182 Threat Intelligence Jobs - Page 5

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As SOC Operations Manager, you will oversee and manage day to day activities of a security operations center on Security incident management delivery. You will be expected to support the documentation, enhancement of SOC Operations through SIEM for external client service. Roles & Responsibilities:- Should be an SME in SOC Operations (SIEM Infrastructure and Incident Response activities)- Collaborate and manage the team to perform- Responsible for decisions on team management, financial, project transitions- Engage with multiple teams and contribute on key decisions on project intake, solution reviews and end to end incident response cycle- Provide solutions to problems for their immediate team and across multiple teams- Lead security assessments and provide recommendations- Develop and implement security operations strategies, processes, architecture standards and guidelines- Conduct security reviews and manage internal/external audits- Support continuous service improvement cycle, through collaboration with Onshore or client stakeholders Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Information and Event Management (SIEM), deep understanding of cybersecurity principles, threat detection, and incident management.- Strong understanding of threat intelligence analysis- Knowledge of security compliance frameworks- Hands-on experience with security tools and technologies Additional Information:- The candidate should have a minimum of 7.5 years of experience in Security Information and Event Management (SIEM).- This position is based at Gurugram office.- 15 years of full-time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As SOC Operations Manager, you will oversee and manage day to day activities of a security operations center on Security incident management delivery. You will be expected to support the documentation, enhancement of SOC Operations through SIEM for external client service. Roles & Responsibilities:- Should be an SME in SOC Operations (SIEM Infrastructure and Incident Response activities)- Collaborate and manage the team to perform- Responsible for decisions on team management, financial, project transitions- Engage with multiple teams and contribute on key decisions on project intake, solution reviews and end to end incident response cycle- Provide solutions to problems for their immediate team and across multiple teams- Lead security assessments and provide recommendations- Develop and implement security operations strategies, processes, architecture standards and guidelines- Conduct security reviews and manage internal/external audits- Support continuous service improvement cycle, through collaboration with Onshore or client stakeholders Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Information and Event Management (SIEM), deep understanding of cybersecurity principles, threat detection, and incident management.- Strong understanding of threat intelligence analysis- Knowledge of security compliance frameworks- Hands-on experience with security tools and technologies Additional Information:- The candidate should have a minimum of 7.5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Pune office.- A 15 years full time education is required. Qualification 15 years full time education

JD: Work Location Mumbai (Aeroli) Experience – 3-4years Install, configure, and manage FleetDM and OSQuery across the bank's critical endpoints, ensuring continuous monitoring of core banking systems and financial infrastructure. Create and deploy custom queries, alerts, and rules to detect unauthorized activities, internal threats, and system anomalies. Leverage FleetDM and OSQuery to gather and analyze endpoint telemetry data (e.g., processes, network activity, financial transactions, file system changes) for signs of malicious activity targeting banking applications and infrastructure. Proactively hunt for advanced persistent threats (APTs), malware, and other security risks across Windows and Linux environments, with a focus on protecting critical banking systems. Utilize data from FleetDM and OSQuery to identify potential risks and detect fraudulent activities across financial systems and customer-facing services. Investigate malware to understand its impact on financial services, and develop detection rules to mitigate future incidents. Track and respond to threats involving online banking, mobile banking apps, payment systems, and other financial platforms. Knowledge on operating systems, networking, any query language etc

SOC Analyst / Security Engineer - Vacancies for FRESHERS (Level-1 / Those who completed the courses or learnt on their own) & EXPERIENCED (Level-1 & Level-2 / Those who have experienced in Cyber Security Domain only) SOC Analyst / Security Engineer who is familiar or interested to work with Windows, Linux, and cloud environments technical skills. Any courses/certification like CompTIA Security+, GSEC, EC-Council Certified SOC Analyst (CSA), Microsoft SC-200(Security Operations Analyst Associate), Cisco Cyber Ops Associate, Splunk Core Certified User / Analyst are preferable. Responsibilities Capable of understanding the training & Nature of works on Job Responsibilities. Monitor and assess alerts generated by security monitoring systems such as SIEMs and EDR platforms. Analyze logs, network activity, and endpoint behavior to detect suspicious or malicious activity. Execute initial incident triage and escalate complex threats to senior teams as needed. Collaborate with internal teams on containment, eradication, and recovery processes. Maintain detailed records of security events and actions taken in internal tracking systems. Continuously fine-tune detection rules and alert thresholds to improve incident accuracy. Stay informed on the latest tactics, techniques, and procedures (TTPs) used by threat actors. Support proactive initiatives like threat hunting and vulnerability assessments. Contribute to red/blue team simulations and post-incident reviews. Help develop and refine operational playbooks and standard response workflows. Capable for Rotational shifts (Morning / Forenoon / Evening / Night) as its 24 X 7 organization & Adoptable for the working environment & Night Shifts. Maintain the System Security, identify threats and install / configure Software. Solid grasp of network protocols, endpoint defenses, and common attack vectors. Familiar with one or more SIEM solutions (e.g., Splunk, Sentinel, QRadar). Comfortable navigating both Windows and Linux environment. knowledge of cloud platforms & Malware analysis is a plus. Understanding of TCP/IP, DNS, HTTP, and common attack vectors Understanding of cybersecurity frameworks such as MITRE ATT&CK or NIST. Strong Interpersonal and Oral/Non-Oral English Communication skills to Handle Chats & Mails if needed. 1 to 3 years of experience in a SOC or technical security role is an added advantage. To be Sincere and Honest towards the Job Responsibilities. Perks and Benefits Other Allowances Negotiable Based on Availability & Experience. For clarification Contact - HR +91 87543 01002 jobs@oryon.in

Role & responsibilities Position Summary: We are seeking an experienced and proactive Threat Intelligence & IR Lead to oversee our SOC threat intelligence and ensure the security of our organizations assets. The ideal candidate will have a minimum of 7 years of experience in cybersecurity, with a strong focus on threat intelligence, threat hunting, analysis & incident response. You will be responsible for identifying, analyzing, and mitigating threats to protect the organization's infrastructure, data, and operations. Key Responsibilities: Threat Intelligence & Incident Response : Develop, implement, and manage the organizations threat intelligence strategy and program. Lead a team of threat SOC analysts and ensure timely identification of emerging threats. Threat Identification and Analysis: Monitor and analyze cyber threat data, including data banks , data lakes , API access controls , threat feeds, and intelligence platforms. Identify trends, techniques, tactics, and procedures (TTPs) of threat actors and provide actionable insights. Collaboration and Reporting: Collaborate with internal teams (e.g., SOC, incident response, and risk management) to share threat intelligence insights. Prepare detailed threat reports and brief senior management on the organizations threat landscape. Threat Hunting and Mitigation: Conduct proactive threat-hunting activities to identify vulnerabilities and weaknesses in the organization’s systems. Recommend and implement mitigation strategies to address identified threats. Tool and Technology Management: Evaluate, implement, and maintain tools and technologies to support the threat intelligence program. Automate threat detection processes and maintain integrations with security operations platforms. Industry Engagement: Participate in threat intelligence sharing forums and build relationships with external organizations to stay updated on evolving threats. Qualifications and Experience: Minimum of 7 years of experience in cybersecurity, with at least 3 years in a threat intelligence or similar role. Strong knowledge of cyber threat landscapes, attack vectors, and defensive strategies. Hands-on experience with threat intelligence platforms (TIPs), SIEMs, and other security tools. Familiarity with frameworks such as MITRE ATT&CK, NIST, and Cyber Kill Chain. Experience in analyzing threat data, including malware, indicators of compromise (IoCs), and vulnerabilities. Excellent analytical, communication, and problem-solving skills. Relevant certifications (e.g., CISSP, CEH, GIAC, GCTI) are preferred. Educational Requirements: Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field. Master’s degree preferred. Key Competencies: Strong leadership and team management skills. Ability to work under pressure in fast-paced, high-stakes environments. Detail-oriented with a focus on continuous learning and staying ahead of emerging threats. This role offers the opportunity to lead a critical function within our cybersecurity operations and make a tangible impact on the organization's security posture. If you are passionate about staying ahead of cyber threats and have a proven track record in threat intelligence, we encourage you to apply.

JD 1. Hands-on experience on Insider Threat/Risk Tools like Microsoft Purview Insider Risk Management or its competitors (like Proofpoint Insider Threat Management, Splunk User Behavior Analytics, Securonix UEBA, QRadar User Behavior Analytics) 2. Experience in triaging Insider Threat/Risk alerts 3. Working in the Insider Threat team of the Security department. 4. Experience producing Insider Threat reports for C-level leaders. 5. Experience in setting up IRM policies and monitoring them. 6. Understanding of AI, Large Language models, prompt engineering is a plus.

HI, Job Description Develop and maintain security tooling, guidelines, and standards for the Security Engineering team. Participate in threat intelligence and forensic analysis exercises, with guidance from more senior engineers. Work closely with application and infrastructure teams on mitigation of vulnerabilities against all cloud hosted systems. Create and maintain thorough runbooks and incident response documentation for the Security Operations Center (SOC). Create and monitor correlated event dashboards in the SIEM, alerting against thresholds you develop. Research, implement, and configure security protections for email, hosts, and identities. Write scripts to automate manual tasks. Create and provide training to assist new staff and internal teams. Education Bachelor's degree in Information Systems, Computer Science, or related discipline. Or any combination of education and experience which would provide the required qualifications for the position. Experience 5+ years of experience in being a part of a security operations center, with focuses on threat intelligence, incident response, blue team operations and SIEM query/workflow creation. 5+ years of experience in systems administration, software engineering, software development, or related discipline. Licenses CEH, SANS, ISC2 (CISM, CISSP, CCSP, etc), AWS, GCP, Azure Knowledge Working knowledge of SOC operations and incident response procedures, such as EDR, SWG, CASB, email threat protection, SIEM and SOAR platforms, threat intelligence frameworks (like MITRE ATT&CK), vulnerability and identity management, network security tools (firewalls, IDS/IPS), Python or PowerShell scripting, cloud-native security services (AWS, Azure, GCP), forensic and log analysis, and documentation platforms for preserving security operations materials. Skill in: Analytical, critical thinking and problem-solving skills; troubleshooting and resolving architecture and application development issues; working as member of a team; communicating effectively; establishing and maintaining effective working relationships. Ability to: Determine how a system should work and how changes in conditions, operations, and the environment will affect outcomes; demonstrate presentation skills with a high degree of comfort with both large and small audiences; work in a fast- paced environment; plan, organize, and prioritize workload and multi-task, to meet deadlines; establish and maintain effective working relationships through collaboration and respect.

Req ID: 125023. Remote Position: Hybrid. Region: Asia. Country: India. State/Province: Chennai. City: Guindy, Chennai. Summary. The Senior Specialist, IT Solutions is a key role that evaluates, implements, and manages Security solutions to protect Celestica's systems and data. Responsibilities include implementing automation technologies, performing risk assessments, contributing to automation policies and standards, and advising on automation best practices. This role also mentors junior team members and provides advanced technical support for automation solutions.. Detailed Description. Performs tasks such as, but not limited to, the following:. Maintain security infrastructure for operational efficiencies. collaborate with other IT infrastructure, application and network teams to ensure seamless integrations of tools and technology.. Develop and implement playbooks for security automation and orchestration to respond to security events and incidents.. Design and implement integrations between security tools such as EDR, SIEM, and ServiceNow, to automate incident response and threat intelligence sharing.. Automate security processes, such as vulnerability scanning, patching, and user provisioning, using scripting and configuration management tools.. Develop custom scripts and tools, such as parsers and data enrichment scripts, to automate repetitive security tasks and integrate disparate security data sources.. Create and maintain comprehensive documentation and runbooks for security automation processes and integrations.. Collaborate with other security team members, such as threat intelligence analysts and incident responders, to identify automation opportunities and implement effective security automation solutions.. Stay up-to-date on emerging security threats and technologies to proactively identify and address potential security risks through automation.. Knowledge/Skills/Competencies. Expert knowledge of information security principles, practices, and technologies.. Expert knowledge of EDR, SIEM, and ServiceNow. Strong understanding of data integration and API development. In-depth knowledge of information security standards and regulations (e.g., ISO 27001, NIST).. Strong understanding of software design processes and data modeling.. Excellent problem-solving and analytical skills.. Strong leadership, mentoring, and communication skills.. Ability to work independently and as part of a team.. Physical Demands. Duties of this position are performed in a normal office environment.. Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.. Typical Experience. 6 to 8 years of experience in information security, with a proven track record of evaluating, implementing, and managing security solutions.. Typical Education. Bachelor's degree in Software Engineering, Computer Science, Information Security, or a related field.. Relevant industry certifications (e.g., CISSP, CISM) are highly desirable.. Notes. This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.. Celestica is an equal opportunity employer. All qualified applicants will receive consideration for employment and will not be discriminated against on any protected status (including race, religion, national origin, gender, sexual orientation, age, marital status, veteran or disability status or other characteristics protected by law).. At Celestica we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. Special arrangements can be made for candidates who need it throughout the hiring process. Please indicate your needs and we will work with you to meet them.. Company Overview. Celestica (NYSE, TSX: CLS) enables the world’s best brands. Through our recognized customer-centric approach, we partner with leading companies in Aerospace and Defense, Communications, Enterprise, HealthTech, Industrial, Capital Equipment and Energy to deliver solutions for their most complex challenges. As a leader in design, manufacturing, hardware platform and supply chain solutions, Celestica brings global expertise and insight at every stage of product development – from drawing board to full-scale production and after-market services for products from advanced medical devices, to highly engineered aviation systems, to next-generation hardware platform solutions for the Cloud. Headquartered in Toronto, with talented teams spanning 40+ locations in 13 countries across the Americas, Europe and Asia, we imagine, develop and deliver a better future with our customers.. Celestica would like to thank all applicants, however, only qualified applicants will be contacted.. Celestica does not accept unsolicited resumes from recruitment agencies or fee based recruitment services.. Show more Show less

Come join Deepwatch’s team of world-class cybersecurity professionals and the brightest minds in the industry. If you're ready to challenge yourself with work that matters, then this is the place for you. We're redefining cybersecurity as one of the fastest growing companies in the U.S. – and we have a blast doing it!. Who We Are. Deepwatch is the leader in managed security services, protecting organizations from ever-increasing cyber threats 24/7/365. Powered by Deepwatch’s cloud-based security operations platform, Deepwatch provides the industry’s fastest, most comprehensive detection and automated response to cyber threats together with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business.. Our core values drive everything we do at Deepwatch, including our approach to tackling tough cyber challenges. We seek out tenacious individuals who are passionate about solving complex problems and protecting our customers. At Deepwatch, every decision, process, and hire is made with a focus on improving our cybersecurity solutions and delivering an exceptional experience for our customers. By embracing our values, we create a culture of excellence that is dedicated to empowering our team members to explore their potential, expand their skill sets, and achieve their career aspirations, which is supported by our unique annual professional development benefit.. Deepwatch Recognition Includes. 2025, 2024, 2023, 2022 and 2021 Great Place to Work® Certified. 2024 Military Times Best for Vets Employers. 2024 US Department of Labor Hire Vets Gold Award. 2024 Forbes' America's Best Startup Employers. 2024 Cyber Defense Magazine, Global Infosec Awards. 2023 and 2022 Fortress Cybersecurity Award. 2023 $180M Series C investment from Springcoast Capital Partners, Splunk Ventures, and Vista Credit Partners of Vista Equity Partners. 2022 Cybersecurity Excellence Award for MDR. Position Summary. This role is 100% onsite in Bengaluru. The shift for this position is Monday Friday, 7:30AM 3:30 PM.. Deepwatch is looking for a highly motivated, self-driven, technical analyst dedicated to making a difference in global security by protecting organizations against the most advanced attackers in the world. The Deepwatch Squad and Security Operations Center offers opportunities to expand your skill set through a wide variety of experiences, detecting and responding to incidents as they occur in real-time for our customers.. The Deepwatch squad is a unique approach to how we support our customers and ultimately provide an experience not found anywhere else. You’ll be an integral part of supporting our customers by understanding their bespoke environment, needs and challenges. You will be playing a key role in supporting some of the top organizations in the world, and have the opportunity to develop your skills by working with the best responders in the industry, your team and your Squad.. The Analyst I is focused on providing descriptive analysis. They will answer questions such as the who, what, when, and where of events. Analysts are curious individuals who actively work to develop a better understanding of the environments they are assigned. Using cybersecurity best practices, you will monitor and secure complex customer environments utilizing industry leading technology such as Splunk, xSOAR, CrowdStrike and more.. In This Role, You’ll Get To. Support incident handling processes across multiple platforms and security technologies including Windows, Linux and macOS. Monitor a queue of security events generated by the Deepwatch platform SOAR, triage events based on their criticality, and escalate validated security events to customers. Document and manage incident cases in our case management system. Keep up-to-date with information security news, techniques, and trends. Identify and report any gaps in log collection or reporting as soon as possible to the customer and Deepwatch Engineering. Become proficient with Splunk, ServiceNow and other third-party threat intelligence tools as required. Perform security detection analysis and investigations using SIEM and SOAR technologies, leverage Deepwatch proprietary tooling and intelligence and maintain SLA’s. Act as the first line of defense during security events by triaging and investigating alerts within a customer’s environment. Produce high-quality written and verbal communications, recommendations, and findings to customer management in a timely manner. Continue to sharpen your skills and capabilities on the job, and through the Deepwatch development program. To be successful in this role, you’ll need to:. A basic understanding of cyber security principles, concepts and practice with a focus on SOC operations, alert triage and investigations. Know your way around SIEM platforms (Splunk preferred), how to perform queries and leverage various log sources to perform investigations. Articulate the process involved in pivoting to other log sources, cloud systems, or consoles to perform a comprehensive analysis from multiple data sources. Have a basic understanding of modern EDR, email security and cloud identity platforms. Review SIEM alerts and make a determination for what other sources or intelligence is needed to make a determination, relying on peers to help improve your skills and capabilities. A strong understanding of all basic ports and protocols. Familiarity with Windows, Mac, and Linux file path structure.. Familiarity with OSINT, TTPs and IOCs. Strong written and verbal communication skills with the ability to produce well-written reports and analysis that’s thorough, accurate and complete.. Provide the customer with a complete understanding of the investigation. CEH, CySA, GSEC, Sec+, or equivalent certification preferred. A college degree in Information Security or IT, related training, certifications or on-the-job experience. Life At Deepwatch. For employees, Deepwatch fosters a unique, flexible work environment designed with collaboration in mind. The company emphasizes personal and professional. growth, offering benefits such as professional development programs, comprehensive health coverage, and generous parental leave. Deepwatch is also committed to diversity, equity, inclusion, and belonging, aiming to empower underrepresented groups in tech by connecting them with meaningful opportunities, mentors, and sponsors.. In recognition of its supportive workplace culture, Deepwatch earned the Great Place To Work Certification/(TM) in 2025, underscoring its dedication to. creating a positive and inclusive work environment. Deepwatch is a global cybersecurity company with offices in San Francisco Bay Area, CA; Tampa, Florida;. and Bengaluru, India.. What We Offer. At Deepwatch, we are committed to supporting our employees with a comprehensive benefits package designed to enhance your well-being and financial security.. We Partner With Plum Benefits To Provide. ? Group Health Insurance – Comprehensive medical coverage for you and your dependents.. ? Group Accidental Insurance – Financial protection in case of accidental injuries.. ? Group Term Life Insurance – Security for your loved ones in unforeseen circumstances.. For additional details, refer to the benefits guide provided by Plum.. Payroll & Compensation. ? Pay Cycle: Salaries are processed monthly and paid on the last day of each month.. ? Pay Slips & Reimbursements: Delivered via email.. ? Payroll Processing: Managed by BCL Chartered Accountants through GreytHR, which provides tax and payment-related details.. Show more Show less

Job Summary The Director, TSG Information Security, Cyber Threat Management is a position within Bain's Cyber Security Department, whose mission is to define and enable strategies to safeguard the digital assets and integrity of the organization In this role, the Director understands how security measures align with the overall organizational strategy and will begin to organize and lead in the development and implementation of security controls that adhere to regulatory requirements and best practices The Director combines a strong level of technical and managerial skills and business alignment to build and guide a growing team and resources across a spectrum of capabilities The position primarily focuses on the efficient, effective and reliable resolution of Bain's defensive strategy as well as focuses on improving our offensive strategy to help the company meet its overall business objectives The position therefore must have the technical skills to troubleshoot and resolve complex issues as well as excellent communication and upward management These measures require taking a leadership position in coordinating activities across the team working with Technical, IT and Cybersecurity leadership The Director role has expertise and experience in multiple disciplines, including Threat Intelligence programs, Detection and Deterrence systems, Threat Exposure Management, Incident Response, Forensics and Evidence gather and Pro-Active Security probing capabilities (Red/Blue/Purple teaming & Penetration Testing), Principal Accountabilities Monitoring & Detection Oversee and strategize on developing advanced security monitoring, analysis, and correlation platforms to detect cybersecurity events, Direct cross-functional efforts in the identification and in-depth analysis of sophisticated security threats, including malware, APTs (Advanced Persistent Threats), and targeted attacks, Enable a wide range of security tools and technologies, including SIEM, IDS/IPS, or next gen/advanced threat detection solutions, Partner with organizations and vendors to identify and integrate new data sources, Incident Response & Analysis Oversee the ongoing management and evolution of security runbooks and champion for ongoing automation or AI/ML based technologies to increase speed/efficiency, Strengthen Bains capability in-depth log analysis, data correlation, and forensic investigations to identify root causes of incidents and improve security measures, Provide strong and clear communications on cyber events and situations with sr leadership, Ensure alignment in security policies and practices adhere to industry standards and compliance requirements and oversee the validation of the controls, Serve as a subject matter expert in security discussions and decision-making and enable and grow team members skills and experience, Work with the primary goal of building efficiencies in Cyber Threat Management responses and driving down MTTR and reducing overall risk, Threat Intelligence Enable a threat intelligence capability, including open-source intelligences (OSINT), dark web forums, and industry reports to drive awareness and improvement in our defensive posture, Utilize threat intelligence platforms and tools to aggregate and correlate threat data, Drive coordination with intelligence and incident response teams to investigate and analyze security incidents, Develop and refine threat intelligence methodologies and tools, Stay current with industry best practices and new methodologies to enhance the teams capabilities, Vulnerability Management & Threat Exposure Management Work cross-functionally across IT teams and provide leadership and guidance in mitigating threats to Bain Serve as a subject matter expert in security discussions and decision-making, Build processes to enable regular vulnerability scans on the organization's network, applications, and systems using industry-standard tools ProActive Security Testing Experience implementing and operationalizing vulnerability management tools, processes, and best practices, Oversee the classification and prioritization of vulnerabilities based on risk and potential impact, Stay informed about emerging trends and technologies in cybersecurity, Work collaboratively with other security team members, IT departments, and relevant business units to address security concerns and enhance overall security posture, ProActive/Enhanced Security Testing Partner with colleagues to expand controlled penetration testing technologies and capabilities on networks, applications, and systems to identify security vulnerabilities, Investigate and keep up to date with changes in tooling and advanced attacks in network, cloud and application testing, Analyze and interpret results to identify potential risk as well as evaluate potential impact, Red Team, Blue Team, Purple team exercise leadership experience, Professional Development and Innovation Stay informed about emerging trends and technologies in cybersecurity, Drive collaboration and defensive standards/expertise across Bain, working with other security team members, IT departments, and relevant business units to address security concerns and enhance overall security posture, Explore Professional Certifications and work with leadership to plan trainings, Knowledge, Skills, and Abilities Security Monitoring & Incident Detection and Response Strong knowledge of Splunk (or other SIEM tools),CrowdStrike or equivalent EDR/MDR platforms, Windows Defender, Palo Alto Networks, Other AV/EDR tool configuration, Cyberhaven (or other DLP tools) Knowledge of Vulnerability & Attack Surface Management toolsets, Threat Intelligence and Analysis tools, Vendor technical Risk Scoring tools, Deception technologies Knowledge of ticketing, triage and forensics capabilities and toolsets General Skills Great communication skills, with the ability to document and explain technical information clearly, Analytical mindset, with a focus on learning and problem-solving, Ability to work independently and well in a team, showing strong interpersonal skills, Eagerness to learn and adapt to new challenges in cybersecurity, Entrepreneurial spirit, open to trying new approaches and learning from them, Team Management Drive and expand the training and professional development of Security Operations staff, Qualification and Experience Bachelor's degree in a related field (e-g , Computer Science, Cybersecurity, Information Technology) or an equivalent combination of education, training, and experience 10-15 years of relevant experience Experience with Information Security technologies (Firewall, IPS, IDS, SIEM, EDR, CASB, AV, DLP, etc ) Experience with common information security controls frameworks (i-e ISO, NIST, CIS, or CSA) Global company or equivalent Experience deploying systems or applications Ability to work independently and with teams on complex problems Complex problem solving Ability to work in a fast paced, dynamic environment,

Warm Greetings from SP Staffing!! Role :SOC Analyst Experience Required :3 to 8 yrs Work Location :Bangalore Required Skills, Security operations SOC1, SOC2 , FFIEC , GDPR Interested candidates can send resumes to nandhini.spstaffing@gmail.com

Sr. Network & Security Engineer Location : Chennai - Taramani (Work From Office) Notice : Short Period / Immediate Full time role RESPONSIBILITIES Design, deploy, and manage scalable enterprise network infrastructures focusing on Cisco switches and routing technologies. Configure and maintain next-generation firewalls, including Palo Alto, FortiGate, and Cisco Firepower NGFW. Administer F5 Load Balancers (LTM, ASM) to ensure high availability and secure application delivery. Manage the full SSL certificates and domain services lifecycle, including DNS configuration and domain registration. Implement, monitor, and support endpoint security platforms such as Symantec Endpoint Protection Manager (SEPM), Trend Micro, and CrowdStrike. Perform ongoing threat monitoring, vulnerability remediation and incident response related to endpoints and network devices. Troubleshoot & resolve complex issues across network and endpoint layers, focusing on minimising downtime. Define/enforce network & endpoint security policies in alignment with compliance & organisational needs. Maintain detailed documentation of all infrastructure components, including network architecture, firewall configurations, SSL/DNS records, domain configurations, and endpoint security deployments. Collaborate with internal IT teams and business stakeholders to align security and infrastructure strategies with organisational objectives. Stay current on emerging threats, security technologies, and industry best practices. DESIRED SKILLS Experience in network and security engineering, including endpoint protection management. Expertise with Cisco Switches, routing protocols, and network design. Proven experience with Palo Alto, FortiGate, and Cisco Firepower firewalls. Strong operational knowledge of F5 Load Balancers (LTM, ASM). In-depth understanding of SSL/TLS certificate management and DNS/domain services. Hands-on experience with SEPM, Trend Micro, and CrowdStrike for endpoint protection. Solid knowledge of TCP/IP, VPNs, VLANs, NAT, ACLs, and network segmentation techniques. Familiarity with cybersecurity frameworks, threat intelligence, and incident response methodologies. Strong troubleshooting and analytical skills with a proactive mindset Experience in license management, procurement, purchase, contracts and vendor management for security and network infrastructure. Ability to work independently, manage multiple priorities, and provide off-hours/on-call support as needed. Excellent verbal and written communication skills. QUALIFICATIONS Bachelors or Masters degree in a related field. CCNP, PCNSE, Fortinet NSE Certifications, F5 Certified Administrator Interested can forward your latest resumes to John.s@zirlen.com

This role requires a technical expert to support our direct and channel business. This role involves crafting tailored technical bids and solutions, collaborating with account managers, partners, sales, marketing, finance, legal, and HR.The person will be responsible for ensuring written responses are well crafted and created to meet tender requirements. This will ensure they score highly and provide content for business-critical frameworks. For this role you will need to be creative, a team player, detail-oriented, reliable, and self-motivated and have outstanding communication skills. You must be able to master our managed service offerings. In doing so, you will play a leading role with our sales teams. Providing high quality and credible bid responses. Your technical knowledge, writing and interpersonal skills will set you apart from other candidates. Responsibilities: Compelling Bids to be submitted in a timely manner by coordinating with different stakeholders. As the person responsible for allocating tasks and setting internal deadlines. Understanding business requirements and know how to map technology/Services. Ability to convey business value or complex technical solutions through your technical responses and graphical designs. Produce professional response documentation. Participate in key review meetings / final document review, content sign-off, and document production Identify and re-work existing pre-written content where relevant under guidance of a senior team members. This includes win and loss reviews, lessons learned and continual improvement. Develop knowledge of business, SHQ services by reading and reviewing previous bid submissions and design documents. Also, by spending time with pre-sales, technical and commercial teams. Own and manage the central Bid Content Library regularly update, curate, and manage content library to enhance proposal quality and speed. Learn and utilize AI tools and other capabilities as they become available. Standardize and maintain proposal templates and boilerplate content across all major service lines. Support the implementation and continuous improvement of Bid Management SOPs. Work with global teams to ensure technical proposal content remains accurate, current, and aligned with sales strategy. Manage and evolve the confluence knowledgebase used by Pre-sales. Drive the production and updating of content. Essential Skills The ability to work under pressure and within short deadlines. Proven skills in writing and editing proposal content within a complex technical business environment. Attention to detail. Excellent knowledge of M365, and ideally Copilot. Ability to work independently and confidently. Excellent interpersonal and communication skills and adept at working with multiple stakeholders internationally. To demonstrate an understanding of how an IT Managed Service/Security Service Provider operates. Knowledge of cybersecurity terms such as SIEM, EDR, XDR, Firewalls, Threat Intelligence etc. Familiar with Cloud technologies and platforms such as AWS and Azure. Proven history of working with Managed Security Service Providers (MSSP) Education & Experience Educational qualification: BE or any postgraduate in any stream Candidates should have at least 4-5 years of experience working Pre- Sales/ Bid Management/Technical writing. Any Cyber Security related certifications are highly desired. A desire to learn, harness AI, and to support the creation of better content.

The role is within the Information Security Risk Management (ISRM) Cyber Fusion Engineering team responsible for the support of Thomson Reuters Cyber Defense Engineering Tools. The successful candidate will have the opportunity to learn - and provide skilled technical support - for our current infrastructure security toolset as well as our future security services within the technical operations environment. About the role: Support the development and maintenance of security tools and infrastructure such as Confluence, MISP Threat Intelligence Platform, and ServiceNow Security Incident Response. Help build and maintain cloud infrastructure in support of our technologies Collaborate with Cyber Defense teams such as the SOC, Threat Detection, Threat Intel, and Incident Response teams to understand feature and support needs. Act as an interface with other IT disciplines inside the larger organization to develop deployment pipelines for AWS infrastructure to meet Enterprise standards. About You: Bachelor's Degree with 3+ years IT or Information Security experience Scripting experience with Python and bash Foundational knowledge of AWS Application/Infrastructure administration experience in an Enterprise environment. Excellent customer service and communication (oral / written) skills required. Strong critical thinking, analytical, and troubleshooting skills. Must be able to accept delegated work on assigned projects and initiatives and complete them successfully with minimum supervision. Preferred Qualifications: Knowledge of/and experience with a Linux OS distribution. Hands on experience deploying and managing infrastructure in AWS Knowledge of/or experience with Infrastructure as Code technologies (e.g. Terraform, CloudFormation) and/or CI/CD pipeline technologies (e.g. AWS CodeBuild, CodePipeline, etc) Understanding of the principles of IaaS, PaaS, SaaS cloud environments Knowledge of/and experience in Cyber Security or Security+ certification Knowledge of/or experience with security orchestration, automation, and response (SOAR) tools. Understanding of network transport protocols and services (TCP/IP, syslog, DNS, ODBC, SFTP, SSH, PKI, etc.) Experience working in a large enterprise environment #LI-HS1 Whats in it For You Hybrid Work Model Weve adopted a flexible hybrid working environment (2-3 days a week in the office depending on the role) for our office-based roles while delivering a seamless experience that is digitally and physically connected. Flexibility & Work-Life Balance: Flex My Way is a set of supportive workplace policies designed to help manage personal and professional responsibilities, whether caring for family, giving back to the community, or finding time to refresh and reset. This builds upon our flexible work arrangements, including work from anywhere for up to 8 weeks per year, empowering employees to achieve a better work-life balance. Career Development and Growth: By fostering a culture of continuous learning and skill development, we prepare our talent to tackle tomorrows challenges and deliver real-world solutions. Our Grow My Way programming and skills-first approach ensures you have the tools and knowledge to grow, lead, and thrive in an AI-enabled future. Industry Competitive Benefits We offer comprehensive benefit plans to include flexible vacation, two company-wide Mental Health Days off, access to the Headspace app, retirement savings, tuition reimbursement, employee incentive programs, and resources for mental, physical, and financial wellbeing. Culture: Globally recognized, award-winning reputation for inclusion and belonging, flexibility, work-life balance, and more. We live by our valuesObsess over our Customers, Compete to Win, Challenge (Y)our Thinking, Act Fast / Learn Fast, and Stronger Together. Social Impact Make an impact in your community with our Social Impact Institute. We offer employees two paid volunteer days off annually and opportunities to get involved with pro-bono consulting projects and Environmental, Social, and Governance (ESG) initiatives. Making a Real-World Impact: We are one of the few companies globally that helps its customers pursue justice, truth, and transparency. Together, with the professionals and institutions we serve, we help uphold the rule of law, turn the wheels of commerce, catch bad actors, report the facts, and provide trusted, unbiased information to people all over the world. Thomson Reuters informs the way forward by bringing together the trusted content and technology that people and organizations need to make the right decisions. We serve professionals across legal, tax, accounting, compliance, government, and media. Our products combine highly specialized software and insights to empower professionals with the data, intelligence, and solutions needed to make informed decisions, and to help institutions in their pursuit of justice, truth, and transparency. Reuters, part of Thomson Reuters, is a world leading provider of trusted journalism and news. We are powered by the talents of 26,000 employees across more than 70 countries, where everyone has a chance to contribute and grow professionally in flexible work environments. At a time when objectivity, accuracy, fairness, and transparency are under attack, we consider it our duty to pursue them. Sound excitingJoin us and help shape the industries that move society forward. As a global business, we rely on the unique backgrounds, perspectives, and experiences of all employees to deliver on our business goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under applicable law. Thomson Reuters is proud to be an Equal Employment Opportunity Employer providing a drug-free workplace. We also make reasonable accommodations for qualified individuals with disabilities and for sincerely held religious beliefs in accordance with applicable law. More information on requesting an accommodation here. Learn more on how to protect yourself from fraudulent job postings here. More information about Thomson Reuters can be found on thomsonreuters.com.

Cyber Defense Governance & Compliance Develop and maintain cyber defense governance frameworks, ensuring alignment with industry standards like NIST, ISO 27001, and regulatory mandates. Establish and enforce policies, procedures, and risk management guidelines for security operations. Conduct regular governance audits to assess cybersecurity effectiveness and compliance adherence. Security Metrics & Executive Reporting Design and manage cybersecurity Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to measure operational effectiveness. Generate Cyber Defense MIS reports, dashboards, and executive summaries for leadership and regulatory bodies. Provide actionable insights from security metrics, ensuring data-driven decision-making in cyber defense operations. Threat Intelligence & Risk Management Oversee integration of threat intelligence insights into governance frameworks to enhance risk mitigation strategies. Conduct risk assessments based on emerging threats, attack trends, and compliance gaps. Collaborate with security teams to refine incident classification models, response SLAs, and governance workflows. Cyber Incident & Crisis Reporting Establish standardized incident reporting protocols, ensuring compliance with regulatory requirements. Lead post-incident root cause analysis (RCA) and governance-driven improvement initiatives. Develop structured processes for incident escalation tracking, remediation follow-ups, and reporting accuracy. Process Governance & Operational Excellence Define and optimize cyber defense operational workflows, ensuring consistency in threat monitoring and response. Conduct SOC maturity assessments and provide governance recommendations to improve security posture. Enhance alignment between cyber defense strategies and business risk management goals. Cyber Awareness & Compliance Training Develop and execute cybersecurity training programs for risk, compliance, and executive teams. Conduct tabletop exercises and simulated security drills to improve organizational response readiness. Ensure continuous improvement in security awareness initiatives across stakeholders. Stakeholder & Regulatory Engagement Act as the primary liaison between cybersecurity teams, risk management, compliance, and executive leadership. Represent cyber defense operations in audit meetings, regulatory discussions, and board-level reporting sessions. Stay updated with evolving cybersecurity laws, frameworks, and global compliance requirements.

Role: The Security Operations (SOC) - Engineer is responsible for monitoring the environment, identifying, reporting, and responding to security threats that put the organization at risk. The primary function of this position is to monitor the security tools and perform alert management and initial incident qualification. Job Description Acknowledge, analyze, and validate incidents triggered from multiple security tools like IDS/IPS, Web Application Firewall, Firewalls, Endpoint Detection & Response tools, and events through SIEM solution Acknowledge, analyze, and validate incidents received through other reporting mechanisms such as email, phone calls, management directions, etc. Collection of necessary logs that could help in the incident containment and security investigation Escalate validated and confirmed incidents to Security administrators Undertake first stages of false positive and false negative analysis Understand the structure and the meaning of logs from different log sources such as FW, IDS/IPS, WAF, Windows DC, Cloudflare, AV and antimalware software, O365 email security etc. Open incidents in ticketing platform to report the alarms triggered or threats detected. Track and update incidents and requests based on updates and analysis results Report infrastructure issues to the IMS Team Working with vendors to work on security issues. Perform other duties as assigned Skills: Strong security knowledge Should have expertise on TCP/IP network traffic and event log analysis Experience with Linux, Windows and Network Operating Systems required. Knowledge and hands-on experience in management of IDS/IPS, Firewall, VPN, and other security products Experience in Security Information Event Management (SIEM) tools, creation of basic co-relation rules, and administration of SIEM Knowledge and hands-on experience in Log management & Endpoint detection and response tools Knowledge of ITIL disciplines such as Incident, Problem and Change Management Strong interpersonal skills including excellent written/verbal communication skills Interview Process: Technical Interview HRBP Interview Consent: Consent: we will use your resume for current full-time job openings with us and retain it for future opportunities

Analysing cyber-IOCs, APTs, MITRE ATT&CK TTPs, attack vectors, adversary TTPs, and cyber threat intelligence topics and translating these into actionable intelligence Develop, maintain, and update a repository of cyber threat information that is used in conducting risk assessments and reports on cyber risk trends. Conducts research and evaluates intelligence data, with emphasis on TTP's. Good Experience in Development and documenting of threat Intelligence procedures into playbooks. Experience on Threat Research Reports for Strategic, Tactical, and Operational intelligence Focusing on intent, objectives, and activity of cyber threat actors and then acting accordingly. Perform ad-hoc intelligence gathering using OSINT tools and techniques Able to apply creative and critical thinking when approaching issues and in resolving them. Able to communicate effectively with technical, operational, and senior client staff. Required education Bachelor's Degree Required technical and professional expertise Analysing cyber-IOCs, APTs, MITRE ATT&CK TTPs, attack vectors, adversary TTPs, and cyber threat intelligence topics and translating these into actionable intelligence Develop, maintain, and update a repository of cyber threat information that is used in conducting risk assessments and reports on cyber risk trends. Conducts research and evaluates intelligence data, with emphasis on TTP's. Good Experience in Development and documenting of threat Intelligence procedures into playbooks. Experience on Threat Research Reports for Strategic, Tactical, and Operational intelligence Focusing on intent, objectives, and activity of cyber threat actors and then acting accordingly. Perform ad-hoc intelligence gathering using OSINT tools and techniques Preferred technical and professional experience Able to apply creative and critical thinking when approaching issues and in resolving them. Able to communicate effectively with technical, operational, and senior client staff.

What you'll do Greetings from Data Security Council of India...!! The Data Security Council of India (DSCI) is a not-for-profit, industry body for data protection in India, setup by nasscom committed to making cyberspace safe, secure, and trustworthy by establishing cybersecurity best practices, standards, and initiatives in cyber security and privacy. DSCI engages with governments, regulators, industry sectors, and think tanks on policy advocacy, thought leadership, capacity building, and outreach initiatives. For more information, visit: www.dsci.in. We are seeking a dynamic and technically proficient AI/ML Engineer to support our AI/ML R&D initiatives in cybersecurity and take ownership of TechSagar.in a knowledge repository for India's emerging technology capabilities. The ideal candidate will possess hands-on experience in generative AI, emerging technologies, and product management. This is a hybrid role combining deep technical development with stakeholder engagement and platform evangelism. Role & responsibilities : AI/ML & Cybersecurity Innovation Support R&D efforts to prototype generative AI models for real-time threat detection and cybersecurity. Design, develop, and deploy machine learning models tailored to cyber threat intelligence and anomaly detection. Research and implement novel AI approaches, including multi-agent and reasoning-based systems. Develop distributed security monitoring frameworks using tools like AutoGen , CrewAI , etc. Build LLM-powered threat analysis tools using LangChain , LlamaIndex , and integrate with enterprise infrastructure. Apply MLOps best practices for model deployment, performance monitoring, and continuous integration. Optimize vector stores (Qdrant, FAISS, Pinecone, etc.) for RAG-based systems. Create synthetic datasets for AI training and model evaluation. Use Pydantic for data validation within AI pipelines. TechSagar Product Responsibilities Manage and evolve the TechSagar.in platformenhancing features, ensuring data integrity, and driving usage. Liaise with tech partners, government bodies, startups, and academia to enrich platform content. Strategize and execute industry engagement plans to market TechSagar and establish its relevance. Represent TechSagar in external forums, conferences, and industry meetings. Collect user feedback, define product roadmap, and ensure alignment with AI/ML advancements. Required Qualifications: Bachelors or Masters degree in Computer Science, Artificial Intelligence, or related field. 12 years of hands-on experience in AI/ML model development and deployment. Strong programming expertise in Python . Familiarity with LangChain , LlamaIndex , and large language models (LLMs). Experience in applying AI to cybersecurity or vulnerability analysis. Good understanding of machine learning algorithms, data pipelines, and model evaluation. Excellent communication skills for technical and stakeholder engagement Preferred Skills: Exposure to generative AI , LLMs, and chain-of-thought reasoning techniques. Working knowledge of MLOps tools such as MLflow , Docker , etc. Familiarity with FastAPI or Flask for API development. Ability to preprocess, clean, and analyze large datasets efficiently. Experience in integrating AI tools with legacy or existing security systems. Technologies & Frameworks: LLM Frameworks: LangChain, LlamaIndex Multi-agent Systems: AutoGen, CrewAI Vector Databases: FAISS, Pinecone, Qdrant, Elasticsearch, AstraDB MLOps Tools: MLflow, Docker Programming & APIs: Python, FastAPI/Flask Data Validation: Pydantic Why Join Us? Be at the forefront of AI innovation in cybersecurity and national technology initiatives. Lead and shape a strategic tech product (TechSagar) with national impact. Collaborate with thought leaders in the AI, cybersecurity, and emerging tech ecosystem.

Objective: Serve as L1/L2/L3 level core security domains. Lead architecture reviews, complex troubleshooting, performance tuning, threat modeling, and support design/implementation changes. Technologies Supported Domain Platform DDoS Protection Radware DefensePro / Cloud DDoS NGFW Palo Alto (Panorama, Cortex XSOAR) SIEM & IDAM OpenText ArcSight / CyberRes WAF & LB Radware AppWall / Alteon VX Endpoint Security Trend Micro Apex One / Vision One VAPT Tenable.io / SecurityCenter HSM Thales Luna / payShield APM & Logging Elastic Stack (ELK + Observability) Advanced Skill Set Expert in one or more: DDoS, NGFW, SIEM, WAF, VAPT Protocol-level packet analysis Threat intelligence and hunting workflows SIEM correlation strategy and content development Complex API integrations and automation scripting (Python/Shell) Familiarity with Zero Trust, MITRE ATT&CK, SOAR

Proactively lead and support incident response team during an incident. Experience in advance investigation, triaging, analysis and escalation of security incidents with recommendations Hands-on basic experience with configurations and management of SIEM tools(Qradar)including log source integrations, custom parser built, fine tuning and optimizing the correlation rules and use cases recommendations Is MUST. Proven Experience on any of the Security information and event management (SIEM) tools using Qradar Data-driven threat hunting using SIEM, EDR and XDR tools Basic Experience is SOAR tools such as Qradar Resilient, PaloAlto XSOAR Identify quick defence techniques till permanent resolution. Recognize successful intrusions and compromises through review and analysis of relevant event detail information. Review incidents escalated by Level 1 analysts. Launch and track investigations to resolution. Recognize attacks based on their signatures, differentiates false positives from true intrusion attempts. Actively investigates the latest in security vulnerabilities, advisories, incidents, and penetration techniques and notifies end users when appropriate. Identify the gaps in security environment & suggest the gap closure Drive & Support Change Management Performs and reviews tasks as identified in a daily task list. Report Generation and Trend Analysis. Participate in the Weekly and Monthly governance calls to support the SOC metrics reporting Good to have hands on experience with managing SIEM solutions on public/private clouds like Amazon AWS, Microsoft Azure, etc. Willing to work in 24x7 rotational shift model including night shift. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 5+ YearsHands-on experience required in Qradar SIEM and SOAR. Desired experience in Threat hunting, Threat intelligence. Worked on tools belongs to Qradar, UEBA, UAX. Bachelor’s degree in engineering/information security, or a related field. Relevant certifications such as CEH, CISSP, CISM, CompTIA CASP+, or equivalent. Proven experience to work in a SOC environment. Preferred technical and professional experience Proven experience in managing and responding to complex security incidents. Strong analytical and problem-solving skills. Excellent communication and collaboration abilities. Ability to work in a fast-paced, dynamic environment. Deep technical knowledge of security technologies and advanced threat landscapes.

Proactively lead and support incident response team during an incident. Experience in advance investigation, triaging, analysis and escalation of security incidents with recommendations Hands-on basic experience with configurations and management of SIEM tools(Qradar)including log source integrations, custom parser built, fine tuning and optimizing the correlation rules and use cases recommendations Is MUST. Proven Experience on any of the Security information and event management (SIEM) tools using Qradar Data-driven threat hunting using SIEM, EDR and XDR tools Basic Experience is SOAR tools such as Qradar Resilient, PaloAlto XSOAR Identify quick defence techniques till permanent resolution. Recognize successful intrusions and compromises through review and analysis of relevant event detail information. Review incidents escalated by Level 1 analysts. Launch and track investigations to resolution. Recognize attacks based on their signatures, differentiates false positives from true intrusion attempts. Actively investigates the latest in security vulnerabilities, advisories, incidents, and penetration techniques and notifies end users when appropriate. Identify the gaps in security environment & suggest the gap closure Drive & Support Change Management Performs and reviews tasks as identified in a daily task list. Report Generation and Trend Analysis. Participate in the Weekly and Monthly governance calls to support the SOC metrics reporting Good to have hands on experience with managing SIEM solutions on public/private clouds like Amazon AWS, Microsoft Azure, etc. Willing to work in 24x7 rotational shift model including night shift. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 5+ Years Hands-on experience required in Qradar SIEM and SOAR. Desired experience in Threat hunting, Threat intelligence. Worked on tools belongs to Qradar, UEBA, UAX. Bachelor’s degree in engineering/information security, or a related field. Relevant certifications such as CEH, CISSP, CISM, CompTIA CASP+, or equivalent. Proven experience to work in a SOC environment. Preferred technical and professional experience Proven experience in managing and responding to complex security incidents. Strong analytical and problem-solving skills. Excellent communication and collaboration abilities. Ability to work in a fast-paced, dynamic environment. Deep technical knowledge of security technologies and advanced threat landscapes.

Dear Candidate, We are seeking a Security Operations Engineer to monitor, detect, investigate, and respond to security incidents and threats across systems and networks. Key Responsibilities: Monitor alerts and logs using SIEM tools (Splunk, QRadar, Sentinel). Analyze security incidents, conduct root cause analysis, and coordinate response. Support threat hunting and vulnerability assessments. Maintain and tune security tools (IDS/IPS, endpoint protection, firewalls). Document incident reports and provide remediation recommendations. Required Skills & Qualifications: Experience in a Security Operations Center (SOC) or similar role. Strong knowledge of cybersecurity concepts and incident response. Familiarity with EDR tools (CrowdStrike, Carbon Black) and log analysis. Scripting and automation skills for detection and response tasks. Security certifications such as CEH, CompTIA Security+, or GCIA are beneficial. Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Srinivasa Reddy Kandi Delivery Manager Integra Technologies

SUMMARY Our client is IT MNC part of one of the major insurance groups based out of Germany and Europe. The Group is represented in around 30 countries worldwide, with Over 40,000 people worldwide, focusing mainly on Europe and Asia. Our client offers a comprehensive range of insurances, pensions, investments and services by focusing on all cutting edge technologies majorly on Could, Digital, Robotics Automation, IoT, Voice Recognition, Big Data science, advanced mobile solutions and much more to accommodate the customers future needs around the globe thru supporting millions of internal and external customers with state of-the-art IT solutions to everyday problems & dedicated to bringing digital innovations to every aspect of the landscape of insurance. Job Location: Hiranandani Gardens, Powai, Mumbai Mode: Work from Office Requirements Key Responsibilities: : Business-Cybersecurity Alignment: o Work closely with business stakeholders, IT security teams, and cross-functional teams to ensure cybersecurity initiatives align with the organization’s broader business goals. o Translate business needs into technical security requirements that can be effectively executed by the security and IT teams. Risk Analysis & Security Assessments: o Conduct risk assessments in the context of hybrid IT environments (cloud, on-premises, and edge) to identify security gaps and vulnerabilities. o Collaborate with security teams to evaluate existing security controls and recommend solutions to mitigate identified risks, balancing business needs with security requirements. Cybersecurity Frameworks & Compliance: o Ensure that all business and technical security requirements comply with relevant regulatory compliance frameworks (e.g., NIST CSF, ISO 27001, GDPR, HIPAA). o Support audits and compliance assessments, identifying any gaps between current practices and regulatory standards. (must have) Security Process Improvement: o Identify opportunities for process improvements within the cybersecurity function, including streamlining security incident response, access management processes, and threat detection workflows. o Develop business cases for proposed security improvements, including cost-benefit analyses and risk assessments. The Business Analyst will have comprehensive responsibilities spanning multiple cybersecurity domains, and should have expertise in at least 5 of the following areas o SIEM Sentinel & Security Operations: Manage and optimize SIEM solutions, particularly Sentinel, for effective monitoring, incident detection, and security event correlation across hybrid environments. Collaborate with security operations teams to ensure proper configuration, tuning, and reporting within SIEM platforms to support proactive threat management. o Security Tools & Technology Integration: Work with security teams to implement and optimize security tools such as SIEM (e.g., Splunk, Microsoft Sentinel), EDR (e.g., CrowdStrike, MS Purview/Defender), SOAR platforms, CASB (Cloud Access Security Broker), and Threat Intelligence systems. Help define and document requirements for the integration of cybersecurity tools into the broader security ecosystem. o User Access Management (UAM) & RBAC: Work closely with identity and access management teams to ensure the implementation of UAM and RBACsystems that align with the organization's security policy and business requirements. Support the development of processes for managing user roles, privileges, and access rights across enterprise systems. o Cloud & Encryption Security: Ensure that security policies and controls are applied across both on-premises and cloud environments(AWS, Azure, Google Cloud), addressing challenges related to cloud security, data encryption, and access management. Collaborate with technical teams to implement strong encryption methods for data - in - transit, data-at-rest, and data-in-use in line with organizational security policies. o AI & ML in Cybersecurity: (Good to have) Contribute to the use of AI/ML technologies to enhance threat detection, anomaly identification, and predictive analytics within the organization’s security operations. Collaborate with data scientists and security teams to define requirements for AI/ML-based security models and incident response automation. o SOAR Integration & Incident Response: Assist with the integration of Security Orchestration, Automation, and Response (SOAR) solutions into the incident response lifecycle to streamline response times and automate repetitive tasks. Support the continuous improvement of incident response procedures and playbooks, ensuring a consistent, rapid, and efficient approach to security incidents. Benefits

The SIEM Administrator will be responsible for administering the deployed SIEM service. The candidate is also expected to have hands on experience of deploying a SIEM solution from scratch, where the candidate should have the skills and knowledge to gather all the required information to build the SIEM solution. In-depth knowledge of technical approaches in security analytics, monitoring and alerting. Maintains technical knowledge within areas of expertise. This role is also responsible for identifying, analyzing, developing new or tuning & Refinement of the content or use cases. Strong problem solving and troubleshooting skills including the ability to perform root cause analysis for preventative investigation Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Should have experience in any of the query language i.eAQL ,KQL, SPL, LEQL etc for writing the complex queries & saved search creation. Should have strong knowledge of different cybersecurity frameworks i.e.MITRE, NIST and Cyber kill chain model. Should have understanding of regular expression writing and custom parsing Preferred technical and professional experience Collaborate with key stakeholders within technology, application and cyber security to develop use cases to address specific business needs. Create technical documentation around the content deployed to the SIEM. Creates and develops correlation and detection rules with SIEM solution, reports & dashboards to detect emerging threats

Roles and Responsibilities Conduct threat hunting activities to identify potential security threats and vulnerabilities. Analyze malware samples using various tools such as QRadar, Splunk, and ArcSight. Perform incident response duties including handling incidents, conducting root cause analysis, and implementing remediation measures. Monitor security event logs from multiple sources to detect anomalies and potential security breaches. Collaborate with other teams to develop threat intelligence reports and improve overall security posture. Desired Candidate Profile 7-12 years of experience in Security Operations Center (SOC) or related field. Strong understanding of incident response, threat analysis, threat intelligence gathering, log analysis, and security monitoring concepts. Proficiency in tools like QRadar, Splunk, ArcSight for malware analysis and incident response tasks.