 Triage security events and carry out incident response steps. Investigate incidents onon-premises infrastructure and Azure cloud infrastructure. Facilitate static and dynamic malware analysis on endpoints with properdocumentation and steps for remediation of infected systems. Proactively hunt for and investigate potential malicious activity and incidents acrossmultiple platforms using EDR solutions and SIEMs. Collaborating with other enterprise cyber security teams like Threat Intel, Hunt, andThreat Detection. Create/improve playbooks and procedures. Managing and mentoring a team of L2/L3 analysts.

 Triage security events and carry out incident response steps.  Conduct senior level log analysis, proactive monitoring, mitigation, and response to network and security incidents.  Perform static and dynamic malware analysis on virtual servers with proper documentation and steps for removal on infected systems.  Host/Memory analysis using SIFT, Encase, Volatility, Magnet AXIOM, FTK imager, Sleuth Kit etc.  Proactively hunt for and investigate potential malicious activity and incidents across multiple platforms using EDR solutions and SIEMs.  Researching on advance threat actors and implementing controls in the organization.  Detect and respond Spear phishing, phishing campaigns and targeted attacks.  Collaborating with other enterprise cyber security teams like Threat Intel, Hunt, CA etc.  Creating/improving playbooks and procedures, conduct training for SOC and CIRT.

 Working as a L3 Technology Specialist in information security.  Detect and respond to IT security incidents using ArcSight and other tools. Provide day-to-day support to Incident Response/Management. Supporting the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses. Analysing event flow of various devices using rules, reports, dashboards, query viewers, active channels etc. Provide optimization of data flow in agents using aggregation, filters, etc. Integrating third party utilities to arcsight integration commands and tools to ease the event analysis. Conducting event collection, log management, and event management with Arcsight loggers. Tunes ArcSight performance and event data quality to maximized ArcSight system efficiency. Installation and troubleshooting of Arcsight smart connectors and flex connectors. Analysing intrusion events using Tipping Point IDS and Deadend. Monitoring DDOS traffic using Netflow. Malware analysis using malware sandbox Fire eye, Looking glass and Tanium. Working closely with forensic team to mitigate malware outbreaks. Performing virus, malware, spam and phishing filtering in e-mails. Creating Daily, Weekly and Monthly status reports and trend reports for various devices.

 Worked as a Senior Security Analyst for global clients, US Bank, TJ Max and Arcelormittal.  Leading a Secmon team of 6 members, for a US based client. Detect and respond to IT security incidents using ArcSight and other tools. Provide day-to-day support to Incident Response/Management. Analysing event flow of various devices using rules, reports, dashboards, query viewers, active channels etc. Working on Arcsight content development. Analysing intrusion events using SourceFire IDS or Mcafee NSM. Monitoring DDOS traffic using Arbor. Analysing vulnerability reports from VA tools like Nessus. Malware analysis using malware detector tool Fire eye. E-mail security monitoring using the appliance Cisco IronPort. Doing content filtration, blocking spoofed E-mails. Implementing whitelisting or blacklisting for various incoming or outgoing mail domains. Performing virus, spam filtering in e-mails. Analysing E-mail flow. Creating Daily, Weekly and Monthly status reports and trend reports for various devices.  Leading and coordinating weekly meeting with client and discuss about issues, challenges, escalations, process changes etc. Conducting training sessions on SIEM, Log analysis, Network administration, etc for new joiners on Wipro ESS division.

Paladion is a global full service managed security provider committed to delivering technology solutions to ensure impenetrable security to 400+ clients in 15 countries across Asia, US and Europe.Support: Paladion Security Operations CentreProject: India ArcSight TeamMy roles and ResponsibilitiesWorking as a Security Analyst based on the tool ArcSight.Responsible for providing security support for distributed computer systems Handles all end users report Incidents, Problem Tickets and Change management tickets with respect to Network Security within the agreed SLA.Analyses security incidents as well as liaise with clients on security instructions.Working on various Routers, Switches, Firewalls and other network devices.Reporting device or interface down events to maintain maximum uptime.Log correlation and real time threat management using ArcSight.Creating Rules, Active channels, Dashboard, Filters, Reports and Queries in Arcsight to track incidents.Worked with ArcSight administrator to develop ArcSight rules, channels, and analysis methodology.Creating Daily and Monthly reports and Adhoc reports of various devices for different clients.Maintaining Archsight servers, by filtering noisy events, creating daily and weekly backups.

Religare Technova Limited is the holding company for the IT business of a large diversified Indian transnational business group. The group pursues aggressive business interests globally in Financial Services, Health Care, Wellness, Diagnostics and Aviation and Travel.Support: Religare Enterprise Level Support,(Support All Religare Wellness Employees and Clients)My roles and ResponsibilitiesL1 &L2 Network supportConfiguring Network and Systems for connectivityCreating and managing VLANsImplementing port security for switchesMonitoring network and responding to outages with the help of Whats up Gold.Creating and managing firewall rules.Implementing and supporting network for the clients.Administration of Servers which include multiple platforms like Windows and Linux in the Bangalore office and other offices of the companyCreating and Managing users and groupsCreating and Managing DHCP ScopesMaintain maximum uptime of ServersManaging, creating E-mail accounts in Mail Server (Zimbra). Maintain inventory of IT assets of the company.