Engineer
Join Our Community
Required Skills
Job Description
##### **Designation :** **Senior Cyber Security Engineer**
##### **Location :** **Mumbai**
##### **Years of Experience :** **5\-10 years**
##### **Qualifications:** **B.E. / B.Tech**
##### **Job ID:** **1\_RFR\_81**
##### **Skills :**
Decision Making
Critical Thinking
Analytical Thinking
Data Analysis \& Interpretation
Leadership \& Teamwork
Process Improvement
#### **Job Description :**
Job Description: Senior Cyber Security Engineer
Job Title
- *Senior Cyber Security Engineer – SOC, Threat Detection \& Cloud Security**
Location
- *Mumbai / Nashik**
Department
- *Information Security**
Job Type
- *Full\-time**
Work Model
Office / Hybrid as per company policy
Position Overview
- *We are seeking a highly skilled and hands\-on Senior Cyber Security Engineer to strengthen the organization’s security posture across endpoints, networks, cloud environments, identities, applications, and critical infrastructure.**
- *The role will be responsible for EDR management, SIEM/SOAR use\-case development, threat intelligence, vulnerability management, cloud security, incident response, threat hunting, security monitoring, and compliance support. The candidate should be capable of handling security incidents end\-to\-end, improving detection capabilities, reducing false positives, mentoring junior analysts, and working closely with IT, infrastructure, cloud, application, and compliance teams.**
- *This is a senior operational and engineering role. The candidate must be comfortable working in a dynamic security environment where critical incidents may require rotational shift support, on\-call availability, weekend support, or late\-night emergency response, depending on business and security requirements.**
Key Responsibilities
1\. Endpoint Detection and Response
- **Lead the deployment, administration, monitoring, and optimization of EDR platforms such as CrowdStrike, SentinelOne, Microsoft Defender, Tanium, Cisco AMP, or similar tools.**
- Investigate endpoint alerts involving malware, ransomware, suspicious PowerShell, lateral movement, privilege escalation, credential theft, and unauthorized access.
- Perform endpoint containment, isolation, quarantine, and remediation activities based on incident severity.
- Tune EDR policies and detections to reduce false positives and improve detection accuracy.
- Build and maintain endpoint investigation playbooks and response procedures.
2\. SIEM, SOAR and Detection Engineering
- Develop, tune, and maintain SIEM correlation rules, alerts, dashboards, and reports.
- **Work with platforms such as Wazuh, Splunk, Microsoft Sentinel, Securonix, QRadar, or similar SIEM tools.**
- Onboard and validate log sources from endpoints, firewalls, cloud platforms, identity systems, servers, applications, and network devices.
- **Create and improve detection use cases mapped to frameworks such as MITRE ATT\&CK.**
- Build and maintain SOAR playbooks for automation of repetitive SOC tasks, alert enrichment, phishing response, IOC blocking, and incident workflows.
- Continuously reduce false positives and improve alert quality.
3\. Threat Intelligence and Threat Hunting
- Build and manage a practical threat intelligence program using internal and external intelligence sources.
- Convert threat intelligence into actionable detections, watchlists, IOCs, SIEM rules, EDR queries, and hunting activities.
- Conduct proactive threat hunting across endpoints, network logs, identity logs, cloud logs, and email security platforms.
- Track threat actor TTPs, malware campaigns, phishing campaigns, ransomware trends, and industry\-specific threats.
- Maintain threat intelligence reports and share relevant insights with internal stakeholders.
4\. Incident Response and Forensics
- Lead investigation and response for security incidents across endpoint, network, cloud, identity, email, and application environments.
- Act as incident lead / incident commander for high\-severity incidents.
- Perform triage, containment, eradication, recovery, RCA, and post\-incident review.
- Preserve evidence, collect forensic artifacts, and maintain proper incident documentation.
- Prepare incident reports including timeline, impact, root cause, corrective actions, and preventive controls.
- Coordinate with IT, infrastructure, cloud, application, legal, compliance, and management teams during major incidents.
- Maintain and periodically test incident response playbooks for malware, ransomware, phishing, account compromise, data leakage, cloud compromise, and insider threats.
5\. Network Security
- Design, implement, monitor, and improve network security controls including firewalls, IDS/IPS, WAF, VPN, proxy, DNS security, and DDoS protection.
- Investigate suspicious network activity such as port scanning, command\-and\-control traffic, data exfiltration, unusual outbound traffic, DNS tunneling, brute\-force attempts, and lateral movement.
- Review firewall and network security rules for risk, redundancy, and compliance.
- Work with network teams to strengthen segmentation, secure remote access, and reduce attack surface.
- Support security monitoring for both north\-south and east\-west traffic.
6\. Cloud Security
- **Oversee security controls across AWS, Azure, and Google Cloud Platform.**
- Monitor and secure cloud workloads, IAM, storage, network security groups, cloud firewalls, logging, key management, and cloud\-native security tools.
- Review and remediate cloud misconfigurations such as public storage, excessive privileges, exposed secrets, insecure security groups, and weak logging.
- **Work with tools such as AWS GuardDuty, AWS Security Hub, Azure Defender for Cloud, Microsoft Entra ID, GCP Security Command Center, CSPM tools, or similar platforms.**
- Investigate cloud security incidents including leaked access keys, suspicious API calls, risky sign\-ins, privilege abuse, and exposed assets.
- Support secure cloud deployment practices and coordinate with DevOps / cloud engineering teams.
7\. Vulnerability Management
- Lead vulnerability management lifecycle including scanning, validation, prioritization, remediation tracking, exception handling, and reporting.
- **Work with tools such as Qualys, Nessus, Rapid7, Tenable, or similar platforms.**
- Prioritize vulnerabilities based on CVSS, asset criticality, exploitability, internet exposure, business impact, and regulatory requirements.
- Track remediation SLAs and coordinate with infrastructure, application, and business teams for closure.
- Support patch governance and compensating control recommendations.
- Prepare vulnerability dashboards and aging reports for management review.
8\. Identity and Access Security
- Monitor and strengthen identity security controls including MFA, privileged access, conditional access, risky login detection, and account compromise monitoring.
- Investigate impossible travel, brute\-force login attempts, privilege escalation, suspicious account creation, and abnormal access patterns.
- Support periodic access reviews and privileged access governance.
- Work with IAM, PAM, Active Directory, Microsoft Entra ID / Azure AD, and related identity systems.
9\. Email Security and Phishing Response
- **Monitor and manage email security platforms such as Proofpoint, Cofense, Microsoft Defender for Office 365, Mimecast, or similar tools.**
- Investigate phishing, spear phishing, BEC, malware attachments, credential harvesting, spoofing, and suspicious email campaigns.
- Analyze email headers, URLs, attachments, sender reputation, SPF, DKIM, and DMARC alignment.
- Coordinate takedown/blocking of malicious domains, URLs, senders, and attachments.
- Conduct enterprise\-wide search and cleanup for malicious emails.
10\. DevSecOps and Application Security Support
- Support secure software delivery by working with engineering and DevOps teams.
- Assist in implementing SAST, DAST, SCA, secret scanning, container image scanning, and CI/CD security gates.
- Review application and infrastructure vulnerabilities and recommend remediation actions.
- Support secure coding awareness, dependency risk management, and application security governance.
11\. Security Audits, Compliance and Governance
- Support internal and external audits related to security controls, SOC operations, vulnerability management, incident response, and compliance.
- **Work with frameworks and standards such as ISO 27001, NIST Cybersecurity Framework, CIS Controls, PCI\-DSS, SOC 2, and other applicable regulations.**
- Maintain evidence, reports, SOPs, runbooks, risk registers, exception records, and audit closure documents.
- Help define and track security KPIs including MTTD, MTTR, SLA adherence, vulnerability aging, false\-positive rate, detection coverage, incident recurrence, and audit closure rate.
12\. Team Collaboration and Mentoring
- Mentor junior security analysts and engineers.
- Review investigation quality and provide guidance on incident handling, RCA, threat analysis, and documentation.
- Conduct security awareness sessions and technical knowledge\-sharing sessions.
- Work closely with IT, infrastructure, cloud, application, DevOps, compliance, and business teams.
- Participate in shift handovers, incident reviews, governance meetings, and security improvement initiatives.
Required Qualifications
- Bachelor’s degree in Computer Science, Information Security, Cybersecurity, Information Technology, or related field.
- **Minimum 5–7 years of hands\-on experience in cybersecurity, SOC operations, incident response, threat detection, security engineering, or related areas.**
* Strong experience in at least four of the following areas
o EDR / endpoint security
o SIEM / SOAR
o Threat intelligence
o Incident response
o Network security
o Cloud security
o Vulnerability management
o Email security
o Identity security
- Hands\-on experience with security tools such as CrowdStrike, SentinelOne, Microsoft Defender, Tanium, Splunk, Microsoft Sentinel, Securonix, QRadar, Qualys, Nessus, Proofpoint, Cofense, Cisco Sourcefire, or similar platforms.
- Strong understanding of Windows, Linux, Active Directory, networking fundamentals, cloud platforms, logs, malware behavior, phishing attacks, and attacker TTPs.
- Experience in creating or improving security playbooks, SOPs, dashboards, detection rules, and incident reports.
- Familiarity with security frameworks such as MITRE ATT\&CK, NIST, ISO 27001, CIS Controls, and PCI\-DSS.
- Strong analytical, troubleshooting, documentation, and stakeholder communication skills.
- Willingness to work in rotational shifts and provide on\-call / emergency support during critical incidents, as required.
Preferred Qualifications
- **Certifications such as CISSP, CISM, CEH, CompTIA Security\+, CySA\+, GCIH, GCIA, CCSP, AWS Security Specialty, Azure Security Engineer, or equivalent.**
- Experience with cloud\-native security tools across AWS, Azure, or GCP.
- Experience with DevSecOps, application security, container security, Kubernetes security, SAST, DAST, SCA, and secret scanning.
- Experience in ransomware response, tabletop exercises, breach simulation, or purple\-team activities.
- Experience with security automation using SOAR, Python, PowerShell, APIs, or scripting.
- Experience working in financial services, banking, analytics, SaaS, or regulated environments.
- Exposure to audit evidence preparation, client security reviews, and regulatory compliance reporting.
Required Behavioral Competencies
- Strong ownership mindset during security incidents.
- Ability to remain calm and structured during high\-pressure situations.
- Strong communication with technical and non\-technical stakeholders.
- Practical problem\-solving approach rather than only theoretical knowledge.
- Ability to mentor junior team members and improve team capability.
- High integrity, confidentiality, and sense of responsibility.
- Willingness to continuously learn and stay updated on new threats, tools, and attack techniques.
Key Performance Indicators
The role will be measured on
- Mean Time to Detect security incidents.
- Mean Time to Respond and contain incidents.
- Reduction in false\-positive alerts.
- Improvement in detection coverage.
- Timely vulnerability remediation and reduction in vulnerability aging.
- Quality of RCA and incident documentation.
- Closure of audit and compliance findings.
- Effectiveness of SIEM / SOAR use cases and playbooks.
- Security tool health, coverage, and optimization.
- Improvement in SOC process maturity and analyst capability.
Role Summary
This role is suitable for a candidate who is not only experienced in SOC monitoring but also capable of hands\-on security engineering, detection improvement, incident leadership, cloud security monitoring, vulnerability governance, and cross\-functional coordination.
The ideal candidate should be able to move beyond alert handling and contribute to building a stronger, measurable, and continuously improving cybersecurity function.
Similar Jobs
- Z
API Automation with Python BDD
Zorba AI · India
- U
Lead I - Software Testing- EDI, HIPAA, API Testing- US Healthcare
UST · Bengaluru, Karnataka, India
- T
QA Engineer – Databricks ETL, AI & API Testing
Teamware Solutions · Pune City, Maharashtra, India
Job Overview
- Job type
- Full-time
- Work mode
- Remote
- Location
- Anywhere in India
- Posted
- 1d ago
- Source
- Indeed