. Parser Creation: Develop and maintain parsers to enhance the capability of the SOC's security information and event management (SIEM) system in detecting and correlating security events. Rule View Management: Manage and optimize rule views within the SIEM platform to ensure accurate and timely detection of security threats. Report Management: Oversee the generation and distribution of security reports, including incident reports, trend analysis, and recommendations for improvement. Collaboration: Work closely with other teams within the organization, including IT operations, network engineering, and application development, to improve overall security posture and incident response capabilities.

Summary Reporting to the Director of Info Sec and Cyber Operations, the Security Operations Centre (SOC) Analyst will be an integral part of the teams success. As a security operations center (SOC) engineer, you will help build and manage services that detect and automate the mitigation of cybersecurity threats across Waystone infrastructure. You will work with software engineers, DevOps engineers, IT Engineering, internal audit and compliance teams, and other security engineers across multiple teams to protect Waystone. ESSENTIAL DUTIES AND RESPONSIBILITIES Monitor and analyse security alerts from various sources, including AWS, Azure, O365, Okta, Zscaler and SIEM tools, to identify potential security threats. Perform incident detection, analysis, and response for cloud-native environments, utilizing Security Hub (AWS) and Defender for Cloud (Azure). Collaborate with internal teams to address security incidents and ensure timely resolution, including coordination with IT, Security Engineering, and other stakeholders. Develop and refine security monitoring policies, rules, and alerting configurations for enhanced detection capabilities. Conduct investigations into security incidents, identifying root causes and recommending remediation steps. Maintain and optimise DLP solutions for the organisation to prevent unauthorised data exposure. Generate regular reports on security incidents, key metrics, and recommendations for security improvements. Proactively identify security risks and work with various teams to mitigate potential threats. Participate in threat hunting activities to identify advanced threats and vulnerabilities within the cloud and on-premises environments. Provide input into the SOCs continuous improvement processes, including playbook development and toolset enhancement. REQUIREMENTS To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Experience3+ years of experience in a Security Operations Centrr (SOC) or similar environment. Hands-on experience with AWS, Azure, Zscaler and O365 security tools and technologies. Strong familiarity with cloud native tools, cloud security posture management, and application security (Security Hub, Defender for Cloud). Experience with SIEM platforms (CrowdStrike NG-SIEM or similar) including alert tuning, query development, and integration with cloud environments. Proficient in data loss prevention (DLP) strategies and tools, with the ability to customise and maintain DLP policies. Strong understanding of incident response processes and best practices. Demonstrated ability to conduct thorough investigations and report on complex security incidents. Familiarity with cloud security principles, tools, and techniques, including identity and access management (IAM) and network security. Strong problem-solving skills, attention to detail, and ability to work under pressure in a fast-paced environment. EducationBachelors degree in information security, Computer Science, or related field (or equivalent work experience). CCSP AWS certification Azure Certification

1. Sr. Security Analyst / Sr. Technology Specialist Qualifications and Experience: - Education: B.E. / B. Tech / MCA degree - Certified with: EC Council-CEH / CompTIA Security+ / CISSP / CHFI, Proposed OEM certification - 5+ years of relevant experience in managing all aspects of risk and incident analysis in SOC - Must have experience in managing at least 1 project for enterprise scale clients - Shall be responsible for deployment, maintaining, tuning, monitoring, and managing all aspects of client SOC - Responsible for coordinating, in a timely manner, all activities necessary for: - Security incident monitoring - Analysing incidents / risks - Incident / risk containment - Identifying root cause - Initiating problem resolution - Incident / risk response and communication - Experience monitoring database security logs/alerts and complete ownership of the same - Well versed in database security, access control, identity management, encryption of data, data obfuscation techniques - Experience with firewall, IPS, Anti-APT solution, etc. 2. Security Analyst Qualifications and Experience: - Education: B.E. / B. Tech / MCA degree - Certified with: OEM Certification / Certified SOC Analyst (CSA) - EC Council / CompTIA CySA+ - 3+ years of overall experience with at least 1 year of relevant experience in all aspects of Incident monitoring in SOC

Job Description: At least 10 years of experience in Information Security operations & management with hand on experience in large security operations center using IBM QRadar/Splunk/ArcSight or similar SIEM tool. Manage network, endpoints and forensics initiatives, malware triage and cyber security incident response Managing Cyber Security Services engagements and engagement teams Recognizing common attacker tools, tactics, and procedures Providing oversight for on-site examinations and collections and technology advisory services to enhance forensic client engagements Researching and developing new digital forensics scripts, tools, and methodologies Assessing and troubleshooting a variety of technical issues and support a cyber response lab on our clients SIEM tool and UEBA platform Assist in conducting peer reviews and providing quality assurance reviews for junior personnel and will support the mentoring of junior incident managers and provide guidance to others on incident management prioritization, triage and report writing in support of onsite engagements. Guiding the team to Monitor, identify and investigate the security alerts and perform incident response activities related to cybersecurity incidents Creates new trouble tickets for alerts that signal an incident and require Tier 2 / Incident Response review Respond to cybersecurity incidents, conduct threat analysis as directed and address detected incidents for resolution Should be able do multitasking to coordinate incident with Sr analyst and escalation manager Recommend enhancements to SOC security process, Operations efficiencies. Create Incident response (IR) plan, IR play books, manage all incidents and crisis situations. Log Analysis, handle, resolve security incidents. Collaborate with respective tracks/technical team for remediation of the incident. Periodical review of incident response plan and procedures. Recommend and document specific countermeasures and mitigating controls Develop comprehensive and accurate reports and presentations for both technical and executive audiences Preferred Skills: Strong knowledge of cyber-attacks and techniques, Cyber Kill chain, incident management best practices. A high-level understanding of multi-tiered applications and various network and security devices/protocols Knowledge of various operating system flavour including but not limited to Windows, Linux, Unix Proficient in preparation of reports and documentation. Knowledge of Cyber-criminal techniques, Compliance, and regulatory standards. Excellent verbal and written communication skills.

Job Title: Security Operation Manager Location: Noida Job Tyoe : Full-Time Experience: 7+ Years Department: Operation/ Security Reports To: Operation Director Job Summary: The Security Operational Manager is responsible for overseeing the day-to-day operations of the organization's security infrastructure. This role involves managing the security operations center (SOC), leading incident response efforts, and ensuring the effectiveness of security policies, procedures, and protocols. The Security Operational Manager will collaborate with various departments to safeguard the company's information assets and maintain a robust security posture. Key Responsibilities: Manage Security Operations: Oversee the daily activities and operations of the security operations center (SOC), ensuring continuous monitoring, detection, and response to security incidents. Incident Response: Lead the incident response team in identifying, managing, and resolving security breaches and vulnerabilities. Conduct post-incident analysis and reporting to prevent future occurrences. Security Monitoring: Implement and maintain security monitoring tools and technologies to detect and respond to threats in real-time. Penetration Testing and Vulnerability Scanning: Conduct regular penetration testing and vulnerability scanning to identify and mitigate security weaknesses within the organization's systems and applications. Policy and Compliance: Develop, enforce, and update security policies, procedures, and protocols in alignment with industry standards and regulatory requirements. Ensure compliance with relevant laws and regulations. Team Leadership: Tain, and mentor the security operations team, fostering a culture of continuous improvement and professional development. Risk Management: Conduct regular security risk assessments and implement mitigation strategies to reduce identified risks. Collaboration: Work closely with IT, legal, and other departments to ensure comprehensive security measures are integrated into all business processes. Reporting: Prepare and present regular reports on security operations, incidents, and compliance status to the Customers. Emergency Response: Develop and maintain emergency response plans for security incidents, ensuring the organization is prepared for potential crises. Qualifications: Education: Bachelors degree in Computer Science, Information Security, or a related field.. Experience: Minimum of 7 years of experience in information security, with at least 3 years in a managerial role overseeing security operations. Certifications: Relevant certifications such as CISSP, CISM, CEH, or similar are highly desirable. Technical Skills: Proficient in security technologies such as SIEM, IDS/IPS, firewalls, antivirus software, and endpoint protection. Expertise in conducting penetration testing and vulnerability scanning. AWS Expertise: In-depth knowledge and experience with Amazon Web Services (AWS) security practices and tools. Knowledge: In-depth understanding of security frameworks (e.g., NIST, ISO 27001), compliance requirements (e.g., GDPR, HIPAA), and incident response best practices. Leadership: Strong leadership and team management skills with the ability to motivate and guide a diverse team. Communication: Strong verbal and written communication skills, with the ability to convey complex security issues to non-technical stakeholders. Working Conditions: The role may require occasional on-call work to address security incidents. Must be able to work in a high-pressure environment and handle multiple tasks simultaneously.

Hi Everyone, I am on lookout for Infosec Analyst- GSOC for leading product based MNC in Yerwada, Pune. Kindly refer below JD:- Should have experience with Global Security Operation Center(SOC) Should have good experience with concepts of SIEM Should have strong experience in Incident Response Any SIEM tools experience: (Splunk, Azure Sentinel, EDR, MS Defender, Azure Sentinel, Any) Share your resume on nitika.sh@peoplefy.com NOTE: Immediate joiners to max 30 days are preferred.