• Minimum 8 years of experience in a large-scale IT environment with a strong focus on Cyber and Information Security.
• Proven expertise in network security technologies such as Firewalls, Proxies, IDS/IPS, and Vulnerability Scanners.
• Seasoned in digital forensics, malware assessment, and threat hunting with the ability to perform deep investigations.
• Over 5 years of hands-on experience with leading analytical platforms such as Splunk, QRadar, Hunters, Sumo Logic, and Microsoft Sentinel.
  • Knowledge of additional tools such as Email Security Gateway, SOAR, EDR, DLP, CASB, PAM, TI, and Proxy solutions is an added advantage.
• Deep understanding of the MITRE ATT&CK Framework and its application in real-world threat detection.
• Strong grasp of security best practices, standards, and concepts, with experience conducting vulnerability testing, risk analysis, and internal/external security audits.
• Demonstrated leadership capabilities, providing technical guidance to L1 and L2 analysts and acting as a SOC thought leader.
• Excellent customer-facing and communication skills, including report writing and clear articulation across all levels.
• Proven ability to lead incident investigations and response activities, ensuring swift and effective containment.
• Participate in on-call rotations for after-hours incident escalations as part of a 24/7 operational team.
• Strong analytical and problem-solving skills with well-developed logical thinking capabilities to investigate complex security incidents.
• Collaborative team player with good interpersonal skills, active listening, empathy, and a positive, supportive attitude.
• Reliable, proactive, and adaptable, capable of working in shift-based schedules.
• Commitment to continuous learning and staying updated with emerging cybersecurity threats and trends.

Nice To Have:

• Ethical hacking certification or CISSP or GCIH or training is a major advantage.

Location: Hyderabad
Desired Qualification: B.Sc CSC / B.Tech or BE Computers / MCA. Certifications from CISSP, CEH,GCIH, OSCP, OSCE is a plus.
Experience:  8 – 10 years

• Act as an escalation point for high and critical severity security incidents, conducting thorough investigations to assess impact and determine the extent of compromise.
• Validate and authenticate events, alerts, and incidents escalated by L1 analysts to ensure accuracy and prioritization.
• Perform in-depth investigation and correlation, working closely with stakeholders to ensure effective mitigation and closure of critical and complex incidents.
• Lead incident response activities, providing actionable recommendations and ensuring timely containment and recovery.
• Analyze attack patterns, tools, techniques, and procedures (TTPs) to understand adversary behavior and the full attack lifecycle.
• Develop and implement advanced threat detection content, rules, and use cases for deployment in SIEM platforms (e.g., Proxy, VPN, Firewall, DLP logs), ensuring fine-tuned and optimized performance.
• Leverage threat intelligence (IOCs, updated rules, indicators) to identify affected systems and define the scope of potential attacks.
• Correlate and analyze security events from multiple sources such as firewall logs, IDS/IPS, AV, threat intelligence feeds, and MDR solutions to detect sophisticated threats.
• Gather and analyze evidence using client security tools to validate root causes and assess compromise levels.
• Collaborate with cross-functional teams to ensure end-to-end management of the security incident lifecycle.
• Differentiate true positives from false positives, prioritize incidents based on risk, and recommend corrective actions.
• Define, plan, implement, maintain, and upgrade security measures, policies, and controls to strengthen overall SOC posture.
• Ensure process compliance through periodic reviews and updates of SOPs, standards, playbooks, and checklists (quarterly/half-yearly).
• Drive continuous improvement in SOC processes by contributing to the development of new SOPs, playbooks, and operational guidelines.
• Train and mentor L1/L2 analysts through structured knowledge transfer and internal training sessions to enhance SOC capabilities.
• Stay updated on emerging threats, techniques, and tools to continuously refine detection and response strategi

Kindly share your updated resume at psanginatham@blusapphire.com