Specialist - Information Security 7 - 10 Years 1 opening Bengaluru Job Description Responsibilities: 1. A senior SOC analyst would work closely with the SOC team and be responsible for incident detection, triage, analysis, and response. 2. Hands-on experience with configurations and management of SIEM tools (Qradar (preferred), Azure Sentinel, and Splunk), including log source integrations, custom parsers built, fine tuning and optimizing the correlation rules, and use cases Is MUST. 3. Proven experience with any of the security information and event management (SIEM) tools like Azure Sentinel (preferred), Qradar, Splunk, etc. 4. Having good experience working with an EDR solution like MS Defender 5. Determine quick defense techniques until a permanent solution is found. 6. Experience in building automation playbooks using any of the SOAR tools like IBM Resilient (Preferred), ServiceNow SecOps, Demisto (XSOAR), and LogicApps 7. Experience in writing automation scripts using Python, KQL, and PowerShell 8. Recognize successful intrusions and compromises by reviewing and analyzing relevant event detail data. 9. Review incidents escalated by Level 1 analysts. 10. Launch and track investigations to resolution. Recognize attacks based on their signatures, which differentiates false positives from true intrusion attempts. 11. actively investigates the latest in security vulnerabilities, advisories, incidents, and 12. penetration techniques and notifies end users when appropriate. 13. Identify the gaps in the security environment and suggest the gap's closure. 14. Change Management must be driven and supported. 15. performs and reviews tasks as identified in a daily task list. 16. Report Generation and Trend Analysis Starting the governance meeting with the customer and walking the customer and stakeholders through the security status from the SOC's perspective. 17. It is advantageous to have prior experience managing SIEM solutions on public and private clouds such as Amazon Web Services (AWS), Microsoft Azure, and others. 18. willing to work in a 24-hour, seven-day-a-week rotational shift model, including night shift KRA: 1. 3 to 5 years experience 2. Identify and investigate the security incidents. 3. Identify security gaps and use Change Management to close them. 4. Monitor the security logs and s from various devices and escalate or investigate the incident. 5. To explore different security technologies available in the market. 6. Install, build, test, and configure SIEM-related systems. 7. Maintain security dashboards. 8. Coordination with internal customers for their security-related problems and providing solutions 9. Documentation of security solutions 10. Handle L2 and above-level technical escalations from the operations team and resolve within the SLA. 11. Work closely with L1 team members to provide quick support and escalate issues. 12. Train other analysts in their role and responsibilities SOC - Operations [email protected]
Pradip Mitna’s Post
More Relevant Posts
-
Hello Job Seeker, I am SOC Manager at Wipro and searching for "IR / Splunk Lead" Experience = 7+ Year of experience Acceptable notice period = Up to 30 days maximum Location = Anywhere in India Process of application = DM me in the LinkedIn Job Description of IR / Splunk Admin Required skills: Experience identifying, investigating, and responding to complex attacks in the cloud or on premises. 7+ years of experience in SOC Operations. Strong understanding of threat landscape in terms of the tools, tactics, and techniques of threats employing both commodity and custom malware Strong hands-on experience with SPLUNK ES, including development of content, ingestion of feeds, and other platform administration functions Very good understanding of security tools/logs like FW, IPS/IDS, Sensors, EDR/NDR/XDR, Proxy, DNS, DDOS, SIEM-Splunk, MITRE ATT&CK Framework (Must have), Sec -Ops, Service Now Good Understanding of OWASP top Vulnerability. ITSM Tools, Splunk ES. Strong understanding of SOAR, Play book Creation & Enhancement & Automation. Experienced in Splunk integration with monitoring tools like AWS CloudWatch, Cloud Trail, AppDynamics, SCOM, SolarWinds Strong understanding of how complex, multi-stage malware functions. Good Understanding of Windows & Linux Operating Systems. Manages Splunk knowledge objects (Apps, Dashboards, Saved Searches, Scheduled Searches, Alerts) Develop custom Splunk apps to meet customer needs in a variety of domains: IT infrastructure, financial, IT ops, Application management, human resources, physical security, etc. PowerShell, and batch scripts; ability to develop scripts in these languages to support Splunk deployments, Splunk integration with ticketing tools, SOAR, Threat intelligence platforms etc. Knowledge of statistical modelling for anomaly, ML and outlier detection Security certifications like CEH, OSCP, CISSP, SANS GCIA, or CISM other SANS defense-related certifications (GSOC/GCDA). Strong understanding of the underlying Splunk infrastructure and components (lookups, modular inputs, standard inputs, relationships between varying configuration files, etc.) Create Weekly and monthly (WSR, MSR & QBR) dashboard to represent data based on business requirement. Investigate and remediate threats and alerts escalated from L2 for additional context / risk assessments Maintain incident tracker with updated data of incidents. Develop remediation plans, RCA, Lesson learnt and identify repeat security incidents trending and recovery strategy, Recommend and implement tuning and enhancement to defined alerting rules and SOPs The security specialist is responsible for conducting information security investigations because of security incidents identified by the tier 2 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, SNOW Tickets, Email and MDE), Update of all 'content' related information in security platforms (SIEM, Deep Packet Inspection, End Point Security tools).
To view or add a comment, sign in
-
Hi All, Greetings! We at KPMG is hiring for SIEM Content Engineer ! Experience- 4 to 6 years Location- Mumbai / Gurgaon Notice Period- Upto 60 days Required Qualifications: - Bachelors/master’s degree in engineering. - 4+ years of experience in cybersecurity, with a focus operational security, including security operations center, incident response, SIEM platforms. - 1+ years of experience in Microsoft Sentinel analytical rule and Defender custom detection, o Content development of new detection rules, o Finetuning rules for whitelisting and o Detection logic improvement. Roles and Responsibilities include: - Develop and implement custom analytics rules within Microsoft Sentinel to identify security threats and anomalies. - Leverage KQL and other tools to create custom detection on Microsoft Defender XDR – MDE & MDCA. - Create advanced detection rules based on business requirements & SOC Use Cases. - Work with SIEM and SOAR solutions at scale. - Collaborate with other security teams to identify and prioritize security requirements and develop effective solutions. - Update the code (KQL) on analytical rule for finetuning the false positive incidents. - Stay up to date with the latest security threats and trends and apply this knowledge to improve our security posture. -Perform content enrichment depending on feedback received from security analysts. -Have a strong understanding of Cloud Security and Networking Concepts and practices. - Helps to create reports that properly present the key risk and performance indicators. -Communicating & reporting concise summaries of complex scenarios & information across diverse and senior stakeholder groups. -Design, maintain Content Management standard operating procedures (SOP), processes and guidelines. -Report preparation for leads and management review with data from dashboards & reports. Skills required: - Strong understanding of JSON, Kusto Query Language (KQL) and PowerShell languages. - Experience analyzing data from cybersecurity monitoring tools such as SIEM / SOAR platforms, host and network logs, firewall and IPS/IDS logs and email security gateway, Knowledge of the common attack vectors on various layers. - Knowledge and experience working with the Cyber Kill Chain Model, MITER ATT&CK Matrix. - Strong understanding of security operations concepts: perimeter defense, endpoint management, data leak prevention, kill chain analysis, Experience with Security Operations Center, SIEM management - Optimizing the way logs are processed and leveraged by SOC team - Knowledge on schemas of Microsoft Defender XDR solutions (Microsoft Entra ID and ID protection, Microsoft Defender for Endpoint, Microsoft Defender for Cloud apps, Microsoft Purview Information Protection) and Microsoft 365. Please share CV to [email protected] with subject line "Sentinel" we will screen profiles and reach out to the shortlisted candidates. #recruitment #Jobs #hiring #SIEM #Sentinel #cybersecurity Sujata Almala
To view or add a comment, sign in
-
Tech Role Clarity Series (5/10): The Cybersecurity Maze - A Recruiter's Guide Decoding security roles is crucial in today's threat landscape. 📎 Security Engineer Think of them as the "Security Builder" • Main focus: Building security solutions • Core expertise: Implementing security tools • Must-check skills: - Security tools development - SIEM implementation - Firewall configuration • Red flags: Pure monitoring experience without hands-on implementation 📎 Security Analyst Think of them as the "Threat Detective" • Main focus: Monitoring and analysis • Core expertise: Threat detection & incident response • Must-check skills: - Log analysis - Incident handling - Threat hunting • Red flags: No experience with security tools or SIEM platforms 📎 Security Architect Think of them as the "Security Strategist" • Main focus: Security design and strategy • Core expertise: Enterprise security planning • Must-check skills: - Security frameworks - Risk assessment - Architecture design • Red flags: Implementation-only background without design experience 📎 Security Operations (SOC) Engineer Think of them as the "Security Guardian" • Main focus: 24/7 security monitoring • Core expertise: Real-time threat response • Must-check skills: - Alert triage - Incident management - SOC tools • Red flags: No hands-on SOC tool experience 📎 Application Security Engineer Think of them as the "Secure Code Champion" • Main focus: Software security • Core expertise: Secure development practices • Must-check skills: - Code review - Penetration testing - Security testing tools • Red flags: Development background without security focus 📎 Identity & Access Management (IAM) Specialist Think of them as the "Access Controller" • Main focus: Authentication & authorization • Core expertise: Access management • Must-check skills: - IAM tools - Directory services - Access governance • Red flags: Help desk background without IAM project experience 💡 Recruiter's Quick Guide: When screening, ask about: • Security Engineer: "Tell me about a security solution you built" • Security Analyst: "Describe a threat you discovered" • Security Architect: "Share a security strategy you designed" • SOC Engineer: "Walk me through your incident response process" • AppSec Engineer: "Explain your secure SDLC approach" • IAM Specialist: "Describe an IAM implementation" Certification Guide: • CISSP: Good for Architects and senior roles • CEH: Valuable for Analysts and Engineers • CISM: Important for management roles • Security+: Entry-level validation • OSCP: Crucial for penetration testing roles #VDart #Cybersecurity #InfoSec #SecurityJobs #TechRecruitment #UAETech #SecurityEngineer #SecurityAnalyst #SecurityArchitect #AppSec #IAM #SOC #RecruiterTips #TechTalent VDart
To view or add a comment, sign in
-
#Urgent_Requirement Sr. Cyber Security Architect #Senior_Cyber_Security_Architect #Position: Sr. Cyber Security Architect #Experience: 12+ #Location: Franklin Lakes, NJ #Job_Description: Candidates should have strong skills on #IAM, #SOC, #SIEM, #Vulnerability,#Palo_Alto, #Endpoint_Security, #Network_Security, #IAM and #GRC, #CyberSecurity_assessments,#Database_Encryption etc.. · Enterprise Security Architecture : Assessment - to determine the strength of the foundations for security within organizations and to ensure that their vision, strategies, processes, people and technologies are aligned and organized effectively to optimize Cyber Security in support of their business goals. · Design & Implementation : To design and build security into organizations from ‘top to bottom’ so that it can be justified, and from ‘bottom to top’ so that it can be seen to be complete. · Technical Security Architecture : Assessment – to determine the strength and appropriateness of technical designs in mitigating relevant Cyber threats. Design & Implementation – to formulate & communicate new architectures and demonstrate their suitability in mitigating relevant Cyber threats. · Security Leadership & Management : Planning, managing and organizing the delivery of Security Architecture to clients. Assisting with the development of the Security Architecture Practice within the firm. Ø Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement Ø Responsible to install, integrate, and maintain one or more Identity & Access Management products such as Okta, Microsoft AD, and AWS AD in client environments Ø Communicate the IAM aspects of both the production support and maintenance at the technical and functional level to maintain or resolve a technical situation · Security Transformation (and Security in Transformation) : Working in large scale transformation programs, building their capability to assess and design Cyber Security. · Communication & Influencing : Working with senior stakeholders, utilizing Security Architecture methods and collateral to influence their decisions. Technical Requirements · Experience of industry standard Architectural Methodologies and Frameworks such as SABSA and TOGAF. · Experience of relevant technologies (such as Networks, LANs and WANs, Servers & Hosting, Virtualization, Applications, Identity Management etc.) and how to securely implement them. · An understanding of security methodologies, best practice and industry standards · Experience in risk & regulatory frameworks and standards such as NIST 800, ISO 27001, ISF SOGP, PCI-DSS etc. *If interested, revert back with your updated resume. #Hiring #US_jobs #New_Jersey #Franklin_Lakes_NJ Regards Romi Appian Infotech Inc Contact No- 276 910 0142 Ext. 148 Email- [email protected]
To view or add a comment, sign in
-
we're hiring Job Title: SOC Analyst L2 Key Responsibilities Security Monitoring & Incident Response Monitor, manage, and respond to security events and incidents. Ensure timely identification, assessment, and quantification of security incidents, followed by accurate reporting, communication, and mitigation. Handle incident detection and response, leveraging knowledge of incident response methodologies to minimize impact and conduct post-incident analysis. Work closely with cross-functional teams during security breaches to ensure containment and remediation. Threat Analysis & Vulnerability Management Analyze network traffic, logs, and other data sources to detect potential threats and respond accordingly. Utilize advanced tools and techniques to proactively identify emerging risks and recommend appropriate remediation actions. Participate in vulnerability assessments and penetration testing to enhance exploitation detection. SIEM Integration & Operations Ensure the integration of standard and non-standard logs into SIEM systems. Contribute to the continuous improvement of security operations by refining standard operating procedures (SOPs) for incident response and other key processes. Threat Intelligence & Proactive Defense Stay updated on emerging threats, vulnerabilities, and cybersecurity trends through ongoing research and engagement with cybersecurity communities. Incorporate relevant threat intelligence into daily analysis to enhance detection capabilities. Documentation & Reporting Create detailed incident reports, summaries, and operational documentation. Maintain accurate records of incidents, investigations, and mitigation efforts for continuous improvement and auditing. Qualifications Education: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or equivalent practical experience. Experience: Minimum 2 years in a SOC, CERT, or a similar cybersecurity role. Technical Proficiency: Hands-on experience with EDR, SIEM, and SOAR tools. Ability to analyze network traffic, logs, and security artifacts. Scripting skills and Windows forensics are a plus. Certifications: Preferred certifications include CHFI, ECSA, ECIH, CySA+, or CDSA. Skills: Strong understanding of common IT protocols (network, system, email). Familiarity with incident response processes including containment, eradication, and recovery. Soft Skills: Excellent problem-solving skills, with the ability to handle pressure and respond effectively in crisis situations.
To view or add a comment, sign in
-
Requirement 1: Cyber Security Analyst Exp - 8+ yrs Location- Hinjewadi office / WFO 2 days week Duration - Long Term JD Cybersecurity Analyst JOB OVERVIEW We are seeking a highly skilled and motivated Cybersecurity and Compliance Analyst to join our SecOps team. This role is pivotal in ensuring the security and compliance of our organization's systems, applications, and data. The ideal candidate will possess expertise in various compliance frameworks, including PCI-DSS, HECVAT, VPAT, FERPA, HIPAA, StateRAMP, and SOC. This role involves mitigating vulnerabilities, conducting scans, generating comprehensive reports, and collaborating with cross-functional teams to address security risks and vulnerabilities. You will also play a key role in maintaining a secure and compliant IT environment by contributing to risk management, patching, and training initiatives. The successful candidate will have a strong background in cybersecurity practices, technical operations, and compliance requirements. Key Responsibilities: • Compliance Expertise: Utilize your in-depth knowledge of compliance standards such as PCI-DSS, HECVAT, VPAT, FERPA, HIPAA, StateRAMP to ensure our systems meet regulatory requirements. • Vulnerability Management: Mitigate vulnerabilities by conducting regular vulnerability scans, analyzing results, and working with DevOps and ITOps teams to prioritize and remediate issues. Advise and assist with operational security and response to information security incidents. • Reporting, Documentation, Promotion: Generate detailed reports from scans and assessments, effectively communicating findings and recommendations to stakeholders and management. Promote security awareness through training and communication of policies and threats. • Cross-Functional Collaboration: Work closely with DevOps and ITOps teams to identify, assess, and remediate security risks, ensuring that patches and updates are applied promptly. • Risk and Ticket Management: Enter and manage tickets related to security incidents, vulnerabilities, and compliance requirements using tools like ServiceNow and Jira. Contribute to the organization's risk register by identifying, assessing, and documenting potential risks and proposing mitigation strategies. • Cloud Security: Understand and implement security best practices in cloud environments, including AWS, Azure, and M365, with a focus on Active Directory RBAC. • Diagram and Architecture Updates: Collaborate on the update and maintenance of conceptual, logical, and physical diagrams of networks, domains, clouds, Data Centers, Telecommunications, and cybersecurity components. • Endpoint Security: Implement and manage endpoint security measures to safeguard against threats and unauthorized access. Perform vulnerability scans, analyze results, and track mitigation. Monitor event management software for potential security problems. • Training and Awareness: Develop and deliver training programs to educate the organization
To view or add a comment, sign in
-
Junior Security Engineer - Brussels As a junior Information Security Engineer, you have up till 2 years of experience in proactively and reactively monitoring and remedying security breaches : - Usually, you are part of the SOC (security operations center); - You investigate suspicious activities and take remediating actions; - You maintain Security Monitoring Tools to effectively secure and monitor the different systems; - You perform penetration tests to find any flaws; - You document, test and monitor any security breaches and assess their damage. Next to a proven experience in IT Security, you have the following core competences : Analytical thinking, Collaborating, Customer orientation, Eager to learn, Effective communication, IT Infrastructure, Software development. Qualification Assessment Must Have ICT knowledge Incident management and route cause analysis Information Security Language knowledge English Soft skillsAnalytical mind and strong conceptual thinking Security driven Technical skills Microsoft Windows ServiceNow SIEM Detailed Job Description Our customers and employees deserve to sleep on their two ears, even though cyber-attacks are becoming more frequent. As an Incident Response Analyst, you and your colleagues play a big role in their peace of mind. You review incidents and help determine what needs to be done. You strengthen the Security Threat Monitoring team within our Security Operations Center. This is a team of experts who are committed to cybersecurity every day. Monitoring existing security processes, but also making them better. Solving problems, but also preventing them. In a nutshell, that's what you do as an Incident response analyst. What do we expect from you? You monitor the security of our critical servers and systems. You monitor the alarms generated by our security systems and take action on them: you set priorities and escalate an issue when necessary. Based on your knowledge of attack techniques, you will help to find the root cause of security alarms. For this you dive into the log files of servers and systems. You will test and fine tune security alarms and incident response procedures. You will discuss within the teams what to do in case of incidents and how to prevent them in the future. you attend regular team meetings and scrums You document the context of the incident. You help colleagues who are resolving the incident with additional analyses, if necessary. You help ensure that we are working according to the right priorities. Depending on the action taken on the incident, you close it, put it on hold, have it looked at again or escalate it. Your guide here is our runbook. You also provide suggestions on what action to take. You participate in sessions on continuous improvement and help think through these questions: ..
To view or add a comment, sign in
-
urgent hiring, interested and eligible candidate share resume to [email protected] Number of Openings: 2 Assignment Duration 12 Months Total Yrs. of Experience: 8-10 years Relevant Yrs. of experience:5+ Years Detailed JD (Roles and Responsibilities) Change Management, Maintenance activity execution. Participate in Major Incident meeting to resolve P1/P2 tickets. Handling P3 & P4 Incident Tickets if not resolved at First level Report preparations Upgradation and apply patches to the Security Devices Administration and Management of the VPN (RA & S2S) Security devices Certificate renewal's. Licensing of the devices. Lifecycle management of the devices. Creation of knowledge based articles to be reused in the operations. Problem Management for the similar pattern of recurring issues. Validate and configure Nat Rules creations on the firewalls. Responsible for the Routing related configurations at the firewall (Prefix list, Route-map) Responsible to validate and write the URL Filtering rules on the firewall for the interested traffic above Layer 4 to 7 Device Hardening of the firewalls as per Cyber recommendations. Periodically updating the Vulnerability Database & snort rules on the firewalls for known vulnerabilities. Tunning the Firewall platform settings as per the changes in the corresponding network architecture. Remediating the outstanding points in regards to vulnerability assessment of the firewalls as per the CIA Ratings Peer Reviewing the Firewall Rules access template, whether the plan is correct and ensuring the rules are plan to implemented as per the Client based standard practise. Review SNOW tickets periodically to ensure tickets are assigned to analysts and identify any aged tickets which needs attention to be address on priority Coordinate with Third Parties & OEMs as per case to case basis. Participate in daily operations review meeting, and update the status of critical tasks or issues which needs discussion. Support other cross functional teams in Resolution for major/Critical incidents. Handle Service requests which cannot be address at Level 1 and needs their support. Identify the devices that need to be upgraded as per the BCS reports Regular monitoring of mails and track the response. Process Management - Incident, Service request, Standard Catalog, MIM, Knowledge, Change, Problem, CMDB/Asset, Templates, Monitoring and Event. Mandatory skills Palo Alto Prisma access (SASE) (SC-CAN, RN and MU SPN, Templates, Device Groups, System updates, Plugin, CIE, Portal & Gateway MU, HIP, EDL, Security Profiles & groups, SSL Decryption, User ID, App ID, Threat prevention AV, AS, IPS Sanboxing) Palo-alto NGFW Palo Cortex Data lake Domain Network Security Work Location given in ECMS ID Bangalore WFO/WFH/Hybrid WFO Hybrid WFO
To view or add a comment, sign in
-
#Urgent_Requirement Sr. Cyber Security Architect #Senior_Cyber_Security_Architect #Position: Sr. Cyber Security Architect #Experience: 12+ #Location: Franklin Lakes, NJ #Job_Description: Candidates should have strong skills on #IAM, #SOC, #SIEM, #Vulnerability, #Palo_Alto, #Endpoint_Security, #Network_Security, #IAM and #GRC, #CyberSecurity_assessments,#Database_Encryption etc.. · Enterprise Security Architecture : Assessment - to determine the strength of the foundations for security within organizations and to ensure that their vision, strategies, processes, people and technologies are aligned and organized effectively to optimize Cyber Security in support of their business goals. · Design & Implementation : To design and build security into organizations from ‘top to bottom’ so that it can be justified, and from ‘bottom to top’ so that it can be seen to be complete. · Technical Security Architecture : Assessment – to determine the strength and appropriateness of technical designs in mitigating relevant Cyber threats. Design & Implementation – to formulate & communicate new architectures and demonstrate their suitability in mitigating relevant Cyber threats. · Security Leadership & Management : Planning, managing and organizing the delivery of Security Architecture to clients. Assisting with the development of the Security Architecture Practice within the firm. Ø Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement Ø Responsible to install, integrate, and maintain one or more Identity & Access Management products such as Okta, Microsoft AD, and AWS AD in client environments Ø Communicate the IAM aspects of both the production support and maintenance at the technical and functional level to maintain or resolve a technical situation · Security Transformation (and Security in Transformation) : Working in large scale transformation programmes, building their capability to assess and design Cyber Security. · Communication & Influencing : Working with senior stakeholders, utilizing Security Architecture methods and collateral to influence their decisions. Technical Requirements · Experience of industry standard Architectural Methodologies and Frameworks such as SABSA and TOGAF. · Experience of relevant technologies (such as Networks, LANs and WANs, Servers & Hosting, Virtualization, Applications, Identity Management etc.) and how to securely implement them. · An understanding of security methodologies, best practice and industry standards · Experience in risk & regulatory frameworks and standards such as NIST 800, ISO 27001, ISF SOGP, PCI-DSS etc. *If interested, revert back with your updated resume. #Hiring #US_jobs #New_Jersey #Franklin_Lakes_NJ Regards Romi Appian Infotech Inc Contact No- 276 910 0142 Ext. 148 Email- [email protected]
To view or add a comment, sign in