4,356 Security Intern jobs in India

Job Summary

We are seeking a Security Operations Center (SOC) Analyst with hands-on experience in Secureworks Taegis and Microsoft Defender (Endpoint, Identity, and Cloud) to join our cybersecurity team. This role is critical for monitoring, analyzing, and responding to security threats across cloud and hybrid environments. The ideal candidate will thrive in high-pressure situations, collaborate across teams, and leverage SIEM/SOAR capabilities to enhance threat detection and response.

Key Responsibilities

• Monitor and triage security alerts using Secureworks Taegis and Microsoft Defender , including detection rule authoring and alert enrichment.
• Investigate incidents across cloud, network, and endpoint environments using Secureworks case management and Defender telemetry.
• Develop and maintain log ingestion pipelines using tools like Cribl or Logstash for Secureworks integration.
• Collaborate with Tier-2/3 analysts and threat intelligence teams to refine detection rules and reduce false positives.
• Participate in incident response activities , including containment, eradication, and recovery.
• Create and maintain SOC playbooks and automation workflows using Secureworks SOAR and Microsoft security automation capabilities.
• Conduct packet analysis, malware triage, and forensic investigations as needed.
• Stay current on threat landscapes, compliance standards (e.g., MITRE ATT&CK, GDPR, PCI-DSS), and emerging security technologies.

Required Skills

• 7-10 years of experience in a SOC or cybersecurity operations role.
• Proficiency with Secureworks Taegis and Microsoft Defender (Endpoint, Identity, Cloud), including rule tuning, log analysis, and case management.
• Experience with SIEM tools (e.g., Splunk, QRadar, Elastic Stack) and SOAR platforms.
• Strong understanding of TCP/IP, DNS, HTTP/S , and other network protocols.
• Familiarity with endpoint detection tools (e.g., Defender for Endpoint), IDS/IPS, and vulnerability scanners (e.g., Nessus, Qualys).
• Scripting skills in Python, Bash, or PowerShell for automation and data parsing.

Preferred Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, or related field.
• Certifications such as CompTIA Security+ , GIAC (GCIH, GCIA) , CEH , or Microsoft Security certifications (e.g., SC-200, SC-300).
• Prior experience supporting federal or financial clients .
• Experience with red/blue/purple team exercises and threat hunting .

This position will pay $10-15/hour and is located in Bangalore India.

Hi Everyone,

I am on lookout for Security Operations Center - Specialist for leading product based MNC in Pune, Kharadi.

Kindly refer below JD & share your resume on

Job description:

● 5+ years of overall experience

● Experience with SOC, Threat Monitoring

● Experience with Threat & vulnerability management.

● Experience with SIEM tools like : Splunk, Azure Sentinel, EDR & MS Defender.

● Looking for candidates who can join as Immediate Joiner or within 30 days

PFB the JD:

Job Description

Security Operations Centre (SOC) Analyst plays a vital role in Security delivery. As a SOC Analyst Level 3, you will be on the front line of Cyber Defense, detecting & responding to Cyber Incidents as they happen. You will work with other team members to provide situational awareness through detection, containment, and remediation of IT threats. This job requires great attention to detail and general awareness of Cyber Security tools like SIEM, XDR, EDR, IDS/ IPS, ability understand various logs - network logs, sys logs, Firewall logs. As a SOC Analyst you are expected to have working knowledge in areas of networking, malware analysis, incident response, vulnerability management.

* Threat & vulnerability analysis

* Investigate, document & report Information security issues & emerging trends

* Analysis & response to unknown vulnerabilities

Responsibilities

As a SOC Analyst - Level 3, you will:

* Operate as detection and security incident response subject-matter expert

* Technical subject-matter expert in SOC/ SIEM and supporting technologies (EDR, UEBA, etc.) to develop custom queries (e.g., KQL) and playbooks for the SOC analysts to utilize in their investigations.

* Align and maintain detection capability to the Mitre attack framework.

* Perform root cause analysis of detection failures, identify areas for improvement.

* Drive the continuous development of detection capability for SOC

* Manage, investigate, and resolve complex issues with the Security tooling.

* Securely configure the SIEM, and other SOC solutions in accordance with relevant policy and regulation

* Support the Threat hunters in executing complex data analysis.

* Provide a point of escalation for SOC/ security detection technical service issues.

* Ensure the relevant security tools are compliant with company standards and governance.

* Contribute to existing Policy, procedures and process documentation enhancements

* Define and implement technical governance processes for security tooling of SOC, SIEM and other security tools including AV, EDR, Defender Cloud.

* Create and review detection technology high and low level designs.

* Propose and identify automation opportunities resulting from incidents;

* Provide recommendations to the Client team, on how to mitigate or avert the occurrence of any suspicious activity within their environment.

* Provide In depth analysis to the user/customer about the security incidents (eg. Phishing attack)

* Troubleshoot connector/ logger/ Manager for log retrievals

* Prepare SOC Management Reports.

* Analyzing & preparing daily and monthly reports based on the devices which are being monitored

* Creating Reports and Dashboards based on the customer requirement.

* Creating Queries for the Rules requested by client for real time alerts.

* Creating Reports which helps in providing the logs for the alerts, for finding any possible threats.

* Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths.

* Independently follow procedures to contain, analyze, and eradicate malicious activity.

* Change Management/ Implementation: Independently implement changes to meet customer infrastructure needs within area of technical responsibility

* Patch and Security Management: Apply patch and security changes per policy.

* Configuration Management: Review Configuration Management Database (CMDB) entries to ensure they are complete and accurate.

* Quality: Provide continual improvement recommendations for direct responsibility area (process improvement, technical standard updates, etc).

* Project Management: Lead & participate in customer and internal projects, including transformation.

* Customer Relationship Management: Set expectations with customers and/or internal businesses/end users within defined parameters.

* Teamwork: Work as part of a team, which may be virtual and/or global. Participate as part of a team and maintains good relationships with team members and customers

Skill

8 - 12 years of relevant experience

Typical skills include:

* Fine-tune SIEM and other SOC tooling to exclude noise and false positives

* Create and fine-tune content in SIEM - correlation rules, Dashboard and Reports etc

* Interact with SIEM, EDR and NDR vendors (TAC Support) to remediate any issues with tooling

* Evaluate new solutions for SOC

* Identify opportunities to improve overall capacity, playbook and runbook

* Understanding of threat landscapes and threat modelling, security threat and vulnerability management, and security monitoring

* Working knowledge of tools and techniques used by attackers to gain entry into corporate networks, including common IT system flaws and vulnerabilities.

* Knowledge of industry standards such as ISO 27001, HIPAA, FedRAMP, Cloud Security Alliance, NIST frameworks and risk methodologies

* Demonstrated experience in communicating complex security concepts, both verbally and in writing, to a variety of audiences

* Must take ownership of tasks and demonstrate high degree of autonomy to ensure completion

* Excellent understanding of related technologies (Networking, Operating Systems)

* General Project Management (Expert)

* Customer/Vendor Management (IExpert)

* Business Analysis (Expert)

* Has ability to perform/drive resolution of problems on individual products.

* Able to communicate broad and specific concepts with team and to peers.

* Able to produce documentation for use by team and customer.

* Able to perform/drive resolution of problems on combinations and interactions of products

* Strong verbal & written communication skills

* Proactive approach to meet & exceed goals

Qualification & Experience

Bachelor’s degree in engineering (Electronics, Communication, Computer Science)

8 - 12 years of relevant experience in SOC domain

Strong understanding ITIL process

Recognized Cyber Security certifications, such as CISSP, CISM, SANS, SABSA, OSCP are advantageous.

Microsoft Security and compliance certifications such as SC-200, MS-500 and AZ-500 preferred

Smarsh is the leader in communications compliance, archiving, and analytics. We provide compliance across the broadest set of communications channels with insights on what’s being captured. Smarsh customers manage over 500 million daily conversations across 80 channels and growing. Customers include the top 10 U.S., top 8 European, top 5 Canadian, and top 3 Asian banks. The Smarsh advantage is customers stay ahead of compliance and uncover patterns and relationships hidden within their data.

At Smarsh , we’ve been helping our customers manage new forms of communication since 1998. We work closely with regulators including the SEC, FINRA, IIROC, and the PRA and FCA, and with our customers, to ensure that they understand the capabilities of today’s technology and that our platform meets their most stringent requirements. Our products include Connected Capture, Connected Archive, Web Archive & Business Solutions.

About the team:

The Lead Security Operations Analyst - plays a critical role in the Security Operations Center (SOC) by handling escalated incidents from the analysts. This role involves in-depth analysis, incident response coordination, mentoring of analysts, real time security monitoring, threat hunting and ensuring compliance with the Security policies and standards.

Skills and Experience:

• Experience: 10 plus years of experience in cybersecurity, particularly in security operations.
• Cybersecurity Expertise: Advanced knowledge of cybersecurity threats, vulnerabilities, malware investigation and incident response, evidence collection, communication and documentation
• Technical Proficiency: Proficiency in operational support, Security Architecture of SIEM, SOAR, EDR, XDR, Firewalls and other security tools.
• Analytical Skills: Strong analytical, investigative, and problem-solving skills.
• Forensic Analysis: Experience with forensic analysis and malware analysis.
• Certifications: Relevant certifications such as CFCE, CISSP, GCIH, or GCIA.
• Language Skills: Excellent verbal and writing skills in English.
• On Call Support: Rotational on call support for high severity incidents in a 24x7 environment.

Roles and Responsibilities

• Incident Analysis: Conduct detailed analysis of escalated security incidents. Coordination of end-to-end Security Incident management on escalated incidents, ensuring timely updates to stakeholders and efficient resolution of incidents.
• Incident Response: Lead the development and implementation of incident response plans.
• Threat Monitoring and Analysis: Monitor security alerts and events using SIEM and other security tools. Lead and coordinate proactive threat hunting to identify potential risks and vulnerabilities. Analyze and integrate threat intelligence feeds to the platforms and stay updated on emerging threats.
• Mentorship: Mentor and provide guidance to Security analysts on incident handling. Foster a culture of continuous improvement and learning.
• Forensic Analysis: Perform forensic analysis and malware analysis of Computers, Cloud, Networks, Mobile devices and other digital medias
• Architecture Design: Develop and refine architecture of Security Tools and platforms
• Collaboration: Creatively solve problems collaborating with SecOps, Platform, Delivery, IT and Engineering team members.

Qualifications:

• Education: Bachelor’s degree in computer science, Cybersecurity, or a related field.
• Certifications: Advanced certifications such as CISSP, OSCP, GCIH, GSOC or GCIA.
• Incident Response Experience: 7+ years of experience in Cyber Incident response and investigations.
• Leadership Skills: Strong leadership and communication skills.

Why Smarsh?

Smarsh hires lifelong learners with a passion for innovating with purpose, humility and humor. Collaboration is at the heart of everything we do. We work closely with the most popular communications platforms and the world’s leading cloud infrastructure platforms. We use the latest in AI/ML technology to help our customers break new ground at scale. We are a global organization that values diversity, and we believe that providing opportunities for everyone to be their authentic self is key to our success. Smarsh leadership, culture, and commitment to developing our people have all garnered Comparably.com Best Places to Work Awards. Come join us and find out what the best work of your career looks like

Security Operations Centre Analyst

This is a great opportunity to work at a rapidly growing, market leading Unified Communications as-a-service company. RingCentral provides Voice-over-IP (VoIP), hosted PBX, voicemail, SMS, e-fax, and HD video meeting solutions for business.

About this role:

As a SOC Analyst at RingCentral, your primary responsibilities are to implement a comprehensive security monitoring, incident response and threat intelligence program for RingCentral’s global cloud service, corporate and development environments. You will also be collaboratively providing feedback to improve security operations processes, generating actionable analysis and threat intelligence from tools, logs, and other data sources, ensuring strong documentation is in place to support ongoing SOC activities, and reporting your observations to other Security, Operations and IT personnel.

Successful Candidates will:

• Have proven skills in application security, security monitoring, incident response and intrusion analysis
• Have strong knowledge of the diverse methods and technologies used to attack web/mobile/desktop applications, SaaS infrastructure, and data
• Think critically, work well under pressure, and possess strong analytical, written, verbal, and interpersonal skills
• Demonstrated track record of quality processes in candidate’s work history
• Be strongly self-motivated with an aptitude for both individual and team-oriented work
• Have experience following and refining standard operating procedures and playbooks

Responsibilities:

• Monitor security events, analyze and investigate alarms, and maintain day-to-day operational activities of a secure cloud environment
• Engage teams within and outside of RingCentral to mitigate and resolve cases
• Maintain relevant documentation and audit artifacts
• Identify and track suspicious system activity
• Identify trends and patterns, and present them to Security Engineers to enhance our processes and systems
• This role participates in on-call rotations

Qualifications / Requirements:

• 2+ years in a security engineering, SRE, or SOC roles in a cloud services environment
• Experience with SIEM
• Experience investigating security incidents
• Basic knowledge AWS or GCP
• Experience with IDS, case management, and related tools and practices
• Experience with Linux, RedHat preferred
• Basic knowledge of broad security topics such as encryption, application security, malware, ransomware, etc.
• Knowledge of network, VoIP and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, SIP, RTP)

Preferred Skills/Experience:

• GIAC or CompTIA Sec+ CYSA+, CISCO, Offsec, splunk/redhat certifications.
• Experience using Crowdstrike, Cloudflare, FirePower, Splunk, ELK, Imperva, Syslog, packet capture, and Windows Event Log tools and similar tools
• Knowledge of current hacking techniques, malicious code trends, botnets, exploits, malware, DDoS, and data breach events
• Strong knowledge of Microsoft Windows

We are seeking a Security Operations Center (SOC) Analyst with hands-on experience in Secureworks Taegis and Microsoft Defender (Endpoint, Identity, and Cloud) to join our cybersecurity team. This role is critical for monitoring, analyzing, and responding to security threats across cloud and hybrid environments. The ideal candidate will thrive in high-pressure situations, collaborate across teams, and leverage SIEM/SOAR capabilities to enhance threat detection and response.

Key Responsibilities

• Monitor and triage security alerts using Secureworks Taegis and Microsoft Defender , including detection rule authoring and alert enrichment.
• Investigate incidents across cloud, network, and endpoint environments using Secureworks case management and Defender telemetry.
• Develop and maintain log ingestion pipelines using tools like Cribl or Logstash for Secureworks integration.
• Collaborate with Tier-2/3 analysts and threat intelligence teams to refine detection rules and reduce false positives.
• Participate in incident response activities , including containment, eradication, and recovery.
• Create and maintain SOC playbooks and automation workflows using Secureworks SOAR and Microsoft security automation capabilities.
• Conduct packet analysis, malware triage, and forensic investigations as needed.
• Stay current on threat landscapes, compliance standards (e.g., MITRE ATT&CK, GDPR, PCI-DSS), and emerging security technologies.

Required Skills

• 7-10 years of experience in a SOC or cybersecurity operations role.
• Proficiency with Secureworks Taegis and Microsoft Defender (Endpoint, Identity, Cloud), including rule tuning, log analysis, and case management.
• Experience with SIEM tools (e.g., Splunk, QRadar, Elastic Stack) and SOAR platforms.
• Strong understanding of TCP/IP, DNS, HTTP/S , and other network protocols.
• Familiarity with endpoint detection tools (e.g., Defender for Endpoint), IDS/IPS, and vulnerability scanners (e.g., Nessus, Qualys).
• Scripting skills in Python, Bash, or PowerShell for automation and data parsing.

Preferred Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, or related field.
• Certifications such as CompTIA Security+ , GIAC (GCIH, GCIA) , CEH , or Microsoft Security certifications (e.g., SC-200, SC-300).
• Prior experience supporting federal or financial clients .
• Experience with red/blue/purple team exercises and threat hunting .

• Seniority Level
• Mid-Senior level
• Industry
• Aviation and Aerospace Component Manufacturing
• Employment Type
• Contract
• Job Functions
• Information Technology
• Skills
• Cybersecurity
• Cyber-security
• Triage
• Analytical Skills
• Operations
• Malware Analysis
• Forensic Analysis
• Computer Science
• Security Operations