6,076 Security Engineer jobs in India

What you will be doing:

Lead the design, deployment, and optimization of enterprise-scale security tools and platforms to proactively monitor and respond to sophisticated threats across complex, distributed systems

Drive strategic security monitoring initiatives and establish best practices for threat detection and incident response across the organization

Lead complex security incident investigations, perform advanced threat hunting, coordinate cross-functional response efforts, and develop comprehensive post-incident improvement strategies

Architect and implement scalable incident response procedures and playbooks, serving as a technical escalation point for critical security events

Conduct advanced security data analysis to identify attack patterns, emerging threat vectors, and strategic improvements to the organization's security posture

Own the enterprise vulnerability management program, establishing risk-based prioritization frameworks and driving organization-wide remediation strategies

Spearhead AI/ML integration and automation initiatives to transform security operations, reduce manual overhead, and enhance detection capabilities

Stay up-to-date on the latest security threats and vulnerabilities

Provide technical leadership and mentorship to security engineers, fostering knowledge sharing and professional development

Drive cross-functional collaboration with engineering, infrastructure, and product teams to embed security-by-design principles and influence architectural decisions

Support ongoing security compliance, audit, and certification programs (e.g., PCI, HIPAA, SOC2)

Required to manage incidents as per on-call schedule

What you need to bring:

8+ years of security operations experience, preferably in cloud centric environments

Demonstrate skill in identifying exploits and vulnerabilities and providing remediation efforts in network and server environments

Deep understanding of modern attack vectors, threat intelligence, and advanced persistent threat (APT) tactics, techniques, and procedures

Knowledge of TCP/IP Protocols, network analysis, and network/security applications.

Extensive experience with public cloud security (AWS) including infrastructure-as-code, container security, and serverless architectures

Ability to be part of an on-call rotation and first responder to security event escalations

Team player, collaboration with India and US team (mostly in PST timezone)

Nice to Have:

Experience with scripting languages (Python, PowerShell, etc.)

Experience with public cloud security (AWS, Azure, GCP)

Red/Blue team experience

Security certifications (e.g., CISSP, Security+, CEH, GIAC)

Do you love the excitement and learning opportunity to study, analyse and deal with the most complex threats to digital security in today's world? Do you have the "learner" mindset, are willing to un-learn old skills and learn new ones every day? Are you excited by the potential of influencing the state of security of our entire company, every day? If yes, then this opportunity is for you.
Responsible for the installation, maintenance, support and optimization of all security-related components Facilitate incident response and forensic investigations Apply countermeasures to mitigate evolving security threats Work with other teams to ensure platform hardening, security maintenance, and vulnerability remediation procedures are followed Special Requirements Proficiency in KQL query and in a scripting language, preferably perl, PHP, or python a plus Must demonstrate basic knowledge of knowledge of Linux, Mac, and Strong understanding of Windows operating systems and networking protocols.
About CDO - Cyber Defense Operations. An organization led by Microsoft's Chief Information Security Officer enables Microsoft to deliver the most trusted devices and services. CDO's vision is to ensure all information and services are protected, secured, and available for appropriate use through innovation and a robust risk framework.
**Responsibilities**
+ Technical Insight: Provides technical insight on incident analysis and management, threat mitigation, forensics, malware analysis, and automation.
+ KRA and KPI Management: Ensures strong Key Result Areas (KRA) and Key Performance Indicators (KPI) management.
+ Collaboration: Embraces the values of Microsoft through coaching and collaboration, and partners with peer teams working in similar areas.
+ Stakeholder Management: Manages critical stakeholder calls and meetings (including non-business hours) while addressing critical security incidents.
+ Security Knowledge: Possesses extensive hands-on knowledge of security concepts including cyber-attacks, techniques, threat vectors, risk management, and incident management.
+ Automation Opportunities: Discovers potential automation opportunities or insights to enhance operational efficiency.
+ Product Collaboration: Collaborates and advises product teams on enhancing Microsoft's first-party security products by offering actionable feedback for improvement.
+ Team Environment: Cultivates a positive and inclusive team environment.
+ Operational Rigor: Demonstrates exceptional operational rigor with real-world experience in cyber security operations, threat mitigation and incident response.
+ Communication Skills: Exhibits excellent technical writing and oral communication skills.
+ Problem-Solving: Shows a systematic problem-solving mindset.
**Qualifications**
+ 8+ years of work experience, with a minimum of 6 years of experience in SOC.
+ Minimum 4 years of experience in Azure/Cloud
+ Hands on experience with incident analysis, Threat Actor related incident handling, Large Scale incident responder and Threat Hunting.
+ Understanding of Windows internals, Linux and Mac OS.
+ Understanding of various attack methods, vulnerabilities, exploits, malware.
+ Good Understanding of SIEM Console and tools such as Sentinel, Splunk, Qradar etc
+ Social engineering - given that humans are the weakest link in the security chain, an analyst's expertise can help with awareness training
+ Security assessments of network infrastructure, hosts and applications - another element of risk management.
+ Conduct root cause analysis and post-incident reviews.
+ Assist in tuning and optimizing detection rules and alerts.
+ Forensics - investigation and analysis of how and why a breach or other compromise occurred.
+ Develop and maintain incident response playbooks and standard operating procedures (SOPs).
+ Collaborate with IT, DevOps, and other teams to remediate vulnerabilities and improve security controls.
+ Troubleshooting - the skill to recognize the cause of a problem
+ DLP, AV, FIM, web proxy, email proxy, etc. - a comprehensive understanding of the tools utilized to protect the organization.
+ Excellent written and oral communication skills.
+ Security certifications such as GCIH, GCFA, GREM, CySA+ Knowledge of Azure Sentinel and KQL query is a must and added advantage.
+ Exposure to threat intelligence platforms and SOAR tools.
+ Knowledge of MITRE ATT&CK framework and incident response methodologies.
Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations ( .

We are seeking an experienced and dynamic Lead Security Operations Engineer to oversee our security infrastructure and response capabilities in Kochi. This position requires a seasoned professional who can lead a team, drive strategic security initiatives, and ensure the robust protection of our digital assets. As the Lead Security Operations Engineer, you will be responsible for managing the day-to-day operations of the security operations center (SOC), including the monitoring, detection, and response to cyber threats. You will lead the team in conducting advanced threat hunting, forensic investigations, and incident response activities. Developing and refining security policies, procedures, and playbooks to enhance our defensive posture will be a key responsibility. You will also oversee the implementation and management of security technologies, such as SIEM, IDS/IPS, EDR, and firewalls, ensuring their optimal performance and effectiveness. Mentoring and guiding junior security analysts, fostering their professional development, and maintaining a high-performing team are integral to this role. Furthermore, you will collaborate with various IT and business units to integrate security best practices into their operations and provide expert consultation on security-related matters. Conducting regular risk assessments and developing mitigation strategies to address identified vulnerabilities will be essential. The ideal candidate will possess a Master's degree in Computer Science, Cybersecurity, or a related field, with substantial experience in security operations and incident management. Demonstrable leadership experience, along with expertise in network security, cloud security, threat intelligence, and security architecture, is crucial. Advanced certifications (e.g., CISSP, CISM, GIAC) are highly desirable. Excellent analytical, problem-solving, and communication skills are required to effectively lead the team and interact with stakeholders at all levels. This is a challenging yet rewarding opportunity to make a significant impact on our organization's security resilience. Our client is committed to building a secure and resilient environment.
Location: Kochi, Kerala, IN

Our client is looking for a highly skilled and experienced Senior Security Operations Engineer to join their dedicated security team. This role is critical in maintaining and enhancing the operational security of our IT infrastructure and systems. You will be responsible for the continuous monitoring of security alerts, investigating potential threats, and implementing timely responses to mitigate risks. This involves managing and optimizing security tools, such as SIEM, IDS/IPS, and endpoint detection and response (EDR) solutions. You will also play a vital role in threat intelligence analysis, vulnerability management, and developing security playbooks for incident response. The ideal candidate will possess deep technical expertise in network security, operating systems (Windows/Linux), and cloud security principles. Strong analytical and problem-solving skills are essential, as is the ability to work under pressure and make critical decisions. This position requires a Bachelor's degree in Computer Science, Information Technology, or a related field, along with significant hands-on experience in security operations or a similar cyber defense role. Relevant certifications such as CompTIA Security+, CEH, or GIAC are a strong plus. While the role is based in **Thiruvananthapuram, Kerala, IN**, requiring a strong on-site presence, the company fosters a collaborative team environment where knowledge sharing and continuous learning are highly encouraged. You should be adept at documenting security procedures and contributing to the overall security strategy. If you are passionate about protecting organizations from cyber threats and possess the technical acumen and experience to excel in a demanding security operations role, we encourage you to apply.

Our client is seeking a highly skilled and experienced Lead Security Operations Engineer to join their cybersecurity team in Ghaziabad, Uttar Pradesh . This is an on-site position where you will be responsible for managing and enhancing the organization's security operations center (SOC) and incident response capabilities. You will lead a team of security analysts, overseeing the detection, analysis, and response to cyber threats. Key responsibilities include developing and implementing advanced security monitoring strategies, managing security tools and technologies (SIEM, SOAR, IDS/IPS), and ensuring the effectiveness of threat detection and containment. The ideal candidate will possess strong analytical and problem-solving skills, with a deep understanding of various attack vectors, malware analysis, and forensic techniques. You will be responsible for creating and refining incident response playbooks, conducting tabletop exercises, and leading investigations into complex security breaches. Collaboration with other IT departments, including infrastructure, network, and application teams, is crucial for maintaining a comprehensive security posture. Experience in threat hunting, digital forensics, and malware analysis is highly desirable. The Lead Security Operations Engineer will also contribute to the continuous improvement of security processes and technologies, ensuring the organization remains protected against evolving cyber threats. This role requires exceptional leadership qualities, the ability to mentor junior team members, and a commitment to operational excellence in a critical security function.

• Manage and direct the Security Operations Center (SOC) activities.
• Lead the incident response team, overseeing the detection, containment, and eradication of security threats.
• Develop, implement, and maintain security monitoring tools and processes.
• Conduct advanced threat hunting and analysis to identify sophisticated threats.
• Create and refine incident response playbooks and procedures.
• Perform digital forensics and malware analysis to understand attack methodologies.
• Collaborate with cross-functional teams to integrate security controls and remediate vulnerabilities.
• Mentor and guide junior security analysts.
• Stay abreast of the latest cybersecurity trends, threats, and technologies.
• Ensure compliance with relevant security regulations and standards.

Our client is actively recruiting a Senior Security Operations Engineer for a fully remote position. This role is critical in managing and enhancing our client's Security Information and Event Management (SIEM) infrastructure and Security Orchestration, Automation, and Response (SOAR) platforms. The ideal candidate will be adept at ensuring the efficiency, reliability, and security of these vital systems, proactively identifying and mitigating threats. You will be working with a global team, contributing to the robust security posture of the organization from anywhere.

Responsibilities:

• Design, implement, and maintain SIEM and SOAR solutions to detect, analyze, and respond to security threats.
• Develop and optimize SIEM correlation rules, alerts, and dashboards to enhance threat detection capabilities.
• Automate security workflows and responses using SOAR playbooks to improve incident response efficiency.
• Monitor system health, performance, and security of SIEM/SOAR platforms, ensuring high availability.
• Conduct regular tuning of security tools and data sources to reduce false positives and improve alert accuracy.
• Collaborate with threat intelligence teams to integrate relevant threat feeds into SIEM/SOAR workflows.
• Provide technical expertise and support for security incident investigations.
• Develop and maintain documentation for SIEM/SOAR configurations, processes, and playbooks.
• Evaluate and recommend new security technologies and solutions.
• Stay current with industry best practices in security operations, threat detection, and incident response.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent work experience.
• Minimum of 6 years of experience in Security Operations, SIEM engineering, or Security Automation.
• In-depth knowledge of SIEM platforms (e.g., Splunk, QRadar, LogRhythm) and SOAR platforms (e.g., Palo Alto Cortex XSOAR, Swimlane).
• Experience in developing and customizing SIEM correlation rules and SOAR playbooks.
• Strong understanding of networking protocols, operating systems (Windows, Linux), and cloud security concepts.
• Proficiency in scripting languages such as Python, PowerShell, or Bash for automation.
• Experience with threat hunting and incident response methodologies.
• Excellent analytical, troubleshooting, and problem-solving skills.
• Strong written and verbal communication skills.
• Ability to work independently and collaboratively in a remote, distributed team environment.

This is a fully remote role, ideal for individuals seeking a flexible work arrangement.