----Providing Splunk Administration Services to our Customer----Job Responsibilities Include:• Design, implement, and support Splunk components including Indexers, Forwarders, Search-Heads, Deployment Server, License Manager, Cluster Manager and Monitoring Console in on-premise environment• Onboard new data sources and perform index-time and search-time field extractions to enhance data analysis capabilities• Create new indexes based on SOC requirements and set or modify retention policies of all the indexes to ensure compliance and efficient data storage• Develop and deploy new Splunk apps, create server classes, and manage universal forwarders through the deployment server to push configurations• Write Complex SPLs to help SOC with their dashboards and alerts.• Troubleshoot Splunk performance issues, log feeds, field extractions, and search times. Identify and improve inefficient searches and dashboards• Currently leading a project to expand our Splunk indexer cluster by adding 5 additional indexers. This involves the complete installation of each indexer, establishing connectivity to the license manager and monitoring console, and integrating them into the existing cluster under the supervision of the manager node, data rebalancing to optimize performance and ensure seamless operation across the expanded infrastructure

----Providing SOC L1, L2 Services to our Customer----Job Responsibilities Include:• Monitoring and investigating real-time security events or incidents using SIEM, EDR and XDR and correlate data across multiple layers - email, endpoints, servers and networks.• Conducting root cause analysis of incidents and perform remediation.• Analyzed and identified malicious activity, indicators of compromise, legitimacy of IPs, domains, files, and emails• Threat Analysis using OSINT such as Virus Total, Abuse IP DB, IBM X-Force, MX Toolbox) and Nessus for Vulnerability Scanning• Actively collaborating with team members to fine-tune existing correlation rules and creating new ones, reducing false positives and improving overall accuracy of security alerts.• Conducting regular health checks of SIEM. Opening new cases and taking followups on existing cases with IBM regarding any issues in QRadar or Cloud Pak.• Coordination with infrastructure teams for eradication/mitigation of threats, malware and security breaches that are detected via SIEM, EDR and XDR solution.• Integrating Windows with WinCollect and Linux with rsyslog to seamlessly feed data into SIEM.

• Installation, configuration, and managing Linux servers, including RHEL, CentOS, and Ubuntu.• Network configuration, regular backups, and monitoring using Linux tools.• Configuring SSH server and other remote administration tools.• Package management, OS hardening, kernel tuning, LVM management, and patching.• Managed virtual machines (VMs) on Linux servers, using libvirt and other tools.• Scheduling and managing Cron jobs and worked with SELinux Mac enforcement.

• Engage in a variety of penetration testing assessments including network (internal and external), wireless, social engineering etc.• Vulnerability Assessment of the assets (Windows Servers, Linux Servers, Databases).• Sharing of the Vulnerability Assessment Reports with the stakeholders to get the timelines/comments for the fixation.• Re-validation of the fixed Vulnerabilities.• Wrote detailed reports containing findings, observations, and recommendations.