181 Threat Intelligence Jobs - Page 6

What You'll Do Avalara is looking for Detection Engineer to join the Detection and Response Team. The ideal candidate will have a track record in incident response, demonstrating advanced technical expertise and leadership capabilities. Your role will be of an Incident Response Analyst, you will help protect Avalara. This includes detecting, investigating, and mitigating security incidents. You will also be a key contributor in improving our incident response capabilities. You will report to Security leadership at Avalara. This is a remote position. What Your Responsibilities Will Be You will perform incident response activities and workstreams as the Incident Response Senior Analyst. You will monitor security systems, including Intrusion Detection Systems (IDS), Endpoint Detection and Response (EDR) platforms, software firewalls, and Security Information and Event Management (SIEM) platforms. Gather and analyze evidence from affected systems, logs, and network traffic. You will conduct detailed investigations of security incidents to determine the root cause, scope, and impact. Document all aspects of security incidents, including timelines, actions taken, and lessons learned. Perform forensic analysis of compromised systems to identify the techniques and tactics used by attackers, or as directed by Legal. Collaborate with cross-functional teams including Engineering, IT, Security Operations, Legal, HR, and Compliance to manage and mitigate incidents. Strengthen KPIs and metrics for measuring response effectiveness and provide clear and consistent reporting to internal stakeholders. Participate in rotating On Call shifts that utilize a paging system in case a security event requires attention. What You'll Need to be Successful 5+ years experience in Security Incident Response. Experience across the information security domain, including familiarity with endpoint, email, network, cloud security, vulnerability management, incident response, and threat intelligence. Experience with log analysis, network security, digital forensics, and incident response investigations. Ability to script / code using Python or an equivalent language. Bachelor's degree in computer science, information security, or relevant experience. Certifications related to digital forensics and incident response.

Monitor,analyze security events,alerts across various platforms. Investigate potential security incidents,escalate as appropriate,following defined incident response processes. Correlate events from multiple sources to identify patterns or anomalies Required Candidate profile Lead,participate in threat hunting activities to proactively identify potential threats vulnerabilities Serve as the administrator for SOC tools including SIEM, EDR, SOAR,threat intelligence platforms Perks and benefits To be disclosed post interview

We are looking for a content development engineer or L2 level SOC SIEM engineer with hands-on experience in developing new rules, use cases based on various log sources including Cloud Security log sources and integrating various log sources with SIEM Platform. Roles and Responsibilities: Creating and implementing new threat detection content, rules and use cases to deploy in SIEM platform with different data sets like Proxy, VPN, Firewall, DLP, etc. Assisting with process development and process improvement for Security Operations to include creation/modification of SOPs, Playbooks, and Work instructions. Developing custom content based on threat intelligence and threat hunting results. Identifying gaps in the existing security controls and develop/propose new security controls. SIEM Engineering and knowledge of integrating various log sources with any SIEM platform. Custom parsing of logs being ingested into the SIEM Platform 3+ years of experience working in the field of Content development and experience in delivering and/or building content on any of the SIEM tools like Splunk/Arc-sight /QRadar/Nitro ESM/etc. Deep understanding of MITRE ATT&CK Framework. Experience in SOC Incident analysis with an exposure to information security technologies such as Firewall, VPN, Intrusion detection tools, Malware tools, Authentication tools, endpoint technologies, EDR and cloud security tools. Good understanding of networking concepts. Experience interpreting, searching, and manipulating data within enterprise logging solutions (e.g. SIEM, IT Service Management (ITSM) tools, workflow, and automation) In depth knowledge of security data logs and an ability to create new content on advanced security threats on a need basis as per Threat Intelligence. Ability to identify gaps in the existing security controls. Good experience in writing queries/rules/use cases for security analytics (ELK, Splunk or any other SIEM platform) and deployment of content. Experience on EDR tools like Crowd-strike and good understanding on TTPs like Process Injection. Excellent communication, listening & facilitation skills Ability to demonstrate an investigative mindset. Excellent problem-solving skills. Preferred : Understanding of MITRE ATT&CK framework. Demonstrable experience in Use case /rule creation on any SIEM Platform. Chronicle Backstory/ YARA / Crowds trike rules is a plus. Location: Pan India

The Group Security (GS) Cybersecurity Defense Center (CDC) team is looking for a Security Operations Center (SOC) Analyst, responsible for execution of incident response, investigative analysis of security incidents, reporting, continuous improvement, and post-incident activities. Will work closely with the CDC Engineering Team, internal Nokia teams, external Security Suppliers, and various technology vendors. Group Security (GS) is part of Strategy & Technology and Nokias central knowledge center for Nokias cybersecurity policies and standards, the cybersecurity architecture and roadmap, and the monitoring and alerting of security incidents. You have: 5+ years of experience in a Security Operations Center (SOC) or similar role 2+ years of experience working with one or more of following systemsMicrosoft Sentinel, Microsoft Defender for Endpoint (MDE), Microsoft Defender for Identity (MDI), SentinelOne or Rapid7 Deep knowledge of incident response methodologies and forensic analysis techniques Strong understanding of cloud security principles and experience with major cloud platforms (AWS, Azure, GCP) Expertise in leveraging automation tools for enhancing security operations It would be nice if you also had: Certifications such as CompTIA Cybersecurity Analyst (CySA+), GIAC Certified Incident Handler (GCIH), or Certified SOC Analyst (CSA) Mentoring experience with junior analysts Execute complex security investigations using log analysis and threat intelligence across all Nokia assets Collaborate with SOC Engineers to drive automation and implement AI-powered security solutions Apply cloud security best practices and zero-trust architecture principles in security operations Engage with senior stakeholders to communicate security risks and improve incident response efforts Lead advanced threat hunting initiatives leveraging expertise in security tools and techniques Contribute to the continuous development of SOC processes, technologies, and techniques for enhanced security Mentor and guide junior analysts to foster a culture of learning and professional growth Facilitate post-incident activities, ensuring comprehensive reporting and continuous improvement of security measures

Lead the deployment of Cisco SD-WAN, Cisco ACI and network segmentation security strategies to enhance security and optimize network performance across multiple sites. Define the security architecture strategy for the organization, ensuring the network infrastructure is aligned with the latest security standards, compliance frameworks (e.g., NIST, ISO 27001), and business objectives. Architect highly scalable, secure, and high-performance Cisco-based security solutions for both on-premises and cloud environments, incorporating Cisco SD-WAN , next-gen firewalls , cloud security , and Zero Trust principles. Provide technical leadership in the integration of Cisco security solutions into complex multi-cloud environments, ensuring that security is embedded in all aspects of the network. Define and implement security frameworks to ensure the confidentiality, integrity, and availability of organizational data and assets, using Cisco’s security technologies such as Cisco ISE (Identity Services Engine) for network access control and Cisco Talos for threat intelligence and Splunk Work closely with other architects, network engineers, and security operations teams to develop a comprehensive end-to-end network security strategy that includes risk assessments, threat modeling, and secure design patterns. Lead the deployment of Cisco SD-WAN and network segmentation strategies using Cisco ACI to enhance security and optimize network performance across multiple sites. Advise stakeholders on emerging network security trends , including the integration of cloud-native security technologies, and ensure that the organization is prepared for the evolving threat landscape. Collaborate with DevOps and cloud teams to incorporate security as part of the CI/CD pipeline and automate security checks at every stage of application delivery. Review and enhance network security policies , ensuring they reflect best practices and are in line with industry standards. Manage the security governance process for the organization’s network infrastructure. Mentor and guide junior architects and network security engineers, sharing knowledge and driving best practices in the architecture and implementation of Cisco network security solutions. Engage with vendors , stakeholders, and third-party partners to evaluate new Cisco technologies and security solutions that can be leveraged to strengthen network defenses. Continuously assess the security posture of network infrastructure, utilizing Cisco Stealthwatch , SecureX , and other tools to detect and respond to potential threats. Knowledge of the CISCO AI tools Knowledge of different vulnerability assessments tools. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Bachelor’s degree in Information Technology, Cybersecurity, Networking, or a related field (or equivalent work experience). 5+ years of experience in network security architecture with a strong focus on Cisco technologies, such as Cisco Secure Firewall (formerly Firepower), Cisco ASA, Cisco Umbrella, Cisco SecureX, Cisco ISE, Cisco Secure Network Analytics (formerly Stealth watch), Cisco Duo Security, Cisco Secure Access by Duo, and Cisco Cloud Security. Proven expertise in designing and implementing next-gen firewall architectures. Strong experience architecting and implementing Cisco cloud security solutions in multi-cloud environments (AWS, Azure, GCP), Cloud Firewalls, IPSec, Load Balancers and other virtual appliances Expertise in Zero Trust Architecture (ZTA) and its integration with Cisco security solutions . In-depth knowledge of Cisco ACI for secure network segmentation and application-centric security in data centers. Extensive experience in network risk management and security compliance frameworks (e.g., PCI-DSS, HIPAA, GDPR). Experience working with Cisco SecureX , Cisco Talos , and other Cisco tools for threat intelligence and network monitoring. Strong leadership skills with a proven track record of guiding cross-functional teams and senior leadership on strategic decisions related to network security architecture. Advanced proficiency in security automation and orchestration, including using Cisco’s automation tools to improve security operations. Strong understanding of cloud-native network security and integrating security into cloud environments. Excellent communication skills and the ability to present complex security concepts to both technical and non-technical stakeholders. Preferred technical and professional experience CCIE Security or CCNP Security certification (or equivalent). Deep understanding of Cisco Meraki and Cisco Talos threat intelligence platforms. Experience in architecting Secure SD-WAN solutions with Cisco Viptela and Cisco Meraki . Familiarity with micro-segmentation and implementing Cisco ACI in a multi-cloud environment. Expertise in securing IoT networks using Cisco security solutions. Knowledge of Cisco Identity Services Engine (ISE) and its integration into large-scale network security architectures.

Aqua, Vulnerability Assessment, Vulnerability Mitigation - Applicants should possess 7+ years of demonstrated experience in cybersecurity, network engineering, and/or infrastructure engineering 5 of the years must include hands on experience in one or many of the following areas - threat intelligence, server vulnerability management and container vulnerability management - 3 plus years experience administering cloud container vulnerability solutions like Aqua or Wix is required Candidates without this experience will not be considered - 3+ years working with container technologies and container vulnerabilities is required Candidates without this experience will not be considered - Experience with scanning solutions such as Rapid7, Qualys, or Tenable scanning is desired - Understanding of MITRE ATTCK and OWASP frameworks is desired - Understanding of malware and common attack types is desired

This will be an Individual Contributor role to start and can evolve over time based on how this function matures. You will play a critical role in the companys tech infrastructure, processes which will be fully aligned with regulatory, security and business continuity standards. Key Responsibilities Draft, coordinate monitor IT processes policies to ensure compliance as per IT Act, regulatory bodies (e.g. RBI, SEBI, GDPR, UIDAI etc.), info security (ISM) guidelines and other applicable laws with respect to Technology, in coordination with internal external stakeholders Prepare update business-wise IT infra details required by the Compliance/Legal teams for regulatory filings and 3rd party audits Conduct vendor risk assessment audits ensure identified gaps are proactively filled Introduce new processes policies by conducting market studies surveys relevant to our business Plan, formulate, coordinate, implement monitor the cyber crisis management plan (CCMP) Incident Management and resolution Interface with external auditors and set up processes to ensure all Infosec audits go smoothly Formulate, implement, review monitor BCP Requirements 4-6 years of experience, including being SPOC for Infosec audits In-depth knowledge of technology, security, risk, and compliance best practices Strong capability in interfacing with both technology and business teams Detailed understanding of security monitoring, threat intelligence vulnerability management A self-driven attitude with a strong sense of ownership Experience with RBI and/or SEBI (preferred) audits is a big plus Assisting the team to conduct Technology Committee Assisting the Risk Officer to conduct independent assessments of the business functions Provide timely data for Risk Management Committee

Total Experience: Experience 5 8 years Job Skills: Keep track of APTs groups (advanced persistent threats). Know APT Groups motivation, their tools & techniques, the malware they write, and C&C (command and control center), identify their targets. Threat intelligence analyst must have professional experience in cybersecurity. A Threat Researcher is responsible for identifying and analyzing potential threats to an organizations network and systems. They work to understand the tactics, techniques, and procedures (TTPs) used by threat actors to compromise systems and steal sensitive data. Threat Researchers are also responsible for developing and implementing strategies to detect, prevent, and mitigate these threats. Conducting research on emerging threats and Vulnerabilities. Analyzing Threat intelligence data to identify potential threats. Developing and implementing strategies to detect and prevent threats. Collaborating with other cybersecurity professionals to develop and implement security measures. Creating reports and presentations to communicate findings to management and other stakeholders. Ensure all the advisories received from regulatory and strategy partners are analyzed and processed in timely manner. All TI trackers are updated in near real time. Create reports/Dashboard for higher management. Collects data types and sources of information in addition to commonly collecting forms of threat data, i.e., malicious IPs and domains. Information from news and social media sources. Vulnerability data such as personally identifiable information. Performs sorting, filtering, indexing on raw data. Format and structure raw data. Take the result of several tools, data sources and combines those data points on a per-host basis, performing, investigating, and analyzing data. DisseminationDeliver the intelligence to the intended consumers at different levelsStrategic, Tactical, Operational, Technical. Provide Contextual Intel feeds to all the stacks which requires priority attention to protect HDFC assets. Regular training and knowledge sharing with the team. Collaboration with TH and RT and provide threat intel to SOC CD to create use case. There should be no audit points to come from the defined and existing process. Audit requirements should be fulfilled. Efficacy testing for new product as per industry best practice. Timely tracking and follow-ups on all open alerts/advisories. Timely escalation on open issues/tasks. Responding to all intelligence received from our Threat Intel partners and inform seniors or required escalation where required like Bank data leak/breach alerts. Doing in-house threat research from the open sources along with the help of our existing Threat Intel portal.

Greetings !! We are looking for a skilled Splunk Administrator with hands-on experience in deploying and managing Splunk Enterprise and Splunk Cloud. The ideal candidate should have experience in Splunk Enterprise Security (ES), Splunk UBA, and IT Service Intelligence (ITSI). This role requires strong technical skills, along with the ability to communicate effectively with customers. Roles & Responsibilities: Splunk Deployment & Administration: Install, configure, and manage Splunk Enterprise and Splunk Cloud. Handle indexers, search heads, forwarders, and clustering. Optimize Splunk performance, storage, and scalability. Security & Splunk Monitoring Solutions: Implement and manage Splunk Enterprise Security (ES), Splunk UBA, and ITSI. Configure correlation searches, threat intelligence feeds, risk-based alerting (RBA), and dashboards. Troubleshoot security-related issues within Splunk. Customer Interaction & Troubleshooting: Engage with customers to understand their requirements and provide technical guidance. Troubleshoot and resolve Splunk-related issues, logs ingestion, parsing, and data onboarding. Splunk Architecture & Implementation: Design, deploy, and optimize Splunk Enterprise and Splunk Cloud environments. Lead end-to-end Splunk implementations, migrations, and upgrades. Manage search head clustering, indexer clustering, and data retention policies. Security & Observability Solutions: Architect and configure Splunk Enterprise Security (ES), Splunk UBA, and ITSI. Implement risk-based alerting (RBA), custom correlation searches, and advanced analytics. Integrate Splunk with SOAR, cloud platforms (AWS, Azure, GCP), and third-party security tools. Team Leadership & Customer Engagement: Lead and mentor a team of Splunk Administrators & Engineers. Interact with customers to gather requirements, design solutions, and conduct workshops etc. Review and improve Splunk use cases, dashboards, and data models. Optimization & Automation: Develop custom scripts (Python, Bash, PowerShell) for automation and orchestration. Tune Splunk performance, search queries, and indexing strategies. Implement best practices for data onboarding, parsing, and CIM compliance. Interested can share their updated resume to gayathri.ramaraj@locuz.com along with the below mentioned details. Current CTC: Expected CTC: Notice Period:

Job Description: At least 10 years of experience in Information Security operations & management with hand on experience in large security operations center using IBM QRadar/Splunk/ArcSight or similar SIEM tool. Manage network, endpoints and forensics initiatives, malware triage and cyber security incident response Managing Cyber Security Services engagements and engagement teams Recognizing common attacker tools, tactics, and procedures Providing oversight for on-site examinations and collections and technology advisory services to enhance forensic client engagements Researching and developing new digital forensics scripts, tools, and methodologies Assessing and troubleshooting a variety of technical issues and support a cyber response lab on our clients SIEM tool and UEBA platform Assist in conducting peer reviews and providing quality assurance reviews for junior personnel and will support the mentoring of junior incident managers and provide guidance to others on incident management prioritization, triage and report writing in support of onsite engagements. Guiding the team to Monitor, identify and investigate the security alerts and perform incident response activities related to cybersecurity incidents Creates new trouble tickets for alerts that signal an incident and require Tier 2 / Incident Response review Respond to cybersecurity incidents, conduct threat analysis as directed and address detected incidents for resolution Should be able do multitasking to coordinate incident with Sr analyst and escalation manager Recommend enhancements to SOC security process, Operations efficiencies. Create Incident response (IR) plan, IR play books, manage all incidents and crisis situations. Log Analysis, handle, resolve security incidents. Collaborate with respective tracks/technical team for remediation of the incident. Periodical review of incident response plan and procedures. Recommend and document specific countermeasures and mitigating controls Develop comprehensive and accurate reports and presentations for both technical and executive audiences Preferred Skills: Strong knowledge of cyber-attacks and techniques, Cyber Kill chain, incident management best practices. A high-level understanding of multi-tiered applications and various network and security devices/protocols Knowledge of various operating system flavour including but not limited to Windows, Linux, Unix Proficient in preparation of reports and documentation. Knowledge of Cyber-criminal techniques, Compliance, and regulatory standards. Excellent verbal and written communication skills.

Required Zscaler Certifications (any of these in Administrator Certification): Zero Trust Certified Associate (ZTCA) Zscaler Internet Access (ZIA) Zscaler Private Access (ZPA) Zscaler Digital Experience (ZDX)

Job Information Job Opening ID ZR_1924_JOB Date Opened 06/05/2023 Industry Technology Job Type Work Experience 5-8 years Job Title Splunk Content Development City Chennai Province Tamil Nadu Country India Postal Code 600001 Number of Positions 5 We are looking for a content development engineer or L2 level SOC SIEM engineer with hands-on experience in developing new rules, use cases based on various log sources including Cloud Security log sources and integrating various log sources with SIEM Platform. Roles and Responsibilities: Creating and implementing new threat detection content, rules and use cases to deploy in SIEM platform with different data sets like Proxy, VPN, Firewall, DLP, etc. Assisting with process development and process improvement for Security Operations to include creation/modification of SOPs, Playbooks, and Work instructions. Developing custom content based on threat intelligence and threat hunting results. Identifying gaps in the existing security controls and develop/propose new security controls. SIEM Engineering and knowledge of integrating various log sources with any SIEM platform. Custom parsing of logs being ingested into the SIEM Platform Job : 3+ years of experience working in the field of Content development and experience in delivering and/or building content on any of the SIEM tools like Splunk/Arc-sight /QRadar/Nitro ESM/etc. Deep understanding of MITRE ATT&CK Framework. Experience in SOC Incident analysis with an exposure to information security technologies such as Firewall, VPN, Intrusion detection tools, Malware tools, Authentication tools, endpoint technologies, EDR and cloud security tools. Good understanding of networking concepts. Experience interpreting, searching, and manipulating data within enterprise logging solutions (e.g. SIEM, IT Service Management (ITSM) tools, workflow, and automation) In depth knowledge of security data logs and an ability to create new content on advanced security threats on a need basis as per Threat Intelligence. Ability to identify gaps in the existing security controls. Good experience in writing queries/rules/use cases for security analytics (ELK, Splunk or any other SIEM platform) and deployment of content. Experience on EDR tools like Crowd-strike and good understanding on TTPs like Process Injection. Excellent communication, listening & facilitation skills Ability to demonstrate an investigative mindset. Excellent problem-solving skills. Preferred : Understanding of MITRE ATT&CK framework. Demonstrable experience in Use case /rule creation on any SIEM Platform. Chronicle Backstory/ YARA / Crowds trike rules is a plus. Location: Pan India check(event) ; career-website-detail-template-2 => apply(record.id,meta)" mousedown="lyte-button => check(event)" final-style="background-color:#2B39C2;border-color:#2B39C2;color:white;" final-class="lyte-button lyteBackgroundColorBtn lyteSuccess" lyte-rendered=""> I'm interested

Job Role : Cyber Security Engineer--Work From Office Experience : 4 to 8 Yrs Key Skills: Security tools integration and management, Log ingestion, writing rules and polices in SIEM tool, USE case Creation Notice Period : 0 to 30 days Should be willing to work in Second shift Company: Cyber Towers, Quadrant 3, 3rd floor, Madhapur, Hyderabad -- 500081. Job Overview: Analyze and recommend improvements to network, system, and application architectures to enhance security. Research, design, and implement cybersecurity solutions that protect the organizations systems and products. Collaborate with DevOps, Platform Engineering, and Architecture teams to ensure security is embedded in the design and development of applications and systems. Actively participate in the change management process, ensuring security considerations are prioritized in system upgrades and modifications. Design and deploy automated security controls to improve efficiency in risk identification, configuration management, and security assessments. Develop and refine security policies to address cloud security misconfigurations, leveraging cloud-native security technologies. Implement logging and monitoring solutions for cloud environments to enhance SOC team capabilities in detecting and responding to security incidents. Assess and review emerging technologies to identify potential security risks and implement mitigation strategies. Design and deploy innovative security technologies to address evolving security challenges. Conduct vulnerability scanning, anomaly detection, and risk assessment to enhance the security posture. Work closely with security architects to develop and deploy security solutions that address cloud-specific risks. Take ownership of security posture improvements, ensuring strict security policies and controls align with business objectives. Research and stay up to date on emerging security threats and provide strategic recommendations to strengthen security defenses. Qualifications & experience: Hands-on experience with implementing security controls, including Database security, Web content filtering, Anomaly detection & response, Vulnerability scanning & management Proficiency in at least one scripting language (e.g., Perl, Python, PowerShell, Bash) for automation and security tooling. Expertise in at least one of the following security domains: Cloud-native security (e.g., IAM, security groups, encryption), Endpoint security (e.g., EDR/XDR, mobile security) Strong familiarity with industry security frameworks and regulations, including: NIST Cybersecurity Framework (CSF) , CIS Controls, HIPAA, GDPR compliance Ability to assess compliance requirements and implement security controls to ensure adherence. Strong problem-solving and analytical skills, with the ability to assess complex security risks and develop mitigation strategies. Excellent communication and interpersonal skills, with the ability to engage both technical and non-technical stakeholders. Proven ability to work independently, manage projects, and contribute as an integral part of a high-performing security team.

As an L1 Threat Hunter, you will work closely with SOC analysts and incident responders to identify, analyze, and escalate suspicious activity using a variety of tools and threat intelligence sources.

As an L1 SOC Analyst, you will be responsible for monitoring alerts and triaging basic security events from SIEM, EDR, and NDR platforms. Your role includes identifying suspicious activities, escalating incidents as per defined SOPs, and supporting the security operations team in daily monitoring tasks. Key Responsibilities: Monitor alerts from SIEM (QRadar, Microsoft Sentinel), EDR (Microsoft Defender for Endpoint), and NDR (LinkShadow/Darktrace) platforms Triage basic security events and validate incidents using established playbooks Escalate potential threats to L2 analysts based on severity and context Review and respond to AV/EDR alerts and execute predefined security queries Log incidents, document actions, and maintain ticketing system with accurate updates Enrich alerts with known threat intelligence and IOCs (IP, domain, file hashes) Support incident response efforts for phishing, malware, brute-force attacks, etc. Collaborate with team members and shift leads to ensure 24x7 monitoring coverage Tool Experience (Preferred): SIEM Tools: Basic use of QRadar and Microsoft Sentinel EDR/XDR: Microsoft Defender for Endpoint, Antivirus consoles NDR: LinkShadow or Darktrace (basic familiarity) Other Tools: Microsoft Exchange Online Protection (EOP), Azure AD Sign-In Logs (optional) Certifications (Preferred): CompTIA Security+ Microsoft SC-900 Shift Readiness: This role requires flexibility to work in 24x7 rotational shifts , including nights, weekends, and holidays. Required Skills: Understanding of basic cybersecurity concepts Familiarity with security alert triage and incident logging Basic knowledge of Indicators of Compromise (IOCs) Fast learner with strong attention to detail Effective communicator and team player

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NA Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of cloud security controls and transition to cloud security-managed operations. Roles & Responsibilities: Resource would be working directly with Client driving enhancements and recommending technological enhancements. Integrating custom applications by developing custom connectors like OT and internal build applications. Perform Log Analytics Migration from different Azure regions, basically performing architectural changes recommended by audit team. Working with Cyber Threat client team to develop detection models using Sentinel Jupiter. Work with security architects to recommend and build DR environment for Azure Sentinel. Integrate Anomaly Threat Stream with Azure Sentinel. Would be working with infrastructure architects to segment sentinel resources based on Tier architecture. Recommend and implement new upcoming Azure Sentinel features. Recommend and Architect Complex SOAR automations using Azure Logic Apps. Professional & Technical Skills: Must Have Skills: Proficiency in Azure Sentinel Build activity. Strong understanding of threat intelligence analysis Experience in designing and implementing security solutions Knowledge of security compliance standards and regulations Hands-on experience with security tools and technologies Additional Information: The candidate should have a minimum of 7.5 years of experience in which 4 years of experience in Azure Sentinel deployments and implementation. This position is based at our Bengaluru office A 15 years full time education is required Qualification 15 years full time education

Cyber Security Analyst UltraViolet Cyber is seeking a Cyber Security Analyst to add to our existing team. Primary responsibilities will require: (i) in-depth analysis of intrusions in diverse computing environments; (ii) thorough packet analyses; (iii) implementing/optimizing changes to security infrastructure; (iv) integrating threat intelligence into the operational environment; and (v) protecting systems and infrastructure from infiltration or exfiltration of data. Responsibilities: Perform analyses of network infrastructure, applications, operating systems, firewalls, proxy devices and malware detection in a fast-paced environment Proactively identify threats across a wide range of customer environments Monitor alerts using a SIEM platform to respond, triage and escalate incidents, as necessary Perform vulnerability scans, analyze results and recommend remediation actions Perform continuous monitoring of diverse security environments and analyze event log data to determine severity and prioritization of incident response efforts Contribute to the advancement of security posture Minimum Requirements: 2 years of operational experience with securing and monitoring multiple platforms, network configurations and implementations Broad knowledge of IT security General systems infrastructure experience Experience with log correlation and packet analysis tools Solid understanding of common enterprise information systems services such as Active Directory Solid understanding of TCP/IP protocol suite, security architecture and security techniques/products Experience with various security management tools (e.g., vulnerability management, configuration management and SIEM) Proven ability to analyze captured data to perform incident response and identify potential compromises Excellent written and oral communication skills Preferred Education and Certifications: B.A or B.S in computer science or related field CompTia Sec+ CompTia CySa+

Job Title: Senior Security Analyst Threat Hunting & Incident Response Location: Bangalore (Rotational Shifts) Mode of work- 5 days WFO Experience: 8+ Years Job Type: Full-time Job Description: We are looking for a highly skilled and experienced Senior Security Analyst to join our client's Cybersecurity team. This role involves leading incident response activities, performing proactive threat hunting, and enhancing our overall security posture through innovative detection strategies and forensic investigations. Key Responsibilities: Lead end-to-end security incident response, including analysis, containment, mitigation, and reporting. Design and implement detective controls for emerging threats and vulnerabilities. Perform proactive threat hunting across multiple platforms and environments. Continuously enhance SIEM/SOAR/XDR alert use cases and threat detection capabilities. Research emerging threats, vulnerabilities, and attack techniques to improve defenses. Participate in a 24/7 on-call rotation to support incident response and critical investigations. Document incident response activities and produce detailed reports for stakeholders. Conduct post-incident reviews to drive improvements in tools, processes, and readiness. Collaborate across teams to improve the organization’s threat detection and response maturity. Required Qualifications: Bachelor’s degree in Computer Science, Cybersecurity, or related field. Minimum 8 years of experience in Security Operations, Incident Response, or Threat Detection. Strong experience with threat hunting methodologies and frameworks. Hands-on expertise with tools such as SIEM, SOAR, XDR (e.g., Cortex XSIAM, Torq). Working knowledge of MITRE ATT&CK , NIST frameworks, and cyber kill chain concepts. Preferred Skills & Experience: Strong understanding of network and endpoint security, defense-in-depth, and current threat trends. Experience with cloud security (AWS, Azure, GCP) and public cloud defense techniques . Exposure to Endpoint Detection & Response (EDR) tools, forensic analysis, and log correlation. Proficiency in scripting languages (e.g., Python, PowerShell ) for automation and analysis. Relevant certifications such as CISSP, GIAC (GCIA, GCIH, GCFA), CEH are a plus. Strong analytical mindset with the ability to assess risk and prioritize response. Excellent written and verbal communication skills.

* Design, implement & maintain automated security solutions. * Ensure compliance with industry standards & best practices. * Monitor SIEM data & SOC alerts.

Responsibilities: Monitor systems, respond to incidents. Collaborate with teams on threat management strategies. Manage access control & encryption. Maintain compliance standards. Conduct regular security assessments. Office cab/shuttle Food allowance Health insurance Provident fund

About Position: We at Persistent are looking for a Threat Hunter with experience in Threat Hunting, Malware Analysis. Role: Threat Hunter Location: Pune Experience: 5 to 10 years Job Type: Full Time Employment What You'll Do: 3+ years in threat hunting Job Summary: We are seeking a proactive and analytical Threat Hunter to join our cybersecurity team. The ideal candidate will be responsible for identifying, investigating, and mitigating advanced threats that evade traditional security defenses. Analyzing and reviewing and validating the logs from the log sources. Suggesting user case fine tuning, new use case creation. Troubleshooting SIEM issues related to log sources. Collaborating with other members of the SOC team, as well as internal and external stakeholders, to resolve complex security incidents. Keeping up to date with the latest cybersecurity threats, trends, and technologies to improve the efficiency and effectiveness of incident response. As a Threat Hunter, you will leverage threat intelligence, analytics, and internal telemetry to detect signs of compromise and anomalous behavior across the enterprise environment. Key Responsibilities: Proactively hunt for unknown threats in the environment using a hypothesis-driven approach Analyze large volumes of logs, telemetry, and data from EDR, SIEM, network traffic, and other sources Develop and refine detection logic to identify stealthy and novel threats. Expertise You'll Bring: Strong understanding of cyber kill chain, MITRE ATT&CK, and threat actor behavior Hands-on experience with SIEM tools (e.g., Splunk, QRadar, Sentinel) Familiarity with EDR solutions (e.g., CrowdStrike, Carbon Black, Cisco Amp Microsoft Defender) Scripting skills in Python, PowerShell, or similar languages Benefits: Competitive salary and benefits package Culture focused on talent development with quarterly promotion cycles and company-sponsored higher education and certifications Opportunity to work with cutting-edge technologies Employee engagement initiatives such as project parties, flexible work hours, and Long Service awards Annual health check-ups Insurance coverage: group term life, personal accident, and Mediclaim hospitalization for self, spouse, two children, and parents Inclusive Environment: Persistent Ltd. is dedicated to fostering diversity and inclusion in the workplace. We invite applications from all qualified individuals, including those with disabilities, and regardless of gender or gender preference. We welcome diverse candidates from all backgrounds. We offer hybrid work options and flexible working hours to accommodate various needs and preferences. Our office is equipped with accessible facilities, including adjustable workstations, ergonomic chairs, and assistive technologies to support employees with physical disabilities. If you are a person with disabilities and have specific requirements, please inform us during the application process or at any time during your employment. We are committed to creating an inclusive environment where all employees can thrive. Our company fosters a values-driven and people-centric work environment that enables our employees to: Accelerate growth, both professionally and personally Impact the world in powerful, positive ways, using the latest technologies Enjoy collaborative innovation, with diversity and work-life wellbeing at the core Unlock global opportunities to work and learn with the industry's best Let's unleash your full potential at Persistent "Persistent is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind."

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Cyber Threat Intelligence Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and transitioning to cloud security-managed operations, all while ensuring compliance with industry standards and best practices. You will engage in discussions to refine security strategies and provide insights that enhance the overall security posture of the organization. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct regular assessments of cloud security measures to identify potential vulnerabilities and recommend improvements.- Collaborate with cross-functional teams to ensure alignment of security practices with business objectives. Professional & Technical Skills: - Must To Have Skills: Proficiency in Cyber Threat Intelligence.- Strong understanding of cloud security principles and frameworks.- Experience with threat modeling and risk assessment methodologies.- Familiarity with security compliance standards such as ISO 27001, NIST, and GDPR.- Ability to analyze and respond to security incidents effectively. Additional Information:- The candidate should have minimum 3 years of experience in Cyber Threat Intelligence.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Endpoint Extended Detection and Response Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a skilled cybersecurity professional with hands-on experience in managing and optimizing CrowdStrike EDR, FIM, Host Firewall, MxDR solutions. As a CrowdStrike EDR Specialist, you will play a critical role in endpoint threat detection, incident response, and continuous monitoring of the enterprise environment to identify and remediate cyber threats. Roles & Responsibilities:-Deploy, configure, and maintain CrowdStrike Falcon EDR agents across enterprise endpoints.-Monitor CrowdStrike dashboards and alerts for suspicious activity, malware, and unauthorized behavior.-Investigate, analyze, and respond to endpoint-related security incidents.-Create and tune detection rules, indicators of compromise (IOCs), and response workflows.-Collaborate with SOC teams, IT administrators, and incident responders on security investigations.-Perform threat hunting using CrowdStrike Falcon and other tools.-Develop reports and dashboards that provide visibility into the EDR environment and incident trends.-Ensure EDR platform integration with SIEM and other cybersecurity tools.-Stay updated on emerging threats and recommend configuration or policy improvements.-Knowledge and Exposure on Service Now ticketing for Incident Management, Problem Management and Change Management. Professional & Technical Skills: -Experience in a EDR (CrowdStrike) or threat detection role.-Strong hands-on experience with CrowdStrike Falcon EDR (deployment, policy management, investigation, etc.).-Solid understanding of malware, endpoint threats, and attack vectors.-Familiarity with MITRE ATT&CK framework and threat intelligence principles.-Experience with scripting (PowerShell, Python, etc.) and automation tools is a plus.-Knowledge of SIEM platforms (Splunk, QRadar, etc.) and their integration with EDR.-Relevant certifications preferred (e.g., CrowdStrike CCFA, FIM, Azure Fundamental). Additional Information:- The candidate should have minimum 3 years of experience in Endpoint Extended Detection and Response.- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience).- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Threat Hunting Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure that the architecture aligns with organizational objectives, while also addressing any emerging security challenges in the cloud environment. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Develop and maintain comprehensive documentation of security architecture and controls.- Conduct regular assessments of security measures and recommend improvements. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Threat Hunting.- Strong understanding of cloud security principles and best practices.- Experience with security incident response and threat intelligence.- Familiarity with compliance frameworks and regulatory requirements.- Ability to analyze security risks and develop mitigation strategies. Additional Information:- The candidate should have minimum 7.5 years of experience in Security Threat Hunting.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Architecture Design Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will be responsible for defining the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will document the implementation of the cloud security controls and transition to cloud security-managed operations. Your typical day will involve designing and implementing security solutions, collaborating with cross-functional teams, and ensuring the integrity and confidentiality of data. Roles & Responsibilities:- Expected to be an SME, collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Design and implement security solutions to protect the organization's cloud infrastructure.- Collaborate with cross-functional teams to ensure the integrity and confidentiality of data.- Conduct risk assessments and develop strategies to mitigate security risks.- Stay up-to-date with the latest security trends and technologies.- Ensure compliance with industry standards and regulations.- Train and educate employees on security best practices. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Architecture Design.- Strong understanding of cloud security principles and best practices.- Experience with cloud security technologies and tools.- Knowledge of network security protocols and technologies.- Familiarity with security frameworks and standards such as ISO 27001 and NIST.- Good To Have Skills: Experience with cloud platforms such as AWS or Azure.- Experience with security incident response and management.- Knowledge of threat intelligence and vulnerability management.- Understanding of identity and access management concepts.- Solid grasp of encryption and cryptographic techniques. Additional Information:- The candidate should have a minimum of 7.5 years of experience in Security Architecture Design.- This position is based at our Mumbai office.- A 15 years full time education is required. Qualification 15 years full time education