14 Mitre Att&Ck Jobs

SOC Analyst / Security Engineer - Vacancies for FRESHERS (Level-1 / Those who completed the courses or learnt on their own) & EXPERIENCED (Level-1 & Level-2 / Those who have experienced in Cyber Security Domain only) SOC Analyst / Security Engineer who is familiar or interested to work with Windows, Linux, and cloud environments technical skills. Any courses/certification like CompTIA Security+, GSEC, EC-Council Certified SOC Analyst (CSA), Microsoft SC-200(Security Operations Analyst Associate), Cisco Cyber Ops Associate, Splunk Core Certified User / Analyst are preferable. Responsibilities Capable of understanding the training & Nature of works on Job Responsibilities. Monitor and assess alerts generated by security monitoring systems such as SIEMs and EDR platforms. Analyze logs, network activity, and endpoint behavior to detect suspicious or malicious activity. Execute initial incident triage and escalate complex threats to senior teams as needed. Collaborate with internal teams on containment, eradication, and recovery processes. Maintain detailed records of security events and actions taken in internal tracking systems. Continuously fine-tune detection rules and alert thresholds to improve incident accuracy. Stay informed on the latest tactics, techniques, and procedures (TTPs) used by threat actors. Support proactive initiatives like threat hunting and vulnerability assessments. Contribute to red/blue team simulations and post-incident reviews. Help develop and refine operational playbooks and standard response workflows. Capable for Rotational shifts (Morning / Forenoon / Evening / Night) as its 24 X 7 organization & Adoptable for the working environment & Night Shifts. Maintain the System Security, identify threats and install / configure Software. Solid grasp of network protocols, endpoint defenses, and common attack vectors. Familiar with one or more SIEM solutions (e.g., Splunk, Sentinel, QRadar). Comfortable navigating both Windows and Linux environment. knowledge of cloud platforms & Malware analysis is a plus. Understanding of TCP/IP, DNS, HTTP, and common attack vectors Understanding of cybersecurity frameworks such as MITRE ATT&CK or NIST. Strong Interpersonal and Oral/Non-Oral English Communication skills to Handle Chats & Mails if needed. 1 to 3 years of experience in a SOC or technical security role is an added advantage. To be Sincere and Honest towards the Job Responsibilities. Perks and Benefits Other Allowances Negotiable Based on Availability & Experience. For clarification Contact - HR +91 87543 01002 jobs@oryon.in

About Us Our purpose at Avient Corporation is to be an innovator of materials solutions that help our customers succeed, while enabling a sustainable world. Innovation goes far beyond materials science; its powered by the passion, creativity, and diverse expertise of 9,000 professionals worldwide. Whether youre a finance wizard, a tech enthusiast, an operational powerhouse, an HR changemaker, or a trailblazer in materials development, youll find your place at Avient. Join our global team and help shape the future with sustainable solutions that transform possibilities into realities. Your unique perspective could be the key to our next breakthrough! Job Summary The Senior Manager of Security Operations and Identity Management is responsible for 24x7 security monitoring and the administration of identity management processes. This role includes overseeing the architectural design, deployment, execution, and optimization of solutions in alignment with risk requirements and compliance obligations. Essential Functions Ensure that SIEM and SOAR environments are “fit for purpose” and continually enhanced to cover known and emerging MITRE ATT&CK techniques Manage the global SOC team responsible for 24x7 alerting, triage, investigation and Incident Response. Monitor and improve Key Performance Indicators (KPIs) Track SOC Maturity and partner with CISO to establish road map for growing SOC capabilities and automation Manage the Cyber Threat Intelligence program Oversee forensics, litigation support, and e-discovery capabilities in support of requests from Legal Lead the team responsible for identity lifecycle functions, identifying and implementing best practices to automate repetitive processes Oversee IAM architecture design, deployment and delivery of capabilities to achieve target levels of cyber maturity and efficiency, working with vendors, partners and other 3rd parties Ensure compliance with required regulations and frameworks across all divisions and markets, driving timely remediation of any IAM deficiencies Other duties as assigned Education and Experience Qualifications Bachelor’s degree in information technology, engineering, business management, operations management, or related field or discipline 10+ years' experience in cyber security with 3+ years in a management role Solid understanding of IAM principles, design and engineering, including Single sign-on (SSO), Multi-Factor Authentication (MFA), Privileged Access Management (PAM) Working knowledge of multiple IAM systems (traditional and cloud) Experience implementing Zero Trust capabilities in complex operating environments Additional Qualifications Security certifications (CISSP, CISM, GCIH, GSEC, etc) Experience with modern cloud detection and response tools and processes Operational Technology (OT) experience

At least 3 years of relevant experience in IT Security or with Security Operations Center. Knowledge of various security methodologies and technical security solutions. Experience analyzing data from cybersecurity monitoring tools such as SIEM / SOAR platforms. Knowledge of commonly accepted information security principles and practices, as well as techniques attackers would use to identify vulnerabilities, gain unauthorized access, escalate privileges, and access restricted information. Strong understanding of security operations concepts: perimeter defense, endpoint management, data leak prevention, kill chain analysis and security metrics. Knowledge of the common attack vectors on various layers. Knowledge and experience working with the Cyber Kill Chain Model, MITER ATT&CK Matrix. Experience in transport/shipping/logistics is a plus.

Security Engineering & Cyber Defense Operations Architect, implement, and optimize SIEM, SOAR, XDR, and EDR solutions for effective threat detection and response. Develop and maintain security controls, logging, and monitoring strategies to ensure comprehensive threat visibility. Evaluate and integrate AI and Machine Learning-based cybersecurity tools for enhanced detection and automated response. Implement MITRE ATT&CK Framework to improve detection logic and adversary tactics coverage. Automation & AI-Driven Security Design and implement SOAR (Security Orchestration, Automation, and Response) workflows to automate threat response. Develop and fine-tune AI/ML models to enhance anomaly detection, alert correlation, and predictive threat analysis. Automate threat hunting processes using AI-based behavior analytics and security automation tools. Threat Hunting & Threat Intelligence Lead proactive threat-hunting activities using MITRE ATT&CK, TTP-based detection, and hypothesis-driven approaches. Utilize threat intelligence platforms (TIPs) to enrich SOC alerts, correlate IoCs, and enhance incident response. Establish hunting methodologies using behavioral analytics, network telemetry, and endpoint forensics. Collaborate with intelligence-sharing platforms and industry peers to stay updated on emerging threats. Use Case Development & Optimization Design and maintain SIEM use cases based on threat modeling, attack surface analysis, and business risk. Continuously refine detection logic, correlation rules, and alerting thresholds to reduce false positives. Leverage MITRE D3FEND and MITRE ATT&CK to develop advanced attack detection strategies. Incident Response & Forensic Analysis Provide engineering support for incident response teams, helping with log analysis, forensics, and root cause analysis. Develop custom threat detection scripts and automation workflows to accelerate IR capabilities. Assist in post-incident investigations by collecting and analyzing digital evidence. Security Architecture & Compliance Work closely with security architects to integrate cyber defense controls into enterprise security architecture. Ensure adherence to NIST, ISO 27001, and regulatory frameworks in cyber defense implementations. Conduct security tool assessments and evaluate new cybersecurity technologies for continuous improvement. Leadership & Stakeholder Collaboration Lead a team of security engineers and analysts, mentoring them in advanced detection and response techniques. Collaborate with IT, DevOps, and business units to align security engineering with enterprise objectives. Conduct cybersecurity awareness programs for cross-functional teams to strengthen cyber resilience. Candidates preferred from Mumbai location ONLY.

5+ years of experience with proactive threat detection using EDR, SIEM, and network forensics tools. 5+ years of experience investigating adversary tactics, techniques, and procedures (TTPs) based on frameworks like MITRE Telecommunication & CK. 5+ years of experience investigating indicators across endpoints, networks, cloud, and identity systems to uncover widespread malicious activity. Strong analytical skills for investigating advanced persistent threats (APT) and identifying sophisticated attack patterns. Experience conducting or participating in threat simulations and red team exercises to improve detection capabilities. Work Location given in ECMS ID

We are looking for a skilled and motivated Penetration Tester to join our DART (Detection and Response Team) and help deliver high-impact Penetration Testing as a Service (PTaaS) engagements to our global clients. This is a hands-on role focused on continuous testing, real-world simulations, and providing actionable insights using industry-leading tools like Metasploit Pro and CIS-CAT Pro. Youll be part of a CREST-aligned team helping financial institutions, government bodies, and mid-market clients secure their infrastructure, web applications, cloud platforms, and internal networks. Key Responsibilities Perform internal and external network penetration testing Conduct web application and API testing using OWASP and custom test cases Simulate real-world attack vectors including privilege escalation and lateral movement Execute configuration audits using CIS-CAT Pro for hardening validation Design and run automated and manual exploit campaigns using Metasploit Pro Prepare detailed reports with technical findings, business risk, and remediation guidance Participate in client scoping sessions and debriefs Collaborate with the development and infrastructure teams to validate remediations Contribute to continuous improvements of our PTaaS platform and methodology What Were Looking For 36 years in penetration testing, red teaming, or offensive security Strong knowledge of security testing methodologies (OWASP, PTES, MITRE ATT&CK) Hands-on experience with Metasploit Pro, Burp Suite, CIS-CAT Pro, or similar tools Certifications preferred : OSCP, CREST CRT, CRTO, or equivalent Preferred candidate profile Familiarity with cloud security (Azure, AWS, M365) and Active Directory attacks Strong report writing and client communication skills

Enable a world-class cyber defense program by working closely with other technical, incident management, and forensic personnel to develop a fuller understanding of the intent, objectives, and activity of cyber threat actors Work at the forefront of designing an innovative threat and security incident management solution Develop and optimize SOAR playbooks, integrating various security tools and platforms to automate threat detection, incident response, and remediation processes. Work closely with cross-functional teams, including SOC, IT, DevOps, and Risk Management, to align SOAR capabilities with organizational security objectives. Customize SOAR workflows, scripts, and connectors to meet the specific needs of the organization, ensuring seamless interoperability between systems. Participate in a 24x7 coverage model to prevent and remediate security threats against Goldman Sachs global business network Basic Qualifications: Strong verbal and written communication skills, with the ability to convey complex technical concepts to both technical and non-technical stakeholders. Strong analytical and problem-solving skills, with a proactive approach to identifying and addressing security challenges. In-depth understanding of security frameworks (MITRE ATTCK, NIST), threat intelligence, and automation strategies. Strong sense of ownership and driven to manage tasks to completion Proficient scripting skills utilizing both Python and PowerShell Preferred qualifications: 1+ years of experience in cybersecurity, with SOAR technologies and incident response. Proficiency in SOAR platforms (eg, Splunk Phantom, Demisto, Siemplify), scripting languages (Python, PowerShell), and integration with security tools (SIEM, EDR, etc). Knowledge conducting incident response within a major public cloud (ie AWS, Google, Azure) Any of following certifications: GNFA, GCFE, GCFA, CCFP, CFCE, ACE, OSCP, GCFR

Key Responsibilities: • Design and review secure systems and application architectures. • Lead threat modeling, risk assessment, and attack surface analysis. • Advise project teams on security best practices throughout SDLC. • Use SD Elements to capture risks, track remediation, and ensure traceability. • Contribute to architecture boards and governance processes. • Validate secure design for cloud, hybrid, and on-premises environments. Required Skills & Experience: • 7- 9 years in Information Security or related architecture roles. • Experience in VAPT (execution & remediation). • Strong knowledge of application security, secure SDLC. • Hands-on with SD Elements (mandatory). • Expertise in TOGAF, SABSA, or NIST architecture frameworks. • Cloud Security (preferably Azure), DevSecOps knowledge. Certifications (Mandatory/Preferred): • Mandatory: CISSP • Preferred: AZ-500, CCSP Tools/Frameworks Knowledge: • SD Elements, ThreatModeler, Microsoft Defender • TOGAF, SABSA, NIST CSF, OWASP Top 10, MITRE ATT&CK Email ID: akila.s@acesoftlabs.com

Position: SOC Analyst 100% Remote Working Hours: US/UK hours Job description: We are seeking a highly motivated and skilled SOC Analyst to join our Security Operations Center. Key Responsibilities Monitor security events and alerts using tools such as Splunk, IBM QRadar, Microsoft Sentinel, and Palo Alto XSIAM. Perform initial triage and categorization of security events to determine severity and potential impact. Escalate confirmed incidents to appropriate teams or stakeholders with accurate and detailed information. Correlate logs and alerts across various platforms to detect anomalous behavior or indicators of compromise (IoCs). Utilize the MITRE ATT&CK framework to enrich detection and response processes. Collaborate with Incident Response and Threat Intelligence teams for deeper investigations. Generate reports and dashboards for incident trends, KPIs, and SOC performance. Maintain documentation of SOC procedures, playbooks, and workflows. Participate in regular threat-hunting and detection engineering activities. Continuously evaluate and tune detection rules and alerts for improved accuracy. Required Qualifications Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience) Certifications: CompTIA Security+ CySA+ Certified SOC Analyst (CSA) or equivalent Required Skills and Experience 3+ years of experience in a SOC environment or cybersecurity operations Proficient with SIEM platforms: Splunk, IBM QRadar, Microsoft Sentinel Experience with EDR/XDR platforms like Palo Alto XSIAM and CrowdStrike Falcon Familiarity with MITRE ATT&CK and threat detection mapping Preferred Qualifications Understanding of cloud security monitoring (Azure, AWS, GCP) Exposure to SOAR tools and incident response automation Knowledge of NIST, ISO 27001, and other security compliance frameworks Interested candidate can apply: dsingh15@fcsltd.com

Investigate, hunt, and lead escalated incident response using advanced threat detection from SIEM, EDR, NDR platforms. Develop and manage custom detection use cases aligned to threat frameworks and customer environments. Key Responsibilities: Monitoring, Investigation & Triage Triage and correlate alerts from SIEM (QRadar/Sentinel), EDR, and NDR Identify lateral movement, C2 activity, and data exfiltration Lead incident investigations and initiate containment measures Threat Hunting & Detection Engineering Proactive hunting using logs, flow data, and behavior analytics Apply MITRE ATT&CK for hypothesis-driven hunts Develop, test, and optimize custom detection rules Maintain a backlog aligned with emerging threats Tool Proficienc y SIEM: Advanced KQL/AQL queries, rule tuning, alert optimization EDR: Defender for Endpoint binary/process analysis, endpoint containment NDR: Darktrace/LinkShadow behavioral baselining, detection logic SOAR: Sentinel Playbooks / Cortex XSOAR for automated workflows Cloud Security: Azure AD alerts, MCAS, Defender for Cloud, M365 Defender Threat Intelligence Integration IOC/TTP enrichment Threat intel feed integration Contextual alert correlation Reporting & RCA Draft technical incident reports and RCAs Executive-level summaries for major incidents Cloud Security (Optional): Investigate alerts like impossible travel, app consent abuse Respond to cloud-native security incidents using Defender for Cloud, MCAS Create advanced SOAR workflows and playbook Tool Familiarity QRadar Microsoft Sentinel Microsoft Defender for Endpoint LinkShadow or Darktrace EOP/Exchange protection Antivirus platforms Defender for Identity / Defender for Cloud Advanced SOAR workflows (Sentinel playbooks / Cortex XSOAR) Network forensic tools like Wireshark / Zeek Certifications (Preferred): GCIH / GCIA / CEH Microsoft SC-200 / SC-100 QRadar Admin or equivalent Shift Readiness: 24x7 rotational shifts, including on-call support for escalations and major incidents Soft Skills: Strong analytical and documentation skills Proactive communicator Independent problem-solver and critical thinker

Threat hunting experience is must. Familiarity with threat intelligence sources and frameworks (MITRE ATT&CK, Diamond Model, Cyber Kill Chain). Ability to proactively find cybersecurity threats and mitigate them. Knowledge about Advanced persistent threats and treat actors, their TTPs. Ability to recognize attack patterns and corelate them with specific threat actors. Ability to obtain as much information on threat behaviour, goals and methods as possible. Knowledge of Analytics platforms for carrying out detailed analytics of obtained telemetry.

Greetings from IT.. I am now hiring a Threat Detection Engineer for my Clients. Location: Bangalore, Gurugram. Experience: 6-13 Years N[P: Immediate-30 days Primary skills: Threat hunting, threat intelligence, Splunk In-depth knowledge of external attacks and detection techniques to be able to run analysis of the requirements provided by threat intelligence / SOC teams, generate list of rules that could be implemented (based on self analysis of a threat and avaiable log sources), work with SOC team to operationalize and Purple Team to test.. Familiarity with MITRE ATT&CK framework and Tactics, Techniques, and Procedures (TTPs). Experience with security tools such as Splunk, MDE , Databricks to be able to write custom detections to detect various threats (preferably MDE). Kindly share your resume at chanchal@oitindia.com

Role & responsibilities Lead security incident response in a cross-functional environment and drive incident resolution. Lead and develop Incident Response initiatives that improve customer capabilities to effectively respond and remediate security incidents. Perform digital forensic investigations and analysis of a wide variety of assets including endpoints. Perform log analysis from a variety of sources to identify potential threats. Build automation for response and remediation of malicious activity. Write complex search queries in the EDR as well as SIEM tools for hunting the adversaries. Works on SOAR cases, automation, workflow & Playbooks. Integrating and working on Identity solutions. Developing SIEM use cases for new detections specifically on identity use cases Working experience in Microsoft On-prem and Entra ID solutions Good knowledge in Active Directories and Tier 0 concepts Very good knowledge of operating systems, processes, registries, file systems, and memory structures and experience in host and memory forensics (including live response) on Windows, macOS and Linux. Experience investigating and responding to both external and insider threats. Experience with attacker tactics, techniques, and procedures (MITRE ATT&CK) Experience analyzing network and host-based security events Preferred candidate profile Domain SOC, Lead- Incident Response Interested can share me there resume in recruiter.wtr26@walkingtree.in

Job Description Do you want to lead teams that find and exploit security vulnerabilities in Fortune 100 companies, critical infrastructure, and public sector agencies impacting millions of users? Join Securins Offensive Security Team where you'll emulate real-world attacks and oversee advanced offensive operations. We are a cross-disciplinary group of red teamers, adversarial AI researchers, and software developers dedicated to finding and fixing vulnerabilities across critical digital ecosystems. Role & responsibilities - Lead and perform advanced offensive security assessments, including Red Team operations, threat-based evaluations, and vulnerability exploitation. - Supervise and mentor a team of offensive engineers, manage task prioritization, and ensure high-quality delivery. - Execute Red Team operations on production systems, including AI platforms, using real-world adversarial tactics. - Provide strategic and technical security guidance to internal and external stakeholders. - Collaborate cross-functionally to integrate findings into enterprise detection and defense strategies. - Research and develop adversary TTPs across the full attack lifecycle. - Build tools to automate and scale offensive emulation and vulnerability discovery, utilizing AI/ML systems. - Continuously evaluate and enhance assessment methodologies and frameworks used by the team. - Contribute to the security community through publications, presentations, bug bounties, and open-source projects. Required Qualifications - 5+ years of experience in offensive security, red teaming, or penetration testing with at least 1 year in a leadership role. - Bachelors or Masters degree in Computer Science, Computer Engineering, or relevant field; or equivalent experience. - Expert knowledge of offensive security tactics, threat modeling, APT emulation, and Red Team operations. - Strong understanding of MITRE ATT&CK framework and exploitation of common vulnerabilities. - Proficiency in one or more programming/scripting languages (Python, Go, PowerShell, C/C++, etc.). - Hands-on experience with penetration testing tools such as Metasploit, Burp Suite Pro, NMAP, Nessus, etc. - Familiarity with security in cloud environments (AWS, Azure, GCP) and across Windows/Linux/macOS platforms. - Ability to clearly articulate findings to technical and executive audiences and lead mitigation efforts. - Authorization to work in the country of employment at time of hire and ongoing during employment. Preferred Qualifications - Certifications like OSCP, OSCE, OSEP, CRTO, or equivalent. - Experience with Purple Team operations and threat intelligence integration. - Track record in CTF competitions or bug bounty programs. - Reverse engineering experience or malware analysis expertise. - Exposure to Responsible AI and adversarial machine learning. - Participation in AI Village at DEFCON or similar security research events. - Publications or contributions to conferences such as AISec, NeurIPS, FAccT, or IC4. Other Requirements Ability to meet Securin, customer, and/or government security screening requirements. This includes a background check at the time of hire/transfer and every two years thereafter. Who Should Apply You have experience executing technical research and offensive security strategies with teams. You are skilled in experimental security science and confident in building your own tools. You clearly communicate findings, are mission-driven, and want to drive change in AI and cybersecurity. Role-Specific Policy This hybrid role requires in-office presence at least 50% of the time. Locations: Chennai, Tamil Nadu (India)