222 Soar Jobs - Page 8

Role & responsibilities SOC Automation Managing and operating Microsoft Sentinel Log Source Onboarding : Onboard and troubleshoot log sources (on-premises and cloud) to the Sentinel platform using syslog, APIs, and other mechanisms. Ensure data integrity, reliability, and proper formatting. Log Management : Hands-on experience with log collection, parsing, and analysis from various sources (e.g., firewalls, endpoints, cloud environments). Strong defensive mindset with understanding of security events of interest for building detection rules Good in query languages like KQL. Advanced threat intelligence with the help of kusto query language (KQL). Should have advanced knowledge on use case creation, parser development DevOps Knowledge : Understanding of DevOps practices such as CICD pipelines, GIT, ARM templates, and Azure Automation for streamlining processes. Creation of automation rules.Use of threat intelligence in Azure sentinel. Implement and optimize security controls in cloud environments ( AWS, Azure, GCP), enforcing security-as-code principles and compliance automation . Experience in working with SOAR tools Sentinel SOAR Experience with programming (preferably Javascript, Python, REST API), automation or machine learning SIEM Migration : Proven experience in SIEM migration projects and transitioning between platforms will be advantage. Good command of the English language, both written and verbally Apply here: https://career.infosys.com/jobdesc?jobReferenceCode=INFSYS-EXTERNAL-210438

Role & responsibilities SOC Automation Managing and operating Microsoft Sentinel Log Source Onboarding : Onboard and troubleshoot log sources (on-premises and cloud) to the Sentinel platform using syslog, APIs, and other mechanisms. Ensure data integrity, reliability, and proper formatting. Log Management : Hands-on experience with log collection, parsing, and analysis from various sources (e.g., firewalls, endpoints, cloud environments). Strong defensive mindset with understanding of security events of interest for building detection rules Good in query languages like KQL. Advanced threat intelligence with the help of kusto query language (KQL). Should have advanced knowledge on use case creation, parser development DevOps Knowledge : Understanding of DevOps practices such as CICD pipelines, GIT, ARM templates, and Azure Automation for streamlining processes. Creation of automation rules.Use of threat intelligence in Azure sentinel. Implement and optimize security controls in cloud environments ( AWS, Azure, GCP), enforcing security-as-code principles and compliance automation . Experience in working with SOAR tools Sentinel SOAR Experience with programming (preferably Javascript, Python, REST API), automation or machine learning SIEM Migration : Proven experience in SIEM migration projects and transitioning between platforms will be advantage. Good command of the English language, both written and verbally Apply here: https://career.infosys.com/jobdesc?jobReferenceCode=INFSYS-EXTERNAL-210438

Investigate, hunt, and lead escalated incident response using advanced threat detection from SIEM, EDR, NDR platforms. Develop and manage custom detection use cases aligned to threat frameworks and customer environments. Key Responsibilities: Monitoring, Investigation & Triage Triage and correlate alerts from SIEM (QRadar/Sentinel), EDR, and NDR Identify lateral movement, C2 activity, and data exfiltration Lead incident investigations and initiate containment measures Threat Hunting & Detection Engineering Proactive hunting using logs, flow data, and behavior analytics Apply MITRE ATT&CK for hypothesis-driven hunts Develop, test, and optimize custom detection rules Maintain a backlog aligned with emerging threats Tool Proficienc y SIEM: Advanced KQL/AQL queries, rule tuning, alert optimization EDR: Defender for Endpoint binary/process analysis, endpoint containment NDR: Darktrace/LinkShadow behavioral baselining, detection logic SOAR: Sentinel Playbooks / Cortex XSOAR for automated workflows Cloud Security: Azure AD alerts, MCAS, Defender for Cloud, M365 Defender Threat Intelligence Integration IOC/TTP enrichment Threat intel feed integration Contextual alert correlation Reporting & RCA Draft technical incident reports and RCAs Executive-level summaries for major incidents Cloud Security (Optional): Investigate alerts like impossible travel, app consent abuse Respond to cloud-native security incidents using Defender for Cloud, MCAS Create advanced SOAR workflows and playbook Tool Familiarity QRadar Microsoft Sentinel Microsoft Defender for Endpoint LinkShadow or Darktrace EOP/Exchange protection Antivirus platforms Defender for Identity / Defender for Cloud Advanced SOAR workflows (Sentinel playbooks / Cortex XSOAR) Network forensic tools like Wireshark / Zeek Certifications (Preferred): GCIH / GCIA / CEH Microsoft SC-200 / SC-100 QRadar Admin or equivalent Shift Readiness: 24x7 rotational shifts, including on-call support for escalations and major incidents Soft Skills: Strong analytical and documentation skills Proactive communicator Independent problem-solver and critical thinker

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NA Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of cloud security controls and transition to cloud security-managed operations. Roles & Responsibilities: Resource would be working directly with Client driving enhancements and recommending technological enhancements. Integrating custom applications by developing custom connectors like OT and internal build applications. Perform Log Analytics Migration from different Azure regions, basically performing architectural changes recommended by audit team. Working with Cyber Threat client team to develop detection models using Sentinel Jupiter. Work with security architects to recommend and build DR environment for Azure Sentinel. Integrate Anomaly Threat Stream with Azure Sentinel. Would be working with infrastructure architects to segment sentinel resources based on Tier architecture. Recommend and implement new upcoming Azure Sentinel features. Recommend and Architect Complex SOAR automations using Azure Logic Apps. Professional & Technical Skills: Must Have Skills: Proficiency in Azure Sentinel Build activity. Strong understanding of threat intelligence analysis Experience in designing and implementing security solutions Knowledge of security compliance standards and regulations Hands-on experience with security tools and technologies Additional Information: The candidate should have a minimum of 7.5 years of experience in which 4 years of experience in Azure Sentinel deployments and implementation. This position is based at our Bengaluru office A 15 years full time education is required Qualification 15 years full time education

Role & responsibilities Minimum experience 8 years experience in SIEM and SOAR engineering work. Knowledge on XSOAR, Sentinel SOAR, Splunk Phantom, IBM QRadar, Microsoft Sentinel, Tines SOAR. Should have experience configuring Security Orchestration, Automation, and Response tools, scripts, events, and playbooks. Should be well versed with XSOAR application components and know how to configure it and implement system updates. Should be able to create and maintain custom content and playbooks. Should be able to troubleshoot client/server issues. Should be able to manage and maintain the health of Security Orchestration, Automation, and Response infrastructure manager/clients. Must possess strong Python, JavaScript and other scripting skills to automate system maintenance tasks. Must be comfortable and proficient in use of regular expression (regex). Must have a solid understanding of REST/SOAP/WSDL/XML (Web Services), HTTP Request Methods. Must possess strong analytical, problem solving and documentation skills• Experience in creating threat detection use cases on any SIEM tools (QRadar/Sentinel/Splunk) Experience in Log Source integration for use case and SOAR automation Strong defensive mindset with understanding of security events of interest for building detection rules Experience with programming (preferably Python, REST API), automation or machine learning Good in query languages like SQL, KQL, AQL from Splunk, Sentinel and QRadar pov Good command of the English language, both written and verbally Must demonstrate strong oral and written communication skills, with the ability to communicate technical topics to management and non-technical audiences Apply here: https://career.infosys.com/jobdesc?jobReferenceCode=INFSYS-EXTERNAL-210438

Job Title: Senior Security Analyst Threat Hunting & Incident Response Location: Bangalore (Rotational Shifts) Mode of work- 5 days WFO Experience: 8+ Years Job Type: Full-time Job Description: We are looking for a highly skilled and experienced Senior Security Analyst to join our client's Cybersecurity team. This role involves leading incident response activities, performing proactive threat hunting, and enhancing our overall security posture through innovative detection strategies and forensic investigations. Key Responsibilities: Lead end-to-end security incident response, including analysis, containment, mitigation, and reporting. Design and implement detective controls for emerging threats and vulnerabilities. Perform proactive threat hunting across multiple platforms and environments. Continuously enhance SIEM/SOAR/XDR alert use cases and threat detection capabilities. Research emerging threats, vulnerabilities, and attack techniques to improve defenses. Participate in a 24/7 on-call rotation to support incident response and critical investigations. Document incident response activities and produce detailed reports for stakeholders. Conduct post-incident reviews to drive improvements in tools, processes, and readiness. Collaborate across teams to improve the organization’s threat detection and response maturity. Required Qualifications: Bachelor’s degree in Computer Science, Cybersecurity, or related field. Minimum 8 years of experience in Security Operations, Incident Response, or Threat Detection. Strong experience with threat hunting methodologies and frameworks. Hands-on expertise with tools such as SIEM, SOAR, XDR (e.g., Cortex XSIAM, Torq). Working knowledge of MITRE ATT&CK , NIST frameworks, and cyber kill chain concepts. Preferred Skills & Experience: Strong understanding of network and endpoint security, defense-in-depth, and current threat trends. Experience with cloud security (AWS, Azure, GCP) and public cloud defense techniques . Exposure to Endpoint Detection & Response (EDR) tools, forensic analysis, and log correlation. Proficiency in scripting languages (e.g., Python, PowerShell ) for automation and analysis. Relevant certifications such as CISSP, GIAC (GCIA, GCIH, GCFA), CEH are a plus. Strong analytical mindset with the ability to assess risk and prioritize response. Excellent written and verbal communication skills.

Job Description: SIEM, SOAR, UEBA, and NBAD Specialist Position Summary: We are looking for a skilled Security Operations Specialist with expertise in SIEM, SOAR, UEBA, and NBAD technologies to strengthen our security monitoring, automation, and threat detection capabilities. The ideal candidate should have a strong technical background, relevant experience in cyber security, and a proactive attitude toward threat hunting and incident response. Roles and Responsibilities Incident Analysis, Incident co-ordination & Response, Remote Incident Response, Forensics Artifact handling & Analysis, Malware Analysis, Insider Threat Case Support, Sensor Tuning & Maintenance, Custom Signature/ Rules Creation, Scripting & Automation, Audit Collection & Storage, Product Assessment & Deployment and Risk Assessment , Response Planning, Mitigation, Recovery Planning, Communicating Emergency Alerts & Warnings to relevant/designated stakeholders , Endpoint Threat Detection and remediation. Take SOAR action on identified malicious communications, Monitor and alert any abnormalities identified, Work on ticket and ensure timely response and resolution of tickets as per SLA Reporting the security events/ incidents to L3 and other relevant/ designated stakeholders Communicating Emergency Alerts & Warnings to relevant/designated stakeholders. Should have knowledge of below technologies UEBA (User and Entity Behavior Analytics): Monitor behavioral analytics to detect insider threats, compromised accounts, and anomalous activities. Configure and tune UEBA models to reduce false positives and enhance detection capabilities. NBAD (Network Behavior Anomaly Detection): Monitor and analyze network traffic to identify anomalies indicating potential threats or breaches. Work with network and SOC teams to investigate and respond to suspicious network behavior. Required Qualifications: Education: B.E./B.Tech/MCA/M.Sc. in Computer Science or Information Technology. Experience: Minimum 1.5+ years of relevant experience in Security Operations, Threat Detection, or Incident Response. Certifications: Certified Ethical Hacker (CEH) mandatory .

As a Customer Success Manager - Azure & Security, The incumbent will be the key point of contact for customers adopting Microsoft Azure and Cybersecurity solutions. The mission is to drive customer success by ensuring secure and effective adoption of TTBS offered services, managing customer relationships, and supporting long-term strategic cloud and security goals. Its an Individual Contributor role. Key Role Deliverables Act as a trusted advisor for customers implementing Azure infrastructure, services, and security frameworks. Lead onboarding, training, and enablement for customers transitioning to Azure and Microsoft Security solutions (e.g., Defender, Sentinel, Entra). Monitor customer health, usage, and satisfaction to proactively address risks and promote solution value. Drive adoption of Azure-native security tools and best practices to strengthen cloud environments. Collaborate with technical delivery, cloud architecture, and support teams to ensure customer success and alignment. Conduct regular Executive Business Reviews (EBRs) and strategic planning sessions with key stakeholders. Maintain a deep understanding of Microsoft Azure & Security roadmap to guide clients on optimization and innovation. Identify expansion and upsell opportunities in areas like Azure cost optimization, compliance, Zero Trust architecture, etc. Right Person (Qualification & Experience) B. Tech (Computer Science, Electronics etc.) Minimum 6 years of experience in Customer Success, Technical Account Management, or Cloud Consulting with a focus on Azure and/or cybersecurity. Strong knowledge of Microsoft Azure, including core services (IaaS, PaaS), networking, identity, and security features. Familiarity with Security solutions: Defender for Cloud, SIEM, SOAR, VAPT, SOC, Purview, etc. Experience with compliance frameworks (e.g., NIST, ISO 27001, GDPR) and security best practices in the cloud. Ability to manage technical conversations with C-level stakeholders and IT teams. Strong project management, communication, and interpersonal skills. Certifications preferred: Microsoft Certified: Azure Solutions Architect Expert Microsoft Certified: Security, Compliance, and Identity Fundamentals Microsoft Certified: Azure Security Engineer Associate

ABOUT THE ROLE The Senior Manager Information Security is responsible for leading the security automation product team and driving the development, integration and continuous improvement of a security automation platform. This role combines strong leadership, technical acuity, and product ownership skills to supervise a growing team responsible for automating security workflows, integrating tools, improving operational efficiency, and strengthening the overall cybersecurity posture. As the product owner of the security automation platform and service, the Senior Manager Information Security collaborates with collaborators to deliver impactful automations and maintain a scalable, secure, and resilient automation infrastructure. Key aspects of the role include aligning automation projects with organizational security goals, fostering innovation in machine learning applications, and ensuring the adoption of industry-leading practices by staying ahead of with evolving threats and trends. Roles & Responsibilities: Lead and mentor a team of security automation engineers, data engineers, and data scientists, fostering a collaborative and high-performance culture Oversee the security automation service, ensuring effective operations, prioritization, and continuous alignment with business and security goals Oversee the security automation product team to ensure adherence to SAFe/Agile methodologies and definitions of done, maintaining high-quality standards in deliverables Oversee the seamless operation, scalability, and efficiency of a cloud-based security automation solution, ensuring continuous enhancement of security controls and automation capabilities Develop strategies to streamline incident response, threat detection, and remediation processes using automation capabilities Drive and manage the seamless integration of new and existing security tools, platforms, and workflows to ensure a cohesive and optimized automation ecosystem Ensure compliance with relevant regulations (e.g., GDPR, HIPAA) and industry standards (e.g., ISO 27001, NIST) Collaborate with collaborators to establish and supervise critical metrics related to SAFe implementation Generate and maintain security reports, metrics, and dashboards for management review Keep up to date with the latest security threats, trends, and technologies, and provide recommendations for improving security operations Build and deliver knowledge sharing presentations and documentation to educate developers and operations teams on application security standard methodologies and secure coding techniques Triage and assess findings from tools, external reports, and tests to determine real risks and prioritize remediation efforts Offer remediation guidance to partners for identified issues and serve as a customer concern resource for developers as they reduce issues What we expect of you We are all different, yet we all use our unique contributions to serve patients. The professional we seek is a senior manager with these qualifications. Basic Qualifications: Masters degree and 8 to 10 years of Scrum teams management or related field experience OR Bachelors degree and 8 to 10 years of in Scrum teams management or related field experience OR Diploma and 12 to 14 years of in Scrum teams management or related field experience. Preferred Qualifications: Experience managing and scaling security automation platforms and tools (e.g., SOAR) Demonstrated success in leading high-performing technical teams in an agile environment Strong understanding of integrating security tools and data platforms (SIEM, EDR, IAM, etc.) In-depth knowledge of cybersecurity frameworks, technologies, and best practices Experience in risk management, incident response, and security governance Strong knowledge of security architecture frameworks and principles Strong understanding of common software and web application security vulnerabilities Excellent communication, stakeholder management, and analytical skills. Good-to-Have Skills: Experience with network security, endpoint protection, and incident response Proficiency in scripting and automation (e.g., Python, Bash) is a plus Professional Certifications: CEH (preferred) CompTIA Security+ (preferred) CISSP (preferred) TOGAF (preferred) Certified Scrum Product Owner (CSPO), or equivalent (preferred) Soft Skills: Initiative to explore alternate technology and approaches to solving problems Skilled in breaking down problems, documenting problem statements, and estimating efforts Excellent analytical and troubleshooting skills Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation Ability to manage multiple priorities successfully Team-oriented, with a focus on achieving team goals

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Google Chronicle SIEM Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :The SIEM SME leads in architectural design, specification, and maintenance of Splunk/Google Chronicle Security products and services.Candidates must have backgrounds in network planning and design, implementation, and operations. SIEM SMEs apply business and technology skills with structured methodologies to deliver complex solutions to the customer. Roles & ResponsibilitiesAnalyze potential infrastructure security incidents to determine if incident qualifies as a legitimate security breachPerform network incident investigations, determining the cause of the security incident and preserving evidence for potential legal actionInterface with technical personnel and others teams as requiredMake recommendations on the appropriate corrective action for incidentsConfigure and manage Infrastructure Security and SIEM solutions.Design, develop and create correlation rules within the Security Information and Event Management (SIEM) platformMonitor devices and correlation tools for potential threatsInitiate escalation procedure to counteract potential threats/vulnerabilitiesExperience building and maintain security incident correlation content (hands-on)Experience with reverse engineering tools and techniques as it pertains to network traffic collection and analysisOperational knowledge of system and network security engineering best practices and architectureWillingness to engage hands-on from inception to complete and audit to SIEMs deploymentProvide guidance and insight, as well as follow directives as necessary to complete accelerated deployment of the SIEMsCapable and willing to integrate multiple security control production into the SIEMs platformAppropriately inform and advise management on incidents and incident preventionEncourages and implements continuous improvement measures on day-to-day basisLeverages extensive knowledge of communications in a manner that provides business value to the IT OrganizationRequired to identify, assess, and resolve complex issues/problems within own area of responsibilityProvide Incident remediation and prevention documentationDocument and conform to processes related to security monitoringParticipate in knowledge sharing with other analysts and develop solutions efficientlyCoordinate or participate in individual or team projectsWrite technical articles for internal knowledge baseProvide performance metrics as necessaryDevelop and optimize technical processes and coordinate procedure documentation. Professional & Technical Skills: Must have working experience in Google Chronicle SIEM/SOAR as SME. At least 8+ years of experience in Information Security, Risk Management, Infrastructure Security and ComplianceSecurity device installations, configuration and troubleshooting (e.g., firewall, IDS, etc.)Hands on experience in supporting AWS and Azure Assets, especially supporting Splunk deployment in AWS/Splunk ES as a serviceExperience in deploying different type of forwarders and AppsDeep knowledge in AWS services and serverless architectureExpertise in UNIX, Linux, and Windows - able to tear down and rebuild a host systemExperience with Database installation and configuration is required and Oracle experience is a plusExploit and detection analysis skills, including ability to analyze logs for useful information and patternsInstall, configure, tune, and maintain the Splunk SIEM componentsPrimarily focus on content creation regarding advanced threat analysis (rules, variables, trending, watch lists, etc) of incoming data and for self-monitoring of the solution itself.Perform supporting tasks such as system hardening, high availability configurations, and developing backup strategies.Assist with the creation of detailed deployments plans, architectural drawings and operation manuals.Assist with event source auditing configurations, integration with various security platforms, network devices, and systemsExpert in development of Regular Expression (REGEX)Good understanding of Infrastructure Security and its impact on Security Operations, Vulnerabilities, Reporting, Analytics and Monitoring.Good understanding and experiences with Infrastructure Security, Risk assessment and Security Information and Event Management.A solid understanding of frameworks such as ISO 27001/27002, COBIT, and other relevant compliance such PCI, HIPAA, SOX, FISMA, and others those are required for Security Information and Event Management. Experience working in a diversified, virtual environment.Administrational tool development and maintenance.Desirable to have some certifications such as CISSP, ITIL, CISA, CISM and GIAC-GCIADesirable to have some advanced Certification from SIEM vendor on products such as HP ArcSight or RSA envision. Additional InformationBachelors and above degree in Computer Science, Information & Technology, MIS, Engineering. Qualification 15 years full time education

Job Overview: We are seeking an experienced and skilled Firewall L1 & L2 Engineers to join our network security team in Mumbai. The ideal candidate will have a strong background in network security, with specific experience managing and supporting firewalls and security appliances from Palo Alto Networks (PA), Checkpoint, Cisco ASA, and Fortinet. This role requires a proactive individual with a keen eye for security, a strong technical foundation, and effective communication skills to handle daily operational tasks, manage incidents, and maintain security policies within a 24/7 environment. Key Responsibilities: Firewall Administration and Support: Manage, configure, and troubleshoot firewall solutions across PA, Checkpoint, Cisco ASA, and Fortinet platforms. Perform day-to-day BAU MACDs (Moves, Adds, Changes, and Deletes) and configuration changes as required. Incident and Problem Management: Manage and resolve incidents, problems, and service requests associated with firewall operations. Proactively monitor network security events using network monitoring tools to identify and resolve issues before service degradation occurs. Conduct incident analysis and response, supporting troubleshooting efforts across OSI layers 1, 2, and 3. Policy and Exception Management: Manage firewall policies and exceptions to ensure compliance with organizational security standards. Deploy and maintain access and security policies, aligning with organizational requirements. Technical Expertise and Troubleshooting: Hands-on experience with packet capture, analysis, and troubleshooting tools. Perform daily performance checks, periodic audits, and compliance reviews on firewall devices. Troubleshoot network, transport, session, presentation, and application layers as required. Network Security Operations: Implement and uphold network security policies, standards, and procedures. Apply security patches as needed and support automation of processes through scripting or SOAR tools. Collaboration and Coordination: Work closely with users to resolve trouble tickets efficiently. Coordinate with OEMs for TAC support, RMA, replacement, and reconfiguration of PA, Checkpoint, Cisco ASA, and Fortinet devices. Backup device configurations in accordance with the agreed schedule. Candidate Requirements: Experience: 2-7 years of experience in network security, with managing PA, Checkpoint, Cisco ASA, or Fortinet firewall solutions. Technical Proficiency: Proficiency in managing and configuring PA, Checkpoint, Cisco ASA, and Fortinet firewall solutions. Strong experience with Windows, Linux, and Unix environments. Skilled in commissioning, implementation, and integration of firewall solutions with management and authentication tools (e.g., email, AD, IAM, SIEM). Experience in automating processes using scripting and SOAR tools. Knowledge Base: Solid understanding of firewall products, policy management, and exception handling. Familiarity with troubleshooting tools for packet capture, analysis, and network diagnostics. Operations Management: Experience in incident, problem, service request management, and change management. Ability to maintain service levels for 24/7 monitoring and configuration oversight of network security infrastructure. Soft Skills: Excellent verbal and written communication skills for effective interaction with users and stakeholders. Strong analytical skills, with the ability to manage multiple priorities under minimal supervision.

Key Responsibilities: Advanced Threat Detection & Incident Response: Serve as the final escalation point for critical incidents and threat investigations. Lead deep-dive analysis on alerts, threats, and indicators across varied environments. Conduct malware analysis, reverse engineering, and threat hunting when needed. Perform forensic analysis using endpoint, network, and cloud telemetry. SOC Operations in MSSP Context: Operate in a multi-tenant SOC supporting enterprise, mid-market, and OT/ICS clients. Customize correlation rules, detection logic, and alert tuning for each client environment. Collaborate with client security teams during incident lifecycle and response activities. Ensure SOC processes, SLAs, and communications are aligned with client expectations. Technical Leadership & Mentoring: Guide and mentor L1 and L2 analysts in investigation techniques, use case analysis, and incident triage. Review escalations, ensure incident quality, and drive analyst capability building. Help design and maintain client-specific runbooks and detection use cases . Tooling & Engineering Support: Work closely with SIEM/SOAR engineers to enhance detection logic and automation. Validate detection efficacy using red team or threat simulation tools. Participate in tuning efforts for SIEM (e.g., Splunk, Sentinel, QRadar, LogRhythm, Seceon, etc.) and EDR tools. Reporting & Documentation: Create detailed incident reports, RCA documents, and threat summaries for clients. Provide technical input during client reviews and executive briefings. Maintain compliance with internal quality standards, frameworks (MITRE ATT&CK, NIST, ISO), and regulatory mandates. Required Skills & Experience: Proven experience in: SIEMs: Splunk, Sentinel, Exabeam, QRadar, or similar. EDR platforms: CrowdStrike, SentinelOne, Carbon Black, etc. SOAR and automation workflows. Scripting (Python, PowerShell, or Bash) for threat hunting or automation. Strong understanding of TCP/IP, threat vectors, and log analysis. Knowledge of frameworks such as MITRE ATT&CK, NIST 800-61, and ISO 27035. Ability to manage high-pressure incidents across multiple clients simultaneously. Preferred Certifications (Nice to Have): GIAC (GCIA, GCIH, GNFA), OSCP, CISSP, or equivalent certifications. Experience with OT/ICS threat detection and asset monitoring is a plus. Knowledge of cloud monitoring (Azure/AWS/GCP) and hybrid threat detection

Role & responsibilities 1. Ensure optimal operation of MDR solution, including software and applications. 2. Ensure effectiveness of security solutions in scope 3. Develop use cases and playbooks for SIEM and SOAR for effective and automated incident detection and handing. 4. Test SIEM SOAR and other solutions in scope to explore the right technical defense/remedy and provide performance statistics and reports. 5. Ensure adequate controls are in place to protect critical assets against any incidents or threats from the internal or external environment. 6. Co-ordinate with vendors/partners & internal teams to manage the lifecycle of security platforms including deployments, maintenance and operations. Develop plans for maintaining the infrastructure in newly implemented security solutions to operational environment. 7. Lead Cybersecurity incident management and manage related process, tools and resources 8. Work with identified partner and govern them for effective execution of organizational requirements for Security operations and incident handling 9. Conduct periodic threat hunting independently and with partners to ensure effective detection of any threats. 10. Ensure preventive maintenance of critical infrastructure, to increase performance and minimize disruption. 11. Manage SLAs for solutions and processes in scope. 12. Record all incidents/events leading to infrastructure downtime, analyze root cause and suggest workarounds. 13. Monitor performance reviews, corrective action, routine equipment checks and preventative maintenance for security systems to reduce the down time of the systems. 14. Perform integration of all tools and services for access, authentication, authorization, data security, vulnerability management, policy management, auditing, and compliance to ensure company's security policy and procedures are applied. 15.Define, gather and report on metric regarding security systems within ASL environments. Prepare status reports and other management metrics as needed. Preferred candidate profile 1. Demonstrable experience within a Security Operations Center, coordinating responses to security incidents. 2. Experience leading the implementation and development of MDR tooling, infrastructure and processes 3. Experience On popular SIEM, SOAR, and threat hunting platforms is mandatory. 4. Experience in security incident handling is mandatory. 5. Exposure to threat hunting is mandatory. 6. Security related professional certifications preferred. Examples of certifications include but are not limited to CISSP, CIH (ec council), CND, infosec institute, etc. 7. Strong analytical & problem-solving skills with ability to translate ideas into practical implementation. 8. Ability to manage stakeholder relationships including team members, vendors and partners. 9. Excellent leadership and communication skills with ability to present and communicate effectively with both technical and non-technical audience. 10. Ability to provide technical and professional leadership, guidance, and training to others.

Security Engineer Hyderabad, Telangana IT Description Why youll want to work at nimble! This is a great opportunity to join a well-established and market-leading brand serving a high-growth end market while gaining valuable experience and visibility to Executive leadership. As an organization, we are in considerable growth mode through acquisition and with a laser focus on positive culture building. The Information Security Engineer is responsible for safeguarding the organization's systems and data assets. This critical role focuses on preventing and mitigating unauthorized access, modification, or destruction of sensitive information. The Engineer actively participates in the development and implementation of robust IT security policies and standards. Through close collaboration with end-users across various departments, this position ensures the alignment of security measures with individual business needs while maintaining strict adherence to company-wide security policies and procedures. The Information Security Engineer reports directly to the Director of Information Security and maintains an indirect reporting line to the Chief Information Technology Officer. Threat Detection & Response: Monitor the organization's servers and networks for security breaches using tools such as Windows Defender, Windows Purview, Crowdstrike, Rapid7 Investigate and respond to security incidents promptly. Utilize Windows Defender , Rapid7 and Wiz for vulnerability scanning and threat intelligence gathering. Implement and enforce security policies through Intune . Security Architecture & Engineering: Design, implement, and maintain security controls, including firewalls, intrusion detection/prevention systems (IDPS), and data encryption. Conduct security assessments and penetration testing. Develop and maintain security standards and best practices. Endpoint Security Management: Manage endpoint security solutions, including Windows Defender and Crowdstrike Vulnerability Management: Identify, assess, and prioritize vulnerabilities using Windows Defender, Wiz and Rapid7 . Develop and implement remediation plans. Compliance & Reporting: Prepare reports that document security metrics, attempted attacks, and security breaches. Ensure compliance with relevant security standards and regulations. Security Awareness & Training: Educate and train employees on IT security best practices and awareness. Collaborate with IT teams, business units, and other stakeholders to ensure effective security implementation. Clearly communicate security risks and recommendations to management. Requirements 5+ years of experience in systems or network administration/engineering 1+ years of experience in information security roles Strong understanding of security principles and best practices (e.g., NIST) Proficient with Windows Server administration and management Proficient with network protocols and topologies Experience with security information and event management (SIEM) systems Experience with scripting languages (e.g., Python, PowerShell) Strong analytical and problem-solving skills Excellent written and verbal communication skills Ability to work independently and as part of a team Experience with cloud security (e.g. Azure, Defender) Experience with security orchestration and automation platforms (SOAR). Experience with container security and microservices. This job description is intended to provide a general overview of the position. Responsibilities and qualifications may vary depending on the specific needs of the organization. This revised job description incorporates the specified security software suites and provides a more comprehensive overview of the role. Intersted candidates drop your resumes to 8179814131 - Navya (WhatsApp) or apply through below link https://recruiting.paylocity.com/recruiting/jobs/All/3cb31b47-df35-44a0-9592-a322ad0b2915/nimble-international

Top Selection & Auto Elimination Criteria: Rotational Shift, Only Immediate joiners (0-15 days ), Cab facility : Yes only late night pick or drop(1 side only for Gurgaon Employees) Location : Gurgaon Mode : 5 days work from Office only (NO Work from home) Relevant experience range 9+ Position : L3 SOC Analyst Position Description: The SOC Level 3 Analyst is a senior-level cybersecurity professional responsible for leading advanced threat detection, response, and mitigation activities within the Security Operations Center. This role acts as the final escalation point for complex security incidents and plays a crucial role in enhancing security monitoring, incident response procedures, and overall threat defense capabilities. The L3 Analyst collaborates with security engineers, incident response teams, threat intelligence analysts, and IT stakeholders to identify, investigate, and remediate security threats in real-time. Role and responsibilities: 1. Incident Response and Escalation Lead and coordinate end-to-end response for critical and high-severity security incidents. Perform advanced investigation and forensics on compromised systems, including log correlation, packet analysis, and endpoint review. Serve as a primary escalation point for SOC Tier 1 and Tier 2 analysts. Conduct root cause analysis and provide detailed incident reports with lessons learned and mitigation steps. 2. Threat Detection and Analysis Analyze and triage alerts generated by the SIEM and other security tools. Hunt for threats in the environment using threat intelligence and behavioral indicators (proactive threat hunting). Analyze and reverse-engineer malware, if required, to understand behavior and determine mitigation steps. Correlate threat intelligence feeds with internal data to identify indicators of compromise (IOCs) and advanced persistent threats (APTs). 3. Tooling and Automation Optimize and fine-tune detection rules and SIEM use cases to reduce false positives and enhance detection accuracy. Build automation scripts and workflows to improve efficiency in incident triage, correlation, and response. Collaborate with security engineers to integrate new data sources and tools into the SOC ecosystem. 4. Documentation and Reporting Maintain detailed and accurate documentation of incidents, investigations, and actions taken. Develop and update SOC standard operating procedures (SOPs) and playbooks. Prepare and present technical reports, dashboards, and metrics to senior management and stakeholders. 5. Mentorship and Leadership Mentor and guide SOC L1 and L2 analysts on technical skills and investigative processes. Provide training on new threats, tools, and techniques. Assist in evaluating and improving team workflows, processes, and overall SOC maturity. 6. Collaboration and Stakeholder Engagement Work closely with threat intelligence, vulnerability management, and risk teams to stay ahead of emerging threats. Communicate with IT, DevOps, and business units to coordinate responses and ensure secure configurations. Participate in red/blue team exercises and post-mortem reviews to enhance SOC readiness. Required Experience / Skills: Strong expertise with SIEM platforms (e.g., QRadar, Sentinel, LogRhythm , Splunk,). Proficient in EDR and XDR tools (e.g., CrowdStrike, SentinelOne, Carbon Black). Hands-on knowledge of packet capture analysis tools (e.g., Wireshark, tcpdump), forensic tools, and malware analysis tools. Familiarity with scripting or automation languages such as Python, PowerShell, or Bash. Deep understanding of networking protocols, OS internals (Windows/Linux), and security best practices. Familiar with frameworks such as MITRE ATT&CK, NIST, and the Cyber Kill Chain. Minimum of nine (9) years technical experience 7+ years of experience in SOC, security operations, cyber technical analysis, threat hunting, and threat attribution assessment with increasing responsibilities. 3+ years of rule development and tuning experience 2+ years of Incident response Experience supporting 24x7x365 SOC operations and willing to operate in Shifts including but not limited to Alert and notification activities- analysis/triage/response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported alerts and Incidents. Manage multiple tickets/alerts in parallel, including end-user coordination. Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response. Solid understanding and experience analyzing security events generated from security tools and devices not limited to QRadar, MS Sentinel, FireEye, Elastic, SourceFire, Malware Bytes, CarbonBlack/Bit9, Splunk, Prisma Cloud/Compute, Cisco IronPort, BlueCoat Experience and solid understanding of Malware analysis Demonstrated proficiencies with one or more toolsets such as QRadar, MS Sentinel, Bit9/CarbonBlack, Endgame, FireEye HX / CM / ETP, Elastic Kibana Experience and ability to use, contribute, develop and follow Standard Operating Procedures (SOPs) In-depth experience with processing and triage of Security Alerts from multiple sources but not limited to: Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources Experience with scripting languages applied to SOC operations; for example, automating investigations with tools, automating IOC reviews, support SOAR development. Experience with bash, python, and Windows PowerShell scripting Demonstrated experience with triage and resolution of SOC tasks, including but not limited to vulnerability announcements, phishing email review, Tier 1 IR support, SIEM/Security Tools - alert analysis. Demonstrated experience and understanding of event timeline analysis and correlation of events between logs sources. Demonstrated experience with the underlying logs generated by operating systems (Linux/Windows), Network Security Devices, and other enterprise tools. Demonstrated proficiencies with an enterprise SIEM or security analytics solution, including the Elastic Stack or Splunk. Solid understanding and experience analyzing security events generated from security tools and devices not limited to: QRadar, MS Sentinel, Carbon Black, FireEye, Palo Alto, Cylance, and OSSEC Expert in security incident response processes Required Certifications: Two of the following certifications are preferred: GIAC-GCIH Global Certified Incident Handler GIAC-GCFE - Global Information Assurance Certification Forensic Examiner GIAC-GCFA - Global Information Assurance Certification Forensic Analyst GIAC-GREM - GIAC Reverse Engineering Malware GIAC-GNFA - GIAC Network Forensic Analyst GIAC-GCTI - GIAC Cyber Threat Intelligence GIAC-GPen GIAC Certified Penetration Tester GIAC-GWAPT GIAC Certified Web Application Penetration Tester CEPT - Certified Expert Penetration Tester (CEPT) CASS - Certified Application Security Specialist (CASS) CWAPT - Certified Penetration Tester (CWAPT) CREA - Certified Reverse Engineering Analyst (CREA) Qualifications : Bachelors degree in computer science, Information Technology, or a related field. Experience of 5 years or 3 years relevant experience. Strong troubleshooting and problem-solving skills. Excellent communication and interpersonal skills. Ability to work independently and as part of a team. Strong organizational and time management skills. Willingness to work after hours and provide on-call support.

Job Title: MDR Analyst Duration: Full time role Location: Remote (Bengaluru) This position is a Shift Position (Sunday - Friday Evening & Saturday Evening) Job Description: Duties: Join a new emerging team who is going to be part of clients Unit 42, Working closely with global customers providing the best security in the market Own an incident lifecycle from outbreak to full remediation Provide critical feedback to the different product, research and engineering and threat hunting teams to help improve the products for the entire clients customer base Work closely with Security Research, Threat Intelligence and Threat Hunting teams to remediate and detect new emerging threats Required Skills: 3+ years of experience in a multi-tiered SOC/IR is a must Experienced with Technologies such as EDR, SIEM, SOAR, FW A well-established familiarity with attack trends and vectors Excellent written and oral communication skills in English Some degree of Malware Analysis - An advantage CEH / CompTIA CYSA+ certifications - An advantage Hands-on experience with Cortex XSOAR or Cortex XDR - An advantage.

The Securonix/UEBA/SIEM, Tripwire IP360, Tripwire CCM, AWS Guardduty role involves working with relevant technologies, ensuring smooth operations, and contributing to business objectives. Responsibilities include analysis, development, implementation, and troubleshooting within the Securonix/UEBA/SIEM, Tripwire IP360, Tripwire CCM, AWS Guardduty domain.

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Accenture MxDR Ops Security Threat Analysis Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your security skills to design, build, and protect enterprise systems, applications, data, assets, and people. Your typical day will involve collaborating with various teams to implement security measures, conducting assessments to identify vulnerabilities, and ensuring that the organization's information and infrastructure are safeguarded against potential cyber threats. You will also engage in continuous learning to stay updated on the latest security trends and technologies, contributing to a secure environment for all stakeholders. Roles & Responsibilities:Perform security monitoring by analyzing logs, traffic and alerts generated by variety of device technologiesTimely response to customer requests like detection capabilities, tuning, etc.Research new threats and provide recommendations to enhance detection capabilitiesStrong desire for continuous learning on vulnerabilities, attacks and countermeasures Identify opportunities for process improvement Professional & Technical Skills: Experience in SOC operations with customer-facing responsibilitiesDeep understanding on cyber security fundamentals, security devices, network defense concepts and threat landscapeHands-on experience in SIEM and threat hunting tools Added advantage in working with any SOAR platformDesirable knowledge in any scripting language and EDR productsPreferable GCIA, GCFA, CISSPStrong customer service and interpersonal skillsStrong problem-solving skillsAbility to communicate clearly at all levels, demonstrating strong verbal and written communication skills.Adaptability to accept change Additional Information:Work as part of analysis team that works 24x7 on a rotational shift Minimum a bachelors or a masters degree in addition to regular 15- year full time educationThe candidate should have minimum 2 years of experience This position is based at our Chennai office. Qualification 15 years full time education

The Securonix/UEBA/SIEM, Tripwire IP360, Tripwire CCM, AWS Guardduty role involves working with relevant technologies, ensuring smooth operations, and contributing to business objectives. Responsibilities include analysis, development, implementation, and troubleshooting within the Securonix/UEBA/SIEM, Tripwire IP360, Tripwire CCM, AWS Guardduty domain.

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The Role Security Architect is responsible for designing Scope of work document, preparing project plan, HLD, LLD, discussion with security team other members, good presentation skill to internal team & customer. Should have good hands-on knowledge on Checkpoint (Firewall & Anti-APT), Palto-Alto, F5 (SSL Encryption, decryption & interceptor etc.), Cisco ISE, VPN, load balancers, proxy systems, reverse proxies, Web application firewalls, DDoS protection, SIEM, SOAR solutions designed and troubleshooting to protect networks and systems from malicious/unauthorized network access or misuse. He/she should possess strong technical and subject matter expertise in the following security specialties: Next Generation Firewall: checkpoint & Palo-Alto Remote Access VPN – Checkpoint Harmony. Anti-APT: Checkpoint SandBlast F5 - SSL Decryption/Interceptor NAC: Cisco ACS/ ISE SIEM & SOAR: Arcsight As a Network Architect, you will provide overall enterprise level Security based infrastructure systems planning, operations and maintenance, and management across multiple sites across the country Your Future at Kyndryl Every position at Kyndryl offers a way forward to grow your career. We have opportunities that you won’t find anywhere else, including hands-on experience, learning opportunities, and the chance to certify in all four major platforms. Whether you want to broaden your knowledge base or narrow your scope and specialize in a specific sector, you can find your opportunity here. Who You Are You’re good at what you do and possess the required experience to prove it. However, equally as important – you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused – someone who prioritizes customer success in their work. And finally, you’re open and borderless – naturally inclusive in how you work with others. Required Skills and Experience Good understanding on Next Generation Firewalls (Checkpoint, Palo Alto Networks, Fortinet) and experience in handling security concepts (Rule ADD/ Modify Delete, Nat, Faulty Firewall replacement, High Availability setup, packet capture, log analysis etc.) Advanced knowledge on F5 SSL device, WAF, DDoS Protection solution, SSL Decryption solution and their monitoring & troubleshooting firmware upgrade Troubleshoot and fix high priority issues related to Firewall Load balancer, IPS/IDS, Proxy and WAF. Troubleshoot LAN, WAN, WLAN issues is added advantage Work with the HW Vendors/TAC for the SW/HW related issues and providing the fix. Troubleshoot Site to Site VPN (IPSEC/ GETVPN/ GRE/MGRE) , Proxy related issue (In-house/Cloud Hosting) & End user remote access VPN issues. Involve in change management process for HW replacement/ IOS upgrade/ Config change/ BW upgrade/ Whitelisting or Blacklist URLs & FW Rule addition etc. Knowledge and experience in Incident, Change, Problem, Service request and Configuration Management Processes. Qualifications – Min 14 years of industry experience as a Network Security engineering on Design, Implementation and troubleshooting security & load balancers Network Security, understanding and troubleshooting Next Gen Firewalls, NIDS/ NIPS, VPN, Anti-APT, RADIUS/ TACACS enabled security systems. Good understanding on DNS and DHCP BSc / B.Tech./ BCA / BE / Diploma / MCA / MSc or equivalent Certifications – Candidate must be certified as CISSP/CEH. Certifications like CCNA, CCNA Security, Product certifications on Fortinet, Checkpoint, Palo Alto Networks, Cisco ISE, etc. preferred. Being You Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way. What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. Get Referred! If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address.

Role & responsibilities 1. Strong experience in SIEM 2. Experience SOAR Automation

Minimum 3 years’ experience working in a large-scale IT environment with focus on Cyber / Information Security. Areas of expertise should include Pre-Sales support, Service & Solution delivery, part of program management (Transition & Transformation) Required Candidate profile Knowledge in SIEM, SOAR, Threat Hunting, EDR, Deception, NTA, NBAD, UEBA. Handson experience on leading analytical platforms like Splunk, IBM QRadar, Hunters, Sumo Logic, Sentinel. Certification:CISSP

Job Summary: We are seeking a highly experienced SOC SME to lead complex incident response, design advanced detective controls, and perform proactive threat hunting across multi-platform environments. This role demands strong technical expertise in security operations and a proactive approach to threat mitigation. Work from Office - Bangalore location [Brookfield] Rotational and Night Shift applicable Mandatory Skill Set: 8+ years in Security Operations/Incident Response Hands-on with SIEM, SOAR, XDR platforms (e.g., Cortex XSIAM, Torq) Expertise in threat hunting and event analysis Knowledge of cyber frameworks: MITRE ATT&CK, NIST, Kill Chain Experience with EDR tools , network forensics , and log analysis Strong understanding of incident lifecycle and post-incident reporting Excellent analytical and communication skills Bachelor's degree in Computer Science or related field Key Responsibilities: Lead incident response (IR) and analyze complex security events Design and improve detective controls and alert use cases Conduct proactive threat hunting and trend analysis Stay updated on cyber threat landscape and threat actor TTPs Contribute to security innovation , tool enhancement, and process maturity Deliver detailed incident reports and post-mortem reviews Preferred Skills: Scripting: Python, PowerShell Cloud Security: AWS, Azure, GCP Certifications: CISSP, GIAC, CEH Strong grasp of defense-in-depth and layered security strategies

We're Hiring: Splunk Engineer (Night Shift) Location: IndiQube Platina, 15, Commissariat Rd, Ashok Nagar, Bengaluru, Karnataka 560025 Company: Infotree Global Solutions Shift: Onsite | 6 PM 3 AM IST (Night Shift) Infotree Global Solutions is looking for a talented Splunk Engineer to join our cybersecurity team in Bangalore. If you thrive in a fast-paced SOC environment and have hands-on experience with: Splunk (On-prem, Cloud, or Hybrid) Creating & tuning correlation rules Detecting brute-force attacks Splunk SOAR/Phantom for automated responses Building security playbooks (Phishing, Malware, Ransomware) Integrating third-party tools (AWS, Elastic, etc.) Designing impactful security dashboards we’d love to hear from you! Apply now: ankitm@infotreeservice.com Let’s secure the future together. hashtag#SplunkEngineer hashtag#CybersecurityJobs hashtag#SOC hashtag#SOAR hashtag#Phantom hashtag#BangaloreJobs hashtag#InfotreeGlobalSolutions hashtag#SIEM hashtag#NowHiring

Scope: We are looking for a dynamic and strategic Vice President of Cyber Defense to lead our global cyber defense and incident response capabilities. This executive leader will own the detection, response, and mitigation of cyber threats, ensuring our organization is resilient in the face of a rapidly evolving threat landscape. The ideal candidate brings deep expertise in threat detection, SOC operations, incident response, and threat intelligence. This leader will partner across the business to build and maintain a world-class cyber defense program that proactively protects the company's assets, data, and reputation. Key Responsibilities: Cyber Defense Strategy & Operations: Develop and execute the company's cyber defense strategy, aligning with enterprise risk, compliance, and business objectives. Work with key stakeholders and business lines to ensure detection and response meet NIST CSF minimum baselines for global security operations and response. Lead 24/7/365 operations based on business need partner with Global Command and Site Reliability Teams to ensure baseline for all customer facing incidents, and internal company wide incidents are coordinated in a centralized operation center follow the sun model. Lead the global Security Operations Center (SOC), including 24/7 monitoring, detection, analysis, and response to cyber threats. Build out capabilities for detection and response for Tier 1, Tier 2, and Tier 3 security incidents and events. Implement and mature threat hunting, security analytics, and detection engineering programs. Ensure and validate Customer Incident Response and capabilities for onboarding mergers & acquisitions, new customers, and new environments as we grow and scale. Security Assessment and Continuous Threat Exposure Management:Identifying and fixing weaknesses in systems and networks including establish MTTD, MTTR, and MTTA for exposures, vulnerabilities, and potential threats. Incident Response:Investigating and responding to security breaches, including analyzing incidents and escalating them when necessary. Threat Detection and Prevention:Monitoring network traffic, system logs, and other data sources to identify potential threats and malicious activity. Security System Administration and Maintenance:Installing, configuring, and maintaining security tools like firewalls, antivirus software, and intrusion detection systems. Security Policy and Procedure Development:Creating and enforcing security policies and procedures to protect sensitive information. Security Training and Awareness:Educating employees about cybersecurity risks and best practices. Staying Up-to-Date:Keeping abreast of the latest security threats, vulnerabilities, and technologies. Threat Intelligence & Response: Build and manage a comprehensive threat intelligence function to anticipate and defend against advanced persistent threats (APTs) and zero-day vulnerabilities. Lead cyber incident response efforts, including containment, eradication, and post-incident reviews. Serve as a key escalation point during major security events and coordinate cross-functional response. Security Engineering & Automation: Oversee the development and deployment of tools and technologies that support threat detection, log aggregation, SIEM, SOAR, EDR, and XDR platforms. Drive automation and orchestration to increase efficiency and reduce time to detection/response. Hold QBRs with key security operations vendors to ensure compliance and SLAs are met with all contracts. Team Leadership & Development: Build, lead, and inspire a high-performing cyber defense team, including SOC analysts, incident responders, threat hunters, and detection engineers. Foster a culture of accountability, continuous learning, and proactive defense. Establish Career Development Plans and Growth for analysts, engineers, managers, and directors as the business grows and scales. Collaboration & Executive Engagement: Partner with IT, Infrastructure, Risk, Compliance, and Legal teams to align cyber defense practices with business needs. Provide executive-level reporting on threat landscape, risk posture, and incident metrics. Act as a thought leader and spokesperson on cyber defense strategy internally and externally. Qualifications: Bachelor's or Master's degree in Cybersecurity, Computer Science, Information Technology, or a related field. 15+ years of experience in cybersecurity, with at least 5 to 8 years in a senior leadership role overseeing SOC, incident response, or threat intelligence. Deep knowledge of security operations, threat detection techniques, MITRE ATT&CK, and NIST/ISO frameworks. Proven track record managing large-scale incident response, threat intelligence operations, and blue team functions. Experience with cloud security (AWS, Azure, GCP) and hybrid infrastructure defense. Strong executive presence and ability to communicate effectively with C-level stakeholders. Relevant certifications such as CISSP, GIAC, GCIA, GCIH, or equivalent are highly desirable. Our Values If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success - and the success of our customers. Does your heart beat like ours Find out here: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.