• Delivering end-to-end captive SOC operation service for a government client who regulates the securities and commodities market in India• Lead and managed a team of 13+ cybersecurity analysts, including hiring and training new staff, assigning tasks, and providing technical guidance and support to team members, to ensure an uninterrupted operation of critical business infrastructure and systems• Supervised the monitoring of security events and alerts, ensuring that the SOC team analyzes and triages alerts appropriately to identify potential threats and vulnerabilities• Developed and implemented relevant processes, procedures, and playbooks to enhance the overall effectiveness and efficiency of the SOC Operation• Lead the development of SOAR action including the collaboration with relevant stakeholders for integration and automated responses on integration security technologies• Conducted in-depth investigations into security incidents, providing detailed findings and recommendations for remediation while writing the RCA report• Collaborate with cross-functional teams to assess the security posture of existing systems and infrastructure, identifying vulnerabilities and recommending appropriate mitigation strategies• Prepared and presented reports & dashboards to senior management, and relevant stakeholders, covering executive summaries of cybersecurity incidents, trends, and metrics• Ensured compliance with adopted security standards, framework, incident response plan and policies, while ensuring the SOC maturity is enhanced, SLAs are adhered and timely mitigation of cybersecurity risks• Transformed the maturity of SOC operations from an ad-hoc state to a highly optimized state, enabled with automated orchestration of response to cybersecurity event and incidents

• Developed a robust CSIRT program for a client in nuclear energy sector based out of UAE: - Developed incident response plan, incident response process and procedures, investigation report templates, relevant notification forms - Developed and conducted simulation exercise of table-top & drill exercise programs• Developed SOC governance framework and operating model based NCA-ECC, NIST and ISO standards for a client in aviation sector based out of KSA: - Developed SOC governance, architecture and operating model with policies, service catalog, associated processes and procedures for the SOC operation - Developed SOC runbook and playbook for the security use cases• Developed cybersecurity target operating model (TOM), service catalog and relevant processes for one of the largest petrochemical clients based out of KSA: - Defined the business risk-centric cyber security strategy, governance, organization charter, policies, processes, procedures, guidelines, standards and frameworks - Developed FTE estimation formula, demand drivers and benchmark to propose most accurate and effective FTE counts for the client• Performed cloud security assessment for a semi-private organization based out of Qatar: - Developed cloud security framework based on ISO 27001, ISO 27017, ISO 27018, Qatar - CSP, CSA CCM and NIST SP 800-53 - Assessed and identified gaps in the people, process, technology and services model adopted in the form of IaaS and SaaS model from Microsoft Azure and Oracle Cloud Infrastructure (OCI) - Developed gap assessment report, recommendation and roadmap for improving cloud security control and its effectiveness• Developed enterprise security architecture framework (EAF) for the IT / OT environment based on NIST, SABSA, TOGAF, NCA-ECC and ISO 27001 for a client in aviation sector based out of KSA.

• Designed, implemented, integrated and operated Microfocus ArcSight SIEM solutions for a largest PSU bank in India: - Developed custom flex connector (parsers) for different banking application such as (ATM switch, internet banking etc.) as well as multiple security solutions including Radware WAF, Smokescreen Decoy, Symantec DCS, etc. - Developed advanced security usecases and packed into resource bundles for reuse into multiple SIEM deployment across different client, it helped to protect against latest threats such Emotet, Petya etc. - Implemented and integrated different decoys such as file, network and systems decoy to detect anomalies within the network, remediate and mitigate latest threats. - Implemented and configured DCS to control and restrict the threat landscape for advanced malwares on critical systems and crown jewel assets - Act as first escalation point for SOC analysts surrounding security alerts, events, incidents and emergency response - Lead a team of 10 people in all phases of complex projects execution while managing, motivating and mentoring global team members

Implementation of Anti-APT solution for one of the largest bank in Australia:- Designed, implemented and configured Anti-APT solutions which includes McAfee Threat Intelligence Exchange (TIE), McAfee Data Exchange Layer (DXL) and McAfee Advance Threat Detection (ATD) in UAT and Production environment, it helps client in early detection and prevention of APT attackImplementation of McAfee SIEM solution for a leading textile and fabric company in India:- Designed and implemented McAfee SIEM combo box- Assisted team in datasources integration

Vulnerability Assessment and Patch Management for a one of the largest telecom company in India:- Performed vulnerability assessment using Nessus Scanner a Tenable Network Security product- Developed Minimum Baseline Security Standard (MBSS) for client- Risk assessment for identified vulnerabilities- Patch Management for identified vulnerabilities- Assisted client with the latest developments in the field of information securityImplementation of McAfee SIEM solution for a greenfield Bank in India: Scope of engagement includes:- Designed, installed, integrated and configured SIEM solutions as standalone for DC and DR setup- Integrated more than 800 datasources which includes Network devices, Security devices, Servers, Application- Developed mechanism to populate event logs for unsupported devices- Developed advance usecases for unsupported datasources- Developed custom usecases as per ISMS requirement and SOC monitoring team requirements

As a Subject Matter Expert(SME) for HP ArcSight and McAfee SIEM Solutions @ Hitachi:- Designed, Deployed, Implemented and Integrated SIEM solutions for different clients- Developed advance use cases as a part of SIEM implementation- Demonstrated Proof of Concept (PoC) of SIEM solutions which converted into business for Hitachi- Professional Services on SIEM solutionsImplementation HP ArcSight SIEM solution for a major Macau based CasinoScope of engagement includes:1. Implemented ArcSight solutions which includes ESM, Logger and Connector Appliance in DC and DR environment2. Integrated more than 500+ devices which includes Network devices, Security devices, Servers, Databases, Cisco Call Managers etc.3. Developed advance use cases including filters, queries, correlation rules, dashboards, query viewer, trends, static and dynamic active lists for the integrated devicesHP ArcSight Logger upgradation in Logger Only environment for a major telecom company based out in GhanaScope of engagement includes:1. Performed Logger upgradation from v4.0 to v5.52. Developed advance use cases which include flex developments for Telecom devices like AIR, MINSAT, CCN, SDP and use cases like filters, queries, correlation rules, dashboards, query viewer, trends

As a SOC specialist deputed for one of the largest Stock Exchange of India:• Managed security events and incidents with real-time threat and entity monitoring using HP ArcSight and HPSM• Performed network traffic analysis and packet capture along with NetFlow monitoring using StealthWatch a product of Lancope• Performed threat and vulnerability analysis, investigation and reporting to the client regarding the potential security threat• Develop SIEM use-cases in alignment with usecase management framework including but not limited to filters, queries, correlation rules, dashboards, query viewer, trends, static and dynamic active lists for all the integrated devices• Coordinated and collaborate with other teams within the organization for the remediation of security threats• Assisted Incident Responder in the end-to-end incident response and recovery processes• Developed playbook and guidelines for each of the developed use-cases• Ensured SOC services are within the SLAs and OLAs• Prepared daily security advisory for client to update about the latest potential threats in the wild

• Managed Network and Security devices on daily basis including but not limited to: - Cisco Routers (3800) - Cisco Access and Core Switches (2960,3750) - Cisco Adaptive Security Appliance (ASA) 5510 - CheckPoint - Squid Proxy• Managed private virtual environment hosted on ESXi v4.1 in a cluster setup• Managed Domain Controller (MS 2008 R2 Enterprise), WSUS Server (MS 2003)• Managed Standalone Symantec Endpoint Protection (SEP) server• Managed of IP phones which includes AVAYA and soft phones like EYEBEAM• Managed of NetCore Email Server v6.0.3• User and System management on Microsoft Active Directory Server• Data Backup and recovery on DLT tapes• Actively participated in ISMS implementation