106 Incident Response jobs in Hyderabad

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

Job Description: Tier 2 Analyst

Position Overview:

The Tier 2 Analyst plays a vital role in the cybersecurity team, responsible for monitoring, detecting, and responding to security incidents. The position involves analyzing alerts, escalating incidents as necessary, and working closely with Tier 3 analysts and other cybersecurity professionals to ensure effective incident response and remediation. The Tier 2 Analyst is also responsible for maintaining and improving the organization's security posture through continuous monitoring and analysis.

Key Responsibilities:

Qualifications:

Special Factors:

EY | Building a better working world 

Greetings !

We are looking for a skilled Splunk Administrator with hands-on experience in deploying and managing Splunk Enterprise and Splunk Cloud. The ideal candidate should have experience in Splunk Enterprise Security (ES), Splunk UBA, and IT Service Intelligence (ITSI). This role requires strong technical skills, along with the ability to communicate effectively with customers.

Roles & Responsibilities:

Splunk Deployment & Administration:

• Install, configure, and manage Splunk Enterprise and Splunk Cloud.
• Handle indexers, search heads, forwarders, and clustering.
• Optimize Splunk performance, storage, and scalability.

Security & Splunk Monitoring Solutions:

• Implement and manage Splunk Enterprise Security (ES), Splunk UBA, and ITSI.
• Configure correlation searches, threat intelligence feeds, risk-based alerting (RBA), and dashboards.
• Troubleshoot security-related issues within Splunk.

Customer Interaction & Troubleshooting:

• Engage with customers to understand their requirements and provide technical guidance.
• Troubleshoot and resolve Splunk-related issues, logs ingestion, parsing, and data onboarding.

Splunk Architecture & Implementation:

• Design, deploy, and optimize Splunk Enterprise and Splunk Cloud environments.
• Lead end-to-end Splunk implementations, migrations, and upgrades.
• Manage search head clustering, indexer clustering, and data retention policies.

Security & Observability Solutions:

• Architect and configure Splunk Enterprise Security (ES), Splunk UBA, and ITSI.
• Implement risk-based alerting (RBA), custom correlation searches, and advanced analytics.
• Integrate Splunk with SOAR, cloud platforms (AWS, Azure, GCP), and third-party security tools.

Team Leadership & Customer Engagement:

• Lead and mentor a team of Splunk Administrators & Engineers.
• Interact with customers to gather requirements, design solutions, and conduct workshops etc.
• Review and improve Splunk use cases, dashboards, and data models.

Optimization & Automation:

• Develop custom scripts (Python, Bash, PowerShell) for automation and orchestration.
• Tune Splunk performance, search queries, and indexing strategies.
• Implement best practices for data onboarding, parsing, and CIM compliance.

Interested can share their updated resume to along with the below mentioned details.

Current CTC:

Expected CTC:

Notice Period:

Greetings !

We are looking for a skilled Splunk Administrator with hands-on experience in deploying and managing Splunk Enterprise and Splunk Cloud. The ideal candidate should have experience in Splunk Enterprise Security (ES), Splunk UBA, and IT Service Intelligence (ITSI). This role requires strong technical skills, along with the ability to communicate effectively with customers.

Roles & Responsibilities:

Splunk Deployment & Administration:

• Install, configure, and manage Splunk Enterprise and Splunk Cloud.
• Handle indexers, search heads, forwarders, and clustering.
• Optimize Splunk performance, storage, and scalability.

Security & Splunk Monitoring Solutions:

• Implement and manage Splunk Enterprise Security (ES), Splunk UBA, and ITSI.
• Configure correlation searches, threat intelligence feeds, risk-based alerting (RBA), and dashboards.
• Troubleshoot security-related issues within Splunk.

Customer Interaction & Troubleshooting:

• Engage with customers to understand their requirements and provide technical guidance.
• Troubleshoot and resolve Splunk-related issues, logs ingestion, parsing, and data onboarding.

Splunk Architecture & Implementation:

• Design, deploy, and optimize Splunk Enterprise and Splunk Cloud environments.
• Lead end-to-end Splunk implementations, migrations, and upgrades.
• Manage search head clustering, indexer clustering, and data retention policies.

Security & Observability Solutions:

• Architect and configure Splunk Enterprise Security (ES), Splunk UBA, and ITSI.
• Implement risk-based alerting (RBA), custom correlation searches, and advanced analytics.
• Integrate Splunk with SOAR, cloud platforms (AWS, Azure, GCP), and third-party security tools.

Team Leadership & Customer Engagement:

• Lead and mentor a team of Splunk Administrators & Engineers.
• Interact with customers to gather requirements, design solutions, and conduct workshops etc.
• Review and improve Splunk use cases, dashboards, and data models.

Optimization & Automation:

• Develop custom scripts (Python, Bash, PowerShell) for automation and orchestration.
• Tune Splunk performance, search queries, and indexing strategies.
• Implement best practices for data onboarding, parsing, and CIM compliance.

Interested can share their updated resume to along with the below mentioned details.

Current CTC:

Expected CTC:

Notice Period:

Responsibilities

As a member of the incident/Workorder/Change handling team , you will have the following accountabilities:

• Will be working as an SME for Zscaler Support in Operations for ZIA, ZPA and ZDX.
• Assess and orchestrate the current and planned security posture for NTT data’s Security infrastructure, providing recommendations for improvement and risk reduction.
• Identify and propose process improvements and identify opportunities for new processes and procedures to reduce risk.
• Support security incident response as required; First line responder to reported or detected incidents.
• Perform security research, analysis, security vulnerability assessments and penetration tests.
• Provide security audit and investigation support
• Monitor and track security systems for Vulnerability and respond to potential security Vulnerability.
• Provide support for the Vulnerability management program.
• Provide 24x7 support as operations team working in shifts.
• Participate in on-call system administration support including but not limited to weekends, holidays and after-business hours as required to service the needs of the business.

Skills and Experience

• 4 to 5 years+ in Information Security space.
• Strong experiance in Service Now Ticketing tool, Dashboards and Integration.
• Strong experience with Zscaler ZIA, ZPA and ZDX.
• Strong experience with Vulnerability Management Program.
• Strong experience with Qualys Vulnerability Management Tool.
• Some good to have Experience with Crowdstrike EDR and SIEM.
• Strong experience with multiple network operating systems, including two or more of the following: Cisco iOS, Juniper ScreenOS or Junos, Fortinet FortiOS, CheckPoint GAiA, or Palo Alto Networks PAN-OS; Tanium, Rapid 7, Nessus, Nitro ESM, Symantec SEP,  Symantec Message labs, Thales encryption, Allgress, Forecpoint, Blue coat, Firepower, Cisco ISE, Carbon Black, Titus, Encase
• Strong oral, written, and presentation abilities.
• Experiance with M365 Copilot.
• Some experience with Unix/Linux system administration.
• Strong  experience with logging and alerting platforms, including SIEM integration.
• Current understanding of Industry trends and emerging threats; and Working Knowledge of incident response methodologies and technologies. 

Desirable

• Zscaler Certifications Associate and Professional for ZIA, ZPA and ZDX.
• Excellent Experiance in Zscaler ZIA, ZPA and ZDX.
• Experiance in Vulnerability Management Program.
• Experiance in Qualys Vulnerability Management Tool.
• Well-rounded background in network, host, database, and application security.
• Experience implementing security controls in a bi-modal IT environment.
• Experience driving a culture of security awareness.
• Experience administering network devices, databases, and/or web application servers.
• Professional IT Accreditations (CISM, CCSA, CCSE, JNCIA, CCNA, CISSP, CompTIA Security) Good to have.
   

Abilities

• Non customer facing role but an ability to build strong relationships with internal teams, and security leadership, is essential act as Incident co-ordinator, for reviewing all security tools, ingesting incident data, tracking incident status, coordinating with internal and external assets to fulfill information requirements, and initiating escalation procedures.
• Document daily work and new processes.
• Embrace a culture of continuous service improvement and service excellence.
• Stay up to date on security industry trends.

Greetings !

We are looking for a skilled Splunk Administrator with hands-on experience in deploying and managing Splunk Enterprise and Splunk Cloud. The ideal candidate should have experience in Splunk Enterprise Security (ES), Splunk UBA, and IT Service Intelligence (ITSI). This role requires strong technical skills, along with the ability to communicate effectively with customers.

Roles & Responsibilities:

Splunk Deployment & Administration:

• Install, configure, and manage Splunk Enterprise and Splunk Cloud.
• Handle indexers, search heads, forwarders, and clustering.
• Optimize Splunk performance, storage, and scalability.

Security & Splunk Monitoring Solutions:

• Implement and manage Splunk Enterprise Security (ES), Splunk UBA, and ITSI.
• Configure correlation searches, threat intelligence feeds, risk-based alerting (RBA), and dashboards.
• Troubleshoot security-related issues within Splunk.

Customer Interaction & Troubleshooting:

• Engage with customers to understand their requirements and provide technical guidance.
• Troubleshoot and resolve Splunk-related issues, logs ingestion, parsing, and data onboarding.

Splunk Architecture & Implementation:

• Design, deploy, and optimize Splunk Enterprise and Splunk Cloud environments.
• Lead end-to-end Splunk implementations, migrations, and upgrades.
• Manage search head clustering, indexer clustering, and data retention policies.

Security & Observability Solutions:

• Architect and configure Splunk Enterprise Security (ES), Splunk UBA, and ITSI.
• Implement risk-based alerting (RBA), custom correlation searches, and advanced analytics.
• Integrate Splunk with SOAR, cloud platforms (AWS, Azure, GCP), and third-party security tools.

Team Leadership & Customer Engagement:

• Lead and mentor a team of Splunk Administrators & Engineers.
• Interact with customers to gather requirements, design solutions, and conduct workshops etc.
• Review and improve Splunk use cases, dashboards, and data models.

Optimization & Automation:

• Develop custom scripts (Python, Bash, PowerShell) for automation and orchestration.
• Tune Splunk performance, search queries, and indexing strategies.
• Implement best practices for data onboarding, parsing, and CIM compliance.

Interested can share their updated resume to along with the below mentioned details.

Current CTC:

Expected CTC:

Notice Period:

Greetings !

We are looking for a skilled Splunk Administrator with hands-on experience in deploying and managing Splunk Enterprise and Splunk Cloud. The ideal candidate should have experience in Splunk Enterprise Security (ES), Splunk UBA, and IT Service Intelligence (ITSI). This role requires strong technical skills, along with the ability to communicate effectively with customers.

Roles & Responsibilities:

Splunk Deployment & Administration:

• Install, configure, and manage Splunk Enterprise and Splunk Cloud.
• Handle indexers, search heads, forwarders, and clustering.
• Optimize Splunk performance, storage, and scalability.

Security & Splunk Monitoring Solutions:

• Implement and manage Splunk Enterprise Security (ES), Splunk UBA, and ITSI.
• Configure correlation searches, threat intelligence feeds, risk-based alerting (RBA), and dashboards.
• Troubleshoot security-related issues within Splunk.

Customer Interaction & Troubleshooting:

• Engage with customers to understand their requirements and provide technical guidance.
• Troubleshoot and resolve Splunk-related issues, logs ingestion, parsing, and data onboarding.

Splunk Architecture & Implementation:

• Design, deploy, and optimize Splunk Enterprise and Splunk Cloud environments.
• Lead end-to-end Splunk implementations, migrations, and upgrades.
• Manage search head clustering, indexer clustering, and data retention policies.

Security & Observability Solutions:

• Architect and configure Splunk Enterprise Security (ES), Splunk UBA, and ITSI.
• Implement risk-based alerting (RBA), custom correlation searches, and advanced analytics.
• Integrate Splunk with SOAR, cloud platforms (AWS, Azure, GCP), and third-party security tools.

Team Leadership & Customer Engagement:

• Lead and mentor a team of Splunk Administrators & Engineers.
• Interact with customers to gather requirements, design solutions, and conduct workshops etc.
• Review and improve Splunk use cases, dashboards, and data models.

Optimization & Automation:

• Develop custom scripts (Python, Bash, PowerShell) for automation and orchestration.
• Tune Splunk performance, search queries, and indexing strategies.
• Implement best practices for data onboarding, parsing, and CIM compliance.

Interested can share their updated resume to along with the below mentioned details.

Current CTC:

Expected CTC:

Notice Period: