Sr. Security Analyst

• Jan 2023 - Present

 Cynet and MDE-EDR Implementation and Management: - Configured EDR policies, rules, and alerts tailored to the organization's security requirements, enhancing incident response effectiveness. Threat Detection and Analysis: - Utilized Cynet EDR to proactively identify and investigate suspicious activities and potential security breaches, minimizing potential risks. - Analyzed and interpreted EDR alerts and reports to swiftly identify and mitigate advanced threats, reducing mean time to detection (MTTD) and mean time to response (MTTR). Incident Response and Remediation: - Led incident response efforts using Cynet EDR, containing and neutralizing threats to prevent unauthorized access and data ex-filtration. - Collaborated with cross-functional teams to develop and execute response strategies, ensuring swift and effective containment of security incidents. Threat Hunting and Intelligence: - Conducted proactive threat hunting exercises using Cynet EDR, identifying hidden threats and vulnerabilities that might evade traditional security measures. - Integrated threat intelligence feeds into the EDR platform, enhancing the organization's ability to recognize emerging threats and adapt security strategies accordingly. Continuous Monitoring and Improvements: - Regularly fine-tuned EDR configurations based on analysis of historical data and evolving threat landscapes. User Training and Knowledge Sharing: - Provided training and guidance to security team members on effectively navigating and utilizing Cynet EDR's features, ensuring optimal utilization of the platform's capabilities. Integration and Automation: - Integrated Cynet EDR with other security tools and systems, enabling streamlined information sharing and automated responses to security incidents. Attio Deception Technology: Worked on deception platform alerts on identifying lateral movement with organization environment. Google Chronical SOAR Show less

Cybersecurity Trainee

• Jul 2022 - Dec 2022

Assistant Manager

• Apr 2022 - Aug 2022

Develop content for SIEM by writing correlation rules, dashboards, reports, and alerts. Onboarding log source using different collection methods. Building dashboards to monitor KPIs and workload managementMaintain up-to-date documentation of designs,configurations and SOPs.Co-ordinate with auditing and compliance team by supplying requested report and data.Actively involved in threat hunting activities from building hypothesis to finding evidence and enhancing security controls and detection logic.Periodic upgradation/creation of correlation rules based on emerging threats and requirement following MITRE Attack US-Cert and other TTP sources.Participate in case review meetings to walk through the handled incidents to peers, SOC Manager and CISOSolid understanding of common network services and protocols. Good knowledge on cyberattacks and attack vectors.Working level knowledge on security solutions like Antivirus, Firewall, IPS, Email Gateway, Proxy, TI, VA Scanners, WAF.Strong hands-on experience in security management tools like Splunk Security Incident and Event Management (SIEM)Good experience in working/communicating with cross-functional IT infrastructure teams like network, system, database, application, security to build and manage effective security operations.Good knowledge on skills like Malware Analysis, Threat Hunting, Dark Web Monitoring, VM, sandbox, Antivirus Show less

Senior SOC Engineer

• Jun 2019 - Mar 2022

Exposure to use frameworks and compliances like MITRE ATT&CK, CIS Critical Controls, CyberKill Chain etc.Exposure to related areas of cybersecurity including Host Security, Network Security, IAM, Vulnerability Management, Penetration Testing, Compliance etc.Experience of Integrating tools with SOAR and designing incident response work flows in SOAR platform.Capable of independently learning recent technology by using available documentation and vendor support resources and good knowledge on cyberattacks and attack vectors.Deep dive analysis of triggered alerts using SIEM, SOAR and other analysis tools.Interact with SIEM vendor TAC (support) to fix any issues with SIEM.Mentoring and training of L1 and L2 security analyst.Assist in analysis of P1 alerts and alerts that require involvement of multiple teams.Evaluate fresh solutions for SOC team.Schedule a shift roster.Experience in creating dashboards ,reports and KPIs for entry-level audience. Show less

SOC Engineer

• May 2016 - Jun 2019

My role in SOC team was to troubleshoot and rectify routing/configuration issues and supply preemptive measures. Understanding the issues raised by customer and providing quick resolution with minimal MTTR.Led a team of fifteen engineers during daily service assurance support along with daily workload management..Problem Management – Worked on Service Improvement Plans (SIP) for repetitive faults to reduce fault rate and prolonged service stability for customer circuits.Escalation management and Incident management with solid understanding of common network services and protocols.Basic knowledge of SD-WAN architecture-Versa, Cisco, Silver Peak.Managing KPIs by building dashboards and achieved SLAs during every incident lifecycle.Finding improvement areas and implementation as processes for good customer experience.Third-party provider engagement both within India and across Globe during Incidents.Configuration corrections within network along with Database inventory correction. While troubleshooting the issues, I have worked on Cisco, Alcatel Lucent Juniper routers switches for L3 VPN, L2 VPN & ILL.Providing correct and prompt RFO (reason for outage) along with detailed RCA preparation. Show less

Associate Engineer

• Mar 2015 - Apr 2016