10 Soc Operations Jobs

.Monitoring and analysis of cyber security events using Microsoft Sentinel SIEM. 2.Monitor internal and external threats, examine logs, events, and alerts generated by multiple platforms for anomalous activity. 3.Development and execution of SOC and standard operating procedures (SOP). 4.Triage security events and incidents, detect anomalies, and report/direct remediation actions. 5.Timely escalate security incidents whenever SLA's are not met. 6.Assist in incident detection and resolving incidents by following all phases of incident management lifecycle. 7.Integrate and collaborate threat information to improve incident detection capabilities. 8.Should be capable of report generation from security solutions and preparation of report for management or leadership review. 9.Collect evidence of security incidents, and other error conditions that may constitute a breach in security or a degradation of integrity or confidentiality of systems and data. Ability to coordinate and work with stakeholders to track security incidents till closure. Qualification Job Description: 1.Monitoring and analysis of cyber security events using Microsoft Sentinel SIEM. 2.Monitor internal and external threats, examine logs, events, and alerts generated by multiple platforms for anomalous activity. 3.Development and execution of SOC and standard operating procedures (SOP). 4.Triage security events and incidents, detect anomalies, and report/direct remediation actions. 5.Timely escalate security incidents whenever SLA's are not met. 6.Assist in incident detection and resolving incidents by following all phases of incident management lifecycle. 7.Integrate and collaborate threat information to improve incident detection capabilities. 8.Should be capable of report generation from security solutions and preparation of report for management or leadership review. 9.Collect evidence of security incidents, and other error conditions that may constitute a breach in security or a degradation of integrity or confidentiality of systems and data. Ability to coordinate and work with stakeholders to track security incidents till closure

Post Name: Global Safety Operation Center (GSOC) Operator ( Control Center Operator) Post Details: Description: GSOC Operator Locations: Pune, India Objective These General Post Orders are applicable to all contract safety & security personnel supporting Global Safety Operation Center (GSOC) Operator duties for Workday Inc. These rules must be followed to ensure proper execution of post specific job functions. All personnel supporting GSOC Operator duties for Workday Inc. must thoroughly read, review, understand, adhere to and execute their duties to these standards at all times. Arrival on Duty Arrive on time for start of shift in the right uniform, ready to assume your post Attend shift passdown brief at the Global Safety Operation Center (GSOC); ask questions where clarification is needed Deployment to Assigned Post Inspect all post equipment where applicable to ensure equipment is operational and accounted for;i.e. GSOC high dollar electronic assets, radios, keys, access control badges Report any equipment inspection deficiencies to the client leadership team immediately After completing passdown brief and shift inspection, relieve the offgoing GSOC Operator and assume the assigned post GSOC Operator Duties Ensure all third party software solutions used by the GSOC are opened, operational, and being monitored where applicable, or ready for use where applicable Ensure all access control and camera monitoring tools are opened, operational and being monitored Investigate all alarm activity and dispatch foot patrol as need to follow up on alarm events or suspicious activity as observed via the surveillance system Dispatch foot & vehicle patrol to support request received by the GSOC; i.e. escorts, drop offs, etc. Notify police for any reports of verified suspicious activity or crimes in progress, as well as notify client leadership for situational awareness and further guidance Notify emergency medical services when notified of medical emergencies occurring on campus and execute client guidance as outline in standard operating procedures relative to medical emergencies Monitor all incoming electronic notifications received related to intelligence reports generated by third party software solution (Dataminr, NC4, OSAC, Egencia) to understand and escalate risk related concerns to impacted personnel, site coordinators, or client leadership, within the framework of establish standard operating procedures As directed and at the guidance of site leadership, send mass notifications via Workdays mass notification system Dispatch personnel to support medical and fire life safety incidents within the framework of Workdays WERC & Life Safety program as well as standard operating procedures Provide ad hoc support to physical security request from the client as directed Fulfill special projects as assigned by client leadership team & the Site Manager Understand an execute all post specific task as they occur within the framework of guidance established in post specific standard operating procedures and departmental playbooks Shall make sure to track/record women employees late-night travelling. Highly Preferred Qualifications 1-2 years of experience working in one or more of the following environments: Commercial or Corporate security environments involving 24/7 monitoring and escalation processes. Security/Emergency/Response based dispatch/operations centre services involving direct interaction with callers and dispatched personnel.

Investigate, hunt, and lead escalated incident response using advanced threat detection from SIEM, EDR, NDR platforms. Develop and manage custom detection use cases aligned to threat frameworks and customer environments. Key Responsibilities: Monitoring, Investigation & Triage Triage and correlate alerts from SIEM (QRadar/Sentinel), EDR, and NDR Identify lateral movement, C2 activity, and data exfiltration Lead incident investigations and initiate containment measures Threat Hunting & Detection Engineering Proactive hunting using logs, flow data, and behavior analytics Apply MITRE ATT&CK for hypothesis-driven hunts Develop, test, and optimize custom detection rules Maintain a backlog aligned with emerging threats Tool Proficienc y SIEM: Advanced KQL/AQL queries, rule tuning, alert optimization EDR: Defender for Endpoint binary/process analysis, endpoint containment NDR: Darktrace/LinkShadow behavioral baselining, detection logic SOAR: Sentinel Playbooks / Cortex XSOAR for automated workflows Cloud Security: Azure AD alerts, MCAS, Defender for Cloud, M365 Defender Threat Intelligence Integration IOC/TTP enrichment Threat intel feed integration Contextual alert correlation Reporting & RCA Draft technical incident reports and RCAs Executive-level summaries for major incidents Cloud Security (Optional): Investigate alerts like impossible travel, app consent abuse Respond to cloud-native security incidents using Defender for Cloud, MCAS Create advanced SOAR workflows and playbook Tool Familiarity QRadar Microsoft Sentinel Microsoft Defender for Endpoint LinkShadow or Darktrace EOP/Exchange protection Antivirus platforms Defender for Identity / Defender for Cloud Advanced SOAR workflows (Sentinel playbooks / Cortex XSOAR) Network forensic tools like Wireshark / Zeek Certifications (Preferred): GCIH / GCIA / CEH Microsoft SC-200 / SC-100 QRadar Admin or equivalent Shift Readiness: 24x7 rotational shifts, including on-call support for escalations and major incidents Soft Skills: Strong analytical and documentation skills Proactive communicator Independent problem-solver and critical thinker

Description The Information Security Analyst will work under the direction of IT Security management in the implementation and monitoring of security tools and infrastructure solutions. This mid-level hands-on role requires someone with 3 to 7 years of IT Security technical experience in a mid to large corporate environment. He/She will have a strong understanding of information security, Firewalls, Routers, Switching, IDS, SIEM, VPNs, Encryption, Vulnerability scanning, Virus and Malware, VLAN, AD, DMZ’s, Proxies, VMware and Access Control technologies. Primary Responsibilities IT Security - Monitor and analyze security alerts / logs and information, escalating as needed. Monitor and control access to secure data and segmented network environments. This individual will be responsible for conducting penetration tests and vulnerability assessments. Configure security devices and tools following management guidelines and vendor specifications. Test proposed security configurations and changes in the IT Security laboratory. Analyze, respond to, and lead security incidents, including Application and Network attempted and realized breaches. Conduct regular security vulnerability scans of wired & wireless network infrastructure and data. Recommend IT Security solutions as needed. Disaster Recovery - Assist the DR team in the DR process as needed. Provide IT Security support to the DR team as needed. Participate in quarterly DR tests. Reporting - Monitor, gather and report on IT Security related incidents and provide regular activity reports. Report on the status of Remediation work related to the implementation, change, retirement or upgrade of IT Security and DR controls and processes. Soft Skills This position involves a high level of interaction with all levels of the organization. The candidate must be able to multitask in a cooperative / collaborative multicultural environment and must be familiar with delivering security solutions following standards based frameworks (ISO 27000, NIST, COBIT or SANS) with clearly defined controls and processes. The ability to work on long term multi-stage projects will be crucial to his/her success as well as good verbal and written communication skills. Technical and Educational Experience Bachelor’s degree in Computer Science, Business Administration, or equivalent work experience. Minimum of 3 years’ experience in Information Security. Certifications, such as CISSP, CEH, GCFE, GPEN, GWAPT, CompTIA security, preferred or able to obtain within 9 months of employment. Experience with SIEM and Log management (Splunk, Syslog, Events Logs, ELK, etc.) Understanding of Automation and Machine Learning concepts Familiarity with security configurations for Microsoft Windows Networks – Microsoft Windows. Cisco Firewalls and Routers and Linux. Familiarity or hands-on experience with Nessus, Tripwire File Integrity Monitoring, IAM, WireShark, MS-Data Protection Manager, Next Generation AV tools, EDR.

Scope: We are looking for a dynamic and strategic Vice President of Cyber Defense to lead our global cyber defense and incident response capabilities. This executive leader will own the detection, response, and mitigation of cyber threats, ensuring our organization is resilient in the face of a rapidly evolving threat landscape. The ideal candidate brings deep expertise in threat detection, SOC operations, incident response, and threat intelligence. This leader will partner across the business to build and maintain a world-class cyber defense program that proactively protects the company's assets, data, and reputation. Key Responsibilities: Cyber Defense Strategy & Operations: Develop and execute the company's cyber defense strategy, aligning with enterprise risk, compliance, and business objectives. Work with key stakeholders and business lines to ensure detection and response meet NIST CSF minimum baselines for global security operations and response. Lead 24/7/365 operations based on business need partner with Global Command and Site Reliability Teams to ensure baseline for all customer facing incidents, and internal company wide incidents are coordinated in a centralized operation center follow the sun model. Lead the global Security Operations Center (SOC), including 24/7 monitoring, detection, analysis, and response to cyber threats. Build out capabilities for detection and response for Tier 1, Tier 2, and Tier 3 security incidents and events. Implement and mature threat hunting, security analytics, and detection engineering programs. Ensure and validate Customer Incident Response and capabilities for onboarding mergers & acquisitions, new customers, and new environments as we grow and scale. Security Assessment and Continuous Threat Exposure Management:Identifying and fixing weaknesses in systems and networks including establish MTTD, MTTR, and MTTA for exposures, vulnerabilities, and potential threats. Incident Response:Investigating and responding to security breaches, including analyzing incidents and escalating them when necessary. Threat Detection and Prevention:Monitoring network traffic, system logs, and other data sources to identify potential threats and malicious activity. Security System Administration and Maintenance:Installing, configuring, and maintaining security tools like firewalls, antivirus software, and intrusion detection systems. Security Policy and Procedure Development:Creating and enforcing security policies and procedures to protect sensitive information. Security Training and Awareness:Educating employees about cybersecurity risks and best practices. Staying Up-to-Date:Keeping abreast of the latest security threats, vulnerabilities, and technologies. Threat Intelligence & Response: Build and manage a comprehensive threat intelligence function to anticipate and defend against advanced persistent threats (APTs) and zero-day vulnerabilities. Lead cyber incident response efforts, including containment, eradication, and post-incident reviews. Serve as a key escalation point during major security events and coordinate cross-functional response. Security Engineering & Automation: Oversee the development and deployment of tools and technologies that support threat detection, log aggregation, SIEM, SOAR, EDR, and XDR platforms. Drive automation and orchestration to increase efficiency and reduce time to detection/response. Hold QBRs with key security operations vendors to ensure compliance and SLAs are met with all contracts. Team Leadership & Development: Build, lead, and inspire a high-performing cyber defense team, including SOC analysts, incident responders, threat hunters, and detection engineers. Foster a culture of accountability, continuous learning, and proactive defense. Establish Career Development Plans and Growth for analysts, engineers, managers, and directors as the business grows and scales. Collaboration & Executive Engagement: Partner with IT, Infrastructure, Risk, Compliance, and Legal teams to align cyber defense practices with business needs. Provide executive-level reporting on threat landscape, risk posture, and incident metrics. Act as a thought leader and spokesperson on cyber defense strategy internally and externally. Qualifications: Bachelor's or Master's degree in Cybersecurity, Computer Science, Information Technology, or a related field. 15+ years of experience in cybersecurity, with at least 5 to 8 years in a senior leadership role overseeing SOC, incident response, or threat intelligence. Deep knowledge of security operations, threat detection techniques, MITRE ATT&CK, and NIST/ISO frameworks. Proven track record managing large-scale incident response, threat intelligence operations, and blue team functions. Experience with cloud security (AWS, Azure, GCP) and hybrid infrastructure defense. Strong executive presence and ability to communicate effectively with C-level stakeholders. Relevant certifications such as CISSP, GIAC, GCIA, GCIH, or equivalent are highly desirable. Our Values If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success - and the success of our customers. Does your heart beat like ours Find out here: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

threat hunting and intelligence analysis tools,malware analysis and threat detection, SOC operations, Malware Reverse Engineering, Exploit Development, SIEM, IDS/IPS, and other security tools, CTIA, GCIA,GCIH, OSCP+,GCTI Required Candidate profile malware, ransomware, application & network layer attacks,shell, Python, and PowerShell SIEM platform (e.g., Splunk, Elastic Stack) SQL queries,Threat Hunter & Threat Intelligence Analyst

Key Deliverables: Design and maintain SIEM and WAF detection rules to identify and mitigate threats Lead SOC processes including incident response, escalation, and 24/7 coverage Automate security workflows and threat detection using Python scripting Mentor junior analysts and collaborate with engineering and DevOps teams Role Responsibilities: Manage security monitoring, detection engineering, and incident handling Identify and remediate cloud misconfigurations and enforce security best practices Develop and optimize SOC playbooks, reporting, and dashboards Act as key liaison during security incidents and stakeholder engagements

Job Description: We are looking for an experienced Security Senior Specialist Advisor to join our security team. The ideal candidate will have extensive experience in Data Security Posture Management , Cyber Security Posture Management , and Securiti.AI , with a proven track record of implementing robust security solutions and leading high-level security initiatives. Key Responsibilities: Lead the implementation and management of Data Security Posture Management strategies to ensure optimal data protection. Oversee Cyber Security Posture Management to mitigate risks and strengthen the overall security framework. Utilize Securiti.AI to monitor and optimize security systems, processes, and controls. Collaborate with cross-functional teams to integrate security protocols across multiple platforms and systems. Provide strategic advice on cybersecurity best practices and emerging threats to senior leadership. Troubleshoot and resolve complex security issues, ensuring minimal downtime and risk. Qualifications: 10+ years of experience in Cyber Security , with a strong focus on Data Security Posture and Cyber Security Posture Management . Hands-on experience with Securiti.AI and other relevant security tools and platforms. Expertise in developing and implementing security policies, procedures, and compliance standards. Strong communication and leadership skills with the ability to influence stakeholders at all levels. If you're passionate about driving security excellence and have extensive experience in the cybersecurity space, we'd love to connect with you!

Advanced knowledge in handling security incidents and leading investigations. Proficiency in managing and optimizing SOC operations. Experience in implementing security protocols and policies. Expertise in Malware Reverse Engineering, Required Candidate profile Certified Information Systems Security Professional (CISSP). Certified Information Security Manager (CISM). GIAC Certified Enterprise Defender (GCED). Certified Information Security Auditor (CISA),

For Soc L3-Position: 7Yrs+ hands on Exp. Ready to work for Rotational shifts.(24*7), Team management & Shift roaster Location: Pune Roles and Responsibilities Key Skills: 1.SIEM tool exp-preferably Arc sight. 2. Log Analysis 3.Incident Response 4.DLP experience 5.Investigation Knowledge 6.Rules creation 7.Alert management. 8.Use case Creation 9.Team management 10.Shift Roaster 11.Monthly reports Key Responsibilities To handle the daily monitoring of information security events. To function as an intrusion analyst by examining security events for context, appropriateness and criticality To act as an information security researcher to provide insight and understanding of new and existing information security threats Key Operational Activities Daily checklists and tasks Log analysis and review Vulnerability management activities Alert analysis Investigation of suspicious security event activity Maintain and enforce adherence to corporate standards, policies and procedures Please share your profile to anwar.shaik@locuz.com