Information Security Analyst

• Jan 2020 - Present

. Aggregate, correlate, and analyse log data from network devices, security devices and other key assets using LogRhythm. . Performing Administration activities like Tuning Alarms, Configuration, False Positive Reduction, Adding & Enabling Custom Log Sources and Integration of log sources. . Understanding & Identifying security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives. . Creation of Monthly reports, Dashboards, documenting the incidents and mitigating the risks with business needs. . Perform cyber threat intelligence operations including intelligence collection (IOCs), tracking threat actors and identifying malicious infrastructure. . Knowledge towards vulnerability assessments, threat assessment and reporting activities in order to safeguard information assets and ensure protection has been put in place on the systems. . Conduct log analysis, proactive monitoring, mitigation and response to network and security incident Show less

Information Security Analyst

• Aug 2019 - Nov 2019

• Experience with SIEM technologies, log management tools, security analytics platforms, and forensic offerings • Experience with malware analysis, virus exploitation and mitigation techniques • Strong knowledge of incident response and crisis management • Configuring and monitoring Security Information and Event Management (SIEM) platform for security alerts. Integrate and work with the firm’s Managed Security Services Provider (MSSP) services • Providing first level response for security events including but not limited to intrusion detection, malware infections, denial of service attacks, privileged account misuse and network breaches. The event management includes triage, correlation and enrichment of individual events to either rule out as false positive, trigger standard detective and corrective responses, or escalating as a security incident. • Monitor and analyze Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and Security Information and Event Management (SIEM) • Create, modify, and update IDS, IPS, and SIEM rules • Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information • Evaluate and deconstruct malware • Analyze large sets of data in order to discover indications of compromise • Assists with implementation of counter-measures or mitigating controls • Creates and maintains Standard Operating Procedures • Consolidate and conduct comprehensive analysis of threat data • Perform configuration optimization on SIEM, VA, IPS tools to fine tune correlation rules and signatures to reduce false positives Show less

IT-Security Executive

• Jan 2018 - Jul 2019

The ability to analyze event and systems logs, perform forensic analysis, analyze malware, and other incident response related data, as needed. • Deep understanding of incident response best practices and processes • Familiarity with intrusion detection systems (e.g., snort) and tools (e.g., tcpdump, Wireshark). • Knowledge of attack vectors, threat tactics and attacker techniques. • Familiarity with network architecture and security infrastructure placement. • Understanding of Windows operating systems and command line tools. • A solid foundation in networking fundamentals, with a deep understanding of TCP/IP and other core protocols. • Knowledge of network-based services and client/server applications. • Proficient in multiple compiled and scripting programming languages (Shell, Perl, Python, Java, C++, Mozilla Rust, JavaScript) • Proficient in TCP/IP networking and security. • Good knowledge of vulnerability analysis, information warfare, Botnet analysis and Botnet propagation techniques. • In-depth understanding of TCP/IP, DHCP, DNS, IPSEC, RPC, SMB, SSI-I, SIP, SMTP,IMAP, IRC, HTTP/S, FastFlux, Nettlow, SNMP, syslog • Basic understanding of Google Apps APIs (maps, charts) • Good Knowledge of Log Analysis • Good Knowledge in Apache Kafka, Mesos, Docker, Elastic search and Apache Storm • Good Knowledge of Open Source Intelligence & information gathering. • Technical Writing. Show less

Network Engineer

• Jun 2015 - Apr 2017