Hyderabad, Telangana, India
Cyber Security Professional with over 3.5 years of experience in protecting organizations from internal and external threats. Expertise in managing SOC operations for two clients in Australia, utilizing tools like Microsoft Sentinel, Qradar, and Splunk. Led internal SOC teams to ensure 100% compliance and created management reports covering SLA and threat volumes. Designed SOC processes for multinational clients and investigated complex security incidents. Skilled in triaging security incidents and implementing remediation steps. Proficient in threat hunting and analyzing threat intel feeds.
Experience with SIEM (Security Information and Event Management) tools like monitoring real-time events using Splunk. Investigating and creating a case for the security threats and forwarding it to the Onsite SOC team for further investigation and action.Good understanding of security solutions like Anti-virus, DLP, Proxy, and Firewall filtering/monitoring, IPS, Email Security, EPO, WAF, etc.Experience in performing log analysis and analyzing on crucial alerts an immediate basis through SIEM. Identifying potential information security incidents like security attacks and anomalous activities. Create incidents for all alerts/findings and regular updates on overall analysis as per the defined SLAs Provide recommendations on how to further prevent or mitigate such attacks and malicious activities. Escalating the security incidents based on the client's SLA and providing meaningful Information related to security incidents by doing in-depth analysis of event payload, providing recommendations regarding security incidents mitigation which in turn makes the Customer business safe and secure Contacting the customers directly in case of high priority incidents and helping the customer in the process of mitigating the attacks. Manage SIEM user accounts (create, delete, modify, etc.) Troubleshooting SIEM dashboard issues when there are no reports getting generated or no Data available.
Part of the Security Operations Centre in HCL Tech. Creating process documents for various tools and processes on which the team is working and ensuring adherence to it without any deviations. Reviewing security-related events, assessing severity, criticality and priority. Working with stakeholders to ensure remediation of any threats. Create periodic reports and dashboards for management to reflect overall health of the SIEM program. Custom rule creation and log analysis in IBM Qradar, Microsoft Sentinel for real-time threat detection. Analyzing and escalating various Security events on Microsoft sentinel, IBM Qradar and Spunk tools. Correlating activities on different network devices based on POCs and known threats. Monitoring desktops/servers for infections, Viruses, Trojans via McAfee ePolicy Orchestrator. Further taking appropriate steps for procurement based on risks associated with the infections identified.