Are you a passionately curious individual who possesses a steady and unshakable eye for detail? Are you not afraid of searching for a needle in the stack of hay? Do you think you have the skillset, knowledge, to be the first line of defense between cyber adversaries and the organization? Do you believe in working for a mission to protect your organization 365*24*7? If you are in love with the tools and technology that help you to solve this daunting challenge, then we are looking for you.
Who we are?
Payatu is a GPTW certified company where we strive to create a culture of excellence, growth and innovation that empowers our employees to reach new heights in their careers. We are young and passionate folks driven by the power of the latest and innovative technologies in IoT, AI/ML, Blockchain, and many other advanced technologies. We are on the mission of making Cyberworld safe for every organization, product, and individual.
What we look for outside work parameters?
Your expertise is your primary qualification, not your degree or certification.
Your publicly known contributions are your credentials.
Your write-up and blogs reflect your interests and ethics.
You are a perfect technical fit if:
At least 2 to 5 years of experience handling SIEM tools (Splunk, Microsoft Sentinel, QRadar, etc.) and Incident Response
Knowledge and hands-on experience on Security appliances (IPS, Proxy, XDR/EDR, Email Security Gateway, Cloud Access Security Broker)
Experience in Security Orchestration and Automation (SOAR, playbooks, workflow automation)
Strong working knowledge of Power BI, Tableau, and Power Automate
Good knowledge of programming/scripting languages (Python, Go, PowerShell, Bash)
Good experience in handling IT Security incidents (phishing analysis, malware triaging, alert investigation, developing and fine-tuning use cases)
Experience in host and network forensics
Experience in log analysis with hands-on exposure to Windows and Linux environments
Experience working on and monitoring cloud environments (AWS, Azure)
Experience with Microsoft Security Stack (Entra ID, Microsoft Defender, Microsoft Sentinel, KQL)
Experience in Threat Hunting and proactive security investigations
Knowledge of MITRE ATT&CK framework and detection mapping
Experience in Detection Engineering and SIEM use-case development
Experience working with Threat Intelligence and IOC enrichment
Hands-on experience with XDR platforms (Microsoft Defender XDR, CrowdStrike, SentinelOne, etc.)
Experience in Identity security monitoring (account compromise detection, privilege escalation, anomalous login detection)
Experience in cloud security monitoring and SaaS security alert investigation
You Have All Our Desired Qualities, if:
You like scripting and automating stuff.
You like writing tools.
You have excellent written and verbal communication skills and the ability to express your thoughts clearly.
You have the skill to articulate and present technical things in business language.
You can work independently as well as within a team.
You have strong problem solving, troubleshooting, and analysis skills.
You are passionate about your area of expertise and self-driven.
You are comfortable working in a dynamic and fast-paced work environment.
You are Self-driven, proactive, hardworking, team-player.
You are working on something on your own in your field apart from official work.
Your everyday work will look like:
Automate repetitive tasks, develop playbooks, and improve workflows to enhance detection and response times.
Create and fine-tune detection use cases and develop custom solutions for incident response activities.
Identify, investigate, and respond to potential security incidents to minimize operational and organizational impact.
Proactively hunt threats by identifying suspicious behavior and investigating anomalies across environments.
Analyze and triage suspicious files and malware identified during investigations.
Perform host and network forensic analysis to identify indicators of compromise.
Leverage threat intelligence feeds and enrich IOCs to improve detection and response.
Investigate alerts across cloud and identity platforms including account compromise and privilege escalation.
Investigate and document gaps in controls, event data, and detection coverage.
Develop and document incident handling guides, playbooks, and SOC operational processes.