3,624 Incident Responder jobs in India

Job Position: SOC Engineer

Location: PAN.

Experience: 5+ to 10+ Years

Must have: Forensics - Others

Roles Responsibilities

• Review daily operational activities and timely mentor junior analysts
• Conduct detailed analysis on escalated events and handover the call to the Incident Response team along with appropriate evidence
• Ensure 100 incidents validation and closure
• Manage shifts and facilitate knowledge transfer within shifts shift handover
• Study attack types and methods while monitoring the environment for threats
• Perform deep dive incident analysis by correlating data from various sources
• Document and archive artefacts for future reference
• Define the criticality of behaviour events based on experience and information security understanding
• Lead operations and act as a security consultant for incidents and s observed
• Guide junior analysts in investigations analysis and categorization
• Monitor various technology dashboards and identify any suspicious activities or anomalies
• Ensure quality check for all s and incidents raised by L1 analysts
• Investigate and close testing incidents defining the steps and processes
• Prepare daily summary reports
• Raise control related concerns such as SOAR and SIEM
• Define operations related activities
• Review IRC SOP and manage all other process documents
• Submit audit data
• Escalate to seniors before the TAT breach
• Handle TAT responsibilities
• Validate SOC incidents by the Bank L2 team
• This role requires a proactive approach to security operations ensuring thorough analysis and validation of incidents mentoring junior analysts and maintaining high standards of documentation and reporting

Your potential, unleashed:

India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond.

At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters.

The team:

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks.

Your work profile.

We are seeking a skilled SOC Operations to manage, maintain, and enhance our SOC platform, ensuring effective monitoring, detection, and response to security incidents. The ideal candidate will have strong experience in SOC administration, threat detection, and SOC operations to provide continuous security improvements and support to the SOC team.

Key Responsibilities:

- Monitor client infrastructure and security solutions to identify potential threats and anomalies.

- Investigate first-line security incidents, determine root causes, and apply standard response procedures.

- Detect and report problems or errors proactively before they impact business operations.

- Perform routine analysis of recurring incidents to identify patterns and propose preventive measures.

- Escalate incidents to L2/L3 teams where required, ensuring proper documentation and context is shared.

- Ensure complete and accurate handover between shifts by adhering to defined procedures and documenting key activities.

- Maintain detailed incident logs and reports for auditing and compliance purposes.

- Follow standard operating procedures to ensure the smooth execution of SOC operations.

- Perform basic threat intelligence gathering using public resources (e.G., VirusTotal, AbuseIPDB) to support initial investigations.

- Conduct health checks on critical security infrastructure, reporting anomalies or issues to engineering teams.

- Maintain awareness of emerging threats and vulnerabilities, sharing findings with the team as part of continuous learning.

Required Skill Set:

- Minimum 2 years of hands-on experience with security tools and services, particularly SIEM platforms.

- Familiarity with security infrastructure such as Firewalls, O365, Windows/Linux endpoints, IPS, Web Application Firewalls, DDOS protection EDR, SOAR, ITSM tools etc.

- Deep understanding of core network and security principles (Operating systems, TCP/IP, ports, detection/IDS/IPS, etc.)

- Basic understanding of SIEM content creation—filters, correlation rules, queries, and dashboards.

- Foundational knowledge of packet-level traffic analysis and network behaviour.

- Solid understanding of networking protocols, technologies, and core network security principles.

- Basic knowledge of cybersecurity frameworks and methodologies including MITRE ATT&CK, Cyber Kill Chain and NIST IR.

- Willingness to work in 24x7 shifts and adapt to dynamic SOC environments.

- Basic knowledge of Windows/Linux system security logs and event correlation.

- Familiarity with endpoint detection tools (CrowdStrike, SentinelOne, Microsoft Defender ATP, etc.)

How you’ll grow:

Connect for impact:

Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report.

Empower to lead:

You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership.

Inclusion for all:

At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters.

Drive your career:

At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte.

Everyone’s welcome… entrust your happiness to us

Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you.

Interview tips:

We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals.

*Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices.

At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution.

In this regard, you may refer to a more detailed advisory given on our website at:

Job brief

The Security Operation Centre (SOC) Information Security Analyst are the first level responsible for ensuring the protection of digital assets from unauthorized access, identify security incidents and report to customers for both online and on-premises. The position monitors and responds to security events from managed customer security systems as part of a team on a rotating 24 x 7 x 365 basis. They are alert and aggressive to filter out suspicious activity and mitigate risks before any incident occur. Your background should include exposure to security technologies including firewalls, IPS/IDS, logging, monitoring and vulnerability management. You should understand network security practices. Excellent customer service while solving problems should be a top priority for you.

Main Responsibilities

• Tier 2 SOC analysts are incident responders, remediating serious attacks escalated from Tier 1, assessing the scope of the attack, and affected systems, and collecting data for further analysis.
• Work proactively to seek out weaknesses and stealthy attackers, review vulnerability assessments (CVEs) on monitored assets. Focus more on doing deep dives into datasets to understand what's happening during and after attacks.
• Monitor security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity and suspicious activities, escalate to managed service support teams, tier 3 information security specialists, and/or customer as appropriate to perform further investigation and resolution.
• Works as a Team lead for the SOC Analysts helping them to ensure that corporate data and technology platform components are safeguarded from known threats.
• Analyse the Events & incidents and identify the root cause.
• Assist in keeping the SIEM platform up to date and contribute to security strategies as an when new threats emerge.
• Staying up to date with emerging security threats including applicable regulatory security requirements.
• Bring enhancements to SOC security process, procedures, and policies.
• Document and maintain customer build documents, security procedures and processes.
• Document incidents to contribute to incident response and disaster recovery plans.
• Review critical incident reports and scheduled weekly & monthly reports and make sure they are technically and grammatically accurate.
• Keep updated with new threats, vulnerabilities, create/contribute to use cases, threat hunting etc.
• Other responsibilities and additional duties as assigned by the security management team or service delivery manager

Requirements:

• Min 3 Years’ Experience as SOC Analyst – (Experience in SIEM Tool ELK & Wazuh preferable)
• Process and Procedure adherence
• General network knowledge and TCP/IP Troubleshooting
• Ability to trace down an endpoint on the network, based on ticket information
• Familiarity with system log information and what it means
• Understanding of common network services (web, mail, DNS, authentication)
• Knowledge of host-based firewalls, Anti-Malware, HIDS
• Understanding of common network device functions (firewall, IPS/IDS, NAC)
• General Desktop OS and Server OS knowledge
• TCP/IP, Internet Routing, UNIX / LINUX & Windows.
• Excellent written and verbal communication skills

Skills:

• Excellent event or log analytical skills
• Proven experience as IT Security Monitoring or similar role
• Exceptional organizing and time-management skills
• Very good communication abilities
• ELK, Wazuh, Splunk, ArcSight SIEM management skills
• Reporting

Job Description

Snowbit  is looking for an experienced Security Incident Responder  to join our Managed Detection and Response (MDR) team. This role requires expertise in incident response, threat hunting, and forensic investigations, with a strong emphasis on cloud environments and Kubernetes. You will lead efforts to protect our customers from advanced cyber threats while contributing to the continuous improvement of Snowbit's methodologies, processes, and technology stack.

What You'll Do:

• Leverage Snowbit's advanced MDR platform to lead large-scale incident response investigations and proactive threat-hunting initiatives.
• Conduct log analysis, and cloud artifact reviews using EDR and similar tools depending on availability, to support incident resolution and root-cause investigations.
• Investigate and respond to security incidents in containerized environments, with a specific focus on Kubernetes security and architecture.
• Research evolving cyberattack tactics, techniques, and procedures (TTPs) to strengthen customer defenses and codify insights for our services.
• Provide technical and executive briefings to customers, including recommendations to mitigate risk and enhance cybersecurity posture.
• Collaborate with internal teams, including engineering and research, to enhance Snowbit's MDR and incident response capabilities.
• Partner with customer teams (IT, DevOps, and Security) to ensure seamless integration and adoption of Snowbit's MDR services.
• Share expertise through presentations, research publications, and participation in the global cybersecurity community.

Experience:  

• 3-5 years in incident response, threat hunting with strong experience in cloud security (AWS, Azure, GCP) and Kubernetes environments.
• Proven Incident response experience in complex environments.

Technical Skills:

• Demonstrates strong expertise in understanding adversary tactics and techniques, translating them into actionable investigation tasks, conducting in-depth analysis, and accurately assessing the impact.
• Familiarity with attack vectors, malware families, and campaigns.
• Deep understanding of network architecture, protocols, and operating system internals (Windows, Linux, Unix).
• Expertise in Kubernetes security, including container orchestration, workload isolation, and cluster hardening.
• Experience securing Kubernetes infrastructure, runtime security, and security monitoring.

Problem-Solving:  

• Ability to work independently and collaboratively in dynamic, fast-paced environments.

Communication:  

• Excellent written and verbal communication skills to interact with technical and non-technical stakeholders.

Preferred Skills:

• Scripting skills (e.g., Python, PowerShell)
• Experience with Red Team operations, penetration testing, or cyber operations.
• Hands-on knowledge of attack frameworks (e.g., MITRE ATT&CK, Metasploit, Cobalt Strike).
• Proficiency in host forensics, memory forensics, and malware analysis.

Hi,

As the Information Security Senior Global Incident Response Analyst , you will play a critical role in the organization's cybersecurity efforts. The position is responsible for acting as a senior analyst during security incidents, coordinating efforts with various members of the Incident Response Team, ensuring Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned. This position will work closely with business owners, IT teams, Privacy/Legal, and other members of the Information Security Team to protect the confidentiality, integrity, and availability of the organization's data and systems.

In this role, you will be responsible for the following:

• Incident Response Command
• Participate and occasionally lead the response to high-impact cybersecurity incidents.
• Coordinate cross-functional teams globally to ensure timely containment, eradication, and recovery.
• Act as a first-level decision-maker during incidents, escalating to Managers/Directors, coordinating with InfoSec Comms, and following established response protocols.
• Process & Procedure Improvement
• Develop, maintain, and continuously improve global incident response playbooks, runbooks, and workflows.
• Participate in regular incident simulations and tabletop exercises to evaluate and enhance response readiness.
• Analyze incident post-mortems to identify root causes and implement corrective actions.

At a minimum, we would like you to have:

• Bachelor’s degree in information security, Information Technology, Computer Science, or a related field or equivalent work experience.
• Proven experience (5 years) in cybersecurity (operations, vulnerability management, engineering, or related roles) with at least 1 year of experience coordinating incident response actions/activities
• Advanced knowledge of security concepts and principles
• Experience coordinating global, cross-functional teams in high-pressure situations
• Excellent communication and stakeholder management skills
• Familiarity with common security tools such as SIEM, EDR, forensics, and incident management platforms
• Strong analytical and problem-solving skills.
• Robust attention to detail.
• Obtain relevant certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), etc.

Career Development:

• This position serves a mid-level individual contributor role in information security. As the Senior Global Incident Response Analyst gains experience and certifications, they can advance to higher-level roles such as Incident Response Lead and/or Manager. Continuing education and professional development are essential for career growth in this field.

• Proactively hunt for advanced threats within complex network and system environments using various tools and techniques.
• Develop and refine threat hunting hypotheses based on threat intelligence and an understanding of attacker TTPs.
• Analyze security alerts, logs, and network traffic to identify malicious activity.
• Lead and coordinate incident response activities, including containment, eradication, and recovery.
• Perform digital forensics investigations to determine the root cause and scope of security incidents.
• Conduct malware analysis to understand its functionality and impact.
• Develop and maintain incident response playbooks and procedures.
• Collaborate with other security teams, IT operations, and legal departments during incidents.
• Stay current with the latest cyber threats, vulnerabilities, and security technologies.
• Contribute to the continuous improvement of the SOC's capabilities and processes.
• Develop and deliver security awareness training and reporting to stakeholders.
• On-call availability for critical security incidents.

• Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent practical experience.
• Minimum of 5 years of experience in cybersecurity, with a strong focus on threat hunting and incident response.
• Deep knowledge of attacker methodologies, frameworks (e.g., MITRE ATT&CK), and threat landscapes.
• Proficiency with SIEM tools (e.g., Splunk, QRadar), EDR solutions, and network security monitoring tools.
• Experience with digital forensics and malware analysis techniques.
• Strong understanding of operating systems (Windows, Linux), networking protocols, and cloud security.
• Excellent analytical, problem-solving, and critical thinking skills.
• Superior communication and interpersonal skills, with the ability to clearly articulate technical findings to both technical and non-technical audiences.
• Ability to work independently and collaboratively in a fast-paced, remote team environment.
• Relevant security certifications such as CISSP, GCIH, GCFA, or CEH are highly desirable.

Job Description

As the Primary Technical Cyber Responser at Accenture, you will be responsible for leading our technical response to cybersecurity incidents. You will play a crucial role in guiding and coordinating incident response efforts, conducting detailed forensic analysis, and implementing effective strategies to manage and mitigate security breaches. Your expertise will drive our incident response capabilities and contribute to our mission of delivering exceptional cybersecurity services to our clients. You will actively lead and own proactive engagements within

Key Responsibilities:

• Lead and manage the technical aspects of cybersecurity incident response, including identification, containment, eradication, and recovery efforts.

• Develop and oversee incident response strategies, ensuring alignment with client requirements and industry best practices.

• Serve as the primary technical expert in DFIR, providing guidance on complex technical issues and leading forensic investigations.

• Lead and mentor teams of highly qualified senior incident responders during incident response investigations.

• Utilize advanced forensic tools and techniques to analyze and interpret evidence from compromised systems.

• Monitor and analyze emerging cyber threats, vulnerabilities, and attack vectors to enhance response strategies and tools.

• Leverage threat intelligence to proactively identify potential risks and mitigate their impact.

• Maintain detailed documentation of incident response activities, forensic findings, and mitigation efforts.

• Prepare and present comprehensive reports and post-incident reviews to clients and senior management.

• Lead development and delivery of proactive engagements including threat hunts and Tabletop Exercises.

Qualification

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field. Advanced degrees or relevant certifications are advantageous:

• Deep expertise in digital forensics and incident response

• Extensive experience in managing and leading DFIR efforts, with a proven track record of handling complex technical incidents and security breaches.

• Strong written and spoken communication skills with ability to communicate highly technical details to a senior executive audience.

• Experience leading a team of highly technical team members during engagements.

• Must have full working rights in Australia and/or New Zealand. No visa or sponsorship is available for this position.

Desirable:

• Knowledge and experience in Cloud based attacks and cloud incident response techniques.

• Familiarity with malware analysis techniques.

• Ability to travel up to 20%.

Locations

Melbourne

Auckland

Additional Information

Equal Employment Opportunity Statement for Australia and New Zealand

At Accenture, we recognise that our people are multi-dimensional, and we create a work environment where all people feel like they can bring their authentic selves to work, every day.

Our unwavering commitment to inclusion and diversity unleashes innovation and creates a culture where everyone feels they have equal opportunity. Our range of progressive policies support flexibility in ‘where’, ‘when’ and ‘how’ our people work to ensure that Accenture is an organisation where you can strive for more, achieve great things and maintain the balance and wellbeing you need.

We encourage applications from all people, and we are committed to removing barriers to the recruitment process and employee lifecycle. All employment decisions shall be made without regard to age, disability status, ethnicity, gender, gender identity or expression, religion or sexual orientation and we do not tolerate discrimination. If you require any accommodations or adjustments for interviews and/or at work, please reach out to *** or contact us at +61 *** (Australia) or +*** (New Zealand).

To ensure our workplace is inclusive and diverse we are setting bold goals and taking comprehensive action. To achieve these goals, we collect information that allows us to track the effectiveness of our Inclusion and Diversity programs. Learn how Accenture protects your personal data and know your rights in relation to your personal data. Read more about our Privacy Statement.

About Accenture

We work with one shared purpose: to deliver on the promise of technology and human ingenuity. Every day, more than 775,000 of us help our stakeholders continuously reinvent. Together, we drive positive change and deliver value to our clients, partners, shareholders, communities, and each other.

We believe that delivering value requires innovation, and innovation thrives in an inclusive and diverse environment. We actively foster a workplace free from bias, where everyone feels a sense of belonging and is respected and empowered to do their best work.

At Accenture, we see well-being holistically, supporting our people’s physical, mental, and financial health. We also provide opportunities to keep skills relevant through certifications, learning, and diverse work experiences. We’re proud to be consistently recognized as one of the World’s Best Workplaces™.

Join Accenture to work at the heart of change. Visit us at ***.

We’re looking for problem solvers, innovators, and dreamers who are searching for anything but business as usual. Like us, you’re a high performer who’s an expert at your craft, constantly challenging the status quo. You value inclusivity and want to join a culture that empowers you to show up as your authentic self. You know that success hinges on commitment, that our differences make us stronger, and that the finish line is always sweeter when the whole team crosses together.

Alteryx is searching for a Security Operations Analyst in India. We’re looking for problem solvers, innovators, and dreamers who are searching for anything but business as usual. Like us, you’re a high performer who’s an expert at your craft, constantly challenging the status quo. You value inclusivity and want to join a culture that empowers you to show up as your authentic self. You know that success hinges on commitment, that our differences make us stronger, and that the finish line is always sweeter when the whole team crosses together.

Position Overview:

As a Security Operations team member, you will be on the front line of protecting Alteryx products, infrastructure, and applications. You will partner with internal stakeholders and all parts of the business to execute on security monitoring and response missions, drive through incident response lifecycles, influence positive changes throughout the organization on security postures, and manage and maintain state of art security technologies to protect the company assets and brand.

Primary Responsibilities :

Requirements:

Find yourself checking a lot of these boxes but doubting whether you should apply? At Alteryx, we support a growth mindset for our associates through all stages of their careers. If you meet some of the requirements and you share our values, we encourage you to apply. As part of our ongoing commitment to a diverse, equitable, and inclusive workplace, we’re invested in building teams with a wide variety of backgrounds, identities, and experiences.

Hi,

We have an immediate requirement for Threat Hunting with our organization

SHI Locuz Enterprise Solutions Pvt Ltd.

Job Details:

Work Experience - 3+years(relevant)

Work Location - Mumbai

Looking for immediate joiners.

Job Description:

JD:

Work Location – Mumbai (Aeroli)

Experience – 3-4years

• Install, configure, and manage FleetDM and OSQuery across the bank's critical endpoints, ensuring continuous monitoring of core banking systems and financial infrastructure.
• Create and deploy custom queries, alerts, and rules to detect unauthorized activities, internal threats, and system anomalies.
• Leverage FleetDM and OSQuery to gather and analyze endpoint telemetry data (e.G., processes, network activity, financial transactions, file system changes) for signs of malicious activity targeting banking applications and infrastructure.
• Proactively hunt for advanced persistent threats (APTs), malware, and other security risks across Windows and Linux environments, with a focus on protecting critical banking systems.
• Utilize data from FleetDM and OSQuery to identify potential risks and detect fraudulent activities across financial systems and customer-facing services.
• Investigate malware to understand its impact on financial services, and develop detection rules to mitigate future incidents.
• Track and respond to threats involving online banking, mobile banking apps, payment systems, and other financial platforms.
• Knowledge on operating systems, networking, any query language etc