35 Kql Jobs

10+ yrs Exp in cybersecurity Multi-tenant MSSP SOC Analytics rules KQL Playbooks Logic Apps Workbooks Connectors Incident response Detection use cases-MITRE ATT&CK Defender XDR stack PowerShell ISO 27001 SOC 2 /PCI DSS CISSP CISM GIAC (GCIA, GCIH)

Job Title: Cybersecurity Vulnerability & Patch Management Engineer (Onsite PST Hours) Location: Bangalore, India Work Hours: 8:00 AM – 5:00 PM PST (India Time: 8:30 PM – 5:30 AM IST) Reports To: SecOps Leader, Cybersecurity (US-based) About the Role: We are seeking a skilled and proactive Vulnerability & Patch Management Engineer to join our offshore cybersecurity team supporting Rocket EMS. You will lead the end-to-end vulnerability management and patching program across global infrastructure. This is a strategic, hands-on role requiring expert knowledge in tools like TenableOne, Automox, CrowdStrike Falcon, and Azure security solutions. Key Responsibilities: Manage enterprise-wide vulnerability lifecycle using TenableOne Rapid response to zero-day threats with scripting via CrowdStrike RTR Execute patch deployment using Automox across OS and cloud workloads Develop PowerShell/Python scripts for automation and rollback procedures Perform Azure Sentinel threat hunting using KQL Lead weekly vulnerability/patch management meetings and prepare executive dashboards Collaborate with global IT, SecOps, DevOps, and Engineering teams Required Skills: 5+ years in enterprise patch and vulnerability management Hands-on experience with TenableOne , Automox , CrowdStrike Falcon Complete , Azure Sentinel , and KQL Proficient in PowerShell and/or Python Strong understanding of Azure Cloud security posture and incident response CISSP certification (mandatory) Preferred: Knowledge of Infrastructure-as-Code (Terraform/ARM) Experience in regulated industries or manufacturing Additional certifications: Azure Security Engineer, CrowdStrike Certified Please share your resume to Sirishad@ca-one.com

As a global group of life-saving technology companies, Halma is dedicated to pushing the boundaries of science and technology. With headquarters in the UK and operations spanning 23 countries, including regional hubs in India, China, Brazil, and the US, we have a diverse portfolio of nearly 50 companies specializing in market-leading technologies. For over 42 years, our purpose-driven approach, strategic initiatives, talented workforce, unique DNA, and sustainable business model have consistently delivered remarkable long-term growth in revenues and profits. Halma stands out as an FTSE 100 company by annually increasing dividends by 5%, a feat unparalleled by any other company on the London Stock Exchange. Why Join Us Certified as a Great Place to Work, Halma fosters an employee-centric culture based on autonomy, trust, respect, humility, work-life balance, team spirit, and approachable leadership. We provide a safe and inclusive workplace where individuality is celebrated, and everyone is encouraged to leverage their unique talents and backgrounds to drive meaningful outcomes. Position Objective: We are currently looking for dedicated cyber security professionals to join our 24/7 security operations team. In this role, you will play a crucial part in monitoring Halma Group's centralized infrastructure for malicious activities, analyzing logs to detect attack patterns, and ensuring timely responses to infiltration attempts. Additionally, you will manage technical support requests related to security devices integrated into Halma's infrastructure. Responsibilities: - Lead a team of security analysts on an 8-hour rotational shift schedule. - Conduct real-time security monitoring and respond to incidents using various tools and methodologies. - Maintain the group's infrastructure to meet service level expectations. - Develop and manage Security Information and Event Management (SIEM) use cases. - Identify and document incidents through proactive threat hunting. - Perform vulnerability assessments within Halma's network infrastructure and collaborate with stakeholders to mitigate risks. - Design and refine the Incident Response Playbook for enhanced reaction protocols. - Conduct post-incident analyses to improve Halma's incident response processes. - Propose innovative security control measures and solutions. - Provide technical support for security infrastructure, including SIEM, VPN, Antivirus, EDR, and Endpoint Management systems. - Possess a strong understanding of Windows/macOS operating systems and related security measures. - Monitor and manage security incidents for Halma's headquarters and subsidiary companies. - Utilize problem-solving skills during security incidents and alerts investigations. - Perform additional tasks such as generating vulnerability reports and contributing to process improvements. Critical Success Factors: - Resolve security incidents, support issues, and service requests within SLAs. - Contribute to enhancing processes, systems, and services provided by Halma IT. Qualifications: - Bachelor's degree in computer science or IT. Preferred Certifications: - CompTIA Security+, CEH - Microsoft Security certifications like SC-200/SC-300/SC-400 Desirable Certifications: - Any SIEM certifications, any Network certifications Experience: - 5 to 8 years of total experience. - Knowledge of vendor firewall and Remote Access solutions. - Exposure to security technologies, including Incident Response and Microsoft Sentinel. - Familiarity with Active Directory, server virtualization, and Microsoft technologies. - Experience with Microsoft Defender, Microsoft Intune, Cato Networks (VPN and Firewall), Azure Sentinel, and KQL is advantageous.,

Wipro Limited is a leading technology services and consulting company dedicated to developing innovative solutions that cater to the complex digital transformation needs of clients. With a comprehensive portfolio encompassing consulting, design, engineering, and operations, we assist clients in achieving their ambitious goals and establishing sustainable, future-ready businesses. Our global presence includes over 230,000 employees and business partners spanning 65 countries, as we strive to support our customers, colleagues, and communities in navigating an ever-evolving world. For more information, please visit our website at www.wipro.com. As a potential candidate, you should hold a Bachelor's degree in Computer Science, Information Security, or a related field, or possess equivalent practical experience. Previous experience in a SOC or cybersecurity analyst role is essential for this position. Proficiency in utilizing Microsoft Sentinel, MS Unified SecOps/XDR, and other SIEM/EDR platforms is required, along with a strong understanding of KQL and the ability to create detection rules. Hands-on experience in managing alerts and incidents from MDE & MDO is also a key aspect. The role demands advanced skills in analyzing logs, network flows, and security telemetry, coupled with excellent problem-solving, analytical, and communication abilities. Possession of certifications such as CompTIA Security+, CEH, or equivalent is highly desired. The ideal candidate should have a minimum of 5-8 years of experience in the field, with a focus on Security Information Event Management. At Wipro, we are embarking on a journey to build a modern organization, driven by digital transformation and bold aspirations. We seek individuals who are inspired by reinvention, both in terms of personal growth and skill development. Our vision is to continuously evolve as a business and an industry, adapting to the changing world around us. Join us in a purpose-driven environment that encourages you to shape your own reinvention. Realize your ambitions at Wipro, where applications from individuals with disabilities are warmly welcomed.,

Key tasks and responsibilities Ensure daily tasks and activities have successfully completed. Where this is not the case, recovery and remediation steps will be undertaken. Undertake patching and upgrade activities in support of ParentPay compliance programs. These being PCI DSS, ISO27001 and Cyber Essentials+. Action requests from the ServiceNow work queue that have been allocated to your relevant resolver group. These include incidents, problems, changes and service requests. Investigate alerts and events detected from the monitoring systems that indicate a change in component health. Create and maintain support documentation in the form of departmental wiki and ServiceNow knowledge articles that allow for continual improvement of fault detection and recovery times. Work with colleagues to identify and champion the automation of all manual interventions undertaken within the team. Attend and complete all mandatory training courses. Engage and own the transition of new services into Service Operations. Participate in the out of hours on call support rota. Technical knowledge: Advanced automation scripting using Terraform and Powershell. Knowledge of bicep and ansible advantageous. Advanced Microsoft Active Directory configuration and support. Microsoft Azure and AWS cloud hosting platform administration. Advanced Microsoft SQL server experience. Windows Server and desktop management and configuration. Microsoft IIS web services administration and configuration. Advanced management of data and SQL backup solutions. Advanced scripting and automation capabilities. Advanced knowledge of Azure analytics and KQL.

EY- Cyber Security (Cloud Security) Technology Consulting Staff As part of our EY Cyber security, Technology Consulting team, your role will be to actively establish, maintain and strengthen internal and external relationships. You will be responsible for delivery and maintaining quality of services and deliverables on your engagements. You'll also identify potential business opportunities for EY and GDS within existing engagements and escalate these as appropriate. Similarly, you'll anticipate and identify risks within engagements and share any issues with senior members of the team. The opportunity We're looking for Senior to work on various cloud security engineering related projects for our customers across the globe. This role requires hands-on experience in cloud, application and/or infrastructure security, technology risk management in a highly regulated environment as well as great organizational and communication (verbal and written) skills. The Cloud Security team required to work on various security architecture related requirements which address sector specific challenges. Delivering solutions using third party security tools will be a part of the delivery responsibilities. Your key responsibilities Provide specific security expertise to engineering teams by identifying and creating patterns and blueprints for repeatable security, infrastructure and application instantiations. Ensure security baselines are aligned with organizational policies and best practices. Continuously update and refine security baselines to address emerging threats and changes in the cloud landscape. Implement security baselines across cloud environments to ensure consistent application of security controls. Utilize CSPM tools (e.g. Azure Defender for cloud, WIZ, Prisma cloud) to implement the enforcement of security baselines. Collaborate with DevOps and IT teams to integrate security baselines into cloud deployment processes. Monitor cloud environments for compliance with defined security baselines. Work with teams to remediate non-compliance issues and track resolution progress. Respond to security incidents related to cloud security posture and assist in incident investigations and remediation. Prepare and present reports on cloud security posture, compliance status, and risk assessments to management and stakeholders. Work closely with cross-functional teams to ensure alignment on security requirements and practices. Communicate effectively with stakeholders regarding security baseline initiatives and compliance efforts. Required Skills: Minimum of 2 years of IT and Cybersecurity experience At least 2+ years of specialization in Cybersecurity and CSPM tools (e.g. Azure Defender) At least 2+ years of application development experience with backend development, Containerized applications At least 2+ Experience working with KQL query writing and implementing configuration. Experience using or fixing vulnerabilities of various security tools. To qualify for the role, you must have 2+ years of experience in the Cyber Security and Cloud Security Domain Minimum B. Tech. or equivalent educational qualification Certifications Azure Security Engineer, AWS Certified Security - Specialty , CCSK Product certifications around AWS, Azure, GCP, Ali Cloud will be preferred Product knowledge and certification for tools such as Terraform, Sentinel, Rego. What we look for A Team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 1400 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries What working at EY offers At EY, we're dedicated to helping our clients, from startups to Fortune 500 companies and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that's right for you

Microsoft Silicon, Cloud Hardware, and Infrastructure Engineering (SCHIE) is the team responsible for powering Microsoft's expanding Cloud Infrastructure and driving the Intelligent Cloud mission. SCHIE plays a crucial role in delivering core infrastructure and foundational technologies for over 200 online businesses globally, including Bing, MSN, Office 365, Xbox Live, Teams, OneDrive, and the Microsoft Azure platform. As part of our team, you will contribute to server and data center infrastructure, security and compliance, operations, globalization, and manageability solutions. We are committed to smart growth, high efficiency, and providing a trusted experience to our customers and partners worldwide. We are seeking passionate and high-energy engineers to join us on this mission. We are currently looking for a motivated software engineer with a strong interest in cloud-scale distributed systems to work on building and maintaining cloud services and software stacks. The primary focus will be on monitoring and managing cloud hardware, ensuring the health, performance, and availability of the cloud infrastructure. This role offers the opportunity to be part of a dynamic team at the forefront of innovation within Microsoft, contributing to the development of cutting-edge hardware solutions that power Azure and enhance our cloud infrastructure. Responsibilities: - Design, develop, and operate large-scale, low-latency, high-throughput cloud services. - Monitor, diagnose, and repair service health and performance in production environments. - Conduct A/B testing and analysis, establish baseline metrics, set incremental targets, and validate against those targets continuously. - Utilize AI/copilot tooling for development and operational efficiency, driving improvements to meet individual and team-level goals. - Perform data analysis using various analytical tools and interpret results to provide actionable recommendations. - Define and measure the impact of requested analytics and reporting features through quantitative measures. - Collaborate with internal peer teams and external partners to ensure highly available, secure, accurate, and actionable results based on hardware health signals, policies, and predictive analytics. Qualifications: - Academic qualifications: B.S. in Computer Science, M.S. in Computer Science, or Ph.D. in Computer Science or Electrical Engineering with at least 1 year of development experience. - Proficiency in programming languages such as C# or other Object-oriented languages, C, Python, and scripting languages. - Strong understanding of Computer Science fundamentals including algorithms, data structures, object-oriented design, multi-threading, and distributed systems. - Excellent problem-solving and design skills with a focus on quality, performance, and service excellence. - Effective communication skills for collaboration and customer/partner correspondence. - Experience with Azure services and database query languages like SQL/kusto is desired but optional. - Familiarity with AI copilot tooling and basic knowledge of LLM models and RAG is desired but optional. Join us in shaping the future of cloud infrastructure and be part of an exciting and innovative team at Microsoft SCHIE. #azurehwjobs #CHIE #HHS,

Job Summary: We are seeking a highly skilled and motivated SOC Analyst / Detection Engineer to join our Security Operations Center. This role requires expertise in developing advanced KQL and Splunk queries, detection engineering, and incident response within complex enterprise environments. The ideal candidate will bring hands-on experience with SIEM, EDR, cloud security, incident playbooks, and OSINT tools, while also showing a passion for mentoring junior team members. Key Responsibilities: Develop and fine-tune detection rules and analytics using KQL (Microsoft Sentinel) and SPL (Splunk). Lead threat hunting activities leveraging EDR telemetry, SIEM logs, and threat intelligence sources. Design and implement detections based on behavioral patterns and MITRE ATT&CK mappings. Investigate security alerts and incidents, triage threats, and provide detailed incident reports and root cause analysis. Build and maintain incident response playbooks, SOPs, and runbooks to streamline SOC operations. Collaborate with internal teams to continuously improve detection logic and incident workflows. Mentor and train junior analysts, promote knowledge sharing, and support SOC skill development. Develop integrations and use cases with various log sources from on-prem, cloud, and hybrid environments. Utilize OSINT tools and frameworks (e.g., VirusTotal, Shodan, Censys, MISP, AbuseIPDB, Whois, etc.) during threat investigation and enrichment. Drive automation and orchestration where applicable using SOAR technologies. Stay up to date on threat intelligence, emerging tactics, techniques, and procedures (TTPs). Technical Skill Requirements: Detection Engineering: Strong expertise in writing detection queries (KQL/SPL), developing use cases, and tuning alerts. SIEM: Hands-on experience with Microsoft Sentinel and Splunk (Enterprise Security). EDR/XDR: CrowdStrike Falcon, Microsoft Defender for Endpoint. Cloud Security: Security monitoring in Azure, AWS, and GCP. Microsoft 365 Security: Defender for Office 365, Entra ID (Azure AD), Purview (compliance). Web Security Filtering: Experience or knowledge of Zscaler and similar solutions. Incident Response: Playbook development, SOPs, runbook creation, triage, and remediation. OSINT Tools: Practical usage of VirusTotal, URLScan.io, MISP, Shodan, Censys, GreyNoise, AbuseIPDB, Whois, etc. Log Analysis: Deep understanding of log formats from servers, network devices, cloud services, and applications. Automation/SOAR: Familiarity with automation frameworks (Logic Apps, Sentinel Playbooks, Splunk SOAR) is a plus. Scripting: PowerShell, Python, or equivalent scripting for enrichment and automation. Additional Expectations: Willingness to mentor and train junior SOC team members. Ability to work independently in a fast-paced SOC environment. Excellent analytical, communication, and problem-solving skills. Strong attention to detail and a proactive security mindset. Preferred Certifications (Nice to Have): SC-200: Microsoft Security Operations Analyst Splunk Core/Enterprise Security certifications CrowdStrike CCFR / CCFH Zscaler ZCCA/ZCCP Azure/AWS/GCP security certifications GIAC (GCIA, GCED, GCIH) or other relevant SANS certifications

As an Azure SIEM Platform Lead at CyberProof, A UST Company, you will be responsible for managing and leading a cloud-based SIEM platform using Azure Data Explorer (ADX), Microsoft Sentinel, and Azure DevOps. Your role will involve developing and optimizing Kusto Query Language (KQL) queries for threat detection, reporting, and health monitoring, as well as onboarding and fine-tuning log sources and connectors for enhanced visibility and cost efficiency. Leading a small technical team, you will mentor engineers, drive automation and CI/CD practices, and ensure platform performance, scalability, and security. Key Responsibilities - Manage and lead the Azure SIEM platform utilizing ADX, Sentinel, and DevOps tools. - Develop and optimize KQL queries for threat detection, reporting, and health monitoring. - Onboard and fine-tune log sources and connectors for visibility and cost efficiency. - Lead and mentor a small team of engineers. - Act as the primary technical contact for customers. - Drive automation and CI/CD practices using Azure DevOps. - Ensure platform performance, scalability, and security. Mandatory Skills - Proficiency in Azure Data Explorer (ADX), Microsoft Sentinel, and KQL. - Experience with Azure DevOps for CI/CD and automation. - Strong background in cloud platform management and team leadership. - Excellent communication and customer-facing skills. - Knowledge of security operations, threat detection, and log optimization. Preferred Certifications - AZ-500, AZ-104, SC-200. - Familiarity with ARM, Bicep, or Terraform is considered a plus.,

We are looking for an experienced Data Engineer/BI Developer with strong hands-on expertise in Microsoft Fabric technologies, including OneLake, Lakehouse, Data Lake, Warehouse, and Real-Time Analytics, along with proven skills in Power BI, Azure Synapse Analytics, and Azure Data Factory (ADF). The ideal candidate should also possess working knowledge of DevOps practices for data engineering and deployment automation. Key Responsibilities: Design and implement scalable data solutions using Microsoft Fabric components: OneLake, Data Lake, Lakehouse, Warehouse, and Real-Time Analytics Build and manage end-to-end data pipelines integrating structured and unstructured data from multiple sources. Integrate Microsoft Fabric with Power BI, Synapse Analytics, and Azure Data Factory to enable modern data analytics solutions. Develop and maintain Power BI datasets, dashboards, and reports using data from Fabric Lakehouses or Warehouses. Implement data governance, security, and compliance policies within the Microsoft Fabric ecosystem. Collaborate with stakeholders for requirements gathering, data modeling, and performance tuning. Leverage Azure DevOps / Git for version control, CI/CD pipelines, and deployment automation of data artifacts. Monitor, troubleshoot, and optimize data flows and transformations for performance and reliability. Required Skills: 38 years of experience in data engineering, BI development, or similar roles. Strong hands-on experience with Microsoft Fabric ecosystem:OneLake, Data Lake, Lakehouse, Warehouse, Real-Time Analytics Proficient in Power BI for interactive reporting and visualization. Experience with Azure Synapse Analytics, ADF (Azure Data Factory), and related Azure services. Good understanding of data modeling, SQL, T-SQL, and Spark/Delta Lake concepts. Working knowledge of DevOps tools and CI/CD processes for data deployment (Azure DevOps preferred). Familiarity with DataOps and version control practices for data solutions. Preferred Qualifications: Microsoft certifications (e.g., DP-203, PL-300, or Microsoft Fabric certifications) are a plus. Experience with Python, Notebooks, or KQL for Real-Time Analytics is advantageous. Knowledge of data governance tools (e.g., Microsoft Purview) is a plus. Location: Remote- Bengaluru,Hyderabad,Delhi / NCR,Chennai,Pune,Kolkata,Ahmedabad,Mumbai

Senior SOC Eng to lead incident response, threat detection & automation initiatives for Rocket EMS's globl security operatn. SIEM/SOAR optimization, advanced threat hunting & direct response to cyberattacks across endpoints, cloud & identity systems.

Seeking skilled Vulnerability & Patch Mngmnt Eng to join our offshore cybersecurity team supporting Rocket EMS. Its a strategic, hands-on role requiring expert knowledge in tools like TenableOne, Automox, CrowdStrike Falcon & Azure Sentinel, and KQL

Key Responsibilities: Develop, test, and maintain detection use cases across SIEM, EDR, NDR, and cloud security platforms. Proactively hunt for threats using behavioral analytics and threat intelligence feeds. Write detection rules (e.g., Sigma, KQL, SPL, YARA, Snort), based on MITRE ATT&CK and emerging threat techniques. Analyze security logs and telemetry to identify malicious activity and suspicious patterns. Collaborate with the SOC, incident response, and threat intel teams to build a proactive defense model. Stay up to date on cyber threat landscape and contribute to improving detection strategies. Work with automation tools (SOAR) to respond to threats and improve detection-response cycles. Key Skills Required: Strong knowledge of threat detection methodologies, malware behavior, and attack techniques Hands-on experience with SIEM tools (e.g., Splunk, Sentinel, QRadar, Elastic) Proficiency in writing detection logic using KQL, SPL, Sigma, or custom rule languages Familiarity with MITRE ATT&CK, threat intelligence feeds, and IOC correlation Experience with log parsing, network forensics, and endpoint telemetry Scripting knowledge (Python, PowerShell, or Bash) for automating detection and analysis tasks Understanding of cloud security (AWS, Azure, GCP) and detection engineering in cloud-native environments is a plus

Role & responsibilities About the Role: We are seeking a skilled and proactive Vulnerability & Patch Management Engineer to join our offshore cybersecurity team supporting Rocket EMS. You will lead the end-to-end vulnerability management and patching program across global infrastructure. This is a strategic, hands-on role requiring expert knowledge in tools like TenableOne, Automox, CrowdStrike Falcon, and Azure security solutions. Key Responsibilities: Manage enterprise-wide vulnerability lifecycle using TenableOne Rapid response to zero-day threats with scripting via CrowdStrike RTR Execute patch deployment using Automox across OS and cloud workloads Develop PowerShell/Python scripts for automation and rollback procedures Perform Azure Sentinel threat hunting using KQL Lead weekly vulnerability/patch management meetings and prepare executive dashboards Collaborate with global IT, SecOps, DevOps, and Engineering teams Required Skills: 5+ years in enterprise patch and vulnerability management Hands-on experience with TenableOne , Automox , CrowdStrike Falcon Complete , Azure Sentinel , and KQL Proficient in PowerShell and/or Python Strong understanding of Azure Cloud security posture and incident response Preferred: Knowledge of Infrastructure-as-Code (Terraform/ARM) Experience in regulated industries or manufacturing Additional certifications: Azure Security Engineer, CrowdStrike Certified

As a Power Platform Specialist, you will be responsible for designing, developing, and implementing data visualizations, data models, and reports using Microsoft Power BI to drive data-driven decisions and provide valuable insights. Your role will involve creating applications with Power Apps to optimize business processes and collaborating with stakeholders to gather requirements and translate them into effective technical solutions. Ensuring data accuracy, integrity, and security across all platforms, as well as managing an Azure subscription, developing basic apps, and maintaining security and compliance will be key aspects of your responsibilities. Your expertise in Power BI should include advanced skills in creating complex BI reports with multiple data sources, building dashboards, and managing data models effectively. You will also need proficiency in Power Apps to develop custom applications, forms, and workflows. Strong SQL and KQL skills are essential for writing, optimizing, and troubleshooting queries, while your data analysis capabilities will enable you to interpret data and offer actionable insights. Your problem-solving skills, attention to detail, and proficiency in Azure Resource Management are crucial for successful performance in this role. Preferred qualifications for this position include Microsoft Power Platform certifications such as PL-900, PL-100, PL-200, PL-300, as well as the Microsoft Azure Fundamentals certification (AZ-900). Experience with Incident Management teams, IcM, and knowledge of data governance and compliance standards are considered advantageous. If you are looking for a challenging role where you can leverage your expertise in the Power Platform ecosystem to drive business efficiency and data-driven decision-making, this opportunity is perfect for you. Join our team and make a significant impact by utilizing your skills in Power BI, Power Apps, SQL, KQL, data analysis, and Azure Resource Management to enhance our organization's data capabilities and operational efficiency.,

The Data Quality Monitoring Lead plays a crucial role in ensuring the accuracy, reliability, and integrity of data across various systems and platforms. You will lead an offshore team, establish robust data quality monitoring frameworks, and collaborate with cross-functional stakeholders to address data-related challenges effectively. Your responsibilities will include overseeing real-time monitoring of data pipelines, dashboards, and logs using tools like Log Analytics, KQL queries, and Azure Monitoring to detect anomalies promptly. You will configure alerting mechanisms for timely notifications of potential data discrepancies and collaborate with support teams to investigate and resolve system-related issues impacting data quality. Additionally, you will lead the team in identifying and categorizing data quality issues, perform root cause analysis to determine underlying causes, and collaborate with system support teams and data stewards to implement corrective measures. Developing strategies for rectifying data quality issues, designing monitoring tools, and conducting cross-system data analysis will also be part of your role. Moreover, you will evaluate existing data monitoring processes, refine monitoring tools, and promote best practices in data quality monitoring to ensure standardization across all data-related activities. You will also lead and mentor an offshore team, develop a centralized knowledge base, and serve as the primary liaison between the offshore team and the Lockton Data Quality Lead. In terms of technical skills, proficiency in data monitoring tools like Log Analytics, KQL, Azure Monitoring, and Power BI, strong command of SQL, experience in automation scripting using Python, familiarity with Azure services, and understanding of data flows involving Mulesoft and Salesforce platforms are required. Additionally, experience with Azure DevOps for issue tracking and version control is preferred. This role requires a proactive, detail-oriented individual with strong leadership and communication skills, along with a solid technical background in data monitoring, analytics, database querying, automation scripting, and Azure services.,

Role & responsibilities About the Role: We are hiring a Senior SOC Engineer to lead incident response, threat detection, and automation initiatives for Rocket EMS's global security operations. This is not an analyst roleyoull be hands-on, driving SIEM/SOAR optimization, advanced threat hunting, and direct response to cyberattacks across endpoints, cloud, and identity systems. Key Responsibilities: Design and build SOC infrastructure using Microsoft Sentinel and SOAR Lead deep investigations using CrowdStrike Falcon, MDE, Tenable, and Palo Alto/Fortinet firewalls Perform threat hunting using MITRE ATT&CK framework and dark web intelligence Develop KQL queries and automation scripts in PowerShell/Python Integrate and respond to incidents across Azure and Microsoft 365 environments Collaborate with MSOC and global teams for escalations and knowledge sharing Required Skills: 7+ years in cybersecurity roles, focused on SOC/IR/Threat Hunting Expertise with Microsoft Sentinel , CrowdStrike Falcon , MDE , Tenable Deep understanding of MITRE ATT&CK , lateral movement, and APTs Scripting experience in KQL , Python , PowerShell Strong communication, leadership, and mentoring skills Preferred: Certifications: GCFA, GCIH, GCTI, CISSP, AZ-500, MS-500, OSCP, or MITRE ATT&CK Defender Experience with Palo Alto XSOAR and cloud-based threat monitoring Interested candidates please share your resume to Sirishad@ca-one.com

Job Title: Cybersecurity Vulnerability & Patch Management Engineer (Onsite PST Hours) Location: Bangalore, India Work Hours: 8:00 AM 5:00 PM PST (India Time: 8:30 PM – 5:30 AM IST) Reports To: SecOps Leader, Cybersecurity (US-based) About the Role: We are seeking a skilled and proactive Vulnerability & Patch Management Engineer to join our offshore cybersecurity team supporting Rocket EMS. You will lead the end-to-end vulnerability management and patching program across global infrastructure. This is a strategic, hands-on role requiring expert knowledge in tools like TenableOne, Automox, CrowdStrike Falcon, and Azure security solutions. Key Responsibilities: Manage enterprise-wide vulnerability lifecycle using TenableOne Rapid response to zero-day threats with scripting via CrowdStrike RTR Execute patch deployment using Automox across OS and cloud workloads Develop PowerShell/Python scripts for automation and rollback procedures Perform Azure Sentinel threat hunting using KQL Lead weekly vulnerability/patch management meetings and prepare executive dashboards Collaborate with global IT, SecOps, DevOps, and Engineering teams Required Skills: 5+ years in enterprise patch and vulnerability management Hands-on experience with TenableOne , Automox , CrowdStrike Falcon Complete , Azure Sentinel , and KQL Proficient in PowerShell and/or Python Strong understanding of Azure Cloud security posture and incident response CISSP certification (mandatory) Preferred: Knowledge of Infrastructure-as-Code (Terraform/ARM) Experience in regulated industries or manufacturing Additional certifications: Azure Security Engineer, CrowdStrike Certified Intertested candidates please share your resume to Sirishad@ca-one.com

We are looking for an experienced KQL Developer with a strong background in data querying, preferably using KQL (Kusto Query Language) or SQL, and data visualization. The ideal candidate will have expertise in querying large datasets and visualizing insights, ideally using tools like Grafana. It would be highly desirable to have additional experience or understanding in data science and analytics. As a KQL Developer, your responsibilities will include developing, optimizing, and maintaining complex queries using KQL (or SQL if KQL is not available). You will be analyzing and interpreting data patterns to derive actionable insights and designing and building compelling visualizations, preferably using Grafana, to effectively communicate data insights. Collaboration with cross-functional teams to understand data requirements and build tailored analytics solutions will also be a key part of your role. Additionally, you will support data integration and ETL processes for analysis and reporting while documenting and ensuring data quality, consistency, and reliability across data sources. Key Requirements: - Proficiency in KQL (preferred) or strong SQL skills for handling large datasets and complex queries. - Experience with Grafana (or similar tools) to create insightful, interactive dashboards and reports. - Basic knowledge in data science concepts such as predictive modeling, statistical analysis, or machine learning. - Ability to interpret and analyze data trends, anomalies, and patterns. - Strong critical thinking and troubleshooting skills for data issues. - Excellent written and verbal communication skills, flexibility, self-driven, and a team player. At GlobalLogic, we offer a culture of caring where people come first, a commitment to continuous learning and development, interesting and meaningful work that makes an impact, balance, and flexibility to achieve work-life harmony, and a high-trust organization built on integrity and trust. As a trusted digital engineering partner to leading companies worldwide, we continue to drive innovation and create intelligent products, platforms, and services that redefine industries and transform businesses.,

About Rackspace Cyber Defence Rackspace Cyber Defence is our next generation cyber defence and security operations capability that builds on 20+ years of securing customer environments to deliver proactive, risk-based, threat-informed and intelligence driven security services. Our purpose is to enable our customers to defend against the evolving threat landscape across on-premises, private cloud, public cloud and multi-cloud workloads. Our goal is to go beyond traditional security controls to deliver cloud-native, DevOps-centric and fully integrated 24x7x365 cyber defence capabilities that deliver a proactive , threat-informed , risk-based , intelligence-driven approach to detecting and responding to threats. Our mission is to help our customers: Proactively detect and respond to cyber-attacks 24x7x365. Defend against new and emerging risks that impact their business. Reduce their attack surface across private cloud, hybrid cloud, public cloud, and multi-cloud environments. Reduce their exposure to risks that impact their identity and brand. Develop operational resilience. Maintain compliance with legal, regulatory and compliance obligations. What were looking for To support our continued success and deliver a Fanatical Experience to our customers, Rackspace Cyber Defence is looking for an Indian based Security Operations Analyst (L3) to support Rackspaces strategic customers. This role is particularly well-suited to a self-starting, experienced and motivated Sr. Sec Ops Analyst, who has a proven record of accomplishment in the cloud security monitoring and incident detection domain. As a Security Operations Analyst(L3), you will be responsible for detecting, analysing, and responding to threats posed across customer on-premises, private cloud, public cloud, and multi-cloud environments. The primary focus will be on triaging alerts and events (incident detection), which may indicate malicious activity, and determining if threats are real or not. You will also be required to liaise closely with the customers key stakeholders, which may include incident response and disaster recovery teams as well as information security. Key Accountabilities: Should have experience of 10 years in SOC and 5 years in Azure Sentinel. Ensure the Customer’s operational and production environment remains secure at all the times and any threats are raised and addressed in a timely manner. Critical incident handling & closure. Escalation management and handling escalations from L2 Analysts. Proactive discovery of threats based on MITRE ATT&CK framework. Deep investigation and analysis of critical security incidents. Post breach forensic incident analysis reporting. Review the weekly and monthly reports. Review new use cases created by L2 and implement in cloud-native SIEM (Security Information and Event Management). Assist with customer onboarding (such as use case development, identifying data sources, configuring data connectors etc) Advanced threat hunting. Develop custom dashboards and reporting templates. Develop complex to customer specific use cases. Advanced platform administration. Solution recommendation for issues. Co-ordinate with vendor for issue resolution. Basic and intermediate playbook and workflow enhancement. Maintain close working relationships with relevant teams and individual key stakeholders, such as incident response and disaster recovery teams as well as information security etc. Develop the custom parsers for the incident and alert enrichment. Problem specific playbook and workflow creation and enhancements Required to work flexible timings. Skills and Experience: Existing experience as a Security Operations Analyst, or equivalent. Experience of working in large scale, public cloud environments and with using cloud native security monitoring tools such as: Microsoft Sentinel Microsoft 365 Defender Microsoft Defender for Cloud Endpoint Detection & Response (EDR) tools such as Crowdstrike, Microsoft Defender for Endpoint. Firewalls and network security tools such as Palo Alto, Fortinet, Juniper, and Cisco. Web Application Firewall (WAF) tools such as Cloudflare, Akamai and Azure WAF. Email Security tools such as Proofpoint, Mimecast and Microsoft Defender for Office Data Loss Prevention (DLP) tools such as Microsoft Purview, McAfee and Symantec

Our Client is a global consulting firm that provides award-winning services to transform customer, employee, and student experiences. Since 1997, our Salesforce and Oracle experts have provided a full range of enterprise solutions including CRM and related applications that support sales, marketing, and service financial reporting HR and Business Intelligence. We have top talent all over the United States and India and are continuously growing. We provide our team with a flexible work-life balance in addition to the traditional benefits. Job Summary: Are you interested in working in a dynamic environment that offers opportunities for professional growth and new responsibilities If so, this could be the place for you. Traditional security programs have often been unsuccessful in unifying the need to both secure and support technology innovation required by the business. Join our Client`s Infrastructure and Data Security Team and explore the exciting challenges in store. The Team Our IT Infrastructure and Data Security team helps improve security posture of the organizations, confidently pursue their growth, innovation, and performance agendas through proactive management of the associated cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform and secure their legacy programs. Join the team developing the future state of cyber risk solutions Duties/Responsibilities: L3 As a Senior Consultant, you will be at the front lines with our users supporting them with their Cloud needs specifically helping them navigate the journey to the cloud on the Microsoft 365 platform. This will include: Conduct cloud security analysis, evaluating configurations, and providing recommendations for O365, EMS, and Windows Enterprise 10/11 platforms and environments. This can include Microsoft s cloud solutions such as Microsoft 365 Defender, Microsoft Information Protection (MIP), Conditional Access, Azure Defender, and Microsoft Defender for Endpoint. Perform technical health checks for these Cloud platforms/environments prior to broader deployments. Support Proof of Concept (PoC) and Production deployments of these cloud technologies. Assist users with transitions to the M365 cloud services such as tenant setup and service configuration with a focus on cloud cyber risk mitigation. Assist with the configuration and delivery of cloud security and compliance reports. Provide technical support for M365 services and resolve service-related issues through research and troubleshooting and working with Microsoft. Implement of industry leading practices and Microsoft recommendations around M365 cloud security. Design and develop cloud-specific security policies, standards and procedures e.g., Cloud governance, O365 tenant management and configuration, EMS policy development, management and access controls, firewall management, auditing and monitoring, security incident and event management, data protection (DLP and encryption), user and administrator account management, conditional access controls and password/key management. Troubleshoot system level problems in a multi-vendor, multi-protocol network environment. Document platform technical issues, conducting analysis, developing client communications, and driving resolution as part of cyber risk mitigation steps. Execute on M365 cloud security engagements during different phases of the lifecycle Assess, Design, Implement, and Operate. Implement industry leading practices around M365 cyber risks and cloud security for clients. Provide internal technical training to Advisory personnel as needed. Act as a Subject Matter Expert (SME) for the M365 platform. Competency (Knowledge, Skills, and Abilities) Should have M365 Technologies - MUST have advanced troubleshooting and project implementation skills in 2 or more of the technologies below. Certifications highly preferred (ISO 27001 guidelines). If the candidate has reasonably strong experience he must complete it within 2 months. Recent learning and certification should be aligned with the future technologies M365 AzureAD M365 Exchange Online or MDOP 2 M365 Intune - Device Management and Application Management lifecycle, M365 Defender suite (Office 365, EndPoint, Exchange, CloudApps) Microsoft Identify AzureAD, conditional access, integrations SAML Microsoft VDI or DaaS (Microsoft 365, Microsoft Cloud PC) Scripting - PowerShell, KQL Windows 365 Operating systems and Hardware Microsoft Security and Compliance Must Have Intune - 30% (Patching apps, scripts, automation -Autopilot, troubleshoot logs) Defender suite - 20% (email, teams, SharePoint, CoPilot, addressing policies and troubleshooting) Vendor management - 10% (collaborating with MS, HP, Dell, Lenovo, Managed service providers like Microsoft) Security and Compliance products in M365 - 30% (Advanced M365 security features AzureAD, Experience in delivering in SLA environments- 10% Awareness and having worked in ISO 27001 or SOC2 companies - 10% Must work in an IT department with 500+ users or more and be able to mentor juniors in the team Good to Have Compliance - ISO 27001 or SOC 2 (should have experience working in these environments) Network -- FortiGate UTM (Firewall, IDS, IPS, Web Application Filter) Server Operating systems -- Windows Server 2022, Ubuntu, HyperV Hardware - Laptops, Server and Network Equipment Additional Requirements: Must be willing working in rotational shifts India/US (EST) hrs. Team player with experience communication with US users - excellent communication skills Good to have worked in night shifts in the recent future. Certification Certification - M365 Admin certifications in the above technologies are preferred. Must be constantly upgrading/learning new technologies. Position Type: Full Time/Permanent Required Education: Bachelor s degree. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology. Other Duties: This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required. Duties, responsibilities, and activities may change, or new ones may be assigned at any time, with or without notice.

Cloud Monitoring and Compliance Engineer - AM - BLR - J49183 You will have a wide range of responsibilities which will include: Working alongside the content management team to provide visibility of compliance to security guardrails. Customizing and enhancing Cloud Security Posture Management and Cloud Workflow Protection (Microsoft Defender for Cloud features) to meet KPMG specific requirements. Onboarding additional Tenants and cloud hosting providers to the service. Planning and implementation of automated remediation activities. Liaising with vendors to fully realize investment into their products and influence future roadmaps. Day to day management, troubleshooting and housekeeping of the toolsets. Collaborating with other GISG teams to understand their requirements and look for new opportunities for the Service. Ensuring work is completed in such a way to comply with established compliance and other internal control requirements. Using DevOps to record all project tasks. Minimum of 7 years in IT with 4+ years of experience working with a major cloud service provider. Bachelors Degree from an accredited college or university or equivalent work experience. Preferably in Computer Science or related field. Robust technical and implementation knowledge of Cloud Security Posture Management technologies (Microsoft MDC, Twistlock, Redlock). Experienced in securing cloud environments and cloud systems, including topics around certification and compliance. Good understanding of API based security & compliance standards. Understanding of exploits, malware, ransomware, etc. their creation and activation and detection methods. Knowledge of web application architecture and system administration. Experienced building complex custom RQL, KQL or SQL queries. Experienced with Microsoft Azure, AWS or GCP installation, configuration, and administration of security features and services. Programming experience with Python or PowerShell. Qualification - BE-Comp/IT,BE-Other,BTech-Comp/IT,BTech-Other,MBA,MCA

Job Title: Cybersecurity Vulnerability & Patch Management Engineer (Onsite PST Hours) Location: Bangalore, India Work Hours: 8:00 AM 5:00 PM PST (India Time: 8:30 PM – 5:30 AM IST) Reports To: SecOps Leader, Cybersecurity (US-based) About the Role: We are seeking a skilled and proactive Vulnerability & Patch Management Engineer to join our offshore cybersecurity team supporting Rocket EMS. You will lead the end-to-end vulnerability management and patching program across global infrastructure. This is a strategic, hands-on role requiring expert knowledge in tools like TenableOne, Automox, CrowdStrike Falcon, and Azure security solutions. Key Responsibilities: Manage enterprise-wide vulnerability lifecycle using TenableOne Rapid response to zero-day threats with scripting via CrowdStrike RTR Execute patch deployment using Automox across OS and cloud workloads Develop PowerShell/Python scripts for automation and rollback procedures Perform Azure Sentinel threat hunting using KQL Lead weekly vulnerability/patch management meetings and prepare executive dashboards Collaborate with global IT, SecOps, DevOps, and Engineering teams Required Skills: 5+ years in enterprise patch and vulnerability management Hands-on experience with TenableOne , Automox , CrowdStrike Falcon Complete , Azure Sentinel , and KQL Proficient in PowerShell and/or Python Strong understanding of Azure Cloud security posture and incident response CISSP certification (mandatory) Preferred: Knowledge of Infrastructure-as-Code (Terraform/ARM) Experience in regulated industries or manufacturing Additional certifications: Azure Security Engineer, CrowdStrike Certified Intertested candidates please share your resume to Sirishad@ca-one.com

Role & responsibilities About the Role: We are hiring a Senior SOC Engineer to lead incident response, threat detection, and automation initiatives for Rocket EMS's global security operations. This is not an analyst roleyou’ll be hands-on, driving SIEM/SOAR optimization, advanced threat hunting, and direct response to cyberattacks across endpoints, cloud, and identity systems. Key Responsibilities: Design and build SOC infrastructure using Microsoft Sentinel and SOAR Lead deep investigations using CrowdStrike Falcon, MDE, Tenable, and Palo Alto/Fortinet firewalls Perform threat hunting using MITRE ATT&CK framework and dark web intelligence Develop KQL queries and automation scripts in PowerShell/Python Integrate and respond to incidents across Azure and Microsoft 365 environments Collaborate with MSOC and global teams for escalations and knowledge sharing Required Skills: 7+ years in cybersecurity roles, focused on SOC/IR/Threat Hunting Expertise with Microsoft Sentinel , CrowdStrike Falcon , MDE , Tenable Deep understanding of MITRE ATT&CK , lateral movement, and APTs Scripting experience in KQL , Python , PowerShell Strong communication, leadership, and mentoring skills Preferred: Certifications: GCFA, GCIH, GCTI, CISSP, AZ-500, MS-500, OSCP, or MITRE ATT&CK Defender Experience with Palo Alto XSOAR and cloud-based threat monitoring

LTIMindtree Hiring for Threat Hunter/Threat Hunter Lead Notice period-immediate to 15 days. Exp-5 to 12 yrs. Location- Hyderabad if interested Share me these details along with CV-Richa.Srivastava@ltimindtree.com Total Experience- Current CTC- Expected CTC- Holding offers if any- Current Location- Preferred Location- Notice period- Skills- Date of Birth- PAN No- Passport size photo- Pan no- Availability for interview- Are you okay with Rotational shift- Job description- 6 years experience in Cyber Security. Has experience in Threat Hunting Experience in managing a team and customer business meetings effectively. Ability to handle the client team Excellent written & verbal communication skill Excellent in Reporting & presentation skills Experience on different tools and language like Excel, Splunk, KQL etc. Performing Threat Hunting activity to look for potential threat in the organization. Experience in vulnerability management team to remediate existing vulnerabilities found during Assessment or scan. Practical knowledge of common threat analysis models such as the Cyber Kill Chain, and MITRE ATT&CK. Experience on Power BI to provide interactive visualizations to create reports and dashboards is a plus. Good at Event logging Experience in Response Good Knowledge of Windows Defender Through knowledge of Event logging and detections