361 Threat Detection jobs in India

Continuously monitor:

• Monitor security alerts and events from various sources, including Microsoft Sentinel, Defender for Endpoint and Defender for Cloud.
• Perform log management: Perform log ingestion, define use cases, and create alerts for critical assets.
• Develop Detection Rules: Create, implement, and fine-tune analytical rules, alerts, and queries in Microsoft Sentinel and Defender to detect security incidents and reduce false positives.
• Behavioral Analytics: Leverage user and entity behavior analytics (UEBA) to identify abnormal activities and enhance detection capabilities.
• Customize Playbooks: Develop and customize automation playbooks in Sentinel and defender to streamline incident response processes and improve efficiency.
• Threat Hunting: Using IOCs and threat intelligence, perform threat hunting across environment.

Incident Response

• Analyze and investigate security incidents to identify potential threats.
• Respond promptly to security incidents, provide initial analysis, conduct business impact assessment, isolate, eradicate and recover from threats.
• Document and report incidents, ensuring accurate and comprehensive records.
• Follow established incident response procedures, playbooks and contribute to their enhancement.

Testing and Validation

• Participate in Blue RedPurple team exercises.
• Participate in Cyber crisis simulations.
• Participate in Table-top exercises.

Business Context and Risk Management

• Understand the Business value chain.
• Understand key Business processes.
• Understanding the Business architecture and mapping to crown jewels (critical assets)
• Risk management with the ability to conduct risk assessments when required.

Endpoint Detection and Response (EDR)

• Manage and maintain endpoint security and compliance.
• Perform daily health checks endpoint security and EDR solutions and remediate accordingly.
• Conduct regular scans and assessments to identify and mitigate potential vulnerabilities.
• Collaborate with IT teams to ensure endpoint security configurations align with organizational standards.

| About us:

Foodsmart is the leading telenutrition and foodcare solution, backed by a robust network of Registered Dietitians. Our platform is designed to foster healthier food choices, drive lasting behavior change, and deliver long-term health outcomes. Through our highly personalized, digital platform, we guide our 2.2 million members—including those in employer-sponsored health plans, regional and national Medicaid managed care organizations, Medicare Advantage plans, and commercial insurers—on a tailored journey to eating well while saving time and money.

Foodsmart seamlessly integrates dietary assessments and nutrition counseling with online food ordering and cost-effective meal planning for the entire family, optimizing ingredients both at home and on the go. We partner with national and regional retailers across the U.S., many of whom accept SNAP/EBT, making healthier food more accessible. Additionally, we assist members with SNAP enrollment and management, providing tangible access to nutritious food. In 2024, Foodsmart secured a $200 million investment from TPG’s Rise Fund, which supports entrepreneurs dedicated to achieving the United Nations’ Sustainable Development Goals. This investment will help us expand our reach, particularly to low-income workers who are disproportionately affected by diet-related diseases.

At Foodsmart, our mission is to make nutritious food accessible and affordable for everyone, regardless of economic status. We are committed to a set of core values that shape our culture and work environment:

️ Measured: We make data-driven, truth-seeking decisions.

Impactful: We are fueled by achieving our mission and vision.

Malware Analyst

Locations Hyderabad, Pune and Chennai

Here are the some of the key skills which we are looking for it:

• Static and dynamic malware analysis(aware of file structure like, PE, PDF, OLE, windows short cut files etc.)
• someone who has hands on writing signatures for malware samples(at-least initial vector malware).
• Aware of trending malware family campaign and analysis for threat write ups for that follow up family. (example malware family - Emotet/Qakbot/AgentTesla etc.)
• Email security and Endpoint Security (EOP)
• Investigating the Phishing campaign and spam emails which users have received and reported.
• Threat Intelligence analysis/ Threat hunting
• Analyzing PE files (Dynamic and static analysis) and providing detection for malicious PE files.(RE/Malware Analysis)
• Analyzing non-PE file s (like OLE / PDF / HTML / HTA / VBS|VBE /JS/ WSF/JAR/LNK) andproviding detection for malicious files.

• Malware Analysis and Reversing.
• Reverse Engineering skills: familiar with debuggers, disassemblers, network protocols, file formats, sandboxes, hardware/firmware internals, software communication mechanisms, Classification, clustering and labelling of Malware.
• Knowledge of Advanced Techniques of Malware Analysis.
• Knowledge of Malware kill chain and MITRE ATT&CK techniques and tactics.
• Knowledge of AV evasion techniques and Pen testing tools like - Veil (equal rank), PowerShell Empire, Meterpreter, Unicorn, Cactus Torch, and Any other similar tools
• Additionally, Experience with advanced persistent threats, human adversary compromises and incident response.
• Excellent cross-group and interpersonal skills, with the ability to articulate business need for detection improvements.
• Excellent analytical skills and ability to identify patterns and trends.
• Strong research skills, data knowledge, and ability to analyze and present complex data in a meaningful way.
• Strong understanding of Cyber Security, modern security problems and threat landscape, Operating Systems (internals), computer networking concepts.

Required Skills:

• Olly DBG, IDA PRO, Static and dynamic malware analysis, PE and non-PE file analysis

Job Position: SOC Engineer

Location: PAN.

Experience: 5+ to 10+ Years

Must have: Forensics - Others

Roles Responsibilities

• Review daily operational activities and timely mentor junior analysts
• Conduct detailed analysis on escalated events and handover the call to the Incident Response team along with appropriate evidence
• Ensure 100 incidents validation and closure
• Manage shifts and facilitate knowledge transfer within shifts shift handover
• Study attack types and methods while monitoring the environment for threats
• Perform deep dive incident analysis by correlating data from various sources
• Document and archive artefacts for future reference
• Define the criticality of behaviour events based on experience and information security understanding
• Lead operations and act as a security consultant for incidents and s observed
• Guide junior analysts in investigations analysis and categorization
• Monitor various technology dashboards and identify any suspicious activities or anomalies
• Ensure quality check for all s and incidents raised by L1 analysts
• Investigate and close testing incidents defining the steps and processes
• Prepare daily summary reports
• Raise control related concerns such as SOAR and SIEM
• Define operations related activities
• Review IRC SOP and manage all other process documents
• Submit audit data
• Escalate to seniors before the TAT breach
• Handle TAT responsibilities
• Validate SOC incidents by the Bank L2 team
• This role requires a proactive approach to security operations ensuring thorough analysis and validation of incidents mentoring junior analysts and maintaining high standards of documentation and reporting

Dear Candidate

Tata Consultancy Services is hiring for Sr SIEM Admin

Experience: 8-10 Years

Location: Bangalore

Role and Responsibility

Sr. SIEM admin with minimum 5+ yrs of exp,strong knowledge in Custom parser development,

Threat detection use-case designing, implementation and fine-tuning,create rules/dashboards for compliance and audit requirements.

Strong understanding of security incident management, malware management and vulnerability management processes

Working knowledge of the industry models such as the Cyber Kill Chains, Diamond Model and MITRE ATT&CK framework.

Regards,

S.Shanbaga

Tata Consultancy Services

Human Resources CSP TAG

About Tide
At Tide, we are building a business management platform designed to save small businesses time and money. We provide our members with business accounts and related banking services, but also a comprehensive set of connected administrative solutions from invoicing to accounting.

Launched in 2017, Tide is now used by over
1 million small businesses
across the world and is available to UK, Indian and German SMEs. Headquartered in central London, with offices in Sofia, Hyderabad, Delhi, Berlin and Belgrade, Tide employs over 2,000 employees.

Tide is rapidly growing, expanding into new products and markets and always looking for passionate and driven people. Join us in our mission to empower small businesses and help them save time and money.

About The Team
The Platform Security team at Tide plays a crucial role in safeguarding our cloud environments and protecting our Members, partners, employees, and intellectual property. As a Platform Security Engineer within this team, you'll work closely with the Platform Team, Risk Team, and the broader Tide Engineering teams. Your role will involve enhancing the visibility of our cloud resources and ensuring the secure configuration of our infrastructure. At Tide, you'll find your work particularly fulfilling due to our company culture and the exceptional people you'll collaborate with.

About The Role
As a senior platform security engineer you will

• Designing next generation cloud infrastructure to ensure it is kept up do date without reliance manual processes like patching
• Defining and embedding security best practice and standards into our cloud engineering teams
• Building guardrails and defining policy around IAM to ensure least privilege is enacted
• Identifying ways to make sure new security misconfigurations are not created via IaC
• Hardening our existing cloud infrastructure
• Reviewing cloud integrations between Tide and any third parties and be a point of contact for any cloud security incidents

What We Are Looking For

• You have good infrastructure security experience and passionate about tackling risks from misconfigurations
• You have deep expertise in at least one public cloud, preferably AWS or GCP.
• You are familiar with docker and containerised applications.
• You have a good understanding of Kubernetes and how to secure workloads running in a Kubernetes cluster.
• You are familiar with the cloud-native approach to implementing workloads in a Kubernetes cluster.
• You are comfortable with writing CI/CD pipelines using GitHub Actions or any other CI/CD tools such as Jenkins, GitLab Actions, CircleCI etc.
• You are able to review and write Terraform and are able to propose improvements to external providers
• You write reliable software in Python or Go
• You have operations experience in running and maintaining software, operating a large cloud deployment, or creating and triaging alerts around the health and security of your systems
• You work well with other people, see the value of a team, and partner effectively with all stakeholders
• You thrive by identifying high leverage work and doing it without explicit direction
• You aim to always be learning new things and share this passion with those around you

What You'll Get In Return

• Competitive salary
• Self & Family Health Insurance
• Term & Life Insurance
• OPD Benefits
• Mental wellbeing through Plumm
• Learning & Development Budget
• WFH Setup allowance
• 15 days of Privilege leaves
• 12 days of Casual leaves
• 12 days of Sick leaves
• 3 paid days off for volunteering or L&D activities
• Stock Options

Tidean Ways Of Working
At Tide, we champion a flexible workplace model that supports both in-person and remote work to cater to the specific needs of our different teams.

While remote work is supported, we believe in the power of face-to-face interactions to foster team spirit and collaboration. Our offices are designed as hubs for innovation and team-building, where we encourage regular in-person gatherings to foster a strong sense of community.

TIDE IS A PLACE FOR EVERYONE

At Tide, we believe that we can only succeed if we let our differences enrich our culture. Our Tideans come from a variety of backgrounds and experience levels. We consider everyone irrespective of their ethnicity, religion, sexual orientation, gender identity, family or parental status, national origin, veteran, neurodiversity or differently-abled status. We celebrate diversity in our workforce as a cornerstone of our success. Our commitment to a broad spectrum of ideas and backgrounds is what enables us to build products that resonate with our members' diverse needs and lives.

We are One Team and foster a transparent and inclusive environment, where everyone's voice is heard.

At Tide, we thrive on diversity, embracing various backgrounds and experiences. We welcome all individuals regardless of ethnicity, religion, sexual orientation, gender identity, or disability. Our inclusive culture is key to our success, helping us build products that meet our members' diverse needs. We are One Team, committed to transparency and ensuring everyone's voice is heard.
Disclaimer
It Has Come To Our Attention That Individuals Or Agencies Are Falsely Claiming To Represent Tide And Are Reaching Out To Candidates Regarding Job Opportunities. Please Be Aware That

• Tide does not charge any fees at any stage of the recruitment process.
• All official Tide job opportunities are listed exclusively on our Careers Page and applications should be submitted through this channel.
• Communication from Tide will only come from an official email address.
• Tide does not work with agencies or recruiters without prior formal engagement, and we do not authorize third parties to make job offers on our behalf.

*If you are contacted by anyone misrepresenting Tide or requesting payment, please treat it as fraudulent and report it to us immediately at

Your safety and trust are important to us, and we are committed to ensuring a fair and transparent recruitment process.
You personal data will be processed by Tide for recruitment purposes and in accordance with
Tide's Recruitment Privacy Notice
. *

About Rearc
At Rearc, we're committed to empowering engineers to build awesome products and experiences. Success as a business hinges on our people's ability to think freely, challenge the status quo, and speak up about alternative problem-solving approaches. If you're an engineer driven by the desire to solve problems and make a difference, you're in the right place

Our approach is simple — empower engineers with the best tools possible to make

an impact within their industry.

Role Overview
Rearc is looking for a Cybersecurity Threat Detection Engineer with proactive communication skills, a foundation in DevSecOps, Detection-As-Code, deep purple team technical expertise, and an entrepreneurial approach to join our growing Cybersecurity practice. This role involves partnering with Rearc customers to design cutting-edge detection strategies and support the development of top-tier, modern cybersecurity monitoring programs. You will craft tailored security detections to strengthen our clients' cybersecurity efforts by leveraging Security Information and Event Management (SIEM), Security Orchestration Automation and Response (SOAR), Endpoint Detection and Response (EDR), and Network Detection and Response (NDR) services.

What You Bring

• Enthusiasm about developing and evangelizing services in the cyber space.
• Strong cloud, security, SIEM and data engineering fundamentals.

What You'll Do

• Utilize NDR, EDR, real-time streaming, and SIEM technologies to develop robust threat detection capabilities.
• Build and optimize detection rules leveraging real-time data streaming to enhance detection accuracy.
• Design enrichment pipelines and automation workflows to enhance the precision of threat detections.
• Develop correlation logic and automated processes to create high-fidelity threat alerts.
• Build compliance and recoverability of customer Data Analytics solutions, including SOPs, data onboarding, normalization, enrichment, and system maintenance.
• Create automation playbooks for incident triage and response.
• Align detection content with customer-specific Use Case Frameworks and provide metrics on cybersecurity threats impacting their environment.
• Collaborate with customer cybersecurity teams to cover gaps and enhance enterprise posture.
• Support enterprise Cybersecurity, Information Technology (IT), and Operational Technology (OT) teams by providing dashboards and other data exploration tools.
• Stay continually aware of emerging cybersecurity threats and trends, adapting detection strategies as needed.
• Work closely with customer teams, including Cybersecurity Operations Center (CSOC), Operational Technology (OT), and Incident Response (IR) teams, to ensure detections are actionable and relevant.
• Provide feedback to improve the customer's security framework and overall security monitoring strategy.

In this role, you will combine technical expertise with continual situational awareness of emerging threats, driving client success while staying at the cutting edge of cyber security innovations.

Qualifications

• 6+ years of experience in Cybersecurity with a focus on:

• Log streaming

• Cybersecurity data lakes and data warehousing
• SOAR engineering
• SIEM engineering, administration, architecture, and operations
• Data science, statistical analysis, and threat detection development

• Integrating disparate IT, OT, and business applications into SIEM systems

• Bachelor's degree in Management Information Systems, Computer Science, or a related field

• A strong passion for Cybersecurity and a commitment to staying current with industry trends, best practices, and tools
• Proven experience in documenting, socializing, and operationalizing Cybersecurity technologies and processes
• Prior programming experience in Python, SQL, and Apache Spark
• Solid understanding of common attack techniques and their practical applications
• Demonstrated ability to work effectively across multiple teams, building cross-functional relationships with individuals of varying technical expertise
• A self-starter with a proven ability to thrive in fast-paced environments
• Strong technical communication skills, both written and verbal

Nice To Have

• Prior experience with platforms like Databricks, Cribl, Tines, or other cybersecurity lakehouse providers

Some More About Us
At Rearc, our mission is straightforward - empower engineers with the best tools possible to make an impact within their industry. We pride ourselves on fostering an environment where creativity flourishes, bureaucracy is non-existent, and individuals are encouraged to challenge the status quo. We're not just a company; we're a community of problem-solvers dedicated to improving the lives of fellow software engineers.

Our commitment is simple - finding the right fit for our team and cultivating a desire to make things better. If you're a cloud professional intrigued by our problem space and eager to make a difference, you've come to the right place. Join us, and let's solve problems together

About Workato
Workato transforms technology complexity into business opportunity. As the leader in enterprise orchestration, Workato helps businesses globally streamline operations by connecting data, processes, applications, and experiences. Its AI-powered platform enables teams to navigate complex workflows in real-time, driving efficiency and agility.

Trusted by a community of 400,000 global customers, Workato empowers organizations of every size to unlock new value and lead in today's fast-changing world. Learn how Workato helps businesses of all sizes achieve more at

Why join us?
Ultimately, Workato believes in fostering a
flexible, trust-oriented culture that empowers everyone to take full ownership of their roles
. We are driven by
innovation
and looking for
team players
who want to actively build our company.

But, we also believe in
balancing productivity with self-care
. That's why we offer all of our employees a vibrant and dynamic work environment along with a multitude of benefits they can enjoy inside and outside of their work lives.

If this sounds right up your alley, please submit an application. We look forward to getting to know you

Also, Feel Free To Check Out Why

• Business Insider named us an "enterprise startup to bet your career on"
• Forbes' Cloud 100 recognized us as one of the top 100 private cloud companies in the world
• Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America
• Quartz ranked us the #1 best company for remote workers

Responsibilities
At Workato, security is at the core of everything we do. We are seeking a proactive and detail-oriented
Security Engineer – Threat Detection
to join our expanding Security team in India. In this role, you will be pivotal in optimising and enhancing the performance of our Security Information and Event Management (SIEM) platform.

Your primary responsibility will be to maintain, manage, and enhance the SIEM system by integrating critical log sources and overseeing the entire data lifecycle within the platform. You will play a key role in advancing threat detection capabilities by strategically creating, fine-tuning, and optimizing detection rules to improve accuracy and reduce false alerts.

As a central figure in our security operations, you will ensure the SIEM effectively aggregates, processes, and manages security-relevant data from diverse endpoints—including cloud environments, source control management (SCM) systems, applications, servers, workstations, and network devices. You will collaborate closely with the Incident Response team to conduct deep-dive analyses of security incidents and actively participate in daily on-call rotations.

If you are passionate about automating threat detection, streamlining security workflows, and driving innovation at scale, this is an excellent opportunity for you

In This Role, You Will Also Be Responsible To

• Design, develop, implement, and continuously refine custom detection rules within the SIEM to identify emerging and potential security threats tailored to our network infrastructure, industry standards, and evolving threat landscape.
• Analyze and optimize existing detection rules to enhance accuracy, minimize false positives and negatives, and improve overall alert quality, reducing alert fatigue and boosting the signal-to-noise ratio.
• Collaborate closely with security teams and other key stakeholders to gather requirements, incorporate feedback, and collectively improve the SIEM's threat detection capabilities.
• Utilize both out-of-the-box and custom-built detection rules to effectively address the organization's unique security posture and risk profile.
• Oversee ingestion of logs and telemetry from a broad range of security and operational sources, ensuring data integrity, accurate parsing, and efficient storage for timely threat analysis.
• Apply deep expertise in security monitoring principles, threat detection methodologies, and incident response workflows to continually improve detection strategies and operational readiness.
• Maintain comprehensive documentation of detection rules, tuning activities, and SIEM configuration changes; create dashboards and generate insightful reports for management to highlight data trends and security posture.
• Stay current with the latest security threats, vulnerabilities, and advancements in SIEM technologies, particularly within the Microsoft Sentinel ecosystem, to drive ongoing improvement and innovation.
• Provide technical expertise during security audits, compliance assessments (e.g., SOC 2, ISO 27001), and risk evaluations; collaborate with compliance teams to ensure log retention and data management meet regulatory and internal standards.

Requirements
Qualifications / Experience / Technical Skills

• 3 to 6 years of hands-on experience in threat detection, SIEM management, and Security Operations in SaaS or cloud-based environments.
• Proven expertise with leading SIEM platforms and strong skills in the full lifecycle of detection rule creation, fine-tuning, and optimization to improve threat detection accuracy and reduce false positives.
• In-depth knowledge of managing data ingestion from diverse security and operational sources, with a solid understanding of data from servers, workstations, network devices, cloud environments, and security tools.
• Strong understanding of security monitoring principles, threat detection methodologies, incident response workflows, and common cyberattack vectors.
• Expertise in AWS cloud platform with the ability to identify critical log sources for ingestion; familiarity with cloud security best practices across AWS (Preferred), Azure, and GCP.
• Experience with SOAR platforms such as Workato, Palo Alto XSOAR, or Splunk SOAR, and proficiency in scripting and automation using Python, PowerShell, or Workato recipes.
• Familiarity with security compliance frameworks like SOC 2, ISO 27001, GDPR, and other relevant regulations.
• Relevant security certifications such as CISSP, AWS Certified Security – Specialty, GIAC (GCIH, GCIA), Certified Cloud Security Professional (CCSP).
• Willingness to travel occasionally within India and internationally as required.

Soft Skills / Personal Characteristics

• Strong problem-solving and analytical skills with an automation-first mindset.
• Excellent communication and collaboration skills to work across teams.
• Ability to work independently and manage multiple tasks effectively in a fast-paced environment

(REQ ID: 2336)

• Monitor security alerts and events from various sources, including SIEM, IDS/IPS, firewalls, and endpoint detection systems.
• Analyze security incidents to determine their scope, impact, and root cause.
• Investigate suspicious activities and potential security breaches, providing timely and accurate incident response.
• Develop and refine threat detection rules, signatures, and correlation logic to enhance the effectiveness of security monitoring tools.
• Perform vulnerability assessments and penetration testing to identify weaknesses in systems and networks.
• Stay current with the latest cybersecurity threats, vulnerabilities, and attack vectors.
• Create and maintain comprehensive documentation of security policies, procedures, and incident response plans.
• Collaborate with IT and security teams to implement remediation strategies and security enhancements.
• Provide security awareness training and guidance to internal teams and clients.
• Contribute to the continuous improvement of the organization's security posture.
• Generate regular reports on security threats, incidents, and overall security status.
• Participate in on-call rotation for incident response.

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field.
• Minimum of 4 years of experience in cybersecurity, with a focus on threat detection, incident response, or security analysis.
• In-depth knowledge of cybersecurity principles, protocols, and best practices.
• Hands-on experience with Security Information and Event Management (SIEM) tools (e.g., Splunk, LogRhythm), IDS/IPS, firewalls, and antivirus solutions.
• Proficiency in analyzing network traffic and log data to identify malicious activity.
• Experience with scripting languages (e.g., Python, PowerShell) for automation of security tasks is highly desirable.
• Understanding of operating systems (Windows, Linux), network infrastructure, and cloud security concepts.
• Relevant security certifications such as CISSP, CEH, CompTIA Security+ are a strong asset.
• Excellent analytical, problem-solving, and critical-thinking skills.
• Strong written and verbal communication skills, with the ability to articulate technical information clearly.
• Ability to work independently and effectively in a remote, collaborative team environment.