D

Engineer

DECIMAL POINT ANALYTICSRemote1d ago
RemoteFull-timevia indeed

Required Skills

apiawsazureci/cdgcpkuberneteslinuxpython

Job Description

##### **Designation :** **Senior Cyber Security Engineer**

##### **Location :** **Mumbai**

##### **Years of Experience :** **5\-10 years**

##### **Qualifications:** **B.E. / B.Tech**

##### **Job ID:** **1\_RFR\_81**

##### **Skills :**

Decision Making

Critical Thinking

Analytical Thinking

Data Analysis \& Interpretation

Leadership \& Teamwork

Process Improvement

#### **Job Description :**

Job Description: Senior Cyber Security Engineer

Job Title

  • *Senior Cyber Security Engineer – SOC, Threat Detection \& Cloud Security**

Location

  • *Mumbai / Nashik**

Department

  • *Information Security**

Job Type

  • *Full\-time**

Work Model

Office / Hybrid as per company policy

Position Overview

  • *We are seeking a highly skilled and hands\-on Senior Cyber Security Engineer to strengthen the organization’s security posture across endpoints, networks, cloud environments, identities, applications, and critical infrastructure.**
  • *The role will be responsible for EDR management, SIEM/SOAR use\-case development, threat intelligence, vulnerability management, cloud security, incident response, threat hunting, security monitoring, and compliance support. The candidate should be capable of handling security incidents end\-to\-end, improving detection capabilities, reducing false positives, mentoring junior analysts, and working closely with IT, infrastructure, cloud, application, and compliance teams.**
  • *This is a senior operational and engineering role. The candidate must be comfortable working in a dynamic security environment where critical incidents may require rotational shift support, on\-call availability, weekend support, or late\-night emergency response, depending on business and security requirements.**

Key Responsibilities

1\. Endpoint Detection and Response

  • **Lead the deployment, administration, monitoring, and optimization of EDR platforms such as CrowdStrike, SentinelOne, Microsoft Defender, Tanium, Cisco AMP, or similar tools.**
  • Investigate endpoint alerts involving malware, ransomware, suspicious PowerShell, lateral movement, privilege escalation, credential theft, and unauthorized access.
  • Perform endpoint containment, isolation, quarantine, and remediation activities based on incident severity.
  • Tune EDR policies and detections to reduce false positives and improve detection accuracy.
  • Build and maintain endpoint investigation playbooks and response procedures.

2\. SIEM, SOAR and Detection Engineering

  • Develop, tune, and maintain SIEM correlation rules, alerts, dashboards, and reports.
  • **Work with platforms such as Wazuh, Splunk, Microsoft Sentinel, Securonix, QRadar, or similar SIEM tools.**
  • Onboard and validate log sources from endpoints, firewalls, cloud platforms, identity systems, servers, applications, and network devices.
  • **Create and improve detection use cases mapped to frameworks such as MITRE ATT\&CK.**
  • Build and maintain SOAR playbooks for automation of repetitive SOC tasks, alert enrichment, phishing response, IOC blocking, and incident workflows.
  • Continuously reduce false positives and improve alert quality.

3\. Threat Intelligence and Threat Hunting

  • Build and manage a practical threat intelligence program using internal and external intelligence sources.
  • Convert threat intelligence into actionable detections, watchlists, IOCs, SIEM rules, EDR queries, and hunting activities.
  • Conduct proactive threat hunting across endpoints, network logs, identity logs, cloud logs, and email security platforms.
  • Track threat actor TTPs, malware campaigns, phishing campaigns, ransomware trends, and industry\-specific threats.
  • Maintain threat intelligence reports and share relevant insights with internal stakeholders.

4\. Incident Response and Forensics

  • Lead investigation and response for security incidents across endpoint, network, cloud, identity, email, and application environments.
  • Act as incident lead / incident commander for high\-severity incidents.
  • Perform triage, containment, eradication, recovery, RCA, and post\-incident review.
  • Preserve evidence, collect forensic artifacts, and maintain proper incident documentation.
  • Prepare incident reports including timeline, impact, root cause, corrective actions, and preventive controls.
  • Coordinate with IT, infrastructure, cloud, application, legal, compliance, and management teams during major incidents.
  • Maintain and periodically test incident response playbooks for malware, ransomware, phishing, account compromise, data leakage, cloud compromise, and insider threats.

5\. Network Security

  • Design, implement, monitor, and improve network security controls including firewalls, IDS/IPS, WAF, VPN, proxy, DNS security, and DDoS protection.
  • Investigate suspicious network activity such as port scanning, command\-and\-control traffic, data exfiltration, unusual outbound traffic, DNS tunneling, brute\-force attempts, and lateral movement.
  • Review firewall and network security rules for risk, redundancy, and compliance.
  • Work with network teams to strengthen segmentation, secure remote access, and reduce attack surface.
  • Support security monitoring for both north\-south and east\-west traffic.

6\. Cloud Security

  • **Oversee security controls across AWS, Azure, and Google Cloud Platform.**
  • Monitor and secure cloud workloads, IAM, storage, network security groups, cloud firewalls, logging, key management, and cloud\-native security tools.
  • Review and remediate cloud misconfigurations such as public storage, excessive privileges, exposed secrets, insecure security groups, and weak logging.
  • **Work with tools such as AWS GuardDuty, AWS Security Hub, Azure Defender for Cloud, Microsoft Entra ID, GCP Security Command Center, CSPM tools, or similar platforms.**
  • Investigate cloud security incidents including leaked access keys, suspicious API calls, risky sign\-ins, privilege abuse, and exposed assets.
  • Support secure cloud deployment practices and coordinate with DevOps / cloud engineering teams.

7\. Vulnerability Management

  • Lead vulnerability management lifecycle including scanning, validation, prioritization, remediation tracking, exception handling, and reporting.
  • **Work with tools such as Qualys, Nessus, Rapid7, Tenable, or similar platforms.**
  • Prioritize vulnerabilities based on CVSS, asset criticality, exploitability, internet exposure, business impact, and regulatory requirements.
  • Track remediation SLAs and coordinate with infrastructure, application, and business teams for closure.
  • Support patch governance and compensating control recommendations.
  • Prepare vulnerability dashboards and aging reports for management review.

8\. Identity and Access Security

  • Monitor and strengthen identity security controls including MFA, privileged access, conditional access, risky login detection, and account compromise monitoring.
  • Investigate impossible travel, brute\-force login attempts, privilege escalation, suspicious account creation, and abnormal access patterns.
  • Support periodic access reviews and privileged access governance.
  • Work with IAM, PAM, Active Directory, Microsoft Entra ID / Azure AD, and related identity systems.

9\. Email Security and Phishing Response

  • **Monitor and manage email security platforms such as Proofpoint, Cofense, Microsoft Defender for Office 365, Mimecast, or similar tools.**
  • Investigate phishing, spear phishing, BEC, malware attachments, credential harvesting, spoofing, and suspicious email campaigns.
  • Analyze email headers, URLs, attachments, sender reputation, SPF, DKIM, and DMARC alignment.
  • Coordinate takedown/blocking of malicious domains, URLs, senders, and attachments.
  • Conduct enterprise\-wide search and cleanup for malicious emails.

10\. DevSecOps and Application Security Support

  • Support secure software delivery by working with engineering and DevOps teams.
  • Assist in implementing SAST, DAST, SCA, secret scanning, container image scanning, and CI/CD security gates.
  • Review application and infrastructure vulnerabilities and recommend remediation actions.
  • Support secure coding awareness, dependency risk management, and application security governance.

11\. Security Audits, Compliance and Governance

  • Support internal and external audits related to security controls, SOC operations, vulnerability management, incident response, and compliance.
  • **Work with frameworks and standards such as ISO 27001, NIST Cybersecurity Framework, CIS Controls, PCI\-DSS, SOC 2, and other applicable regulations.**
  • Maintain evidence, reports, SOPs, runbooks, risk registers, exception records, and audit closure documents.
  • Help define and track security KPIs including MTTD, MTTR, SLA adherence, vulnerability aging, false\-positive rate, detection coverage, incident recurrence, and audit closure rate.

12\. Team Collaboration and Mentoring

  • Mentor junior security analysts and engineers.
  • Review investigation quality and provide guidance on incident handling, RCA, threat analysis, and documentation.
  • Conduct security awareness sessions and technical knowledge\-sharing sessions.
  • Work closely with IT, infrastructure, cloud, application, DevOps, compliance, and business teams.
  • Participate in shift handovers, incident reviews, governance meetings, and security improvement initiatives.

Required Qualifications

  • Bachelor’s degree in Computer Science, Information Security, Cybersecurity, Information Technology, or related field.
  • **Minimum 5–7 years of hands\-on experience in cybersecurity, SOC operations, incident response, threat detection, security engineering, or related areas.**

* Strong experience in at least four of the following areas

o EDR / endpoint security

o SIEM / SOAR

o Threat intelligence

o Incident response

o Network security

o Cloud security

o Vulnerability management

o Email security

o Identity security

  • Hands\-on experience with security tools such as CrowdStrike, SentinelOne, Microsoft Defender, Tanium, Splunk, Microsoft Sentinel, Securonix, QRadar, Qualys, Nessus, Proofpoint, Cofense, Cisco Sourcefire, or similar platforms.
  • Strong understanding of Windows, Linux, Active Directory, networking fundamentals, cloud platforms, logs, malware behavior, phishing attacks, and attacker TTPs.
  • Experience in creating or improving security playbooks, SOPs, dashboards, detection rules, and incident reports.
  • Familiarity with security frameworks such as MITRE ATT\&CK, NIST, ISO 27001, CIS Controls, and PCI\-DSS.
  • Strong analytical, troubleshooting, documentation, and stakeholder communication skills.
  • Willingness to work in rotational shifts and provide on\-call / emergency support during critical incidents, as required.

Preferred Qualifications

  • **Certifications such as CISSP, CISM, CEH, CompTIA Security\+, CySA\+, GCIH, GCIA, CCSP, AWS Security Specialty, Azure Security Engineer, or equivalent.**
  • Experience with cloud\-native security tools across AWS, Azure, or GCP.
  • Experience with DevSecOps, application security, container security, Kubernetes security, SAST, DAST, SCA, and secret scanning.
  • Experience in ransomware response, tabletop exercises, breach simulation, or purple\-team activities.
  • Experience with security automation using SOAR, Python, PowerShell, APIs, or scripting.
  • Experience working in financial services, banking, analytics, SaaS, or regulated environments.
  • Exposure to audit evidence preparation, client security reviews, and regulatory compliance reporting.

Required Behavioral Competencies

  • Strong ownership mindset during security incidents.
  • Ability to remain calm and structured during high\-pressure situations.
  • Strong communication with technical and non\-technical stakeholders.
  • Practical problem\-solving approach rather than only theoretical knowledge.
  • Ability to mentor junior team members and improve team capability.
  • High integrity, confidentiality, and sense of responsibility.
  • Willingness to continuously learn and stay updated on new threats, tools, and attack techniques.

Key Performance Indicators

The role will be measured on

  • Mean Time to Detect security incidents.
  • Mean Time to Respond and contain incidents.
  • Reduction in false\-positive alerts.
  • Improvement in detection coverage.
  • Timely vulnerability remediation and reduction in vulnerability aging.
  • Quality of RCA and incident documentation.
  • Closure of audit and compliance findings.
  • Effectiveness of SIEM / SOAR use cases and playbooks.
  • Security tool health, coverage, and optimization.
  • Improvement in SOC process maturity and analyst capability.

Role Summary

This role is suitable for a candidate who is not only experienced in SOC monitoring but also capable of hands\-on security engineering, detection improvement, incident leadership, cloud security monitoring, vulnerability governance, and cross\-functional coordination.

The ideal candidate should be able to move beyond alert handling and contribute to building a stronger, measurable, and continuously improving cybersecurity function.

Similar Jobs

Browse all jobs

Job Overview

Job type
Full-time
Work mode
Remote
Location
Anywhere in India
Posted
1d ago
Source
Indeed