About Coalfire Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Chicago, Illinois with offices across the U.S. and U.K., and we support clients around the world. But that’s not who we are – that’s just what we do. We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference. What You'll Do - Act as the primary technical escalation point for complex operational issues across SIEM and continuous monitoring programs, ensuring quick and effective resolutions. - Maintain and optimize critical security systems, including SIEM platforms (e.g., Splunk, ELK, SumoLogic, Sentinel), vulnerability management and scanning tools (e.g., Nessus, Qualys, Tenable), and Anti-Virus/EDR solutions (Trend Micro Deep Security Manager, Microsoft Defender, Crowdstrike). - Oversee continuous monitoring activities for FedRAMP and other compliance programs, including vulnerability scanning, configuration management, security control validation, and compliance artifact generation - Monitor and improve the team's use of automation and monitoring tools to drive operational efficiency across both SIEM and vulnerability management workflows. - Analyze and resolve system performance issues, ensuring compliance with FedRAMP, SOC, HIPAA, and other security/operational standards. - Participate in incident response, threat hunting, and post-mortem analysis to identify root causes and prevent recurrence. - Manage a team of engineers across SIEM operations and continuous monitoring (vulnerability management) functions, fostering a high-performing and engaged team culture. - Mentor and support the professional growth of engineers through training, feedback, and career development planning. - Assist with hiring, onboarding, and retention to ensure team stability and growth. - Oversee day-to-day delivery of security services, ensuring operational consistency and high-quality outcomes for both SIEM and continuous monitoring programs. - Track and optimize key metrics such as incident response times, vulnerability remediation rates, false positive reduction, operational efficiency, and compliance posture. - Develop and refine processes for incident response, vulnerability remediation, continuous monitoring reporting, and compliance documentation. - Work with cross-functional teams, including consulting teams, SREs, and professional services teams, to improve service delivery and client satisfaction. What You'll Bring - 7+ years of hands-on experience in technical roles, such as engineering or operations. - Proven ability to manage operational processes and handle escalations. - Experience balancing individual contributor work with team oversight. - Strong technical expertise with SIEM platforms (e.g., Splunk, ELK, SumoLogic, Sentinel) and vulnerability management tools (e.g., Nessus, Qualys, Tenable). - Deep understanding of continuous monitoring requirements for FedRAMP, including OSCAL, POA&M management, and automated security control validation. - Proven ability to troubleshoot and resolve complex technical issues in high-pressure environments across both threat detection and vulnerability management domains. - Hands-on experience with cloud platforms (AWS, Azure, or GCP) and their associated security practices, including cloud-native vulnerability scanning and CSPM tools. - Solid understanding of security compliance frameworks (e.g., FedRAMP, SOC, HIPAA, NIST 800-53). - Ability to mentor and guide team members while contributing to technical solutions. - Strong written and verbal communication skills, particularly in documenting technical insights and creating compliance artifacts. - Bachelor’s degree (four-year college or university) or a equivalent work experience. - US citizenship (required due to client contractual requirements) Bonus Points - Experience managing FedRAMP continuous monitoring programs, including ConMon reporting, deviation requests, and ATO maintenance activities. - Familiarity with IT frameworks such as ITIL or TOGAF. - Experience with automation tools (e.g., Terraform, Ansible, Python) for security operations and vulnerability remediation workflows. - Experience with Anti-Virus and EDR tools (e.g., Trend Micro DSM, Crowdstrike, Microsoft Defender). - Experience with Agile delivery practices or lightweight project management tools. - Background managing both proactive security monitoring and reactive incident response programs. - Experience working in professional services or managed services environments. - Background in customer-facing roles, such as technical support or escalation management. - Certifications in cloud platforms (AWS, Azure, GCP) are or security tools (e.g., Splunk, Nessus) $94,000 - $163,000 a year The salary range listed is a reasonable estimate of the compensation range for this role based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs. Why You’ll Want to Join Us At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office. Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options. At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, contact our Human Resources team at HumanResourcesMB@coalfire.com.

• Serve as a key escalation tier (level 2 analyst) for on-call incident response resources • Perform complexed investigations as a part of Edwards active security monitoring and threat hunting operations within SLAs • Drive and design response and remediation actions to protect against security threats in Edwards environments and products • Lead data ingestion efforts from identifying gaps, onboarding data sources, tuning and correlating them • Lead the design, testing and implementation of detection use cases to production • Help drive threat hunting program • Responsible for operations and maintenance of key cyber security capabilities and services in Detection Response area – SIEM (Google SecOps, Splunk, Qradar etc), Log Collectors (WEF, Cribl, NXLog etc) • Design automation workflows to streamline detection and response efforts • As needed, participate in CIRT team efforts • Provide coaching, mentoring, and knowledge transfer to other team members • Document and maintain incident response technical playbooks and incident timelines • Staying informed on the evolving cybersecurity threat landscape to drive innovative detections, threat hunts, and automations to drive Edwards’ security posture

Threat Detection and Response Analyst II (Hybrid) Location: Bangalore, KA, India Hybrid Full time Job Description For more than 80 years, Kaplan has been a trailblazer in education and professional advancement. We are a global company at the intersection of education and technology, focused on collaboration, innovation, and creativity to deliver a best in class educational experience and make Kaplan a great place to work. Our offices in India opened in Bengaluru in 2018. Since then, our team has fueled growth and innovation across the organization, impacting students worldwide. We are eager to grow and expand with skilled professionals like you who use their talent to build solutions, enable effective learning, and improve students' lives. The future of education is here and we are eager to work alongside those who want to make a positive impact and inspire change in the world around them. The Threat Detection and Response Analyst II is a foundational member of the security team, serving as the first line of defense against cyber threats. This role is responsible for monitoring security alerts, performing initial analysis, and escalating potential incidents. Additionally, this role will assist in refining security detections and participate in guided threat hunting activities to proactively identify threats and protect organizational assets. Primary/Key Responsibilities - Alert Monitoring & Triage: Perform real-time monitoring of security alerts from tools like SIEM and EDR. Conduct initial triage of alerts using established procedures and playbooks to determine if they are true or false positives. - Initial Investigation: Analyze security events to gather essential information and context. Use security tools to investigate indicators of compromise (IOCs) and anomalous activity. - Incident Escalation: Escalate validated security incidents to Senior Level or higher analysts for in-depth investigation and response. Provide clear and concise information to support the incident response process. - Detection Engineering Support: Assist senior analysts in tuning and optimizing existing security alerts. Provide feedback on alert fidelity from a front-line perspective to help reduce false positives and improve the accuracy of detection rules. - Guided Threat Hunting: Participate in structured threat hunting missions based on hypotheses and threat intelligence provided by senior team members. Use security tools to search for evidence of specific tactics, techniques, and procedures (TTPs) within the environment. - Documentation: Create and maintain detailed tickets for all monitored alerts and escalated incidents. Document findings from threat hunting activities for further analysis. - Hybrid Schedule: 3 days remote / 2 days in office - 30-day notification period preferred Minimum Qualifications - Bachelor's Degree in Information Systems, Engineering, IT, Computer Science, Cybersecurity, or a related field. Equivalent alternative education, skills, and/or practical experience is also acceptable. - 4+ years of experience in an IT, help desk, or cybersecurity role. Experience gained through internships or relevant coursework is also considered. - Basic understanding of common attack techniques and the MITRE ATT&CK framework. - Familiarity with navigating security dashboards (e.g., SIEM, EDR) to review alerts, log analysis, rule creation, and dashboarding. - Foundational knowledge of network protocols, operating systems (Windows, Linux), and cloud environments (AWS, Azure, GCP) - Familiarity with ability to perform root cause identification and remediation planning/tracking. - Basics of SIEM query languages (e.g., SPL, KQL) to search logs. - Strong attention to detail with an inquisitive and analytical mindset. - Excellent written and verbal communication skills for documenting and escalating issues. Preferred Qualifications - Relevant entry-level security certifications (e.g., CompTIA Security+, CySA+). - Familiarity with scripting languages (e.g., Python, PowerShell) for automation and analysis. - Familiarity with SOAR platforms and developing automation playbooks. - Exposure to cloud security monitoring and incident response in cloud environments. - Exposure to regulatory compliance requirements (e.g., SOX, PCI DSS) as they relate to vulnerability management. - Exposure to security frameworks and standards (e.g., NIST, ISO 27001, CIS Benchmarks). Beyond base salary, our comprehensive total rewards package includes: Hybrid work model provides a flexible work/life balance Voluntary Provident Fund is an additional voluntary contribution scheme associated with the statutory Employee Provident Fund (EPF) Our Gift of Knowledge Program provides tuition assistance and substantial discounts for our employees and close family members Comprehensive health benefits new hire eligibility starts on day 1 of employment Generous Paid Time Off includes National holidays(10), Earned leaves(15), sick leave(12), plus one (1) volunteer day to participate and give back to our local communities Gratuity is applicable upon completion of 5 years as per the Gratuity Act We are committed to providing a supportive and rewarding work environment where every employee can thrive. At Kaplan, we believe in attracting, rewarding, and retaining exceptional talent. Our compensation philosophy is designed to be competitive within the market, reflecting the value we place on the skills, experience, and contributions of our employees, while taking into account labor market trends and total rewards. The specific compensation offered will be determined by a variety of factors, including but not limited to the candidate's qualifications, relevant experience, education, skills, and market data. Location Bangalore, KA, India Additional Locations Employee Type Employee Job Functional Area Information Security Business Unit 00091 Kaplan Higher ED Diversity & Inclusion Statement: Kaplan is committed to cultivating an inclusive workplace that values diversity, promotes equity, and integrates inclusivity into all aspects of our operations. We are an equal opportunity employer and all qualified applicants will receive consideration for employment regardless of age, race, creed, color, national origin, ancestry, marital status, sexual orientation, gender identity or expression, disability, veteran status, nationality, or sex. We believe that diversity strengthens our organization, fuels innovation, and improves our ability to serve our students, customers, and communities. Learn more about our culture here. Kaplan considers qualified applicants for employment even if applicants have an arrest or conviction in their background check records. Kaplan complies with related background check regulations, including but not limited to, the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. There are various positions where certain convictions may disqualify applicants, such as those positions requiring interaction with minors, financial records, or other sensitive and/or confidential information. Kaplan is a drug-free workplace and complies with applicable laws.

• Respond to alerted security events with expert analysis • Operate security controls and platforms including firewalls, EDR, intrusion prevention • Identify and analyze logs, artifacts, and evidence • Secure and preserve evidence using sound handling practices • Coordinate with internal and external stakeholders to support forensics and investigation processes • Propose and implement improvements to technical safeguards • Develop and document operational procedures and metrics