Soc Analyst
Current• Detected, analysed, investigated, and reported security incidents to stakeholders using ArcSight SIEM and MDE EDR with 24*7 support, adhering to the defined SLA.• Administrative activities related to ESM: asset & network modeling, development of use cases, including advanced correlation rules, dashboards, and queries, as well as the creation and scheduling of reports and peering of ESM. • Onboarding of log sources such as firewalls (Check Point, Fortinet, Cisco ASA), email security (F-Secure, Proof Point), Blue Coat Proxy, Active Directory Server, databases, Bring Your Own Device (BYOD), Microsoft Office Defender for Endpoints, and Office365.• Smart Connector installation, upgrading, and troubleshooting to ensure continuous and accurate data ingestion.• Installation and deployment of the threat intelligence program Galaxy Threat Acceleration Program (GTAP).• Configuration of connectors & loggers with the Arcsight Management Center.• Installation and version upgrade of Arcsight Enterprise Security Manager (ESM) & Logger.• Logger configuration, like creating receivers, forwarders, storage groups, and ESM-Destination.• Configuration of data archiving, backup, and purging based on need and compliance.• Managed the on boarding and off boarding of devices (Windows & Linux) in MDE for seamless security operations.• Maintained security baselines in MDE to ensure a robust security posture.• Managed IOC, alert tuning and suppression, and overall threat & vulnerability management in MDE.• Conducted threat-hunting activities focusing on suspicious or malicious traffic analysis.