Highlights

Professional Summary:

Motivated IT professional, with over 9 years of experience in Cyber security; monitoring and system surveillance for suspicious events using endpoint security,vulnerability management,email security,IDS/IPS and SIEM tools.

Skills

Primary Skills

SIEM Tools

Secondary Skills

IBM QRadar

Splunk

Projects

PROJECT1: - Manufacturing Industry (22 months)

• Identify and ingest indicators of compromise (IOCs), e.g malicious IPs/URLs, etc..into network tools/application


• Stay up to date with current vulnerabilities, attacks, and countermeasures with security blogs and internal news reporting's from CISA, DHS, AKAMAI


• Perform incident monitoring, response, triage and initiate investigations


• Create and track incidents and request using ticketing tool: (ServiceNow)


• Analyze security event data from the network (IDS, SIEM)


• Perform investigations and evaluations of network traffics, read and interpret logs, sniffer packets, and PCAP analysis with RSA Security analytics and Wireshark


• Escalate any security incident (the confidentiality, integrity or availability of any information or information asset that is negatively impacted) to the Incident Response (IR), Incident Management team (IMT), Forensic Management Analysis team (FMAT) as needed


• Conduct analysis using Splunk ES


• Identify suspicious/malicious activities or codes


• Perform domain and email analysis


• Participate in phishing campaigns


• Search firewall, email, web or DNS logs to identify and mitigate intrusion attempts


• Investigate malicious phishing emails, domains and IPs using Open Source tools and recommend proper blocking based on analysis


• Continuously monitoring and interpreting threats using the IDS and SIEM tools


• Investigate all reported suspicious emails and determine whether the emails are malicious, non-malicious or legitimate and reply to the user who reported the suspicious email with a message reporting the findings and any recommendations


• Perform shift handoff at the end of every shift to provide situational awareness to the incoming shift.

PROJECT2: - Finance Industry (26 months)

• Investigate all security alerts received by making use of all tools and log files possible to determine if the alert is a false positive, a security event, an actual attack, and/or a security incident


• Strong understanding of the Incident Response lifecycle (Preparation, Detection & Analysis, Containment, Eradication & Recovery, Post-Incident)


• Understanding threat landscape in terms of the tactics, techniques and procedure of attacks


• Understanding of the security use cases and able to contribute for better detection


• Understanding of IOCs, payloads and packet capture


• Handles all end users, report Incident and ticketing with respect to Network Security within the agreed SLA.


• Hands-on experience with Palo Alto Firewalls, Cisco Prime,Carbon Black,ePolicy Orchestrator (ePo)


• Perform investigations and evaluations of network traffics, read, and interpret logs, sniffer packets, and PCAP analysis with Palo Security analytics and Splunk ES


• Perform shift handoff at the end of every shift to provide situational awareness to the incoming shift.

PROJECT3: - IT Industry (65 months)

• Responsible for technical analysis during cyber security incidents


• Understanding of the security use cases and able to contribute for better detection


• Understanding of IOCs, payloads and packet capture.


• Handles all end users, report Incident and ticketing with respect to Network Security within the agreed SLA.


• Preparation of daily shift reports to the clients.


• Creation of correlation rules and dashboards in SIEM tool


• Provide timely, comprehensive and accurate analysis results


• Guide subject matter experts on activities to be performed


• Ensure integrity and completeness of collected evidence


• Perform malware analysis and possibly reverse engineering


• Provide best-practice technical remediation recommendations to effectively mitigate incidents.


• Hands-on experience with Palo Alto Firewalls, Cisco Prime,Carbon Black,ePolicy Orchestrator (ePo)


• Providing Technical Support for Clients & VIP Associates.


• Real Time Log analysis from different network devices such as Windows Servers, System Application, Databases, Web Servers and Networking Devices

Awards

Accomplishments:

• Certifications: CompTIA security+,CEH,CHFI,OWASPTOP10,Sentinel Administration
• Provided first level mitigation steps to avoid this exploit before Microsoft releasing security patch(like block log4j header, body and URL in WAF and Disable/removing the JNDI lookup class from the class path, Patching application and library file)
• Raspberry Robin malware first level identification and brought into active monitoring.
• Qakbot Infection end to end analysis process has been done and IR process defined.
• Ransomware-linked emerging threat activity group detected- 960+ users saved from this ransomware attack (Identified source of infection and all mitigation steps taken immediately with complete analysis )
• Cyber National Mission Force discloses IOCs from Ukrainian networks-Identified source of infection and mitigated the cyber-attack in KONE.
• Created cyber security awareness program and enabled in e-learning platform
• Recently, assisted in minimizing the impact of the cyber-attack (REDFOX) on Microsoft 365 apps and other user account which is related to dangerous ransomware gang(Lockbit).
• This gesture got praised by KONE CISO and cybersecurity leaders.