Incident Detection & ResponseKey Projects/Achievements- Transition from MSSP to in house SOC team- Implementation of EDR solution (Sentinelone)- Threat hunting initiatives- Creating playbooks for different incident scenarios/use cases- Improving Microsoft Cloud Security Posture by applying MS Defender controls- Implementing RBA- SOC Maturity wrt NIST/MITRE- Implementing SOC alerting using slack/Opsgenie for 24*7 coverage- Implementation of DMARC solution(ProDmarc) to move the policy to reject mode- Automating the Cloud Security Incident Response

Incident Handling, SOC,Threat Hunting, Vulnerability Management, SIEM,Threat Intel,Enterprise Security Tools, Security Awareness, Zero Trust,MS Defender,SentinelOne,CrowdstrikeKey Projects/Achievements- Achieved 100% security agents compliance coverage-Automating the Vulnerability reporting within splunk helped to reduce the manual efforts of creating reports and timely reporting of the new and CISA vulnerabilities as per defined policy - Implementing the Security Awareness & Phishing auto response tool (Knowbe4/PhishER)- Improved the user awareness by executing monthly Security Awareness Campaigns and assigning the trainings to the users- Implementing DLP policies for endpoints, email and web channels. - Migrating the email gateway- Started Vulnerability Management Program and ensured timely closure of CISA and Non CISA findings -Creating visibility around WAF,RDS,,VPC logs to detect any anomaly-Implementationf zero trust artchitecture with Zscaler(ZIA,ZPA,F/W, Posture Mgmt,DLP) with support of netwok team- Patching splunk servers for known vulnerabilities

Detection Engineering - Develop a comprehensive strategy for effective detections of malicious activity - Current monitoring and detection capabilities to identify areas for improvement - Checking Detection Effectiveness- Tuning, Validation - Collaboration with SOC team to reduce the false positives and enhancing security monitoring coverage - Collaboration with Threat Intel team to discuss the emerging threats and creating detections based on their research and findingsQradar - Managing Qradar admin activities- Content Development and MITRE mapping of use cases - Providing On call SIEM support to SOC for any critical issues - Participation in IDRBT Cyber Drills SIEM Migration from Qradar to Splunk- Creating searches, reports and dashboards - Migrating log sources and use cases from qradar to splunk - CIM normalization of the data - Admin activities - Managing index, Indexers, Data models, SH clusters, Cluster master and Deployment Server - Creating custom TAs for parsing and normalization of data- Providing Knowledge Transfer to team personnel on Splunk solutions - Managing syslog-ng server and creating filters for syslog traffic to write the logs to disk- Implementing RBAC to Splunk

Roles and Responsibilities includes-- SIEM Implementation (Splunk) - Architecting, Integrations, Content Development & Documentation - Cloud Security (AWS/GCP)- Identity and Access Management for servers (using ansible/AD), VPN and Cloud (AWS,GCP)- Conducting PoCs and evaluating security products- Monitoring security tools - Sophos AV, Fortigate F/W, Bitsight and FIM(ELK Wazuh) - DLP Implementation(Forcepoint)- Patching servers for vulnerabilities- Participating internal and external PCI DSS audits for SIEM

Role :SIEM Administration & Integration Responsibilities: - Reporting SIEM compliance status to mangement- Managing and troubleshooting SIEM ESM(McAfee) for Jio and Jio Payments Bank - Installation, Configuration, Integration & troubleshooting of SIEM solutions and its various components- Daily SIEM helath monitoring - Diagnosis of system notifications regarding performance problems or system failures (e.g. events dropping, HA system failed, IO errors- Working with support to resolve the platform issues - Device Integration (AWS, Telecom, Network, Servers and Security tools)- Log Troubleshooting- Parsing unrecognized log format- Writing Filters to drop the unwanted logs - Architecture review of applications to undrstand the logging requirements and use cases scenarios- Facing ISO audits for logs storage and availability

- Security alerts monitoring - Detecting security incidents- Coordinating with SIEM team for tuning of rules, dashboards and reports- Taking ownership of the alerts from creating tickets to closure of the incident

- Conducting Vulnerability Assessment for all systems in the network using Nessus - Ensuring compliance to minimum baseline security standards for endpoints, network, servers and datbases- Hardening and patching of OS(Linux,Windows)- Analyze the report and suggest workaround for issues

Developed a tool named Remote DNS Monitoring and Mass DNS Spoofing with Phishing.Finding Vulnerabilities in wireless networksDecoding the hidden messages

1 Month Internship in Gurgaon Cyber Police Station on cyber crime handling. -Case study of financial frauds and social media crimes -How forensics team works to retrieve the data -CDR Analysis