703 Qradar Jobs

We are seeking an experienced QRadar Incident Forensic Specialist to manage the deployment, configuration, and day-to-day operations of the QRadar SIEM platform while supporting incident response and forensic investigations. The ideal candidate will play a critical role in enhancing security monitoring, investigating incidents, and ensuring seamless SIEM operations. This role requires a blend of expertise in QRadar deployment, incident handling, and forensic analysis to improve the organization’s security posture, Plan, design, and deploy QRadar SIEM environments including Incident forensic, ensuring proper integration with network devices, servers, and applications Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Develop and maintain documentation, including deployment guides, SOPs. Generate forensic reports and compliance dashboards for internal stakeholders and external audits. Proactively identify gaps in threat detection capabilities and recommend enhancements. Implement updates, patches, and upgrades to maintain system reliability and performance. Optimize architecture and storage allocation to ensure scalability and efficiency. Hands-on experience with QRadar architecture, deployment, and administration. Strong knowledge in Linux, unix, redhat OS. Strong knowledge in TCP/IP & networking. Proven track record in incident handling, forensic investigations, and log analysis. Expertise in QRadar features such as AQL queries, rule creation, offense management, and dashboards. Proficiency in forensic tools and methodologies for log analysis and evidence gathering Preferred technical and professional experience Support threat hunting activities by leveraging anomaly detection and root cause analysis. Research and implement emerging QRadar features, integrations, and third-party tools to enhance functionality. Perform daily health checks, ensure system availability, and resolve performance bottlenecks. Use the tools in IBM QRadar Incident Forensics in specific scenarios in the different types of investigations, such as network security, insider analysis, fraud and abuse, and evidence-gathering. Investigate security incidents by analyzing logs, offenses, and related data within QRadar. Manage and troubleshoot log ingestion, data flow, and parsing issues across multiple data sources. Extract and analyze digital evidence to support forensic investigations and incident response. Reconstruct attack scenarios and provide root cause analysis for post-incident reviews

The Security Analyst monitors security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity, escalate to managed service support teams, tier2 information security specialists, and/or customer as appropriate to perform further investigation and resolution. Good knowledge of SIEM, SIEM Architecture, SIEM health check. Audit the SIEM in the customer environment. Troubleshoot issues regarding SIEM and other SOC tools. Good verbal/written communication skills. Build of use case for the customer. Data archiving and backup and data purging configuration as per need and compliance. Raising change management tickets for SOC Administration activities like Patch upgrade for SIEM, onboarding log sources etc. Helping L3 and L1 with required knowledge base details and basic documentations. Co-ordination SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation. High ethics, ability to protect confidential information. Troubleshooting at device and connector/agent end to fix the anomaly reported by other team and observed on day to day basis. Building of incident reports, advisories and review if SLA has been met for Incident alerting and Incident closure. Update and maintain SOC knowledge base for new security incidents and docs. Creation of daily status report sheet and submit to SOC manager for review. Review advisories and make necessary detection measures. Provide analysis and trending of security log data from a large number of security devices. Troubleshooting non-reporting devices fix and maintain device status. Working with OEM (Tool support) in a way to resolve the issue or incident raised. Administration of Windows and Unix servers. Ready to work on 24/7 shifts to support client requirement. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 2 Years of Experience in SOC monitoring and investigation. Audit the SIEM in the customer environment. Troubleshoot issues regarding SIEM and other SOC tools. Build of use case for the customer. Data archiving and backup and data purging configuration as per need and compliance. Helping L3 and L1’s with required knowledge base details and basic documentations. Co-ordination with SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation. Troubleshooting at device and connector/agent end to fix the anomaly reported by other team and observed on day to day basis. Building of incident reports, advisories and review if SLA has been met for Incident alerting and Incident closure. Update and maintain SOC knowledge base for new security incidents and docs. Creation of daily status report sheet and submit to SOC manager for review. Review advisories and make necessary detection measures.\ Provide analysis and trending of security log data from a large number of security devices. Troubleshooting non-reporting devices fix and maintain device status. Working with OEM (Tool support) in a way to resolve the issue or incident raised. Administration of Windows and Unix servers. Building Parser for the SIEM using regex. Preferred technical and professional experience Escalation point for L1’s and SOC Monitor team. Ability to drive call and summarizing it post discussion. Good Understanding of Firewall, IDP/IPS, SIEM functioning (Generalize HLD as well as LLD). Deep understanding on Windows, DB, Mail cluster, VM and Linux commands. Knowledge of network protocols TCP/IP and ports. Team Spirit and working ideas heading to resolution of issues. Qualifications like CISA, CISM, CISSP, CEH, SANS or any other recognized qualification in Cybersecurity (SIEM/Qradar certification) will be preferred. Thorough knowledge in SIEM tool and experience in networking, Cloud security experience will be preferred. SOC Senior Analyst experience with multiple customers.

Job Description Lead the design and deployment of scalable security automation workflows and playbooks in Cortex XSOAR (or equivalent platforms such as Splunk SOAR, Siemplify, etc.). Serve as technical owner of the SOAR platform, managing connectors, integrations, performance monitoring, version control, and upgrades. Build custom automations using Python scripts, decision logic, and API integrations to support alert enrichment, containment, and notification tasks. Architect integrations with SIEMs (e.g., Splunk, QRadar), EDR, threat intel feeds (e.g., Anomali, VirusTotal), ticketing systems (e.g., ServiceNow, Jira), and other tools. Drive automation of incident response (IR) use cases including phishing, malware, lateral movement, data exfiltration, insider threats, and vulnerability exploitation. Partner with SOC, threat intelligence, and cloud security teams to identify automation opportunities and translate them into technical solutions. Optimize SOAR playbooks to reduce mean time to detect (MTTD) and respond (MTTR) while maintaining reliability and resilience. Mentor junior automation engineers and provide code reviews, best practices, and process guidance. Contribute to development of automation standards, security engineering roadmaps, and cross-team documentation. Stay abreast of emerging SOAR trends, threat landscapes, and new platform features. Required Qualifications: 3+ years specifically working with SOAR platforms—Cortex XSOAR strongly preferred; Splunk SOAR, Siemplify, or Chronicle SOAR also acceptable. Strong scripting experience in Python, especially within automation workflows. Proven expertise in integrating security tools using REST APIs, Python SDKs, and platform connectors. In-depth understanding of SOC operations, incident lifecycle, and security best practices (MITRE ATT&CK, NIST, etc.). Familiarity with SIEM platforms (e.g., Splunk) and threat intelligence enrichment techniques. Experience with version control (Git), CI/CD pipelines, and structured testing of automation code. Demonstrated ability to lead complex automation initiatives and work independently with minimal guidance. Strong written and verbal communication skills, especially in cross-functional team environments.

Job Title: Network Security Engineer Location: Hyderabad-IN Job Type: Full-Time No.of Positions : 2 Exp: 2-3yrs Budget : 12-18LPA + Key Responsibilities: Design, implement, and manage secure network architecture (firewalls, VPNs, IDS/IPS, NAC) Monitor networks for security breaches and investigate incidents Configure and manage firewalls, security appliances, and intrusion detection/prevention systems Conduct vulnerability assessments and penetration testing; remediate findings Develop and enforce security policies, standards, and procedures Manage secure access controls (e.g., AAA, RBAC, 802.1x) Analyze security alerts and provide appropriate responses and escalations Maintain and update security infrastructure (patches, firmware, rule sets) Perform risk analysis and provide recommendations for improvements Support compliance efforts (ISO 27001, NIST, GDPR, SOC 2, etc.) Collaborate with IT teams on secure deployment of new infrastructure or services Document all configurations, incidents, and procedures for auditing and knowledge sharing Required Skills & Qualifications: Bachelor’s degree in Computer Science, Infra Security, or related field 3+ years of experience in network and/or security engineering roles Strong understanding of network protocols and security technologies (TCP/IP, SSL, IPSec, DNS, etc.) Experience with firewalls and security platforms (e.g., Palo Alto, Fortinet, Cisco ASA, Check Point) Proficiency in intrusion detection/prevention systems, VPNs, and endpoint security Familiarity with SIEM tools (Splunk, QRadar, LogRhythm, etc.) Knowledge of authentication mechanisms (LDAP, RADIUS, SAML, MFA) Security certifications such as CEH, CCNP Security, Palo Alto PCNSA/PCNSE , or CompTIA Security+ Preferred Qualifications: Experience in cloud security (AWS, Azure, GCP) Scripting skills (Python, PowerShell, Bash) for automation Exposure to Zero Trust Network Architecture (ZTNA) and SASE frameworks Understanding of threat modeling and advanced persistent threats (APT) Familiarity with regulatory standards (HIPAA, PCI-DSS, etc.) Job Type: Full-time Pay: ₹1,200,000.00 - ₹1,800,000.00 per year Work Location: In person

THIS JOB IS FOR HYDERABAD LOCATION. Overview Information Security Analyst: Develops and executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. Researches attempted or successful efforts to compromise systems security and designs countermeasures. Maintains hardware, software and network firewalls and encryption protocols. Administers security policies to control physical and virtual access to systems. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems. Job Code Tip: May be internal or external, client-focused, working in conjunction with Professional Services and outsourcing functions. May include company-wide, web-enabled solutions. Individuals whose primary focus is on developing, testing, debugging and deploying code or processing routines that support security protocols for an established system or systems should be matched to the appropriate Programmer or Programmer/Analyst family in the Information Technology/MIS functional area. Responsibilities Should have process knowledge and technical knowledge on any of the SIEM tools ( like Qradar, LogRhythm, AlienVault, Splunketc). L2/L3 level is added advantage. Should have process knowledge and technical knowledge in AV tools like Symantec, McAfee, Trend Microetc. L2/L3 level is added advantage. Should have knowledge in managing Vulnerability tools and various remediation efforts. Review security logs generated by applications, devices and other systems, taking action or escalating to appropriate teams as needed. Enforce incident response service level agreement. Work with the global IT Security team to analyze, test and recommend tools to strengthen the security posture of the company Create and maintain operational reports allowing IT management team to understand the current and historical landscape of the IT security risks Vulnerability management assessment and remediation Participate in daily and ad-hoc meetings related to cyber security, controls and compliance, processes and documentation related tasks Research the latest information technology (IT) security trends Help plan and carry out an organizations way of handling security Develop security standards and best practices for the organization Recommend security enhancements to management or senior IT staff Document security breaches and assess the damage they cause. Performs other duties as assigned. Uphold the companys core values of Integrity, Innovation, Accountability, and Teamwork. Demonstrate behavior consistent with the companys Code of Ethics and Conduct. It is the responsibility of every employee to report to their manager or a member of senior management any quality problems or defects in order for corrective action to be implemented and to avoid recurrence of the problem. Duties may be modified or assigned at any time to meet the needs of the business. Qualifications B. Tech, B.E or M.C.A 2-5 years Experience working in a Security Operations Center 2 years minimum in the computer industry Knowledge working with complex Windows environments Knowledgeable in various security frameworks such as NIST 800-53 / NIST 800-171 / ISO27001 Knowledge in design and administration of security tools Good written and verbal communication skills

Role Description We are seeking a highly skilled and self-driven Cybersecurity Specialist with hands-on experience in Imperva Database Activity Monitoring (DAM) to join our security operations team. The ideal candidate will have deep expertise in deploying, configuring, and troubleshooting Imperva DAM solutions, along with broad knowledge of various other enterprise security tools. The role requires strong problem-solving abilities, attention to detail, and a proactive mindset for enhancing our security posture. Job Responsibilities Install, configure, and manage Imperva DAM across diverse environments. Perform ongoing administration, health checks, and tuning of Imperva systems. Develop and maintain security policies, rulesets, and custom alerts within Imperva DAM. Work closely with DBAs, system admins, and compliance teams to support audit and monitoring requirements. Troubleshoot and resolve performance, connectivity, and configuration issues related to security tools. Deploy and support other security tools such as SIEMs, vulnerability scanners, endpoint security platforms, firewalls, etc. Maintain detailed technical documentation, SOPs, and architectural diagrams. Stay current with emerging threats, vulnerabilities, and best practices in data protection and security monitoring. Assist in incident response and investigations involving data access or database-related threats. Required Qualifications 3+ years of experience in cybersecurity, with 2+ years of hands-on work with Imperva DAM . Strong understanding of database environments (Oracle, SQL Server, MySQL, etc.) and how DAM integrates with them. Proven experience in installation, configuration, upgrade, and troubleshooting of security tools in enterprise environments. Working knowledge of Linux and Windows systems. Familiarity with SIEM (e.g., Splunk, QRadar), endpoint protection (e.g., CrowdStrike, SentinelOne), and vulnerability scanners (e.g., Qualys, Nessus). Strong scripting skills (e.g., Shell, PowerShell, Python) are a plus. Excellent communication, documentation, and analytical skills. Job Type: Full-time Pay: ₹10,523.07 - ₹67,466.61 per month Work Location: In person

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Information and Event Management (SIEM), Splunk Security Information and Event Management (SIEM) Good to have skills : NA Minimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary: We are looking for a proactive and detail-oriented SOC Analyst (Incident Response) to join our Security Operations Center (SOC) team. In this role, you will be responsible for detecting, analyzing, and responding to cybersecurity incidents using a combination of technology solutions and processes. Roles & Responsibilities: - Monitor security alerts and events from various sources (SIEM, EDR, firewall logs, IDS/IPS, etc.) to detect potential security incidents. - Triage, investigate, and respond to incidents following standard operating procedures (SOPs) and incident response playbooks. - Perform in-depth analysis of security incidents to identify root causes, scope, and impact. - Escalate complex incidents to appropriate stakeholders and support containment, eradication, and recovery efforts. - Work with internal teams and external partners to contain and remediate threats. - Contribute to continuous improvement of detection capabilities and IR processes. - Maintain incident documentation and provide detailed reports post-incident. - Stay current with emerging threats, vulnerabilities, and incident response best practices. Professional & Technical Skills: - 2–5 years of experience in a Security Operations Center (SOC) or similar cybersecurity role. - Strong understandin of security technologies such as SIEM, EDR, IDS/IPS, firewalls, and antivirus. - Experience with incident detection, triage, analysis, and response. - Familiarity with MITRE ATT&CK framework and other threat models. - Knowledge of operating systems (Windows/Linux), networking protocols, and cloud environments. - Strong analytical and problem-solving skills. - Excellent verbal and written communication skills. - Industry certifications such as CEH, GCIH, GCIA, or CompTIA Security+ are a plus. Additional Information: - The candidate should have minimum 3 years of experience in Splunk, QRadar or any SIEM tool. - This position is based at our Bengaluru office. - A 15 years full time education is required. 15 years full time education

Job Title: SOC Analyst with Python Knowledge (Fresher Level) Location: Indore Experience: 0–1 year Employment Type: Full-Time Job Summary: We are looking for a motivated and technically skilled fresher to join our cybersecurity team as a SOC Analyst with Python expertise . The ideal candidate should have a strong understanding of cybersecurity principles and hands-on experience with Python scripting to automate tasks and analyze data. This is an excellent opportunity for someone eager to kickstart a career in cybersecurity and grow in a dynamic, fast-paced environment. Key Responsibilities: Monitor security alerts and events using SIEM tools and escalate threats as per defined protocols Perform initial analysis of security incidents and assist in threat detection and incident response Create and enhance Python scripts for log parsing, automation, alerting, and data analysis Assist in implementing security use cases and correlating logs for detection Prepare daily/weekly reports and dashboards from SOC tools Stay updated with the latest cybersecurity threats and trends Collaborate with senior analysts and support investigation of incidents Required Skills and Qualifications: Bachelor’s degree in Computer Science, IT, Cybersecurity, or related field Knowledge of SOC operations, SIEM tools (e.g., Splunk, QRadar, ArcSight), IDS/IPS, and basic incident response workflow Strong hands-on experience in Python scripting (file handling, APIs, data analysis, etc.) Understanding of networking protocols, logs (Windows, Linux, firewall, etc.), and cyber threat landscape Analytical thinking with strong problem-solving skills Good communication and documentation skills Preferred (Good to Have): Any internship or academic project related to SOC or security analysis Exposure to Linux command line and log management Basic knowledge of MITRE ATT&CK or cyber kill chain Job Type: Full-time Pay: ₹15,000.00 - ₹17,000.00 per month Benefits: Cell phone reimbursement Paid time off Provident Fund Work Location: In person

Company Description Aguna Solutions is an IT services company that leverages the power of technology to build better futures for our customers, colleagues, environment, and communities. We focus on modernizing operations and driving innovations through Robotics Process Automation, Product Development, Custom Development, Cyber/Information Security, Cloud services, Consulting, Implementation, Support, and Business Intelligence. Our mission is to fuel the future of digital innovation through inspired creativity, breaking free from traditional software, security, and systems limitations. Located at the nexus of Innovation and Engineering, we are committed to delivering high-quality services managed by proven processes and models. Role Description We are seeking a highly skilled and self-driven Cybersecurity Specialist with hands-on experience in Imperva Database Activity Monitoring (DAM) to join our security operations team. The ideal candidate will have deep expertise in deploying, configuring, and troubleshooting Imperva DAM solutions, along with broad knowledge of various other enterprise security tools. The role requires strong problem-solving abilities, attention to detail, and a proactive mindset for enhancing our security posture. Job Responsibilities Install, configure, and manage Imperva DAM across diverse environments. Perform ongoing administration, health checks, and tuning of Imperva systems. Develop and maintain security policies, rulesets, and custom alerts within Imperva DAM. Work closely with DBAs, system admins, and compliance teams to support audit and monitoring requirements. Troubleshoot and resolve performance, connectivity, and configuration issues related to security tools. Deploy and support other security tools such as SIEMs, vulnerability scanners, endpoint security platforms, firewalls, etc. Maintain detailed technical documentation, SOPs, and architectural diagrams. Stay current with emerging threats, vulnerabilities, and best practices in data protection and security monitoring. Assist in incident response and investigations involving data access or database-related threats. Required Qualifications 3+ years of experience in cybersecurity, with 2+ years of hands-on work with Imperva DAM . Strong understanding of database environments (Oracle, SQL Server, MySQL, etc.) and how DAM integrates with them. Proven experience in installation, configuration, upgrade, and troubleshooting of security tools in enterprise environments. Working knowledge of Linux and Windows systems. Familiarity with SIEM (e.g., Splunk, QRadar), endpoint protection (e.g., CrowdStrike, SentinelOne), and vulnerability scanners (e.g., Qualys, Nessus). Strong scripting skills (e.g., Shell, PowerShell, Python) are a plus. Excellent communication, documentation, and analytical skills. Preferred Qualifications Imperva Certified Implementation Specialist (if applicable). Experience with cloud deployments (AWS, Azure) of security tools. Prior experience supporting GRC/audit requirements (e.g., PCI-DSS, SOX). Knowledge of database security best practices and insider threat detection.

We are looking for a skilled professional with 6-9 years of experience to join our team as an SIEM specialist. The ideal candidate will have a strong background in security information and event management. Roles and Responsibility Design, implement, and manage SIEM systems to ensure the security and integrity of our organization's data. Develop and maintain dashboards and reports to provide insights into security threats and trends. Collaborate with cross-functional teams to identify and mitigate potential security risks. Conduct regular vulnerability assessments and penetration testing to identify weaknesses. Analyze log files and system logs to detect anomalies and suspicious activity. Develop and enforce security policies and procedures to ensure compliance with industry standards. Job Requirements Strong understanding of security principles and technologies such as firewalls, intrusion detection systems, and encryption. Experience with SIEM tools such as Splunk, LogRhythm, or QRadar. Excellent analytical and problem-solving skills with attention to detail. Ability to work effectively in a fast-paced environment and meet deadlines. Strong communication and collaboration skills to work with technical and non-technical stakeholders. Familiarity with industry standards and regulations related to security such as HIPAA, PCI-DSS, or NIST.

Immediate Job Openings on Security Analyst _ Gurgaon_ Contract Experience 4+ Years Skills Security Analyst Location Gurgaon Notice Period Immediate . Employment Type Contract Work Mode WFO 1. 4 to 8 years of exp in Security Analyst. 2. 2 to 3 Years of exp in Fine-tune SIEM rules to reduce false positive and remove false negatives. 3. Good exp in SOC (Security Operation Center)

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Platform Engineering Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a skilled Security Engineer with expertise in Google Chronicle SIEM, parser development, and foundational knowledge of cybersecurity. The ideal candidate will be responsible for analyzing security data and logs, ensuring accurate aggregation, normalization, tagging, and classification. You will work closely with log sources, particularly security and networking devices, to enhance our security monitoring capabilities. Roles & Responsibilities:Conduct security and data/log analysis, focusing on the aggregation, normalization, tagging, and classification of logs.Research, analyze, and understand log sources for security monitoring, with a particular focus on security and networking devices such as firewalls, routers, antivirus products, proxies, IDS/IPS, and operating systems.Validate log sources and indexed data, optimizing search criteria to improve search efficiency.Utilize automation tools to build and validate log collectors for parsing aggregated logs. Professional & Technical Skills: Proficiency in log analysis and SIEM tools, including but not limited to Google Chronicle, Splunk, ArcSight, and QRadar. Experience in SIEM content creation and reporting is essential.Strong experience in manual security log review and analysis, such as Windows Event Log and Linux Syslog, including incident classification, investigation, and remediation.Solid understanding of multiple attack vectors, including malware, Trojans, exploit kits, ransomware, phishing techniques, and APTs, as well as familiarity with attack techniques outlined in the OWASP Top 10.Knowledge of security and networking devices, including firewalls, routers, antivirus products, proxies, IDS/IPS, and operating systems.TCP/IP networking skills for packet and log analysis.Experience working with Windows and Unix platforms.Familiarity with databases is an advantage.Experience in GCP, AWS and Azure environments is a plus. Additional Information:- The candidate should have minimum 5 years of experience in Security Platform Engineering.- This position is based at our Pune office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Information and Event Management (SIEM), Splunk Security Information and Event Management (SIEM) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are looking for a proactive and detail-oriented SOC Analyst (Incident Response) to join our Security Operations Center (SOC) team. In this role, you will be responsible for detecting, analyzing, and responding to cybersecurity incidents using a combination of technology solutions and processes. Roles & Responsibilities:- Monitor security alerts and events from various sources (SIEM, EDR, firewall logs, IDS/IPS, etc.) to detect potential security incidents.- Triage, investigate, and respond to incidents following standard operating procedures (SOPs) and incident response playbooks.- Perform in-depth analysis of security incidents to identify root causes, scope, and impact.- Escalate complex incidents to appropriate stakeholders and support containment, eradication, and recovery efforts.- Work with internal teams and external partners to contain and remediate threats.- Contribute to continuous improvement of detection capabilities and IR processes.- Maintain incident documentation and provide detailed reports post-incident.- Stay current with emerging threats, vulnerabilities, and incident response best practices. Professional & Technical Skills: - 25 years of experience in a Security Operations Center (SOC) or similar cybersecurity role.- Strong understandin of security technologies such as SIEM, EDR, IDS/IPS, firewalls, and antivirus.- Experience with incident detection, triage, analysis, and response.- Familiarity with MITRE ATT&CK framework and other threat models.- Knowledge of operating systems (Windows/Linux), networking protocols, and cloud environments.- Strong analytical and problem-solving skills.- Excellent verbal and written communication skills.- Industry certifications such as CEH, GCIH, GCIA, or CompTIA Security+ are a plus. Additional Information:- The candidate should have minimum 3 years of experience in Splunk, QRadar or any SIEM tool.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Solution Architect Project Role Description : Translate client requirements into differentiated, deliverable solutions using in-depth knowledge of a technology, function, or platform. Collaborate with the Sales Pursuit and Delivery Teams to develop a winnable and deliverable solution that underpins the client value proposition and business case. Must have skills : Solution Architecture Good to have skills : Security Architecture DesignMinimum 12 year(s) of experience is required Educational Qualification : Minimum BE BTech from a reputed university Summary :As a Solution Architect, you will translate client requirements into differentiated, deliverable solutions using in-depth knowledge of a technology, function, or platform. Collaborate with the Sales Pursuit and Delivery Teams to develop a winnable and deliverable solution that underpins the client value proposition and business case. To design and deploy cyber security solutions in on-premises and public cloud infrastructure for large scale technology projects such as data lake, digital platform, and other core business and supporting applications Cyber Security Architect Roles & Responsibilities:-SPOC for cyber security design and deployment for any designated projects-Take full accountability of design of cyber security domain including network connectivity to various entities such as on-premises data centers and partner networks -Take ownership of design related issues and challenges and drive for solutions working with various internal teams and third-party solution providers such as OEMs and technology partners-Define and develop high level operating procedures for seamless operations of the project-Support transition of projects from deployment to operations-Anchor design and implementation of cyber security components-Be a SPOC for all cyber security initiatives in existing project and able to navigate through the clients landscape to upsell new initiatives in infrastructure space or able to pave ways for upselling value-driven initiatives for the client in other related domains such as application modernization, network transformation, and information security.-Lead the teams across various security solutions and thrive for upskilling and cross skilling to rationalize the resources across the towers and across the clients.-Introduce innovative solutions such as automation to increase productivity and improve service delivery quality -Participate in architecture and design review and approval forums to ensure the design principles are adhered to for any changes in the existing landscape or any new initiatives being rolled out in the existing landscape-Participate in client account planning and discussions to ensure security level initiatives are accounted for and issues are escalated to the right leaders for resolution-Build strong relationships with all client stakeholders and Accenture project teams for effective collaboration and outcomes Professional & Technical Skills: -Must have:-Hands-on Architecture and Design skills for SIEM, SOAR, UEBA, and cyber security-operations in on-premises data centers and public cloud-Strong experience working in Splunk, Palo Alto, and other leading OEMs in security domain-Strong Communication skills-Ability to drive discussions and ideas with clients senior leadership forums-Problem solving skills-Good to have-TOGAF or any equivalent certification in enterprise Security Architecture Additional Information:-Total IT experience of minimum 15 years; and-Minimum 4 years of experience in design and deployment of cyber security solutions in public cloud infrastructure (anyone from AWS, Azure, GCP, and OCI)-Minimum 10 years of experience in design and deployment of cyber security in on-premises infrastructure (SIEM, SOAR, UEBA, and cyber security operations)- This position is based at our Mumbai office.- A Minimum BE BTech from a reputed university is required. Qualification Minimum BE BTech from a reputed university

This role is for one of Weekday's clients Min Experience: 9 years Location: Mumbai JobType: full-time Requirements Experience & Skills Required: 10+ years in cybersecurity roles, with 7+ years in threat hunting, incident response, or SOC Proficient in SIEMs (Splunk, Sentinel, QRadar), XDR/EDR tools (CrowdStrike, Carbon Black) Strong scripting skills (Python, PowerShell) for automation Deep understanding of Windows, Linux, and network protocols Familiar with MITRE ATT&CK, Cyber Kill Chain, Diamond Model Experience with APT groups, threat actor TTPs, and threat intel correlation Skilled in analyzing telemetry, detecting anomalies, and identifying threats Strong communication and reporting skills. Key Responsibilities: Lead proactive threat hunts using telemetry from endpoints, networks, and systems Develop hypotheses and analyze logs, alerts, and packet data to detect threats Collaborate with SOC, IR, and threat intel teams to improve detection and response Build and tune custom detection logic in SIEM and EDR platforms Provide clear reports and briefings to management with risk-based findings Continuously enhance hunting methodologies, tools, and frameworks Track emerging threats and incorporate them into hunting practices Deliver monthly reports and demonstrate the ROI of the threat hunting program

Job Description Lead the design and deployment of scalable security automation workflows and playbooks in Cortex XSOAR (or equivalent platforms such as Splunk SOAR, Siemplify, etc.). Serve as technical owner of the SOAR platform, managing connectors, integrations, performance monitoring, version control, and upgrades. Build custom automations using Python scripts, decision logic, and API integrations to support alert enrichment, containment, and notification tasks. Architect integrations with SIEMs (e.g., Splunk, QRadar), EDR, threat intel feeds (e.g., Anomali, VirusTotal), ticketing systems (e.g., ServiceNow, Jira), and other tools. Drive automation of incident response (IR) use cases including phishing, malware, lateral movement, data exfiltration, insider threats, and vulnerability exploitation. Partner with SOC, threat intelligence, and cloud security teams to identify automation opportunities and translate them into technical solutions. Optimize SOAR playbooks to reduce mean time to detect (MTTD) and respond (MTTR) while maintaining reliability and resilience. Mentor junior automation engineers and provide code reviews, best practices, and process guidance. Contribute to development of automation standards, security engineering roadmaps, and cross-team documentation. Stay abreast of emerging SOAR trends, threat landscapes, and new platform features. Required Qualifications: 3+ years specifically working with SOAR platforms—Cortex XSOAR strongly preferred; Splunk SOAR, Siemplify, or Chronicle SOAR also acceptable. Strong scripting experience in Python, especially within automation workflows. Proven expertise in integrating security tools using REST APIs, Python SDKs, and platform connectors. In-depth understanding of SOC operations, incident lifecycle, and security best practices (MITRE ATT&CK, NIST, etc.). Familiarity with SIEM platforms (e.g., Splunk) and threat intelligence enrichment techniques. Experience with version control (Git), CI/CD pipelines, and structured testing of automation code. Demonstrated ability to lead complex automation initiatives and work independently with minimal guidance. Strong written and verbal communication skills, especially in cross-functional team environments.

About Gruve Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks. Position Summary We are looking for a skilled Software Engineer with 3-5 years of experience in Java development, SaaS architectures, and cybersecurity solutions. You will play a key role in designing and implementing scalable security applications while following best practices in secure coding and cloud-native development. Key Responsibilities Develop and maintain scalable, secure software solutions using Java. Build and optimize SaaS-based cybersecurity applications, ensuring high performance and reliability. Collaborate with cross-functional teams including Product Management, Security, and DevOps to deliver high-quality security solutions. Design and implement security analytics, automation workflows and ITSM integrations. Basic Qualifications A bachelor’s or master’s degree in computer science, electronics engineering or a related field 3-5 years of experience in software development using Java. Experience with cloud platforms (AWS, GCP, or Azure) and microservices architectures. Proficiency in containerization and orchestration tools (Docker, Kubernetes). Knowledge of DevSecOps principles, CI/CD, and infrastructure-as-code tools (Terraform, Ansible). Preferred Qualifications Exposure to cybersecurity solutions, including SIEM (Splunk, ELK, QRadar) and SOAR (XSOAR, Swimlane). Familiarity with machine learning or AI-driven security analytics. Strong problem-solving skills and ability to work in an agile, fast-paced environment. Why Gruve At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you’re passionate about technology and eager to make an impact, we’d love to hear from you. Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.

At Securonix, we’re on a mission to secure the world by staying ahead of cyber threats, reinforcing all layers of our platform with AI capabilities. Our Securonix Unified Defense SIEM provides organizations with the first and only AI-Reinforced solution built with a cybersecurity mesh architecture on a highly scalable data cloud. Enhanced by Securonix EON’s AI capabilities, our innovative cloud-native solution delivers a seamless CyberOps experience, empowering organizations to scale their security operations and keep up with evolving threats. Recognized as a five-time leader in the Gartner Magic Quadrant for SIEM and highly rated on Gartner Peer Insights, our award-winning Unified Defense SIEM provides organizations with 365 days of ‘hot’ data for rapid search and investigation, threat content-as-a-service, proactive defense through continuous peer and partner collaboration, and a fully integrated Threat Detection, Investigation, and Response (TDIR) experience—all within a single platform. Built on a cloud-native architecture, the platform leverages the Snowflake Data Cloud for unparalleled scalability and performance. Securonix is proud to be a cybersecurity unicorn and featured in CRN's 2024 Security 100 list. Backed by Vista Equity Partners, one of the largest private equity firms with over $100 billion in assets under management, we have a unique advantage in driving innovation and growth. With a global footprint, we serve more than 1,000 customers worldwide, including 10% of the Fortune 100. Our network of 150+ partners and Managed Security Service Providers (MSSPs) enables us to deliver unmatched security solutions on a global scale. At Securonix, we are driven by our core values and place our people at the heart of everything we do: Winning as One Team: We work together with universal respect to achieve aligned outcomes Customer Driven Innovation: We innovate to stay ahead of the market and create value for our customers Agility in Action: We embrace change and are unified in our purpose and objectives amidst change Join us as we redefine cybersecurity, innovate fearlessly, and grow together as one team. Role Summary: The SIEM Engineer III position is an integral part of our Professional Services team. In this role, you will work with our customers , supporting our mission to help them quickly and completely adopt our Security Operating Platform, leaving them more secure. This is a highly technical, hands-on role that will focus on architecting, planning, implementing, and operationalizing the SIEM platform. The ideal candidate will have a demonstrated understanding of information security and networking and extensive experience interacting with customers. Securonix Next-Gen SIEM and UEBA experience, although desired, is not required, but the candidate must have SIEM and SOAR software expertise and be willing to train on the Securonix platform and products. Primary Responsibility: Lead end-to-end SIEM implementation or integrations in a customer environment. Understand customer business requirements and the threat landscape applicable to their industry’s vertical sector to develop tailored use cases for security and Incident monitoring. Coordinate with customers to deploy collectors and agents in the on-premises network for data collection and forwarding. Work with customers to design and implement secure data flow into the Securonix cloud, following industry-standard best practices. Coordinate with service delivery managers, management, engineering, maintenance, and operational support teams to ensure timely delivery. Develop content, use cases, data models, dashboards, and connectors to support custom user requirements. Troubleshooting end-to-end network and infrastructure issues during data onboarding. Deploy and integrate the Securonix SOAR solution with the customer infrastructure for response orchestration. Engage with customers and internal product development teams to gather user requirements, suggest new product features, and help improve existing ones. Training and enabling customers and partners for successful adoption. Minimum Requirements: 5+ years of experience in information security and SIEM field. Strong understanding of SIEM solutions such as Splunk, Qradar, ArcSight, Logrhythm and Exabeam. Experience deploying SIEM across multiple customers. Good understanding of MITRE ATT&CK matrices, kill chains and other attack models. Strong communication skills and customer facing experience. Strong knowledge of scripting languages such as Python, Powershell. Industry certifications such as CISSP, CISM Preferred: BS in Computer Science, Information Systems, CyberSecurity 3-4+ years of experience in UEBA deployment Working knowledge of Machine learning in cybersecurity Working knowledge of cloud technologies such as Amazon, Azure and Google Good understanding of log collection methodologies and aggregation techniques such as Syslog-NG, syslog, Nxlog, Windows Event Forwarding Good understanding of Hadoop ecosystem and Apache technologies. Experience integrating endpoint security and host-based intrusion detection solutions Experience with network forensics and toolsets such as Wireshark, PCAP, tcpdump Benefits: As a full-time employee with Securonix, you will be eligible for the following employee benefits: Health Insurance with a total sum insured is INR 7,50,000 Coverage: Self, Spouse, 2 kids, Dependent parents, or parents-in-law Personal Accident with total sum insured is INR 10,00,000 Term Life Insurance with a sum assured for employees is 5 times fixed base pay is covered. Securonix provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state and local laws. Securonix complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including hiring, placement, promotion, termination, layoff, recall, and transfer, leaves of absence, compensation and training. Securonix expressly prohibits any form of unlawful employee harassment based on race, color, religion, gender, sexual orientation, national origin, age, genetic information, disability or veteran status. Improper interference with the ability of Securonix employees to perform their expected job duties is absolutely not tolerated. Headhunters and recruitment agencies may not submit candidates through this application. Securonix does not accept unsolicited headhunter and agency submissions for candidates and will not pay fees to any third-party agency without a prior agreement with Securonix.

At Securonix, we’re on a mission to secure the world by staying ahead of cyber threats, reinforcing all layers of our platform with AI capabilities. Our Securonix Unified Defense SIEM provides organizations with the first and only AI-Reinforced solution built with a cybersecurity mesh architecture on a highly scalable data cloud. Enhanced by Securonix EON’s AI capabilities, our innovative cloud-native solution delivers a seamless CyberOps experience, empowering organizations to scale their security operations and keep up with evolving threats. Recognized as a five-time leader in the Gartner Magic Quadrant for SIEM and highly rated on Gartner Peer Insights, our award-winning Unified Defense SIEM provides organizations with 365 days of ‘hot’ data for rapid search and investigation, threat content-as-a-service, proactive defense through continuous peer and partner collaboration, and a fully integrated Threat Detection, Investigation, and Response (TDIR) experience—all within a single platform. Built on a cloud-native architecture, the platform leverages the Snowflake Data Cloud for unparalleled scalability and performance. Securonix is proud to be a cybersecurity unicorn and featured in CRN's 2024 Security 100 list. Backed by Vista Equity Partners, one of the largest private equity firms with over $100 billion in assets under management, we have a unique advantage in driving innovation and growth. With a global footprint, we serve more than 1,000 customers worldwide, including 10% of the Fortune 100. Our network of 150+ partners and Managed Security Service Providers (MSSPs) enables us to deliver unmatched security solutions on a global scale. At Securonix, we are driven by our core values and place our people at the heart of everything we do: Winning as One Team: We work together with universal respect to achieve aligned outcomes Customer Driven Innovation: We innovate to stay ahead of the market and create value for our customers Agility in Action: We embrace change and are unified in our purpose and objectives amidst change Join us as we redefine cybersecurity, innovate fearlessly, and grow together as one team. Role Summary: The SIEM Engineer III position is an integral part of our Professional Services team. In this role, you will work with our customers , supporting our mission to help them quickly and completely adopt our Security Operating Platform, leaving them more secure. This is a highly technical, hands-on role that will focus on architecting, planning, implementing, and operationalizing the SIEM platform. The ideal candidate will have a demonstrated understanding of information security and networking and extensive experience interacting with customers. Securonix Next-Gen SIEM and UEBA experience, although desired, is not required, but the candidate must have SIEM and SOAR software expertise and be willing to train on the Securonix platform and products. Primary Responsibility: Lead end-to-end SIEM implementation or integrations in a customer environment. Understand customer business requirements and the threat landscape applicable to their industry’s vertical sector to develop tailored use cases for security and Incident monitoring. Coordinate with customers to deploy collectors and agents in the on-premises network for data collection and forwarding. Work with customers to design and implement secure data flow into the Securonix cloud, following industry-standard best practices. Coordinate with service delivery managers, management, engineering, maintenance, and operational support teams to ensure timely delivery. Develop content, use cases, data models, dashboards, and connectors to support custom user requirements. Troubleshooting end-to-end network and infrastructure issues during data onboarding. Deploy and integrate the Securonix SOAR solution with the customer infrastructure for response orchestration. Engage with customers and internal product development teams to gather user requirements, suggest new product features, and help improve existing ones. Training and enabling customers and partners for successful adoption. Minimum Requirements: 5+ years of experience in information security and SIEM field. Strong understanding of SIEM solutions such as Splunk, Qradar, ArcSight, Logrhythm and Exabeam. Experience deploying SIEM across multiple customers. Good understanding of MITRE ATT&CK matrices, kill chains and other attack models. Strong communication skills and customer facing experience. Strong knowledge of scripting languages such as Python, Powershell. Industry certifications such as CISSP, CISM Preferred: BS in Computer Science, Information Systems, CyberSecurity 3-4+ years of experience in UEBA deployment Working knowledge of Machine learning in cybersecurity Working knowledge of cloud technologies such as Amazon, Azure and Google Good understanding of log collection methodologies and aggregation techniques such as Syslog-NG, syslog, Nxlog, Windows Event Forwarding Good understanding of Hadoop ecosystem and Apache technologies. Experience integrating endpoint security and host-based intrusion detection solutions Experience with network forensics and toolsets such as Wireshark, PCAP, tcpdump Benefits: As a full-time employee with Securonix, you will be eligible for the following employee benefits: Health Insurance with a total sum insured is INR 7,50,000 Coverage: Self, Spouse, 2 kids, Dependent parents, or parents-in-law Personal Accident with total sum insured is INR 10,00,000 Term Life Insurance with a sum assured for employees is 5 times fixed base pay is covered. Securonix provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state and local laws. Securonix complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including hiring, placement, promotion, termination, layoff, recall, and transfer, leaves of absence, compensation and training. Securonix expressly prohibits any form of unlawful employee harassment based on race, color, religion, gender, sexual orientation, national origin, age, genetic information, disability or veteran status. Improper interference with the ability of Securonix employees to perform their expected job duties is absolutely not tolerated. Headhunters and recruitment agencies may not submit candidates through this application. Securonix does not accept unsolicited headhunter and agency submissions for candidates and will not pay fees to any third-party agency without a prior agreement with Securonix.

Position: Cybersecurity Enterprise Sales – SIEM Engineering Focus Experience : 8+ Location: Hyderabad/Bangalore/Mumbai Role Overview: We are seeking a dynamic and results-driven Cybersecurity Enterprise Sales professional to join our team. This role is focused on selling advanced cybersecurity solutions, including SIEM, SOAR, and Adaptive MDR offerings, to mid-to-large enterprises. The ideal candidate will have a strong foundation in cybersecurity operations, particularly SIEM engineering, and a proven track record in enterprise technology sales Key Responsibilities: • Develop and execute a strategic sales plan to meet and exceed quarterly and annual sales targets. • Identify, qualify, and pursue new business opportunities in enterprise accounts. • Conduct engaging product presentations and solution demonstrations to prospective clients. • Understand customer security needs and map solutions accordingly, with a focus on SIEM, SOAR, and MDR. • Lead contract negotiations and close deals. • Build and maintain long-term relationships with key stakeholders and channel partners. • Stay current on the latest cybersecurity trends and emerging technologies. • Collaborate with internal technical and product teams to align solutions with customer needs. Required Qualifications: • Bachelor's degree in Business, Computer Science, Information Security, or a related field. • 8+ years of experience in cybersecurity sales, with a focus on enterprise customers. • Hands-on understanding of SIEM tools (e.g., Splunk, IBM QRadar, Securonix) and security operations workflows. • Proven ability to meet or exceed sales targets in a complex, solution-oriented environment. • Excellent communication, presentation, and negotiation skills. • Self-starter with the ability to work independently and cross-functionally Preferred Skills: • Experience selling MDR, SIEM, SOAR, or AI-driven security solutions. • Familiarity with SaaS security platforms and cloud security posture management. • Background in threat detection, incident response, or SIEM engineering is a strong plus

Our purpose is to enable our customers to defend against the evolving threat landscape across on-premises, private cloud, public cloud and multi-cloud workloads. Our goal is to go beyond traditional security controls to deliver cloud-native, DevOps-centric and fully integrated 24x7x365 cyber defence capabilities that deliver a proactive , threat-informed , risk-based , intelligence-driven approach to detecting and responding to threats. Our mission is to help our customers: Defend against new and emerging risks that impact their business. Reduce their attack surface across private cloud, hybrid cloud, public cloud, and multi-cloud environments. Reduce their exposure to risks that impact their identity and brand. Develop operational resilience. Maintain compliance with legal, regulatory and compliance obligations. What were looking for To support our continued success and deliver a Fanatical Experience to our customers, Rackspace Cyber Defence is looking for an Indian based Security Engineer, with a specialism in Endpoint Security to support Rackspaces strategic customers. This role is particularly well-suited to a self-starting, experienced and motivated Sr. Security Engineer, who has a proven record of accomplishment in the design, delivery, management, operation and continuous improvement of enterprise-level Endpoint Security platforms or delivering Managed Endpoint Detection & Response (EDR) services to customers. The primary focus will be on the design, implementation, management, operation and continuous improvement of cloud-native Endpoint Detection & Response (EDR) platforms such as Crowdstrike Falcon or Microsoft Defender for Endpoint; used by the Rackspace Cyber Defence Center to deliver managed security services to our customers. You will also be required to liaise closely with the customers key stakeholders, which may include incident response and disaster recovery teams as well as information security. Skills & Experience Should have 8+ years experience in Security Engineering. Experience working in either large, enterprise environments or managed security services environments with a focus on Endpoint Detection & Response. Experience of working with cloud native Endpoint Security and Endpoint Detection & Response (EDR) tools such as Crowdstrike, Microsoft Defender for Endpoint and/or Microsoft Defender for Cloud. Experience of working in two (or more) of the following additional security domains: SIEM platforms such as Microsoft Sentinel (preferred), Google Chronicle, Splunk, QRadar, LogRhythm, Securonix etc. AWS (Amazon Web Services) Security Hub including AWS Guard Duty, AWS Macie, AWS Config and AWS CloudTrail . Experience of analysing malware and email headers, and has skills in network security, intrusion detection and prevention systems; operating systems; risk identification and analysis; threat identification and analysis and log analysis. Experience of security controls, such as network access controls; identity, authentication, and access management controls (IAAM); and intrusion detection and prevention controls. Knowledge of security standards (good practice) such as NIST, ISO27001, CIS (Center for Internet Security), OWASP and Cloud Controls Matrix (CCM) etc. Knowledge of scripting and coding with languages such as Terraform, python, javascript, golang, bash and/or powershell. Knowledge of Malware reverse engineering, threat detection and threat hunting. Computer science, engineering, or information technology related degree (although not a strict requirement) Holds one, or more, of the following certificates (or equivalent): - Microsoft Certified: Azure Security Engineer Associate (AZ500) Microsoft Certified: Security Operations Analyst Associate (SC-200) Systems Security Certified Practitioner (SSCP) Certified Cloud Security Professional (CCSP) GIAC Certified Incident Handler (GCIH) GIAC Security Operations Certified (GSOC) CrowdStrike admin Certified A highly self-motivated and proactive individual who wants to learn and grow and has an attention to detail. A great analyser, trouble-shooter and problem solver who understands security operations, programming languages and security architecture. Highly organised and detail oriented. Ability to prioritise, multitask and work under pressure. An individual who shows a willingness to go above and beyond in delighting the customer. A good communicator who can explain security concepts to both technical and non-technical audiences. Key Accountabilities Ensure the Customers operational and production environment remains healthy and secure at all the times. Assist with customer onboarding customer/device onboarding, policy configuration, platform configuration and service transition to security operations team(s). Advance platform administration. Critical platform incident handling & closure. As an SME, act as an L3 escalation and point of contact for SecOps Analysts during an incident response process As an SME, act as a champion and centre of enablement by delivering training, coaching and thought leadership across Endpoint Security and Endpoint Detection & Response. Develop and document runbooks, playbooks and knowledgebase articles that drive best practice across teams. Drive continuous improvement of Rackspace Managed EDR services through custom development, automation and integration; in collaboration with SecOps Engineering and other Security Engineering team(s) Maintain close working relationships with relevant teams and individual key stakeholders, such as incident response and disaster recovery teams as well as information security etc. Co-ordinate with vendor for issue resolution. Required to work flexible timings.

Role Overview The OT Security Analyst – Level 2 (L2) plays a pivotal role in defending operational technology (OT) environments against evolving cyber threats. This role requires a deep understanding of security incident analysis, threat detection, and incident response, specifically tailored to Industrial Control Systems (ICS) and OT networks. The analyst will investigate complex security incidents within the OT infrastructure, collaborate with IT/OT teams, and enhance security posture through actionable insights. ________________________________________ Key Responsibilities Conduct in-depth analysis of security events and incidents within OT environments, leveraging SIEM and OT-specific monitoring tools. Perform root cause analysis and develop incident timelines to support forensics and remediation efforts. Apply standard incident response frameworks (e.g., NIST, MITRE ATT&CK for ICS, Cyber Kill Chain) for threat classification and response. Use threat intelligence platforms and sandbox environments to investigate malware and suspicious artifacts in OT networks. Analyze access logs, network traffic, and protocol behaviours across OT systems (e.g., SCADA, DCS, PLCs). Support investigations related to unauthorized device communications, anomalous behaviours, or compromised industrial assets. Collaborate with OT security engineers and external vendors to escalate and remediate incidents. Refine alert rules and detection logic to reduce false positives and improve signal-to-noise ratio in OT SOC operations. Document incident findings and support continuous improvement of the OT SOC playbooks and knowledgebase. Liaise with the IT SOC and CIR (Cyber Incident Response) teams to align incident handling and cross-domain investigations. Participate in threat hunting activities tailored for OT environments using behavioural analysis and attack-path simulation. ________________________________________ Technical Skills & Knowledge Strong understanding of OT/ICS protocols (Modbus, DNP3, OPC, etc.) and industrial network topologies. Hands-on experience with OT cybersecurity tools and platforms (e.g., Nozomi Networks, Claroty, Dragos). Familiar with ISA/IEC 62443, NIST SP 800-82, NIST CSF, and ISO 27001 compliance requirements for OT. Proficiency in using SIEM systems (e.g., Microsoft Sentinel, Splunk, QRadar) for log correlation and event triage. Understanding of firewalls, WAFs, proxies, and network segmentation principles in OT. Working knowledge of tools such as THOR Scanner, VMRay, or Recorded Future is a plus. Experience in vulnerability management and patch advisory for OT assets with limited patch cycles. ________________________________________ Nice To Have Exposure to Red Team/Blue Team exercises focused on OT/ICS. Familiarity with GRC platforms and risk assessment tools tailored to OT.

Overview: We are looking for a skilled SIEM Administrator to manage and maintain Security Information and Event Management (SIEM) solutions such as Innspark , LogRhythm , or similar tools. This role is critical to ensuring effective security monitoring, log management, and event analysis across our systems. Key Responsibilities: Design, deploy, and manage SIEM tools (e.g., Innspark, LogRhythm, Splunk). Develop and maintain correlation rules, s, dashboards, and reports. Integrate logs from servers, network devices, cloud services, and applications. Troubleshoot log collection, parsing, normalization, and event correlation issues. Work with security teams to improve detection and response capabilities. Ensure SIEM configurations align with compliance and audit requirements. Perform routine SIEM maintenance (e.g., patching, upgrades, health checks). Create and maintain documentation for implementation, architecture, and operations. Participate in evaluating and testing new SIEM tools and features. Support incident response by providing relevant event data and insights. Required Qualifications: Bachelor's degree in Computer Science, Information Security, or related field. 3+ years of hands-on experience with SIEM tools. Experience with Innspark, LogRhythm, or other SIEM platforms (e.g., Splunk, QRadar, ArcSight). Strong knowledge of log management and event normalization. Good understanding of cybersecurity concepts and incident response. Familiarity with Windows/Linux OS and network protocols. Scripting knowledge (e.g., Python, PowerShell) is a plus. Strong troubleshooting, analytical, and communication skills. Industry certifications (CEH, Security+, SSCP, or vendor-specific) are a plus. Key Skills: SIEM Tools (Innspark, LogRhythm, Splunk) Troubleshooting Log Management & Analysis Scripting (optional) Security Monitoring Skills Siem,Splunk,Troubleshooting Required Skills Siem,Splunk,Troubleshooting

Overview: We are looking for a skilled SIEM Administrator to manage and maintain Security Information and Event Management (SIEM) solutions such as Innspark , LogRhythm , or similar tools. This role is critical to ensuring effective security monitoring, log management, and event analysis across our systems. Key Responsibilities: Design, deploy, and manage SIEM tools (e.g., Innspark, LogRhythm, Splunk). Develop and maintain correlation rules, s, dashboards, and reports. Integrate logs from servers, network devices, cloud services, and applications. Troubleshoot log collection, parsing, normalization, and event correlation issues. Work with security teams to improve detection and response capabilities. Ensure SIEM configurations align with compliance and audit requirements. Perform routine SIEM maintenance (e.g., patching, upgrades, health checks). Create and maintain documentation for implementation, architecture, and operations. Participate in evaluating and testing new SIEM tools and features. Support incident response by providing relevant event data and insights. Required Qualifications: Bachelor's degree in Computer Science, Information Security, or related field. 3+ years of hands-on experience with SIEM tools. Experience with Innspark, LogRhythm, or other SIEM platforms (e.g., Splunk, QRadar, ArcSight). Strong knowledge of log management and event normalization. Good understanding of cybersecurity concepts and incident response. Familiarity with Windows/Linux OS and network protocols. Scripting knowledge (e.g., Python, PowerShell) is a plus. Strong troubleshooting, analytical, and communication skills. Industry certifications (CEH, Security+, SSCP, or vendor-specific) are a plus. Key Skills: SIEM Tools (Innspark, LogRhythm, Splunk) Troubleshooting Log Management & Analysis Scripting (optional) Security Monitoring Skills Siem,Splunk,Troubleshooting Required Skills Siem,Splunk,Troubleshooting

Introduction At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk. Your Role And Responsibilities The Security Analyst monitors security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity, escalate to managed service support teams, tier2 information security specialists, and/or customer as appropriate to perform further investigation and resolution. Good knowledge of SIEM, SIEM Architecture, SIEM health check. Audit the SIEM in the customer environment. Troubleshoot issues regarding SIEM and other SOC tools. Good verbal/written communication skills. Build of use case for the customer. Data archiving and backup and data purging configuration as per need and compliance. Raising change management tickets for SOC Administration activities like Patch upgrade for SIEM, onboarding log sources etc. Helping L3 and L1 with required knowledge base details and basic documentations. Co-ordination SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation. High ethics, ability to protect confidential information. Troubleshooting at device and connector/agent end to fix the anomaly reported by other team and observed on day to day basis. Building of incident reports, advisories and review if SLA has been met for Incident alerting and Incident closure. Update and maintain SOC knowledge base for new security incidents and docs. Creation of daily status report sheet and submit to SOC manager for review. Review advisories and make necessary detection measures. Provide analysis and trending of security log data from a large number of security devices. Troubleshooting non-reporting devices fix and maintain device status. Working with OEM (Tool support) in a way to resolve the issue or incident raised. Administration of Windows and Unix servers. Ready to work on 24/7 shifts to support client requirement. Preferred Education Bachelor's Degree Required Technical And Professional Expertise 2 Years of Experience in SOC monitoring and investigation. Audit the SIEM in the customer environment. Troubleshoot issues regarding SIEM and other SOC tools. Build of use case for the customer. Data archiving and backup and data purging configuration as per need and compliance. Helping L3 and L1’s with required knowledge base details and basic documentations. Co-ordination with SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation. Troubleshooting at device and connector/agent end to fix the anomaly reported by other team and observed on day to day basis. Building of incident reports, advisories and review if SLA has been met for Incident alerting and Incident closure. Update and maintain SOC knowledge base for new security incidents and docs. Creation of daily status report sheet and submit to SOC manager for review. Review advisories and make necessary detection measures.\ Provide analysis and trending of security log data from a large number of security devices. Troubleshooting non-reporting devices fix and maintain device status. Working with OEM (Tool support) in a way to resolve the issue or incident raised. Administration of Windows and Unix servers. Building Parser for the SIEM using regex. Preferred Technical And Professional Experience Escalation point for L1’s and SOC Monitor team. Ability to drive call and summarizing it post discussion. Good Understanding of Firewall, IDP/IPS, SIEM functioning (Generalize HLD as well as LLD). Deep understanding on Windows, DB, Mail cluster, VM and Linux commands. Knowledge of network protocols TCP/IP and ports. Team Spirit and working ideas heading to resolution of issues. Qualifications like CISA, CISM, CISSP, CEH, SANS or any other recognized qualification in Cybersecurity (SIEM/Qradar certification) will be preferred. Thorough knowledge in SIEM tool and experience in networking, Cloud security experience will be preferred. SOC Senior Analyst experience with multiple customers.