211 Soar Jobs - Page 7

Key Responsibilities: Review daily operational activities and timely mentor Jr. AnalystsFurther detailed analysis on the escalated events and handover the call to Incident Response team along with appropriate evidence.100 % incidents validation and closure. Manage shifts and knowledge transfer within shift (shift handover) Study Attack types & methods while monitoring HDFC environment for threatsPerforms deep-dive incident analysis by correlating data from various sources. Documentation and archiving artefacts for future reference Defining criticality of the behaviour alert events with respect to experience and information security understandingLead operations with example and manage operate as a security consultant for incidents and alerts observedLead Jr. Analysts in investigations, analysis, and alert categorizationMonitoring various technology dashboards and identify any suspicious anomalies Ensuring quality check for all alerts, incidents raised by L1sInvestigating closing on Testing incidents and defining the steps and processPreparation of Daily summary report Raise control related concerns e.g., SOAR & SIEM. Define operations related activitiesIRC Review, SOP Review and managing all other process documents. Audit Data SubmissionEscalation to seniors before the TAT breachTAT responsibilitiesValidation of SOC incidents by Bank L2 team. Knowledge and Attributes: Ability to communicate and work across different cultures and social groups. Ability to plan activities and projects well in advance, and takes into account possible changing circumstances. Ability to maintain a positive outlook at work. Ability to work well in a pressurized environment. Ability to work hard and put in longer hours when it is necessary. Ability to apply active listening techniques such as paraphrasing the message to confirm understanding, probing for further relevant information, and refraining from interrupting. Ability to adapt to changing circumstances. Ability to place clients at the forefront of all interactions, understanding their requirements, and creating a positive client experience throughout the total client journey. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). Certifications relevant to services supported. Certifications carry additional weightage on the candidates qualification for the role. Required Experience: Moderate level of relevant managed services experience handling Security Infrastructure. Moderate level of knowledge in ticketing tools preferably Service Now. Moderate level of working knowledge of ITIL processes. Moderate level of experience working with vendors and/or 3rd parties.

The Associate Managed Services Information Security Analyst is an entry level subject matter expert, responsible for monitoring, analyzing, interpreting and reporting on the incoming client data for the purpose of delivering security information and recommendations to the clients, enabling the organization to deliver the contracted security services. This role includes performing tasks such as security incident detection and response, security event reporting, threat hunting, content maintenance (tuning) and interacting with clients to ensure their understanding of the information generated, recommending client system changes as well as answering security related queries from the clients. This is an entry level role within the Managed Services Information Security Analyst team and works under guidance of more experienced analysts within the team. What you'll be doing Key Responsibilities: Works as part of a global Cyber Defense Centre (CDC) team that works 24/7 on rotational shifts. Works with client stakeholders and relevant internal teams to tune the MSSP platform and client SIEM to enable more efficient detection, analysis and reporting. Under guidance, generates continuous improvement ideas for supported security tools/technologies, to enable improvements to the company services, employee experience and client experience. Adheres to SOPs, customer Run Books and standard processes to ensure a globally consistent delivery whilst also proposing changes and improvements to these standards. Utilizes and document best practices and amend existing documentation as required. Support with security incident handling and response from several vectors including End Point Protection and Enterprise Detection and response tools, attack analysis, malware analysis, network forensics, computer forensics. Learns and utilizes a broad range of skills in LAN technologies, Windows and Linux O/Ss, and general security infrastructure. Ensures usage of knowledge articles in incident diagnosis and resolution. Under guidance, perform defined tasks to inform and monitor service delivery against service level agreements and maintain records of relevant information. Cooperates closely with colleagues to share knowledge and build a cohesive and effective team environment, benefiting the individual, the business and the client. Performs any other related task as required. Knowledge and Attributes: Knowledge on implementation and monitoring of a company supported SIEM or security tools/technologies/concepts. Knowledge on security architecture, worked across different security technologies. Knowledge and understanding of the operation of modern computer systems and networks and how they can be compromised. Displays excellent customer service orientation and pro-active thinking. Displays problem solving abilities and is highly driven and self-organized. Good attention to detail. Displays analytical and logical thinking. Well spoken and written communication abilities. Ability to remain calm in pressurized situations. Ability to keep current on emerging trends and new technologies in area of specialization. Academic Qualifications and Certifications: Bachelor's degree or relevant qualification in Information Technology or Computing or a related field. Security certifications such as (but not limited to) AZ-500, SC-200, Security+, CEH, CISSP, CISM or similar Certification in different networking technologies such as CCNA, JNCIA, ACCA, PCNSA, CCSA is advantageous. Required Experience: Entry level experience in SOC Analysis Operations. Entry level experience in SIEM usage for investigations. Entry level experience in Security technologies such as (but not limited to) Firewall, IPS, IDS, Proxy. Entry level experience in dealing with technical support to clients. Entry level experience in handling security incidents end to end. Entry level experience in configuring/managing security controls, such as SIEM, Firewall, IDS/IPS, EDR, NDR, UTM, Proxy, SOAR, Honeypots and other security tools. Entry level experience in Security Analysis or Engineering preferably gained within a global services organization.

Your day at NTT DATA The Security Platform Engineer is a seasoned subject matter expert, responsible for facilitating problem resolution and mentoring for the overall team. This role performs operational security tasks such as performance and availability monitoring, log monitoring, security incident detection and response, security event reporting, and content maintenance (tuning). The Security Platform Engineer is responsible for detecting and monitoring escalated threats and suspicious activity affecting the organization's technology domain (servers, networks, appliances and all infrastructure supporting production applications for the enterprise, as well as development environments). What you'll be doing Key Responsibilities: Works as part of a 24/7 team working on rotational shifts. Works as part of Platform and Content Engineering handling tunings, stake holder requests, escalations, reporting, trainings. Administers the organization's security tools to gather security logs from environment. Performs lifecycle management of the supported security tools/technologies, Break-fix, Patching, Live update. Adheres to SOPs and notify stake holders on log flow/log format issues. Documents best practices. Identifies opportunities to make automations which will help the incident response team. Performs security incident handling and response from several vectors including End Point Protection and Enterprise Detection and response tools, attack analysis, malware analysis, network forensics, computer forensics, and a broad range of skills in LAN technologies, Windows and Linux O/Ss, and general security infrastructure. Carries out agreed maintenance tasks. Ensures usage of knowledge articles in incident diagnosis and resolution and assist with updating as and when required. Performs defined tasks to monitor service delivery against service level agreements and maintains records of relevant information. Investigates causes of incidents and seeks resolution. Escalates unresolved incidents and follow up until incident is resolved. Provides service recovery, following resolution of incidents. Documents and closes resolved incidents according to agreed procedures. Investigates and identifies root cause of incidents and assist with the implementation of agreed remedies and preventative measures. Maintains knowledge of specific specialisms, provides detailed advice regarding their application. Ensures efficient and comprehensive resolution of incidents, including ensuring that repairs are carried out by coordinating product requests, working with other team members. Logs all such incidents in a timely manner with the required level of detail with all the necessary. Cooperates with all stakeholders including client IT environments, vendors and carriers to expedite diagnosis of errors and problems and to identify a resolution. Knowledge and Attributes: Seasoned working knowledge on implementation and monitoring of any SIEM or security tools/technologies. Seasoned knowledge on security architecture, worked across different security technologies. Customer service orientated and pro-active thinking. Problem solver who is highly driven and self-organized. Great attention to detail. Good analytical and logical thinking. Excellent spoken and written communication skills. Team player with the ability to work well with others and in group with colleagues and stakeholders. Academic Qualifications and Certifications: Bachelor's degree or equivalent in Information Technology or related field. Relevant level of Networking certifications such as CCNA, JNCIA, ACCA, PCNSA, CCSA etc. preferred. Relevant level of Security certifications such as AZ-500, SC-200, Security+, CEH, CISSP, CISM etc. will be added advantage. Required Experience: Seasoned experience in Security technologies like (Firewall, IPS, IDS, Proxy etc.). Seasoned experience in technical support to clients. Seasoned experience in diagnosis and troubleshooting. Seasoned experience providing remote support in Security Technologies. Seasoned experience in SOC/CSIRT Operations. Seasoned experience in handling security incidents end to end. Knowledge on networking, Linux and security concepts. Seasoned experience in configuring/managing security controls such as Firewall, IDS/IPS, EDR, NDR, UTM, Proxy, SOAR, HoneyPots and other security tools. Knowledge on log collection mechanism such as Syslog, Log file, DB API. Knowledge in security architecture. Seasoned experience in Security engineering.

Required technical and professional expertise Minimum 2+ years experience in SIEM. Proven expertise in handling the daily monitoring of Information Security events on the QRadar / ArcSight / Splunk console platform Proficient in monitoring security events from various SOC channels (SIEM, Tickets, Email and Phone), based on the security event severity to handle the service support teams, tier2 information security specialists Expertise in threat modelling and Use case development and ability to review policies of security monitoring tools based on security concepts and logical approach. Preferred technical and professional experience Preferred OEM Certified SOAR specialist + CEH Ambitious individual who can work under their own direction towards agreed targets/goals and with creative approach to work Intuitive individual with an ability to manage change and proven time management Proven interpersonal skills while contributing to team effort by accomplishing related results as needed Up-to-date technical knowledge by attending educational workshops, reviewing publications

Minimum 2+ years experience in SIEM Proven expertise in handling the daily monitoring of Information Security events on the QRadar / ArcSight / Splunk console platform Proficient in monitoring security events from various SOC channels (SIEM, Tickets, Email, and Phone), based on the security event severity to handle the service support teams and tier 2 information security specialists Expertise in threat modelling and use case development Ability to review policies of security monitoring tools based on security concepts and logical approach Preferred technical and professional experience Preferred OEM Certified SOAR specialist + CEH Ambitious individual who can work under their own direction towards agreed targets/goals with a creative approach to work Intuitive individual with an ability to manage change and proven time management Proven interpersonal skills while contributing to team effort by accomplishing related results as needed Up-to-date technical knowledge by attending educational workshops and reviewing publications

Role- Splunk SOAR Job Description: Experience in SIEM SOAR implementation and administration Experience in Playbook creation Demonstrated proficiency in the daily monitoring of Information Security events ensuring prompt detection and response to potential threats Proficient in performing 24x7 monitoring of security logs conducting detailed analysis and escalating detected events based on agreed runbooks and SLAs Knowledgeable in malware analysis techniques aiding in the identification and mitigation of malicious software Experience in SIEM SOC operations for very large enterprises ensuring security posture and compliance Proficiency in reviewing security monitoring tool policies using a logical and security focused approach aligning them with the latest security concepts to enhance the overall security posture of the organization Possess expertise in threat modeling and the development of use cases enabling the creation of effective strategies for identifying and mitigating security threats Proficient in working with SOAR tools particularly XSOAR Skilled in playbook development and integrating third party solutions with SOAR Experienced in security automation using scripting languages like Python and Shell Hands on experience in Managing and maintaining existing SOAR solution ensuring its optimal performance and functionality Successfully on boarded new customers to the platform ensuring a smooth transition and adoption of the platform Managed the entire customer onboarding process starting from host building firewall requests and tenant on boarding Integrated third party solutions with the SOAR platform including SIEM email and ITSM Troubleshot errors related to playbook execution and third party integrations ensuring smooth operation of the SOAR system Assisted in SOAR platform upgrades including testing deployment and configuration to maintain up to date and secure infrastructure Gathered playbook development requirements from customers or suggested new playbook development requirements to enhance the SOAR systems capabilities

• Proficiency with management PROXY • Experience in working with Windows, Linux, Unix environments • Hands-on experience in commissioning and Implementation of PROXY solutions

Phantom/SOAR & Python experience with Good Development skills Good in ITIS and Understanding and building playbooks with On-prem multi-site clustering Splunk environment Practical experience in monitoring and tuning Playbooks & Use cases Good knowledge of creating custom apps with dashboards / reports / alerts and demonstrate Understanding of Splunk apps Ownership of delivery for small to large Splunk onboarding projects Ability to automate repetitive tasks and reduce noise Implementing and supporting Phantom with good Python, Red Hat and Windows experience Location: Pan India

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Email Security Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations. You will engage in discussions to align security strategies with organizational objectives, ensuring that all security measures are effectively integrated into the cloud environment. Your role will also require you to stay updated on the latest security trends and technologies to enhance the overall security posture of the organization. Roles & Responsibilities:-Monitor email traffic for suspicious activities.-Configure and manage email security platforms-Analyze and respond to phishing attacks, spam, and malware delivered via email-Implement and maintain email authentication protocols (SPF, DKIM, DMARC).-develop and enforce email security policies (e.g., email encryption,-Respond to email-related security incidents.-Conduct forensic analysis of email-based attacks.-Work with SOC teams during breach investigations.-Conduct phishing user training.-Automate detection and response using SOAR tools.-Analysis of Email Header and Email body analysis Professional & Technical Skills: - Email protocols:SMTP, IMAP, POP3 -DNS records:SPF, DKIM, DMARC Additional Information:- The candidate should have minimum 5 years of experience in Email Security.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Governance Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and overseeing the transition to cloud security-managed operations. You will engage in discussions to align security strategies with organizational objectives, ensuring that all security measures are effectively integrated into the cloud environment. Your role will also require you to stay updated on the latest security trends and technologies to enhance the overall security posture of the organization. Roles & Responsibilities:- Lead and mentor a team of Tier 1, Tier 2, and Tier 3 SOC analysts.- Define and enforce SOC processes, workflows, SLAs, and escalation protocols.- Provide regular performance feedback and conduct training to upskill the team.- Collaborate with IT, DevOps, Risk, and Compliance teams on security initiatives.- Oversee daily security monitoring, triage, and incident response activities.- Ensure timely detection, investigation, and resolution of security incidents.- Maintain incident tracking and reporting for internal stakeholders and audits.- Conduct root cause analysis and ensure lessons learned are documented and implemented.- Manage and optimize SIEM, SOAR, EDR, and other monitoring tools.- Define and tune detection rules, playbooks, and alerts to reduce false positives.- Evaluate and recommend new tools and technologies to improve SOC capabilities.- Ensure log sources and telemetry are complete and properly ingested.- Ensure SOC operations support compliance requirements (ISO 27001, NIST, PCI DSS, GDPR).- Prepare and deliver regular security metrics and executive reports.- Coordinate with internal and external auditors during assessments. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Governance.- Strong understanding of risk management frameworks and compliance standards.- Experience with cloud security architecture and implementation.- Ability to conduct security assessments and audits.- Familiarity with security tools and technologies for threat detection and response. Additional Information:- The candidate should have minimum 12 years of experience in Security Governance.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Accenture MxDR Ops Security Threat Analysis Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your security skills to design, build, and protect enterprise systems, applications, data, assets, and people. A typical day involves collaborating with various teams to implement security measures, conducting assessments to identify vulnerabilities, and ensuring that all systems are fortified against potential cyber threats. You will also engage in continuous learning to stay updated on the latest security trends and technologies, contributing to a safer digital environment for the organization. Roles & Responsibilities:Perform security monitoring by analyzing logs, traffic and alerts generated by variety of device technologiesTimely response to customer requests like detection capabilities, tuning.Research new threats and provide recommendations to enhance detection capabilitiesStrong desire for continuous learning on vulnerabilities, attacks and countermeasures Identify opportunities for process improvement Professional & Technical Skills: Experience in SOC operations with customer-facing responsibilitiesDeep understanding on cyber security fundamentals, security devices, network defense concepts and threat landscapeHands-on experience in SIEM and threat hunting tools Added advantage in working with any SOAR platformDesirable knowledge in any scripting language and EDR productsPreferable GCIA, GCFA, CISSPStrong customer service and interpersonal skillsStrong problem-solving skillsAbility to communicate clearly at all levels, demonstrating strong verbal and written communication skills. Additional Information:Work as part of analysis team that works 24x7 on a rotational shift The candidate should have minimum 2 years of experience This position is based at our Chennai office.Minimum a bachelors or a masters degree in addition to regular 15- year full time educationAdaptability to accept change Qualification 15 years full time education

Cybersecurity, Azure Sentinel SIEM,MS Defender for Endpoints (EDR/ATP),AWS IAM,SOAR Concept, Fortinet FortiSOAR, Palo Alto Networks - Firewalls, Cortex XSOAR, Python We are seeking a Cybersecurity Analyst with 1-6years of experience in fundamental cybersecurity concepts, including SIEM, EDR, IAM, and SOAR platforms The ideal candidate should have a basic understanding of security automation and orchestration using platforms like FortiSOAR, Palo Alto XSOAR, and ThreatConnect (preferred) Experience with SOAR play book creation , integration etc Additionally, knowledge of Python scripting for automation and security tasks will be an added advantage

A SOAR Automation Professional specializes in Security Orchestration, Automation, and Response (SOAR), focusing on enhancing the efficiency and effectiveness of security operations through automation. This role involves integrating various security tools, developing automated workflows, and responding to security incidents swiftly to minimize potential damage. Contract To Hire(C2H) Role. Python Any SOAR tool experience Splunk SOAR/Phantom Cortex XSOAR SOC/SIEM experienced Note: Looking for Immediate to 30-Days joiners at most.

Job Information Job Opening ID ZR_1899_JOB Date Opened 29/04/2023 Industry Technology Job Type Work Experience 3-5 years Job Title Phantom/SOAR City Hyderabad Province Telangana Country India Postal Code 500081 Number of Positions 5 Phantom/SOAR & Python experience with Good Development skills Good in ITIS and Understanding and building playbooks with On-prem multi-site clustering Splunk environment Practical experience in monitoring and tuning Playbooks & Use cases Good knowledge of creating custom apps with dashboards / reports / alerts and demonstrate Understanding of Splunk apps Ownership of delivery for small to large Splunk onboarding projects Ability to automate repetitive tasks and reduce noise Implementing and supporting Phantom with good Python, Red Hat and Windows experience Location: Pan India check(event) ; career-website-detail-template-2 => apply(record.id,meta)" mousedown="lyte-button => check(event)" final-style="background-color:#2B39C2;border-color:#2B39C2;color:white;" final-class="lyte-button lyteBackgroundColorBtn lyteSuccess" lyte-rendered=""> I'm interested

Role & responsibilities SOC Automation Managing and operating Microsoft Sentinel Log Source Onboarding : Onboard and troubleshoot log sources (on-premises and cloud) to the Sentinel platform using syslog, APIs, and other mechanisms. Ensure data integrity, reliability, and proper formatting. Log Management : Hands-on experience with log collection, parsing, and analysis from various sources (e.g., firewalls, endpoints, cloud environments). Strong defensive mindset with understanding of security events of interest for building detection rules Good in query languages like KQL. Advanced threat intelligence with the help of kusto query language (KQL). Should have advanced knowledge on use case creation, parser development DevOps Knowledge : Understanding of DevOps practices such as CICD pipelines, GIT, ARM templates, and Azure Automation for streamlining processes. Creation of automation rules.Use of threat intelligence in Azure sentinel. Implement and optimize security controls in cloud environments ( AWS, Azure, GCP), enforcing security-as-code principles and compliance automation . Experience in working with SOAR tools Sentinel SOAR Experience with programming (preferably Javascript, Python, REST API), automation or machine learning SIEM Migration : Proven experience in SIEM migration projects and transitioning between platforms will be advantage. Good command of the English language, both written and verbally Apply here: https://career.infosys.com/jobdesc?jobReferenceCode=INFSYS-EXTERNAL-210438

Role & responsibilities SOC Automation Managing and operating Microsoft Sentinel Log Source Onboarding : Onboard and troubleshoot log sources (on-premises and cloud) to the Sentinel platform using syslog, APIs, and other mechanisms. Ensure data integrity, reliability, and proper formatting. Log Management : Hands-on experience with log collection, parsing, and analysis from various sources (e.g., firewalls, endpoints, cloud environments). Strong defensive mindset with understanding of security events of interest for building detection rules Good in query languages like KQL. Advanced threat intelligence with the help of kusto query language (KQL). Should have advanced knowledge on use case creation, parser development DevOps Knowledge : Understanding of DevOps practices such as CICD pipelines, GIT, ARM templates, and Azure Automation for streamlining processes. Creation of automation rules.Use of threat intelligence in Azure sentinel. Implement and optimize security controls in cloud environments ( AWS, Azure, GCP), enforcing security-as-code principles and compliance automation . Experience in working with SOAR tools Sentinel SOAR Experience with programming (preferably Javascript, Python, REST API), automation or machine learning SIEM Migration : Proven experience in SIEM migration projects and transitioning between platforms will be advantage. Good command of the English language, both written and verbally Apply here: https://career.infosys.com/jobdesc?jobReferenceCode=INFSYS-EXTERNAL-210438

Investigate, hunt, and lead escalated incident response using advanced threat detection from SIEM, EDR, NDR platforms. Develop and manage custom detection use cases aligned to threat frameworks and customer environments. Key Responsibilities: Monitoring, Investigation & Triage Triage and correlate alerts from SIEM (QRadar/Sentinel), EDR, and NDR Identify lateral movement, C2 activity, and data exfiltration Lead incident investigations and initiate containment measures Threat Hunting & Detection Engineering Proactive hunting using logs, flow data, and behavior analytics Apply MITRE ATT&CK for hypothesis-driven hunts Develop, test, and optimize custom detection rules Maintain a backlog aligned with emerging threats Tool Proficienc y SIEM: Advanced KQL/AQL queries, rule tuning, alert optimization EDR: Defender for Endpoint binary/process analysis, endpoint containment NDR: Darktrace/LinkShadow behavioral baselining, detection logic SOAR: Sentinel Playbooks / Cortex XSOAR for automated workflows Cloud Security: Azure AD alerts, MCAS, Defender for Cloud, M365 Defender Threat Intelligence Integration IOC/TTP enrichment Threat intel feed integration Contextual alert correlation Reporting & RCA Draft technical incident reports and RCAs Executive-level summaries for major incidents Cloud Security (Optional): Investigate alerts like impossible travel, app consent abuse Respond to cloud-native security incidents using Defender for Cloud, MCAS Create advanced SOAR workflows and playbook Tool Familiarity QRadar Microsoft Sentinel Microsoft Defender for Endpoint LinkShadow or Darktrace EOP/Exchange protection Antivirus platforms Defender for Identity / Defender for Cloud Advanced SOAR workflows (Sentinel playbooks / Cortex XSOAR) Network forensic tools like Wireshark / Zeek Certifications (Preferred): GCIH / GCIA / CEH Microsoft SC-200 / SC-100 QRadar Admin or equivalent Shift Readiness: 24x7 rotational shifts, including on-call support for escalations and major incidents Soft Skills: Strong analytical and documentation skills Proactive communicator Independent problem-solver and critical thinker

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NA Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of cloud security controls and transition to cloud security-managed operations. Roles & Responsibilities: Resource would be working directly with Client driving enhancements and recommending technological enhancements. Integrating custom applications by developing custom connectors like OT and internal build applications. Perform Log Analytics Migration from different Azure regions, basically performing architectural changes recommended by audit team. Working with Cyber Threat client team to develop detection models using Sentinel Jupiter. Work with security architects to recommend and build DR environment for Azure Sentinel. Integrate Anomaly Threat Stream with Azure Sentinel. Would be working with infrastructure architects to segment sentinel resources based on Tier architecture. Recommend and implement new upcoming Azure Sentinel features. Recommend and Architect Complex SOAR automations using Azure Logic Apps. Professional & Technical Skills: Must Have Skills: Proficiency in Azure Sentinel Build activity. Strong understanding of threat intelligence analysis Experience in designing and implementing security solutions Knowledge of security compliance standards and regulations Hands-on experience with security tools and technologies Additional Information: The candidate should have a minimum of 7.5 years of experience in which 4 years of experience in Azure Sentinel deployments and implementation. This position is based at our Bengaluru office A 15 years full time education is required Qualification 15 years full time education

Role & responsibilities Minimum experience 8 years experience in SIEM and SOAR engineering work. Knowledge on XSOAR, Sentinel SOAR, Splunk Phantom, IBM QRadar, Microsoft Sentinel, Tines SOAR. Should have experience configuring Security Orchestration, Automation, and Response tools, scripts, events, and playbooks. Should be well versed with XSOAR application components and know how to configure it and implement system updates. Should be able to create and maintain custom content and playbooks. Should be able to troubleshoot client/server issues. Should be able to manage and maintain the health of Security Orchestration, Automation, and Response infrastructure manager/clients. Must possess strong Python, JavaScript and other scripting skills to automate system maintenance tasks. Must be comfortable and proficient in use of regular expression (regex). Must have a solid understanding of REST/SOAP/WSDL/XML (Web Services), HTTP Request Methods. Must possess strong analytical, problem solving and documentation skills• Experience in creating threat detection use cases on any SIEM tools (QRadar/Sentinel/Splunk) Experience in Log Source integration for use case and SOAR automation Strong defensive mindset with understanding of security events of interest for building detection rules Experience with programming (preferably Python, REST API), automation or machine learning Good in query languages like SQL, KQL, AQL from Splunk, Sentinel and QRadar pov Good command of the English language, both written and verbally Must demonstrate strong oral and written communication skills, with the ability to communicate technical topics to management and non-technical audiences Apply here: https://career.infosys.com/jobdesc?jobReferenceCode=INFSYS-EXTERNAL-210438

Job Title: Senior Security Analyst Threat Hunting & Incident Response Location: Bangalore (Rotational Shifts) Mode of work- 5 days WFO Experience: 8+ Years Job Type: Full-time Job Description: We are looking for a highly skilled and experienced Senior Security Analyst to join our client's Cybersecurity team. This role involves leading incident response activities, performing proactive threat hunting, and enhancing our overall security posture through innovative detection strategies and forensic investigations. Key Responsibilities: Lead end-to-end security incident response, including analysis, containment, mitigation, and reporting. Design and implement detective controls for emerging threats and vulnerabilities. Perform proactive threat hunting across multiple platforms and environments. Continuously enhance SIEM/SOAR/XDR alert use cases and threat detection capabilities. Research emerging threats, vulnerabilities, and attack techniques to improve defenses. Participate in a 24/7 on-call rotation to support incident response and critical investigations. Document incident response activities and produce detailed reports for stakeholders. Conduct post-incident reviews to drive improvements in tools, processes, and readiness. Collaborate across teams to improve the organization’s threat detection and response maturity. Required Qualifications: Bachelor’s degree in Computer Science, Cybersecurity, or related field. Minimum 8 years of experience in Security Operations, Incident Response, or Threat Detection. Strong experience with threat hunting methodologies and frameworks. Hands-on expertise with tools such as SIEM, SOAR, XDR (e.g., Cortex XSIAM, Torq). Working knowledge of MITRE ATT&CK , NIST frameworks, and cyber kill chain concepts. Preferred Skills & Experience: Strong understanding of network and endpoint security, defense-in-depth, and current threat trends. Experience with cloud security (AWS, Azure, GCP) and public cloud defense techniques . Exposure to Endpoint Detection & Response (EDR) tools, forensic analysis, and log correlation. Proficiency in scripting languages (e.g., Python, PowerShell ) for automation and analysis. Relevant certifications such as CISSP, GIAC (GCIA, GCIH, GCFA), CEH are a plus. Strong analytical mindset with the ability to assess risk and prioritize response. Excellent written and verbal communication skills.

Job Description: SIEM, SOAR, UEBA, and NBAD Specialist Position Summary: We are looking for a skilled Security Operations Specialist with expertise in SIEM, SOAR, UEBA, and NBAD technologies to strengthen our security monitoring, automation, and threat detection capabilities. The ideal candidate should have a strong technical background, relevant experience in cyber security, and a proactive attitude toward threat hunting and incident response. Roles and Responsibilities Incident Analysis, Incident co-ordination & Response, Remote Incident Response, Forensics Artifact handling & Analysis, Malware Analysis, Insider Threat Case Support, Sensor Tuning & Maintenance, Custom Signature/ Rules Creation, Scripting & Automation, Audit Collection & Storage, Product Assessment & Deployment and Risk Assessment , Response Planning, Mitigation, Recovery Planning, Communicating Emergency Alerts & Warnings to relevant/designated stakeholders , Endpoint Threat Detection and remediation. Take SOAR action on identified malicious communications, Monitor and alert any abnormalities identified, Work on ticket and ensure timely response and resolution of tickets as per SLA Reporting the security events/ incidents to L3 and other relevant/ designated stakeholders Communicating Emergency Alerts & Warnings to relevant/designated stakeholders. Should have knowledge of below technologies UEBA (User and Entity Behavior Analytics): Monitor behavioral analytics to detect insider threats, compromised accounts, and anomalous activities. Configure and tune UEBA models to reduce false positives and enhance detection capabilities. NBAD (Network Behavior Anomaly Detection): Monitor and analyze network traffic to identify anomalies indicating potential threats or breaches. Work with network and SOC teams to investigate and respond to suspicious network behavior. Required Qualifications: Education: B.E./B.Tech/MCA/M.Sc. in Computer Science or Information Technology. Experience: Minimum 1.5+ years of relevant experience in Security Operations, Threat Detection, or Incident Response. Certifications: Certified Ethical Hacker (CEH) mandatory .

As a Customer Success Manager - Azure & Security, The incumbent will be the key point of contact for customers adopting Microsoft Azure and Cybersecurity solutions. The mission is to drive customer success by ensuring secure and effective adoption of TTBS offered services, managing customer relationships, and supporting long-term strategic cloud and security goals. Its an Individual Contributor role. Key Role Deliverables Act as a trusted advisor for customers implementing Azure infrastructure, services, and security frameworks. Lead onboarding, training, and enablement for customers transitioning to Azure and Microsoft Security solutions (e.g., Defender, Sentinel, Entra). Monitor customer health, usage, and satisfaction to proactively address risks and promote solution value. Drive adoption of Azure-native security tools and best practices to strengthen cloud environments. Collaborate with technical delivery, cloud architecture, and support teams to ensure customer success and alignment. Conduct regular Executive Business Reviews (EBRs) and strategic planning sessions with key stakeholders. Maintain a deep understanding of Microsoft Azure & Security roadmap to guide clients on optimization and innovation. Identify expansion and upsell opportunities in areas like Azure cost optimization, compliance, Zero Trust architecture, etc. Right Person (Qualification & Experience) B. Tech (Computer Science, Electronics etc.) Minimum 6 years of experience in Customer Success, Technical Account Management, or Cloud Consulting with a focus on Azure and/or cybersecurity. Strong knowledge of Microsoft Azure, including core services (IaaS, PaaS), networking, identity, and security features. Familiarity with Security solutions: Defender for Cloud, SIEM, SOAR, VAPT, SOC, Purview, etc. Experience with compliance frameworks (e.g., NIST, ISO 27001, GDPR) and security best practices in the cloud. Ability to manage technical conversations with C-level stakeholders and IT teams. Strong project management, communication, and interpersonal skills. Certifications preferred: Microsoft Certified: Azure Solutions Architect Expert Microsoft Certified: Security, Compliance, and Identity Fundamentals Microsoft Certified: Azure Security Engineer Associate

ABOUT THE ROLE The Senior Manager Information Security is responsible for leading the security automation product team and driving the development, integration and continuous improvement of a security automation platform. This role combines strong leadership, technical acuity, and product ownership skills to supervise a growing team responsible for automating security workflows, integrating tools, improving operational efficiency, and strengthening the overall cybersecurity posture. As the product owner of the security automation platform and service, the Senior Manager Information Security collaborates with collaborators to deliver impactful automations and maintain a scalable, secure, and resilient automation infrastructure. Key aspects of the role include aligning automation projects with organizational security goals, fostering innovation in machine learning applications, and ensuring the adoption of industry-leading practices by staying ahead of with evolving threats and trends. Roles & Responsibilities: Lead and mentor a team of security automation engineers, data engineers, and data scientists, fostering a collaborative and high-performance culture Oversee the security automation service, ensuring effective operations, prioritization, and continuous alignment with business and security goals Oversee the security automation product team to ensure adherence to SAFe/Agile methodologies and definitions of done, maintaining high-quality standards in deliverables Oversee the seamless operation, scalability, and efficiency of a cloud-based security automation solution, ensuring continuous enhancement of security controls and automation capabilities Develop strategies to streamline incident response, threat detection, and remediation processes using automation capabilities Drive and manage the seamless integration of new and existing security tools, platforms, and workflows to ensure a cohesive and optimized automation ecosystem Ensure compliance with relevant regulations (e.g., GDPR, HIPAA) and industry standards (e.g., ISO 27001, NIST) Collaborate with collaborators to establish and supervise critical metrics related to SAFe implementation Generate and maintain security reports, metrics, and dashboards for management review Keep up to date with the latest security threats, trends, and technologies, and provide recommendations for improving security operations Build and deliver knowledge sharing presentations and documentation to educate developers and operations teams on application security standard methodologies and secure coding techniques Triage and assess findings from tools, external reports, and tests to determine real risks and prioritize remediation efforts Offer remediation guidance to partners for identified issues and serve as a customer concern resource for developers as they reduce issues What we expect of you We are all different, yet we all use our unique contributions to serve patients. The professional we seek is a senior manager with these qualifications. Basic Qualifications: Masters degree and 8 to 10 years of Scrum teams management or related field experience OR Bachelors degree and 8 to 10 years of in Scrum teams management or related field experience OR Diploma and 12 to 14 years of in Scrum teams management or related field experience. Preferred Qualifications: Experience managing and scaling security automation platforms and tools (e.g., SOAR) Demonstrated success in leading high-performing technical teams in an agile environment Strong understanding of integrating security tools and data platforms (SIEM, EDR, IAM, etc.) In-depth knowledge of cybersecurity frameworks, technologies, and best practices Experience in risk management, incident response, and security governance Strong knowledge of security architecture frameworks and principles Strong understanding of common software and web application security vulnerabilities Excellent communication, stakeholder management, and analytical skills. Good-to-Have Skills: Experience with network security, endpoint protection, and incident response Proficiency in scripting and automation (e.g., Python, Bash) is a plus Professional Certifications: CEH (preferred) CompTIA Security+ (preferred) CISSP (preferred) TOGAF (preferred) Certified Scrum Product Owner (CSPO), or equivalent (preferred) Soft Skills: Initiative to explore alternate technology and approaches to solving problems Skilled in breaking down problems, documenting problem statements, and estimating efforts Excellent analytical and troubleshooting skills Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation Ability to manage multiple priorities successfully Team-oriented, with a focus on achieving team goals

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Google Chronicle SIEM Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :The SIEM SME leads in architectural design, specification, and maintenance of Splunk/Google Chronicle Security products and services.Candidates must have backgrounds in network planning and design, implementation, and operations. SIEM SMEs apply business and technology skills with structured methodologies to deliver complex solutions to the customer. Roles & ResponsibilitiesAnalyze potential infrastructure security incidents to determine if incident qualifies as a legitimate security breachPerform network incident investigations, determining the cause of the security incident and preserving evidence for potential legal actionInterface with technical personnel and others teams as requiredMake recommendations on the appropriate corrective action for incidentsConfigure and manage Infrastructure Security and SIEM solutions.Design, develop and create correlation rules within the Security Information and Event Management (SIEM) platformMonitor devices and correlation tools for potential threatsInitiate escalation procedure to counteract potential threats/vulnerabilitiesExperience building and maintain security incident correlation content (hands-on)Experience with reverse engineering tools and techniques as it pertains to network traffic collection and analysisOperational knowledge of system and network security engineering best practices and architectureWillingness to engage hands-on from inception to complete and audit to SIEMs deploymentProvide guidance and insight, as well as follow directives as necessary to complete accelerated deployment of the SIEMsCapable and willing to integrate multiple security control production into the SIEMs platformAppropriately inform and advise management on incidents and incident preventionEncourages and implements continuous improvement measures on day-to-day basisLeverages extensive knowledge of communications in a manner that provides business value to the IT OrganizationRequired to identify, assess, and resolve complex issues/problems within own area of responsibilityProvide Incident remediation and prevention documentationDocument and conform to processes related to security monitoringParticipate in knowledge sharing with other analysts and develop solutions efficientlyCoordinate or participate in individual or team projectsWrite technical articles for internal knowledge baseProvide performance metrics as necessaryDevelop and optimize technical processes and coordinate procedure documentation. Professional & Technical Skills: Must have working experience in Google Chronicle SIEM/SOAR as SME. At least 8+ years of experience in Information Security, Risk Management, Infrastructure Security and ComplianceSecurity device installations, configuration and troubleshooting (e.g., firewall, IDS, etc.)Hands on experience in supporting AWS and Azure Assets, especially supporting Splunk deployment in AWS/Splunk ES as a serviceExperience in deploying different type of forwarders and AppsDeep knowledge in AWS services and serverless architectureExpertise in UNIX, Linux, and Windows - able to tear down and rebuild a host systemExperience with Database installation and configuration is required and Oracle experience is a plusExploit and detection analysis skills, including ability to analyze logs for useful information and patternsInstall, configure, tune, and maintain the Splunk SIEM componentsPrimarily focus on content creation regarding advanced threat analysis (rules, variables, trending, watch lists, etc) of incoming data and for self-monitoring of the solution itself.Perform supporting tasks such as system hardening, high availability configurations, and developing backup strategies.Assist with the creation of detailed deployments plans, architectural drawings and operation manuals.Assist with event source auditing configurations, integration with various security platforms, network devices, and systemsExpert in development of Regular Expression (REGEX)Good understanding of Infrastructure Security and its impact on Security Operations, Vulnerabilities, Reporting, Analytics and Monitoring.Good understanding and experiences with Infrastructure Security, Risk assessment and Security Information and Event Management.A solid understanding of frameworks such as ISO 27001/27002, COBIT, and other relevant compliance such PCI, HIPAA, SOX, FISMA, and others those are required for Security Information and Event Management. Experience working in a diversified, virtual environment.Administrational tool development and maintenance.Desirable to have some certifications such as CISSP, ITIL, CISA, CISM and GIAC-GCIADesirable to have some advanced Certification from SIEM vendor on products such as HP ArcSight or RSA envision. Additional InformationBachelors and above degree in Computer Science, Information & Technology, MIS, Engineering. Qualification 15 years full time education

Job Overview: We are seeking an experienced and skilled Firewall L1 & L2 Engineers to join our network security team in Mumbai. The ideal candidate will have a strong background in network security, with specific experience managing and supporting firewalls and security appliances from Palo Alto Networks (PA), Checkpoint, Cisco ASA, and Fortinet. This role requires a proactive individual with a keen eye for security, a strong technical foundation, and effective communication skills to handle daily operational tasks, manage incidents, and maintain security policies within a 24/7 environment. Key Responsibilities: Firewall Administration and Support: Manage, configure, and troubleshoot firewall solutions across PA, Checkpoint, Cisco ASA, and Fortinet platforms. Perform day-to-day BAU MACDs (Moves, Adds, Changes, and Deletes) and configuration changes as required. Incident and Problem Management: Manage and resolve incidents, problems, and service requests associated with firewall operations. Proactively monitor network security events using network monitoring tools to identify and resolve issues before service degradation occurs. Conduct incident analysis and response, supporting troubleshooting efforts across OSI layers 1, 2, and 3. Policy and Exception Management: Manage firewall policies and exceptions to ensure compliance with organizational security standards. Deploy and maintain access and security policies, aligning with organizational requirements. Technical Expertise and Troubleshooting: Hands-on experience with packet capture, analysis, and troubleshooting tools. Perform daily performance checks, periodic audits, and compliance reviews on firewall devices. Troubleshoot network, transport, session, presentation, and application layers as required. Network Security Operations: Implement and uphold network security policies, standards, and procedures. Apply security patches as needed and support automation of processes through scripting or SOAR tools. Collaboration and Coordination: Work closely with users to resolve trouble tickets efficiently. Coordinate with OEMs for TAC support, RMA, replacement, and reconfiguration of PA, Checkpoint, Cisco ASA, and Fortinet devices. Backup device configurations in accordance with the agreed schedule. Candidate Requirements: Experience: 2-7 years of experience in network security, with managing PA, Checkpoint, Cisco ASA, or Fortinet firewall solutions. Technical Proficiency: Proficiency in managing and configuring PA, Checkpoint, Cisco ASA, and Fortinet firewall solutions. Strong experience with Windows, Linux, and Unix environments. Skilled in commissioning, implementation, and integration of firewall solutions with management and authentication tools (e.g., email, AD, IAM, SIEM). Experience in automating processes using scripting and SOAR tools. Knowledge Base: Solid understanding of firewall products, policy management, and exception handling. Familiarity with troubleshooting tools for packet capture, analysis, and network diagnostics. Operations Management: Experience in incident, problem, service request management, and change management. Ability to maintain service levels for 24/7 monitoring and configuration oversight of network security infrastructure. Soft Skills: Excellent verbal and written communication skills for effective interaction with users and stakeholders. Strong analytical skills, with the ability to manage multiple priorities under minimal supervision.