Security Analyst

• Jan 2021 - Present

• Worked in a 24x7 Security Operations Center. • Continuous monitoring of customer networks using the ArcSight SIEM platform. • Act as initial level support for all security-related matters. • Real-time monitoring, investigation, analysis, reporting, and escalation of security events from multiple log sources. • Report true positive events to the appropriate team for further action. • Create and assign tickets on ServiceNow to the respective team, actively following up until… Show more • Worked in a 24x7 Security Operations Center. • Continuous monitoring of customer networks using the ArcSight SIEM platform. • Act as initial level support for all security-related matters. • Real-time monitoring, investigation, analysis, reporting, and escalation of security events from multiple log sources. • Report true positive events to the appropriate team for further action. • Create and assign tickets on ServiceNow to the respective team, actively following up until resolution. • Investigate malicious phishing emails, domains, and IP addresses with open-source tools and recommend appropriate blocking based on the scan. • Escalating security incidents in accordance with the client's SLA. • Contact the client team directly in the event of high-priority incidents and assist them in the mitigation process. • Installation and Upgradation of ArcSight Connectors. • Integrate various devices, including Windows, Linux, CISCO Firewall, Routers, Switches, and more, with the ArcSight platform. • Conduct troubleshooting activities to address any issues related to devices failing to send logs to the ArcSight system. • Create and configure ArcSight content, including correlation rules, queries, reports, and dashboards, to optimize security monitoring and facilitate comprehensive analysis. Show less • Worked in a 24x7 Security Operations Center. • Continuous monitoring of customer networks using the ArcSight SIEM platform. • Act as initial level support for all security-related matters. • Real-time monitoring, investigation, analysis, reporting, and escalation of security events from multiple log sources. • Report true positive events to the appropriate team for further action. • Create and assign tickets on ServiceNow to the respective team, actively following up until… Show more • Worked in a 24x7 Security Operations Center. • Continuous monitoring of customer networks using the ArcSight SIEM platform. • Act as initial level support for all security-related matters. • Real-time monitoring, investigation, analysis, reporting, and escalation of security events from multiple log sources. • Report true positive events to the appropriate team for further action. • Create and assign tickets on ServiceNow to the respective team, actively following up until resolution. • Investigate malicious phishing emails, domains, and IP addresses with open-source tools and recommend appropriate blocking based on the scan. • Escalating security incidents in accordance with the client's SLA. • Contact the client team directly in the event of high-priority incidents and assist them in the mitigation process. • Installation and Upgradation of ArcSight Connectors. • Integrate various devices, including Windows, Linux, CISCO Firewall, Routers, Switches, and more, with the ArcSight platform. • Conduct troubleshooting activities to address any issues related to devices failing to send logs to the ArcSight system. • Create and configure ArcSight content, including correlation rules, queries, reports, and dashboards, to optimize security monitoring and facilitate comprehensive analysis. Show less