119 Soar Jobs

Project Role : Security Delivery Lead Project Role Description : Leads the implementation and delivery of Security Services projects, leveraging our global delivery capability (method, tools, training, assets). Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are looking for an experienced SOC Lead to manage security operations, lead incident investigations, and handle client interactions. The ideal candidate has hands-on expertise with Microsoft Sentinel, strong knowledge of the MITRE ATT&CK framework, and experience with EDR, SOAR, and network log analysis. Roles & Responsibilities:-Lead day-to-day SOC operations and manage a team of analysts.-Perform in-depth investigations using Sentinel SIEM, SOAR tools, and threat intel.-Analyze logs from EDR, firewalls, and network devices.-Apply MITRE ATT&CK to enhance threat detection and response.-Design and tune Sentinel analytics, playbooks, and automation workflows.Collaborate directly with clients on incident response, reporting, and recommendations.-Mentor team members and improve SOC processes. :-6+ years in SOC, 2+ in a lead role.-Strong Sentinel and SOAR hands-on experience.-Solid grasp of EDR tools, threat hunting, and log analysis.-Excellent client communication and stakeholder management skills.-Certifications like SC-200, AZ-500, GCIH, or similar are a plus. Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Operations Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Level 2 SOC Analyst, your role involves deeper investigation of security alerts and confirmed incidents. You will validate escalated events using Sumo Logic and CrowdStrike Falcon, enrich them with context, and work closely with L3 analysts to assist in containment and timely remediation. You will also assist in improving detection fidelity and supporting SOAR automation. Roles & Responsibilities:-Intermediate Sumo Logic SIEM query and dashboarding skills-Alert Triage & Investigation:Experience investigating escalated alerts using SIEM or EDR-Hands-on experience with CrowdStrike EDR investigations-Incident Response and Containment:Take necessary actions to contain, eradicate and recover from security incidents.-Malware Analysis:Perform malware analysis using the sandboxing tools like CS etc.-SOAR Execution:Running and modifying basic playbooks in Sumo Logic SOAR-Incident Reporting and Documentation:Strong reporting skills with accurate detail capture to provide the RCA for the true positive security incidents with detailed documentation.-Communication & Collaboration:Send emails to request information, provide updates, and coordinate with different teams to ensure tasks are completed efficiently.-MITRE ATT&CK Mapping:Ability to classify incidents with tactics/techniques-Alert fine tuning recommendations to reduce false positive noise-Investigate alerts escalated by L1 to determine scope, impact, and root cause-Perform in-depth endpoint and network triage using CrowdStrike-Use CrowdStrike Falcon to perform endpoint analysis and threat validation-Correlate multiple log sources in Sumo Logic to trace attacker activity-Execute or verify SOAR playbooks for containment actions (isolate host, disable user)-Enrich events with asset, identity, and threat intelligence context-Document investigation workflows, evidence, and final conclusions-Support L3 during major incidents by performing log or memory triage-Suggest improvements in alert logic or SOAR workflow to reduce false positives-Conduct threat research aligned to alert patterns and business context-Enhance alert fidelity with threat intel and historical context-Document investigation findings and communicate with stakeholders Professional & Technical Skills: -Exposure to threat hunting techniques-Scripting to assist SOAR playbook tuning-Triage Automation:Ability to identify playbook gaps and recommend improvements-Cloud Security Basics:Awareness of log patterns from AWS/Azure-Log Analysis:Correlation and trend identification in Sumo Logic-Certifications:SC-200, CySA+, ECSA or relevant advanced certification-SIEM:Advanced queries, dashboards, correlation logic-SOAR:Execute and troubleshoot playbooks-Tools:CrowdStrike (RTR, detections, indicators), Sumo Logic SIEM-Threat Analysis:IOC enrichment, TTP identification-Primary Skill:Incident Investigation and Enrichment Additional Information:- The candidate should have minimum 3 years of experience in Security Information and Event Management (SIEM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Operations Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education\ Summary :As an L1 SOC Analyst you are the first line of defense in monitoring and triaging security alerts. You will work primarily with Sumo Logic SIEM and SOAR tools to identify potential security incidents, validate alerts, and escalate them according to the defined SOPs. You will ensure real-time visibility and log health while flagging suspicious activity promptly. This role is essential to ensuring timely detection and reducing noise from false positives Roles & Responsibilities:--Basic Security Knowledge:Understanding of key concepts (malware, phishing, brute force, etc.-SIEM Familiarity:Exposure to Sumo Logic UI and understanding how to read/query logs-Exposure to CrowdStrike Falcon Console:Ability to view and interpret endpoint alerts-Alert Triage:Ability to differentiate between false positives and real threats-Communication Skills: Clear written documentation and verbal escalation-Ticketing Systems:Familiarity with platforms like JIRA, ServiceNow, or similar-Basic understanding of cybersecurity fundamentals-Basic Scripting:Awareness of PowerShell or Python for log parsing-SOAR Exposure:Familiarity with automated triage workflows-Security Certifications:Security+, Microsoft SC-900, or similar certification-Operating System Basics:Windows and Linux process and file system awareness Professional & Technical Skills: -Monitor real-time alerts and dashboards in Sumo Logic SIEM-Perform initial triage on alerts and determine severity/priority-Escalate validated security incidents to L2 analysts per defined SOPs-Follow pre-defined SOAR playbooks to document or assist in response-Ensure alert enrichment fields are populated like host info, user details, etc.-Conduct basic log searches to support alert analysis-Perform daily health checks on log sources and ingestion pipelines-Maintain accurate ticket documentation for each alert handled-Participate in shift handovers and team sync-ups for awareness-SIEM:Basic log searching, correlation rule awareness-SOAR:Familiarity with playbook execution-Security Concepts:Basic understanding of malware, phishing, brute force-Tools:CrowdStrike EDR, Sumo Logic Additional Information:- The candidate should have minimum 2 years of experience in Security Information and Event Management (SIEM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Operations Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an L1 SOC Analyst you are the first line of defense in monitoring and triaging security alerts. You will work primarily with Sumo Logic SIEM and SOAR tools to identify potential security incidents, validate alerts, and escalate them according to the defined SOPs. You will ensure real-time visibility and log health while flagging suspicious activity promptly. This role is essential to ensuring timely detection and reducing noise from false positives Roles & Responsibilities:--Basic Security Knowledge:Understanding of key concepts (malware, phishing, brute force, etc.-SIEM Familiarity:Exposure to Sumo Logic UI and understanding how to read/query logs-Exposure to CrowdStrike Falcon Console:Ability to view and interpret endpoint alerts-Alert Triage:Ability to differentiate between false positives and real threats-Communication Skills: Clear written documentation and verbal escalation-Ticketing Systems:Familiarity with platforms like JIRA, ServiceNow, or similar-Basic understanding of cybersecurity fundamentals-Basic Scripting:Awareness of PowerShell or Python for log parsing-SOAR Exposure:Familiarity with automated triage workflows-Security Certifications:Security+, Microsoft SC-900, or similar certification-Operating System Basics:Windows and Linux process and file system awareness Professional & Technical Skills: -Monitor real-time alerts and dashboards in Sumo Logic SIEM-Perform initial triage on alerts and determine severity/priority-Escalate validated security incidents to L2 analysts per defined SOPs-Follow pre-defined SOAR playbooks to document or assist in response-Ensure alert enrichment fields are populated like host info, user details, etc.-Conduct basic log searches to support alert analysis-Perform daily health checks on log sources and ingestion pipelines-Maintain accurate ticket documentation for each alert handled-Participate in shift handovers and team sync-ups for awareness-SIEM:Basic log searching, correlation rule awareness-SOAR:Familiarity with playbook execution-Security Concepts:Basic understanding of malware, phishing, brute force-Tools:CrowdStrike EDR, Sumo Logic Additional Information:- The candidate should have minimum 2 years of experience in Security Information and Event Management (SIEM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Operations Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As the SOC L3 Analyst you will lead the technical handling of critical security incidents. Youll be responsible for deep-dive analysis, root cause investigation, forensics, and containment using tools such as CrowdStrike, Sumo Logic SIEM, and SOAR. You will be responsible for onboarding and managing log sources, building SIEM use cases (custom + in built), and developing automation in SOAR to support incident response and threat detection workflows Roles & Responsibilities:-End-to-End Incident Response Ownership:Ability to handle incident lifecycle (detect, contain, remediate)-Subject matter expert for handling the escalated critical or actual true positive incidents.-CrowdStrike Deep Dive:Using Real Time Response (RTR), Threat Graph, custom IOA rules-Strong command over Sumo Logic SIEM content engineering:Creating detection rules, dashboards, and field extractions-Threat Hunting:Behavior-based detection using TTPs-SOAR Automation:Designing playbooks, integrations with REST APIs, ServiceNow, CrowdStrike-Threat Intel Integration:Automation of IOC lookups and enrichment flows-Forensic Skills: Live host forensics, log correlation, malware behavioral analysis-Deep experience in advanced threat detection and incident response-Scripting Proficiency:Python, PowerShell, Bash for automation or ETL-Error Handling & Debugging:Identify and resolve failures in SOAR or data pipelines-Proficiency in CrowdStrike forensic and real-time response capabilities-Experience Sumo Logic SOAR for playbook optimization-Use case development in Sumo Logic SIEM Professional & Technical Skills: -Lead high-severity incident response, coordinating with stakeholders and IT teams-Perform endpoint forensic triage using CrowdStrike Real Time Response (RTR)-Conduct detailed log analysis and anomaly detection in Sumo Logic-Customize or create new detection rules and enrichments in SIEM-Develop/Tune SOAR playbooks for advanced scenarios, branching logic, and enrichment-Perform root cause analysis and support RCA documentation-Mentor L1 and L2 analysts through case walk-throughs and knowledge sharing-Generate post-incident reports and present findings to leadership-Lead investigations and coordinate response for major incidents-Perform root cause analysis and post-incident reviews-Develop advanced detection content in Sumo Logic-Optimize SOAR playbooks for complex use cases-Onboard and maintain data sources in Sumo Logic SIEM and ensure parsing accuracy-Build custom dashboards, alerts, and queries aligned with SOC use cases-Create and maintain field extractions, log normalization schemas, and alert suppression rules-Integrate external APIs into SOAR (e.g., VirusTotal, WHOIS, CrowdStrike)-Monitor log health and alert performance metrics; troubleshoot data quality issues-Collaborate with L3 IR and Threat Intel teams to translate threat use cases into detections-Participate in continuous improvement initiatives and tech upgrades-Conduct playbook testing, version control, and change documentation-CrowdStrike:Custom detections, forensic triage, threat graphs-SIEM:Rule creation, anomaly detection, ATT&CK mapping-SOAR:Playbook customization, API integrations, dynamic playbook logic-Threat Intelligence:TTP mapping, behavioral correlation-SIEM:Parser creation, field extraction, correlation rule design-Scripting:Python, regex, shell scripting for ETL workflows-Data Handling:JSON, syslog, Windows Event Logs-Tools:Sumologic SIEM, Sumo logic SOAR & Crowdstrike EDR-Exp in in SOC/IR including 4+ in L3 role (IR + SIEM Content Engineering & SOAR) Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Job Title: Security Lead Department: IT Location: Navi Reporting To: Global IT Infra Lead Role Overview The Security Lead is responsible for managing security incident response and readiness within a 24x7 Security Operations Centre (SOC), supporting IT Infrastructure and Operations. The role includes overseeing vulnerability management, operating security tools, and ensuring rapid threat identification and remediation. Key Responsibilities Lead and coordinate security incident response and lifecycle management of on-premises and cloud-based security solutions. Manage and respond to security incidents and operational requests, ensuring swift identification, containment, and remediation. Develop and maintain incident response playbooks and procedures. Conduct regular vulnerability assessments, prioritize remediation, and collaborate with IT teams for patching and updates. Operate and monitor security tools (HIDS, NIDS, IPS, SIEM, etc.) to identify and address threats and vulnerabilities. Analyze security events, determine root causes, and recommend mitigation actions. Support audits, compliance reviews, and participate in industry forums. Monitor and communicate relevant security trends and developments. Qualifications & Experience Bachelors degree in Computer Science, Information Systems, Cyber Security, or related field. Minimum 10 years of relevant cyber security experience. Strong knowledge of IT operations (cloud, systems, infrastructure) and security assessment (audit, VAPT, pen testing). Hands-on experience with security products (EDR, WAF, DLP, SIEM, SOAR). Familiarity with frameworks such as ITIL, ISO, PCI-DSS, NIST. Relevant security certifications (e.g., CISSP, CISM, CISA, CEH) preferred. Excellent communication skills, with experience presenting to senior management. Project management certifications (e.g., PMP, PRINCE2) are an advantage. Interested candidate can share their cv at piyali.saha@parkconsultants.in

Have over 10+ years of rich experience in information security domain and at least 6-8 years of dedicated experience in Security Incident Response. Hands on experience in implementing and operationalizing SIEM/SOAR tools such as Sentinel, ArcSight etc. Experience in defining and reporting KPIs for Security Incident response. Familiarity with advanced SOC monitoring technologies, risk, threat and security measures. Knowledge across the SOC domains including governance, control frameworks, policies, compliance management, risk management and incident response etc. Comprehensive knowledge of regulatory and compliance requirements and how they influence the bank's Information Security strategy. Preferably worked in BFSI domain with proven experience in SOC function. Strong understanding of key security standards and regulations such as NIST 800-61, CERT/CC, PCI, ISO 27035 etc. Skills and Application Leads the development and implementation of comprehensive Security Governance strategies that address identified risks and compliance requirements, incorporating advanced technologies and methodologies to enhance security posture. Deep understanding of Security Incident response frameworks and their application in creating robust policies. Automate potential resilient security processes to ensure continuous compliance with security best practices. Maintaining up-to-date knowledge of security trends, threats, and countermeasures Assess and design security posture determination processes, tools and methodologies Reviewing and approving use cases/playbooks for SIEM/SOAR tools Continuously monitor security hygiene and performance using tools and processes Collaborate with other IS teams, Ops and tech teams on enhancing security incident response resilience Other Knowledge of evolving advanced tech stacks and related control and risk universe from a SOC perspective. Knowledge and expertise in conducting risk assessment and management. The ideal candidate will have a technical or computer science degree. Professional certifications: GCIH, CISSP, CEH, FOR608, CISM etc.

Azure Cloud Migration Expert: An Azure Cloud Migration Expert isresponsible for planning, designing, and executing the migration of on-premises or other Public/Private Cloud Providers hosted applications and infrastructure to the Azure cloud.They ensure seamless transitions, optimization, integrity, and adhere to Azure Well-Architected Framework during and after the migration process. Key Responsibilities: Assessment and Planning: Evaluate existing systems (On-premises, AWS, GCP, etc.), and associated enabling capabilities (identity, security, HA/DR, monitoring, backup/restore, reporting, integrations, etc.). Design and develop comprehensive migration strategies and plans. Evaluate, recommend, and implement 7 Rs cloud migration strategies - rehost, replatform, refactor, repurchase, retire, retain, and relocate. Migration Execution: Manage and execute the migration process, ensuring minimal downtime and data integrity, and using tools like Azure Migrate. Cloud Infrastructure Management: Configure, optimize, and monitor Azure resources, including but not limited to virtual machines, AKS, storage, networking, and other services. Technical Expertise: Provide technical guidance to project teams, troubleshoot issues, and ensure compliance with cloud security best practices. Technical Leadership: Develop, train, and build internal teams with Azure skills and build a practice/Center of Excellence Post-Migration Support: Provide documentation, training, and ongoing support to internal teams and clients. Optimization and Cost Efficiency: Continuously monitor and optimize cloud infrastructure performance and cost-efficiency. Collaboration: Work with cross-functional teams (developers, IT, security, compliance) to ensure seamless integration and alignment. Required Skills: Azure expertise: Proficiency in Azure services, architecture, and best practices. AWS/Public Cloud awareness: Good working understanding of AWS or other public cloud providers. Cloud Architecture and Design: Good understanding of architecting cloud solutions – cloud native design, micro services framework. Cloud Native Skills: In-depth knowledge and experience with technologies like Docker, Kubernetes, Packer Cloud migration tools: Experience with Azure Migrate, Site Recovery, and other relevant tools. Networking and security: Strong understanding of cloud networking, security protocols, and compliance. Scripting and automation: Proficiency in scripting languages (PowerShell, Python) for automating tasks and infrastructure management.Experience in Azure Automation, Azure DevOps. Problem-solving and analytical skills: Ability to diagnose issues, develop solutions, and analyze data. Communication and collaboration: Excellent communication skills for interacting with stakeholders and cross-functional teams. Experience: Minimum 2-3 years of experience in cloud migration projects with Azureor Overall, 5-7 years of experience. Experience with cloud architecture and services, Azure migration, automation and DevOps tools. Experience in security and compliance, observability, monitoring, SIEM, SOAR, SRE.

Job Description: SOC Lead with experience in Cyber Security is preferred The resource should mandatorily have minimum 5 Years experience in SOC Operation Responsible for overseeing the operations of the Security Operations Center ensuring the organization s digital assets are continuously monitored protected and defended against cyber threats Key Responsibilities: Lead and manage the Security Operations Center SOC ensuring effective monitoring detection analysis and response to cybersecurity threats and incidents across the organization Define and implement SOC processes workflows and escalation protocols aligned with industry best practices and regulatory requirements Oversee the deployment configuration and optimization of SOC technologies including SIEM SOAR threat intelligence platforms and endpoint detection and response EDR tools Coordinate incident response activities ensuring timely investigation containment eradication and recovery from security events Conduct regular threat hunting exercises and proactive analysis to identify potential vulnerabilities and emerging threats Collaborate with internal teams and external partners to ensure comprehensive coverage of security monitoring and incident handling Develop and maintain SOC metrics dashboards and reporting mechanisms to provide visibility into security posture and operational effectiveness Ensure continuous improvement of SOC capabilities through training process refinement and technology upgrades Act as a key point of contact for cybersecurity incidents audits and compliance reviews providing expert guidance and documentation Mentor and lead SOC analysts fostering a culture of vigilance accountability and professional growth within the team Preferred Skills: Technology->Infrastructure Security->SOC Operations,Foundational->Cybersecurity Competency Management->Cyber Competency Strategy Planning

Role & responsibilities Incident Management: Lead the end-to-end incident response lifecycle, including detection, analysis, containment, eradication, and recovery. Threat Investigation: Analyze and investigate a variety of attack vectors, such as: Identity attacks include credential abuse, privilege escalation, and MFA bypass. Web Attacks: SQL injection, cross-site scripting (XSS), remote code execution. Network Attacks: DDoS, lateral movement, traffic manipulation. Cloud Threats: IAM misconfigurations, exposed services, container security vulnerabilities. Collaboration & Coordination: Work closely with SOC analysts, threat intelligence teams, forensics, and engineering groups during and after security incidents. Root Cause Analysis: Conduct comprehensive investigations to determine the root cause of incidents and provide actionable remediation recommendations. Process Improvement & Documentation: Document all incident response procedures and lessons learned. Contribute to the continuous improvement of our detection and response capabilities. Proactive Security Measures: Participate in threat hunting and purple team exercises to enhance overall security preparedness. Preferred candidate profile A minimum of 5 years of hands-on experience in cybersecurity incident response or security operations. Proven expertise in investigating and mitigating incidents across one or more areas: identity, web, network, or cloud. Proficiency with SIEM, EDR, and SOAR tools (e.g., Splunk, Sentinel, CrowdStrike). Experience in hybrid or cloud-first environments (AWS, Azure, or GCP). Strong understanding of frameworks and methodologies such as MITRE ATT&CK, the cyber kill chain, and threat modeling. Excellent written and verbal communication skills, with the ability to document and convey technical details clearly to both technical and non-technical stakeholders.

Essential knowledge• Have over 10+ years of rich experience in information security domain and at least 6-8 years of dedicated experience in Security Incident Response.• Hands on experience in implementing and operationalizing SIEM/SOAR tools such as Sentinel, ArcSight etc.• Experience in defining and reporting KPIs for Security Incident response.• Familiarity with advanced SOC monitoring technologies, risk, threat and security measures.• Knowledge across the SOC domains including governance, control frameworks, policies, compliance management, risk management and incident response etc.• Comprehensive knowledge of regulatory and compliance requirements and how they influence the bank's Information Security strategy.• Preferably worked in BFSI domain with proven experience in SOC function.• Strong understanding of key security standards and regulations such as NIST 800-61, CERT/CC, PCI, ISO 27035 etc.Skills and Application• Leads the development and implementation of comprehensive Security Governance strategies that address identified risks and compliance requirements, incorporating advanced technologies and methodologies to enhance security posture.• Deep understanding of Security Incident response frameworks and their application in creating robust policies.• Automate potential resilient security processes to ensure continuous compliance with security best practices.• Maintaining up-to-date knowledge of security trends, threats, and countermeasures• Assess and design security posture determination processes, tools and methodologies• Reviewing and approving use cases/playbooks for SIEM/SOAR tools• Continuously monitor security hygiene and performance using tools and processes• Collaborate with other IS teams, Ops and tech teams on enhancing security incident response resilienceOther• Knowledge of evolving advanced tech stacks and related control and risk universe from a SOC perspective.• Knowledge and expertise in conducting risk assessment and management.• The ideal candidate will have a technical or computer science degree.Professional certifications: GCIH, CISSP, CEH, FOR608, CISM etc.

Role & responsibilities 1. Security Risk Assessment & Auditing Conduct security audits and assessments to identify vulnerabilities. Perform penetration testing and ethical hacking to simulate cyberattacks. Evaluate compliance with regulations like ISO 27001, NIST, GDPR, HIPAA, SOC 2 . 2. Security Strategy & Policy Development Develop and implement cybersecurity policies, procedures, and frameworks . Advise organizations on best practices for risk management, data protection, and incident response . Assist in aligning security strategies with business objectives and compliance mandates . 3. Threat Management & Incident Response Help organizations develop incident response plans (IRP) . Conduct forensic investigations in the event of security breaches. Provide real-time threat intelligence and recommend proactive security measures. 4. Implementation of Security Solutions Recommend and deploy firewalls, SIEM, IDS/IPS, endpoint security, and cloud security tools . Guide organizations on zero-trust architecture, identity access management (IAM), and encryption . Assist in setting up secure cloud environments (AWS, Azure etc..) . 5. Security Awareness & Training Conduct cybersecurity training sessions for employees and executives. Educate teams on social engineering attacks (phishing, BEC, ransomware defense) . Preferred candidate profile Candidates are preferred to hold or be actively pursuing related professional certifications such as CISSP, CISM or CISA Knowledge of common information security standards, such as: ISO 27001/27002, NIST, PCI DSS, ITIL, COBIT

Industry - Leading NBFC. Designation - Senior Manager / AVP. Role - SOAR Admin. Location - Mumbai. Required Candidate profile Role: Minimum 6 years experience in designing, implementing and managing Security Orchestration, Automation, and Response (SOAR) solutions. Interested can share their CV - bhumika@rightmatch.co.in

The Senior Manager Information Security in Hyderabad is a crucial leadership role, responsible for spearheading the security automation product team. This position drives the development, integration, and continuous improvement of our security automation platform. It demands a powerful blend of leadership, technical acumen, and product ownership skills to supervise a growing team dedicated to automating security workflows, integrating tools, enhancing operational efficiency, and fortifying the overall cybersecurity posture. As the product owner of the security automation platform and service, you will collaborate with stakeholders to deliver impactful automations and maintain a scalable, secure, and resilient automation infrastructure. Key aspects of this role include aligning automation projects with organizational security goals, fostering innovation in machine learning applications, and ensuring the adoption of industry-leading practices by staying ahead of evolving threats and trends. Roles & Responsibilities Lead and mentor a team of security automation engineers, data engineers, and data scientists , fostering a collaborative and high-performance culture. Oversee the security automation service , ensuring effective operations, prioritization, and continuous alignment with business and security goals. Oversee the security automation product team to ensure adherence to SAFe/Agile methodologies and definitions of done, maintaining high-quality standards in deliverables. Oversee the seamless operation, scalability, and efficiency of a cloud-based security automation solution , ensuring continuous enhancement of security controls and automation capabilities. Develop strategies to streamline incident response, threat detection, and remediation processes using automation capabilities. Drive and manage the seamless integration of new and existing security tools, platforms, and workflows to ensure a cohesive and optimized automation ecosystem. Ensure compliance with relevant regulations (e.g., GDPR, HIPAA) and industry standards (e.g., ISO 27001, NIST). Collaborate with stakeholders to establish and supervise critical metrics related to SAFe implementation . Generate and maintain security reports, metrics, and dashboards for management review. Keep up to date with the latest security threats, trends, and technologies, and provide recommendations for improving security operations. Build and deliver knowledge-sharing presentations and documentation to educate developers and operations teams on application security best practices and secure coding techniques. Triage and assess findings from tools, external reports, and tests to determine real risks and prioritize remediation efforts. Offer remediation guidance to partners for identified issues and serve as a customer escalation resource for developers as they reduce issues. What We Expect of You We are all different, yet we all use our unique contributions to serve patients. The professional we seek is a senior manager with these qualifications. Basic Qualifications Master's degree and 8 to 10 years of Scrum teams management or related field experience OR Bachelor's degree and 8 to 10 years of in Scrum teams management or related field experience OR Diploma and 12 to 14 years of in Scrum teams management or related field experience. Preferred Qualifications Experience managing and scaling security automation platforms and tools (e.g., SOAR) . Demonstrated success in leading high-performing technical teams in an agile environment. Strong understanding of integrating security tools and data platforms (SIEM, EDR, IAM, etc.) . In-depth knowledge of cybersecurity frameworks, technologies, and best practices . Experience in risk management, incident response, and security governance . Strong knowledge of security architecture frameworks and principles . Strong understanding of common software and web application security vulnerabilities . Excellent communication, stakeholder management, and analytical skills. Good-to-Have Skills Experience with network security, endpoint protection, and incident response . Proficiency in scripting and automation (e.g., Python, Bash) is a plus. Professional Certifications (Preferred) CEH CompTIA Security+ CISSP TOGAF Certified Scrum Product Owner (CSPO), or equivalent Soft Skills Initiative to explore alternate technology and approaches to solving problems. Skilled in breaking down problems, documenting problem statements, and estimating efforts. Excellent analytical and troubleshooting skills. Strong verbal and written communication skills. Ability to work effectively with global, virtual teams. High degree of initiative and self-motivation. Ability to manage multiple priorities successfully. Team-oriented, with a focus on achieving team goals.

About Us Our purpose at Avient Corporation is to be an innovator of materials solutions that help our customers succeed, while enabling a sustainable world. Innovation goes far beyond materials science; its powered by the passion, creativity, and diverse expertise of 9,000 professionals worldwide. Whether youre a finance wizard, a tech enthusiast, an operational powerhouse, an HR changemaker, or a trailblazer in materials development, youll find your place at Avient. Join our global team and help shape the future with sustainable solutions that transform possibilities into realities. Your unique perspective could be the key to our next breakthrough! Job Summary The Senior Manager of Security Operations and Identity Management is responsible for 24x7 security monitoring and the administration of identity management processes. This role includes overseeing the architectural design, deployment, execution, and optimization of solutions in alignment with risk requirements and compliance obligations. Essential Functions Ensure that SIEM and SOAR environments are “fit for purpose” and continually enhanced to cover known and emerging MITRE ATT&CK techniques Manage the global SOC team responsible for 24x7 alerting, triage, investigation and Incident Response. Monitor and improve Key Performance Indicators (KPIs) Track SOC Maturity and partner with CISO to establish road map for growing SOC capabilities and automation Manage the Cyber Threat Intelligence program Oversee forensics, litigation support, and e-discovery capabilities in support of requests from Legal Lead the team responsible for identity lifecycle functions, identifying and implementing best practices to automate repetitive processes Oversee IAM architecture design, deployment and delivery of capabilities to achieve target levels of cyber maturity and efficiency, working with vendors, partners and other 3rd parties Ensure compliance with required regulations and frameworks across all divisions and markets, driving timely remediation of any IAM deficiencies Other duties as assigned Education and Experience Qualifications Bachelor’s degree in information technology, engineering, business management, operations management, or related field or discipline 10+ years' experience in cyber security with 3+ years in a management role Solid understanding of IAM principles, design and engineering, including Single sign-on (SSO), Multi-Factor Authentication (MFA), Privileged Access Management (PAM) Working knowledge of multiple IAM systems (traditional and cloud) Experience implementing Zero Trust capabilities in complex operating environments Additional Qualifications Security certifications (CISSP, CISM, GCIH, GSEC, etc) Experience with modern cloud detection and response tools and processes Operational Technology (OT) experience

What You'll Do. Reports to: Manager Security Engineering. Avalara is seeking a Security Automation Engineer to join our Security Automation & Platform Enhancement Team (SAPET). You will be at the intersection of cybersecurity, automation, and AI, focusing on designing and implementing scalable security solutions that enhance Avalara's security posture. You will have expertise in programming, cloud technologies, security automation, and modern software engineering practices, with experience with using Generative AI to improve security processes.. What Makes This Role Unique at Avalara?. Cutting-Edge Security Automation: You will work on advanced cybersecurity automation projects, including fraud detection, AI-based security document analysis, and IT security process automation.. AI-Powered Innovation: We integrate Generative AI to identify risks, analyze security documents, and automate compliance tasks.. Impact Across Multiple Security Domains: Your work will support AML, fraud detection, IT security, and vendor risk management.. What Your Responsibilities Will Be. As a Security Automation Engineer, your primary focus will be to develop automation solutions that improve efficiency across several security teams.. Develop and maintain security automation solutions to streamline security operations and reduce manual efforts.. Work on automation projects that augment security teams, enabling them to work more efficiently.. Design and implement scalable security frameworks for Security Teams.. What You’ll Need To Be Successful. 5+ years experience. Programming & Scripting: Python, GoLang, Bash. Infrastructure as Code & Orchestration: Terraform, Kubernetes, Docker. Security & CI/CD Pipelines: Jenkins, GitHub Actions, CI/CD tools. Database & Data Analysis: SQL, security data analytics tools. Experience with RDBMS and SQL, including database design, normalization, query optimization Experience.. Hands-on experience with security automation tools, SIEM, SOAR, or threat intelligence platforms.. How We’ll Take Care Of You. Total Rewards. In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses.. Health & Wellness. Benefits vary by location but generally include private medical, life, and disability insurance.. Inclusive culture and diversity. Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship.. What You Need To Know About Avalara. We’re Avalara. We’re defining the relationship between tax and tech.. We’ve already built an industry-leading cloud compliance platform, processing nearly 40 billion customer API calls and over 5 million tax returns a year, and this year we became a billion-dollar business. Our growth is real, and we’re not slowing down until we’ve achieved our mission to be part of every transaction in the world.. We’re bright, innovative, and disruptive, like the orange we love to wear. It captures our quirky spirit and optimistic mindset. It shows off the culture we’ve designed, that empowers our people to win. Ownership and achievement go hand in hand here. We instill passion in our people through the trust we place in them.. We’ve been different from day one. Join us, and your career will be too.. We’re An Equal Opportunity Employer. Supporting diversity and inclusion is a cornerstone of our company — we don’t want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.. Show more Show less

Come join Deepwatch’s team of world-class cybersecurity professionals and the brightest minds in the industry. If you're ready to challenge yourself with work that matters, then this is the place for you. We're redefining cybersecurity as one of the fastest growing companies in the U.S. – and we have a blast doing it!. Who We Are. Deepwatch is the leader in managed security services, protecting organizations from ever-increasing cyber threats 24/7/365. Powered by Deepwatch’s cloud-based security operations platform, Deepwatch provides the industry’s fastest, most comprehensive detection and automated response to cyber threats together with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business.. Our core values drive everything we do at Deepwatch, including our approach to tackling tough cyber challenges. We seek out tenacious individuals who are passionate about solving complex problems and protecting our customers. At Deepwatch, every decision, process, and hire is made with a focus on improving our cybersecurity solutions and delivering an exceptional experience for our customers. By embracing our values, we create a culture of excellence that is dedicated to empowering our team members to explore their potential, expand their skill sets, and achieve their career aspirations, which is supported by our unique annual professional development benefit.. Deepwatch Recognition Includes. 2025, 2024, 2023, 2022 and 2021 Great Place to Work® Certified. 2024 Military Times Best for Vets Employers. 2024 US Department of Labor Hire Vets Gold Award. 2024 Forbes' America's Best Startup Employers. 2024 Cyber Defense Magazine, Global Infosec Awards. 2023 and 2022 Fortress Cybersecurity Award. 2023 $180M Series C investment from Springcoast Capital Partners, Splunk Ventures, and Vista Credit Partners of Vista Equity Partners. 2022 Cybersecurity Excellence Award for MDR. Position Summary. This role is 100% onsite in Bengaluru. The shift for this position is Monday Friday, 7:30AM 3:30 PM.. Deepwatch is looking for a highly motivated, self-driven, technical analyst dedicated to making a difference in global security by protecting organizations against the most advanced attackers in the world. The Deepwatch Squad and Security Operations Center offers opportunities to expand your skill set through a wide variety of experiences, detecting and responding to incidents as they occur in real-time for our customers.. The Deepwatch squad is a unique approach to how we support our customers and ultimately provide an experience not found anywhere else. You’ll be an integral part of supporting our customers by understanding their bespoke environment, needs and challenges. You will be playing a key role in supporting some of the top organizations in the world, and have the opportunity to develop your skills by working with the best responders in the industry, your team and your Squad.. The Analyst I is focused on providing descriptive analysis. They will answer questions such as the who, what, when, and where of events. Analysts are curious individuals who actively work to develop a better understanding of the environments they are assigned. Using cybersecurity best practices, you will monitor and secure complex customer environments utilizing industry leading technology such as Splunk, xSOAR, CrowdStrike and more.. In This Role, You’ll Get To. Support incident handling processes across multiple platforms and security technologies including Windows, Linux and macOS. Monitor a queue of security events generated by the Deepwatch platform SOAR, triage events based on their criticality, and escalate validated security events to customers. Document and manage incident cases in our case management system. Keep up-to-date with information security news, techniques, and trends. Identify and report any gaps in log collection or reporting as soon as possible to the customer and Deepwatch Engineering. Become proficient with Splunk, ServiceNow and other third-party threat intelligence tools as required. Perform security detection analysis and investigations using SIEM and SOAR technologies, leverage Deepwatch proprietary tooling and intelligence and maintain SLA’s. Act as the first line of defense during security events by triaging and investigating alerts within a customer’s environment. Produce high-quality written and verbal communications, recommendations, and findings to customer management in a timely manner. Continue to sharpen your skills and capabilities on the job, and through the Deepwatch development program. To be successful in this role, you’ll need to:. A basic understanding of cyber security principles, concepts and practice with a focus on SOC operations, alert triage and investigations. Know your way around SIEM platforms (Splunk preferred), how to perform queries and leverage various log sources to perform investigations. Articulate the process involved in pivoting to other log sources, cloud systems, or consoles to perform a comprehensive analysis from multiple data sources. Have a basic understanding of modern EDR, email security and cloud identity platforms. Review SIEM alerts and make a determination for what other sources or intelligence is needed to make a determination, relying on peers to help improve your skills and capabilities. A strong understanding of all basic ports and protocols. Familiarity with Windows, Mac, and Linux file path structure.. Familiarity with OSINT, TTPs and IOCs. Strong written and verbal communication skills with the ability to produce well-written reports and analysis that’s thorough, accurate and complete.. Provide the customer with a complete understanding of the investigation. CEH, CySA, GSEC, Sec+, or equivalent certification preferred. A college degree in Information Security or IT, related training, certifications or on-the-job experience. Life At Deepwatch. For employees, Deepwatch fosters a unique, flexible work environment designed with collaboration in mind. The company emphasizes personal and professional. growth, offering benefits such as professional development programs, comprehensive health coverage, and generous parental leave. Deepwatch is also committed to diversity, equity, inclusion, and belonging, aiming to empower underrepresented groups in tech by connecting them with meaningful opportunities, mentors, and sponsors.. In recognition of its supportive workplace culture, Deepwatch earned the Great Place To Work Certification/(TM) in 2025, underscoring its dedication to. creating a positive and inclusive work environment. Deepwatch is a global cybersecurity company with offices in San Francisco Bay Area, CA; Tampa, Florida;. and Bengaluru, India.. What We Offer. At Deepwatch, we are committed to supporting our employees with a comprehensive benefits package designed to enhance your well-being and financial security.. We Partner With Plum Benefits To Provide. ? Group Health Insurance – Comprehensive medical coverage for you and your dependents.. ? Group Accidental Insurance – Financial protection in case of accidental injuries.. ? Group Term Life Insurance – Security for your loved ones in unforeseen circumstances.. For additional details, refer to the benefits guide provided by Plum.. Payroll & Compensation. ? Pay Cycle: Salaries are processed monthly and paid on the last day of each month.. ? Pay Slips & Reimbursements: Delivered via email.. ? Payroll Processing: Managed by BCL Chartered Accountants through GreytHR, which provides tax and payment-related details.. Show more Show less

Come join Deepwatch’s team of world-class cybersecurity professionals and the brightest minds in the industry. If you're ready to challenge yourself with work that matters, then this is the place for you. We're redefining cybersecurity as one of the fastest growing companies in the U.S. – and we have a blast doing it!. Who We Are. Deepwatch is the leader in managed security services, protecting organizations from ever-increasing cyber threats 24/7/365. Powered by Deepwatch’s cloud-based security operations platform, Deepwatch provides the industry’s fastest, most comprehensive detection and automated response to cyber threats together with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business.. Our core values drive everything we do at Deepwatch, including our approach to tackling tough cyber challenges. We seek out tenacious individuals who are passionate about solving complex problems and protecting our customers. At Deepwatch, every decision, process, and hire is made with a focus on improving our cybersecurity solutions and delivering an exceptional experience for our customers. By embracing our values, we create a culture of excellence that is dedicated to empowering our team members to explore their potential, expand their skill sets, and achieve their career aspirations, which is supported by our unique annual professional development benefit.. Deepwatch Recognition Includes. 2025, 2024, 2023, 2022 and 2021 Great Place to Work® Certified. 2024 Military Times Best for Vets Employers. 2024 US Department of Labor Hire Vets Gold Award. 2024 Forbes' America's Best Startup Employers. 2024 Cyber Defense Magazine, Global Infosec Awards. 2023 and 2022 Fortress Cybersecurity Award. 2023 $180M Series C investment from Springcoast Capital Partners, Splunk Ventures, and Vista Credit Partners of Vista Equity Partners. 2022 Cybersecurity Excellence Award for MDR. Solutions Engineer, Automation This role is hybrid in Bengaluru. Position Summary. As a Solutions Engineer, Automation, you will play a vital role in enhancing the automation frameworks and security incident response capabilities for our organization. This role spans across designing, implementing, and managing both quality assurance automation and security automation to optimize our software development lifecycle and improve security incident response processes.. This role works closely with development, QA, security teams, and other stakeholders to ensure that our applications are robust, efficient, and secure. You’ll be instrumental in building testing frameworks, integrating automated processes, and developing security automation workflows that streamline operations and improve our response to emerging threats.. In This Role, You’ll Get To. Develop and maintain test frameworks and environments for assigned projects, integrating these into CI/CD processes. Evaluate project outputs against defined acceptance criteria and continuously improve testing processes. Continually work towards making improvements in the Test processes. Assess and analyze release components. Carry out the builds and tests and ensure, where possible, information exchange with configuration management. Manage risks and resolve issues that affect release scope, schedule and quality. Conduct Release Readiness reviews, produce test reports, and ensure deployments meet release standards. Monitor test activities, track release quality, and manage the release repository, documenting build and release procedures. Design and implement SOAR (Security Orchestration, Automation, and Response) workflows to enhance security processes. Develop and maintain integrations with SIEM, IDS/IPS, EDR, and other security tools, ensuring compatibility with threat intelligence feeds and vulnerability scanners. Collaborate with security analysts to identify automation opportunities, building custom playbooks to streamline incident response processes. Troubleshoot SOAR-related issues, working with cross-functional teams to resolve complex security concerns and improve system resilience. Work with teams across the organization, including application development, QA, and security operations, to foster continuous improvement in automation processes. Participate in customer meetings to discuss scope and challenges, keeping security and quality at the forefront of deliverables. Create comprehensive documentation and training materials to assist stakeholders in understanding and using automation solutions effectively. To Be Successful In This Role, You’ll Need. Proficiency in developing automation frameworks leveraging Python. Strong experience with Agile methodologies and CI/CD pipelines, leveraging Git for version control. Deep understanding of security operations, incident response, and frameworks such as ATT&CK and Cyber Kill Chain. Experience with SOAR platform integrations and scripting languages for automation, with a background in security threat modeling. Knowledge of QA tools and frameworks like Cypress, Postman, Webdriver.io, and others. Excellent problem-solving skills, with the ability to work independently and as part of a team, effectively communicating with cross-functional teams. To integrate IDS/IPS, SIEM, EDR, Firewall, Email, and Cloud security solutions with a SOAR platform. Life At Deepwatch. For employees, Deepwatch fosters a unique, flexible work environment designed with collaboration in mind. The company emphasizes personal and professional. growth, offering benefits such as professional development programs, comprehensive health coverage, and generous parental leave. Deepwatch is also committed to diversity, equity, inclusion, and belonging, aiming to empower underrepresented groups in tech by connecting them with meaningful opportunities, mentors, and sponsors.. In recognition of its supportive workplace culture, Deepwatch earned the Great Place To Work Certification/(TM) in 2025, underscoring its dedication to. creating a positive and inclusive work environment. Deepwatch is a global cybersecurity company with offices in San Francisco Bay Area, CA; Tampa, Florida;. and Bengaluru, India.. What We Offer. At Deepwatch, we are committed to supporting our employees with a comprehensive benefits package designed to enhance your well-being and financial security.. We Partner With Plum Benefits To Provide. ? Group Health Insurance – Comprehensive medical coverage for you and your dependents.. ? Group Accidental Insurance – Financial protection in case of accidental injuries.. ? Group Term Life Insurance – Security for your loved ones in unforeseen circumstances.. For additional details, refer to the benefits guide provided by Plum.. Payroll & Compensation. ? Pay Cycle: Salaries are processed monthly and paid on the last day of each month.. ? Pay Slips & Reimbursements: Delivered via email.. ? Payroll Processing: Managed by BCL Chartered Accountants through GreytHR, which provides tax and payment-related details.. Show more Show less

Security Engineer Hyderabad, Telangana IT Description Why youll want to work at nimble! This is a great opportunity to join a well-established and market-leading brand serving a high-growth end market while gaining valuable experience and visibility to Executive leadership. As an organization, we are in considerable growth mode through acquisition and with a laser focus on positive culture building. The Information Security Engineer is responsible for safeguarding the organization's systems and data assets. This critical role focuses on preventing and mitigating unauthorized access, modification, or destruction of sensitive information. The Engineer actively participates in the development and implementation of robust IT security policies and standards. Through close collaboration with end-users across various departments, this position ensures the alignment of security measures with individual business needs while maintaining strict adherence to company-wide security policies and procedures. The Information Security Engineer reports directly to the Director of Information Security and maintains an indirect reporting line to the Chief Information Technology Officer. Threat Detection & Response: Monitor the organization's servers and networks for security breaches using tools such as Windows Defender, Windows Purview, Crowdstrike, Rapid7 Investigate and respond to security incidents promptly. Utilize Windows Defender, Rapid7 and Wiz for vulnerability scanning and threat intelligence gathering. Implement and enforce security policies through Intune. Security Architecture & Engineering: Design, implement, and maintain security controls, including firewalls, intrusion detection/prevention systems (IDPS), and data encryption. Conduct security assessments and penetration testing. Develop and maintain security standards and best practices. Endpoint Security Management: Manage endpoint security solutions, including Windows Defender and Crowdstrike Vulnerability Management: Identify, assess, and prioritize vulnerabilities using Windows Defender, Wiz and Rapid7. Develop and implement remediation plans. Compliance & Reporting: Prepare reports that document security metrics, attempted attacks, and security breaches. Ensure compliance with relevant security standards and regulations. Security Awareness & Training: Educate and train employees on IT security best practices and awareness. Collaborate with IT teams, business units, and other stakeholders to ensure effective security implementation. Clearly communicate security risks and recommendations to management. Requirements 5+ years of experience in systems or network administration/engineering 1+ years of experience in information security roles Strong understanding of security principles and best practices (e.g., NIST) Proficient with Windows Server administration and management Proficient with network protocols and topologies Experience with security information and event management (SIEM) systems Experience with scripting languages (e.g., Python, PowerShell) Strong analytical and problem-solving skills Excellent written and verbal communication skills Ability to work independently and as part of a team Experience with cloud security (e.g. Azure, Defender) Experience with security orchestration and automation platforms (SOAR). Experience with container security and microservices. This job description is intended to provide a general overview of the position. Responsibilities and qualifications may vary depending on the specific needs of the organization. This revised job description incorporates the specified security software suites and provides a more comprehensive overview of the role. Contact details: Interested candidates drop your resumes to 8179814131 - Navya (Whats App only)

Paytm is India's leading mobile payments and financial services distribution company. Pioneer of the mobile QR payments revolution in India, Paytm builds technologies that help small businesses with payments and commerce. Paytm’s mission is to serve half a billion Indians and bring them to the mainstream economy with the help of technology. About Team : The Internal Audit team at Paytm comprises seasoned professionals with diverse skill sets and experience across different verticals like process audits, technology audits and forensics. The team focuses on implementing the approved audit plan, ensuring delivery of qualitative audits and conducting internal / special reviews while leveraging technology & data analytics and gauging key risks across business processes. About the role: We are seeking an experienced and detail-oriented Information Security and Cloud Security Auditor to join our team. The ideal candidate will have 3-7 years of expertise in data security and privacy control implementation, internal auditing, third-party risk management, cybersecurity governance, and cloud security (banking sector preferred). This role will be responsible for conducting comprehensive IT and cloud security audits, ensuring compliance with regulatory requirements, and enhancing our information security policies and procedures. Key Responsibilities: Conduct IT and cloud security audits across various domains, including IT General Controls, Information Security Controls, Cloud Security, Network Security, Vulnerability Management, and Vendor Risk Assessments. Assess compliance with relevant laws, regulations, and organizational policies, providing expertise in regulatory requirements specific to both on-premises and cloud environments. Develop and enhance information security and cloud security policies and procedures in alignment with industry best practices. Maintain thorough documentation of audit findings, risk assessments, and security measures for internal and external reporting. Validate ITGC, cloud security, and application-specific controls, and manage audit documentation including risk assessments, working papers, audit program checklists, and evidence gathering. Follow up on and ensure closure of non-compliance issues identified during audits. Manage and oversee third-party risk assessments and audits, ensuring robust security controls are in place for both traditional and cloud-based service providers. Lead and participate in the development, migration, and implementation of security controls and policies for network and cloud security solutions. Conduct risk-based security assessments on internal, vendor, and third-party hosted environments, focusing on both traditional IT and cloud infrastructure. Participate in product and vendor selection processes, contributing to the implementation and integration of new technologies, with a strong emphasis on cloud security solutions. Experience/ Skills Required: Minimum 5 years of experience in information security and auditing, with a strong background in cloud security, and the banking and IT industries. Proven experience in performing IT and cloud security audits, validating ITGC and cloud application controls, and maintaining audit documentation. Hands-on experience with vulnerability management, risk management, physical security, identity & access management, encryption, secure development, incident management, security infrastructure, and security policy for both on-premises and cloud environments. Expertise in third-party risk management, regulatory compliance, and managing IT audit findings in both traditional and cloud-based contexts. Strong analytical and problem-solving skills. Excellent communication and documentation skills. Ability to manage multiple projects and meet deadlines. Strong understanding of IT, cloud security, and cybersecurity frameworks and standards. Proficiency in using various security assessment tools and technologies, particularly those related to cloud environments. Strong analytical and problem-solving skills. Excellent communication and documentation skills. Ability to manage multiple projects and meet deadlines. Strong understanding of IT, cloud security, and cybersecurity frameworks and standards. Proficiency in using various security assessment tools and technologies, particularly those related to cloud environments. Qualifications & Certification: Bachelor's / Master’s degree in Information Technology, Cyber Security, or a related field. ISO 27001/CNSS/CCNA/CISA/CISM/CISSP Preferred Detailed knowledge of security tools, PCI-DSS, general ITGC controls, compliance testing, cloud risk assessment, GRC, OWASP, MITRE ATT&CK, change management, and policies and procedures. Proficiency in various security and cloud technologies including AWS, Azure, Google Cloud Platform, Palo Alto, Fortinet & Checkpoint Firewalls, SOAR (Cortex), Force scout Why join us 1. A collaborative output driven program that brings cohesiveness across businesses through technology 2. Improve the average revenue per use by increasing the cross-sell opportunities 3. A solid 360 feedback from your peer teams on your support of their goals 4. Compensation: If you are the right fit, we believe in creating wealth for you With enviable 500 mn+ registered users, 21 mn+ merchants and depth of data in our ecosystem, we are in a unique position to democratize credit for deserving consumers & merchants – and we are committed to it. India’s largest digital lending story is brewing here. It’s your opportunity to be a part of the story!

Managed Services SOC Manager Job Summary: The Security Operations Center (SOC) Security L-2 Analyst serves in a SOC team, is responsible for conducting information security investigations as a result of security incidents identified by the Level-1 security analysts who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone). The L2 SOC Security Analyst is expected to have a solid understanding of information security and computer systems concepts and should be ready to work in shifts. An engineer in this position act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques. Job Description : Responsible for conducting information security investigations as a result of security incidents identified by the Level 1 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone), Act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques. Should have experience in Developing new correlation rules & Parser writing Experience in Log source integration Act as the lead coordinator to individual information security incidents. Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Center. Document incidents from initial detection through final resolution. Participate in security incident management and vulnerability management processes. Coordinate with IT teams on escalations, tracking, performance issues, and outages. Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats. Communicate effectively with customers, teammates, and management. Prepare Monthly Executive Summary Reports for managed clients and continuously improve their content and presentation. Provide recommendations in tuning and optimization of security systems, SOC security process, procedures and policies. Define, create and maintain SIEM correlation rules, customer build documents, security process and procedures. Follow ITIL practices regarding incident, problem and change management. Staying up-to-date with emerging security threats including applicable regulatory security requirements. Maintain an inventory of the procedures used by the SOC and regularly evaluate the SOC procedures and add, remove, and update the procedures as appropriate Publish weekly reports to applicable teams Generate monthly reports on SOC activity Secondary skills like AV, HIPS, DCS, VA/ PT desirable Required Technical Expertise Must have experience in SIEM Management tool (QRADAR) Should have certifications like, ITIL, CCNA, CEH, VA (Product) Certification, CISM Process and Procedure adherence General network knowledge and TCP/IP Troubleshooting Ability to trace down an endpoint on the network, based on ticket information Familiarity with system log information and what it means Understanding of common network services (web, mail, DNS, authentication) Knowledge of host based firewalls, Anti-Malware, HIDS General Desktop OS and Server OS knowledge TCP/IP, Internet Routing, UNIX / LINUX & Windows NT

Job Role : Cyber Security Engineer--Work From Office Experience : 4 to 8 Yrs Key Skills: Security tools integration and management, Onboarding, Log ingestion, writing rules and polices in SIEM/EDR/DLP/Antivirus/XDR/Firewall/MDR/SOAR tool Notice Period : 0 to 30 days Should be willing to work in Second shift Company: Cyber Towers, Quadrant 3, 3rd floor, Madhapur, Hyderabad -- 500081. Job Overview: They plan, implement, and maintain security measures, respond to security incidents, and identify vulnerabilities. Their roles vary depending on the specific area of security, such as network, application, or cloud security. Here's a more detailed breakdown of their responsibilities: Security Planning and Implementation: Designing and implementing security controls: This includes firewalls, intrusion detection systems, and access control mechanisms. Developing security policies and procedures: Establishing guidelines for secure operations and data handling. Performing risk assessments: Identifying potential vulnerabilities and threats. Implementing security tools and technologies: Integrating security software and hardware into the organization's infrastructure. Analyze and recommend improvements to network, system, and application architectures to enhance security. Research, design, and implement cybersecurity solutions that protect the organizations systems and products. Collaborate with DevOps, Platform Engineering, and Architecture teams to ensure security is embedded in the design and development of applications and systems. Actively participate in the change management process, ensuring security considerations are prioritized in system upgrades and modifications. Design and deploy automated security controls to improve efficiency in risk identification, configuration management, and security assessments. Develop and refine security policies to address cloud security misconfigurations, leveraging cloud-native security technologies. Implement logging and monitoring solutions for cloud environments to enhance SOC team capabilities in detecting and responding to security incidents. Assess and review emerging technologies to identify potential security risks and implement mitigation strategies. Design and deploy innovative security technologies to address evolving security challenges. Conduct vulnerability scanning, anomaly detection, and risk assessment to enhance the security posture. Work closely with security architects to develop and deploy security solutions that address cloud-specific risks. Take ownership of security posture improvements, ensuring strict security policies and controls align with business objectives. Research and stay up to date on emerging security threats and provide strategic recommendations to strengthen security defenses. Qualifications & experience: Hands-on experience with implementing security controls, including Database security, Web content filtering, Anomaly detection & response, Vulnerability scanning & management Proficiency in at least one scripting language (e.g., Perl, Python, PowerShell, Bash) for automation and security tooling. Expertise in at least one of the following security domains: Cloud-native security (e.g., IAM, security groups, encryption), Endpoint security (e.g., EDR/XDR, mobile security) Strong familiarity with industry security frameworks and regulations, including: NIST Cybersecurity Framework (CSF) , CIS Controls, HIPAA, GDPR compliance Ability to assess compliance requirements and implement security controls to ensure adherence. Strong problem-solving and analytical skills, with the ability to assess complex security risks and develop mitigation strategies. Excellent communication and interpersonal skills, with the ability to engage both technical and non-technical stakeholders. Proven ability to work independently, manage projects, and contribute as an integral part of a high-performing security team.

Essential Responsibilities Ability to apply thorough and methodical assessment skills to analyze and properly triage reported events and incidents • Possess excellent and thorough communication and documentation skills • Ability to work collaboratively in a team of professionals sharing workload and investigation assignments in a fast-paced environment • Ability and willingness to provide (when necessary) afterhours (night and weekend) support for security related incidents as needed • Maintain skills through annual and ongoing training and certification • Performs analysis to determine scope, risk, and impact of security events leveraging the MITRE ATT&CK framework and other best practices • Identifies supporting information for events including attack vectors, effected resources, effected profiles, and other supporting evidence • Properly and thoroughly document event findings, evidence, analysis steps, and create after action reports and recommendations if needed • Identifies and applies mitigation controls (where possible) to remediate alerts • Engages appropriate levels of management to provide updates to any ongoing security issues • Provides updates to team guidance and other central documentation Job Qualifications List of minimum education and minimum years of experience, level of knowledge, skills, abilities, licensures, certifications and other job-related requirements that must be met to be considered for a position. GCC's cannot hire candidate's that do not meet all of the minimum qualifications. Fewer minimum qualifications and more preferred qualifications broadens the applicant pool. Minimum Qualifications Bachelors degree in Information Technology, Computer Science, or a related field, and a minimum of 3 years experience in Cyber Security •Additional equivalent work experience of three years of work experience may be substituted for degree requirement, in addition to minimum years of experience (6 years total) • Possess and leverage knowledge of cybersecurity practices including functional areas and cybersecurity operations Additional Requirements 3+ years hands-on experience with cybersecurity platforms including Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), antivirus (AV), Identity and Access Management (IDAM), Security Information and Event Monitoring (SIEM), and Security Orchestration and Automation (SOAR) platforms • Related work or educational experience in Information Technology (IT), particularly in cybersecurity/information security Licenses and Certifications Cybersecurity certifications including CompTIA Network+, Security+, Cloud+, Ethical Hacker, EnCE, GCFE, GCFA, GNFA, GDAT, GCIH, GREM, CISA, CISM, CISSP, and/or similar cybersecurity certifications Preferred Qualifications List of nice-to-have skills that are not required, but are desired qualifications that would compliment the job. These include complex skills, unique knowledge, job experience, added education, certifications, or licenses. Note: If a skill is required, please list it under minimum and basic qualifications. Certifications in Information Technology and/or Cybersecurity • Possesses knowledge of security technologies at multiple layers: Identity and Access Management, Intrusion Detection, Endpoint Protection, Data Loss Prevention, Security Information and Event Monitoring, etc. • Three (3) year experience in cyber security vulnerability, threat response, or investigation. • Three (3) year experience working on project or technical teams

Job Description: SIEM, SOAR, UEBA, and NBAD Specialist Certifications: Certified Ethical Hacker (CEH) - mandatory. Education: B.E./B.Tech/MCA/M.Sc. in Computer Science or Information Technology. Experience: Minimum 3+ years of relevant experience in Security Operations, Threat Detection, or Incident Response. Position Summary: We are looking for a skilled Security Operations Specialist with expertise in SIEM, SOAR, UEBA, and NBAD technologies to strengthen our security monitoring, automation, and threat detection capabilities. The ideal candidate should have a strong technical background, relevant experience in cyber security, and a proactive attitude toward threat hunting and incident response. Roles and Responsibilities Incident Analysis, Incident co-ordination & Response ,Remote Incident Response, Forensics Artifact handling & Analysis, Malware Analysis, Insider Threat Case Support, Sensor Tuning & Maintenance, Custom Signature/ Rules Creation, Scripting & Automation, Audit Collection &Storage, Product Assessment & Deployment and Risk Assessment , Response Planning, Mitigation, Recovery Planning, Communicating Emergency Alerts &Warnings to relevant/designated stakeholders , Endpoint Threat Detection and remediation. Take SOAR action on identified malicious communications, Monitor and alert any abnormalities identified, Work on ticket and ensure timely response and resolution of tickets as per SLA Reporting the security events/ incidents to L3 and other relevant/designated stakeholders Communicating Emergency Alerts & Warnings to relevant/designated stakeholders. Should have knowledge of below technologies UEBA (User and Entity Behavior Analytics): Monitor behavioral analytics to detect insider threats, compromised accounts, and anomalous activities. Configure and tune UEBA models to reduce false positives and enhance detection capabilities. NBAD (Network Behavior Anomaly Detection): Monitor and analyze network traffic to identify anomalies indicating potential threats or breaches. Work with network and SOC teams to investigate and respond to suspicious network behavior. Required Qualifications:

In this role, you will be triaging, analysing, and remediating security incidents. You will be writing and delivering detailed investigation and analysis reports while maintaining technical documentation. You will work as part of follow-the-sun 24/7 SOC. Monitor security events and alerts from various sources. Execute predefined incident response playbooks related to identified security incidents. Collect, correlate, and analyze additional data to perform incident analysis and response. Support incident reporting to internal and external stakeholders. Collaborate with senior analysts to improve security processes. Who you are: Basic Qualification: Education: Bachelors in information technology, Computer Science or similar Field. Experience: Minimum 1 year of experience in a Cyber Security Operations Center (SOC) or related cyber security experience. Strong analytical and interpersonal communication skills, including the ability to communicate effectively Excellent verbal and written communication skills Technical documentation and writing Excellent team player that demonstrates proactiveness Mandate Skills: Experience with SOAR, SIEM, and EDR solutions. knowledge of Windows and Linux operating systems Strong analytical skills in threat, vulnerability, and intrusion detection analysis. Have a understanding of threat vectors as well as attacker techniques and tactics. Being a highly motivated individual with the ability to self-start, prioritize, and multi-task. The candidate should be able to react quickly, decisively, and deliberately in high stress situations. Strong verbal/written communication and interpersonal skills. Preferred Skills One or more widely recognized security certifications from renowned institutions such as GIAC/SANS, EC-Council, etc. Service-related expert knowledge: Knowledge of incident handling, protection of systems, networks, applications and data Confident handling of artifacts, IoCs and threat intelligence Case management experience and tools Experience with EDR and SIEM tools Alert triage and investigation, applying knowledge of the environment, understanding of the attack chain, and initial impressions of alerts to prioritize, validate, and investigate alerts. Case management classification and initial validation, documenting relevant details and observables Cyber security and technical knowledge: Experience with operating system security (Linux and Windows), anti-virus technologies and network security. Working knowledge of common TCP/IP based services and protocols such as DNS, DHCP, HTTP, FTP, SSH, SMTP, etc. Knowledge about firewalls, proxies/reverse proxies, IDS/IPS Knowledge of operating systems Ability to read and understand network and endpoint logs Basic Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, etc.) Consideration of laws, regulations, policies, and ethics (GDPR, etc.) Skills in writing queries for security and investigative tools Skills in applying incident handling best practices