Led a security team in successful ISO/IEC 27001:2013 compliance and Information Security Management Program implementation.Developed business aligned information security strategy and information security program for the entire organization.Conducted asset classification with data owners and established baseline configurations aligning with risk profiles.Administered enterprise-wide risk assessments and presented risk treatment recommendations to executive management.Conducted Business Impact Analysis with involvement of business managers and formulated business Continuity and Disaster recovery plans as per recommendations of executive management. Conducted various internal and external security audits for compliance checks.Imparted cyber security awareness sessions to employee particularly on social engineering, asset classification and risk management.

Supervise and support the SOC team, ensuring effective performance and adherence to incident response protocols.Mentor and develop junior analysts, offering guidance on threat detection, investigation techniques, and incident management.Schedule and coordinate team shifts to ensure 24/7 coverage of the SOCLead the team in responding to security incidents, ensuring timely identification, containment, and remediation.Act as an escalation point for complex or high-severity incidents, coordinating with other teams as necessary.Conduct root cause analysis and post-incident reviews to improve incident response and prevention.Oversee continuous monitoring of the organization’s network, systems, and applications using SIEM and other monitoring tools.Direct the investigation and validation of security alerts, coordinating with the threat intelligence team to stay informed on emerging threats.Optimize threat detection and response processes by tuning detection rules and integrating threat intelligence sourcesDevelop and update standard operating procedures (SOPs) for SOC operations and incident response.Identify areas for improvement within SOC processes and workflows, implementing changes to enhance efficiency and accuracy.Maintain accurate records of incidents, alerts, and other SOC activities, ensuring detailed documentation for reporting and analysisCoordinate with IT and other departments to address security risks and support security awareness.Prepare and present reports on SOC activities, incidents, and overall security posture to senior management.Support audit and compliance activities, ensuring SOC practices align with industry standards and regulatory requirements

Monitoring security alerts and suspicious activity across networks, systems, and applications in real time using IBM QRadar SIEM solution Used various security monitoring tools (IDS/IPS, endpoint protection) to detect potential threats and abnormal behaviors.Identified emerging threats by staying informed of the latest cyberattack techniques and threat intelligencenvestigate, analyze, and validate security incidents to determine their nature, scope, and potential impact.Classify and prioritize incidents based on severity, ensuring that critical threats are addressed promptly.Conduct preliminary forensic analysis of compromised assets to understand the attack vector and extent of the incidentEscalation of Security events and alerts based on severity to L3 AnalystsMaintain detailed records of incidents, including timelines, investigative findings, actions taken, and outcomes.Customize and tune SIEM rules and alert thresholds to reduce false positives and improve detection accuracy.Develop and optimize detection rules, filters, and dashboards to enhance monitoring capabilities and response efficiency.Analyze the performance of security monitoring tools and recommend enhancements as needed.Prepare regular reports on security incidents, alerts, and SOC activities for management review.Document and update standard operating procedures (SOPs) and incident response workflows for SOC operations.Provide input to SOC administrators on fine tuning and optimization of security solutionsVulnerability scanning Documentation of all security incidents as post mortem phaseUse case developmentIBM QRadar deployment and administration