• Develop new SIEM/SEIM content (ArcSight ESM 6.5 and 6.8) including rules, active lists, aggregations, dashboards, trends, and alerts that appropriately characterize the importance of events of interest found in the client operational environment.• Involved in routine, scheduled maintenance, upgradation and health check of SIEM, development of flex connector (Regex) (to integrate non supported applications and devices).• Investigation of security event to find root cause and corrective actions for policy violation, malware detection and exploit attempts.• Performs analysis of security events from multiple sources as firewalls, IPS, ISA proxy, FireEye MPS, NG Firewalls, IPS, Antivirus, HIDS, Window servers, UNIX servers, Databases and other applications.• Meeting with Application and business owners, involved in requirement analysis and suggesting technical controls.• As a part of Security Intelligence, involved in intelligence gathering and analyzing security feeds from various open sources (IP, Domains and Hashes) and integrating it with ArcSight and other tools like NexThink, HIDS etc.• Leverage data analytics and contextual awareness methods to create dashboards, reports and notifications.• Working on FirEeye Malware Protection System and analyzing its reports, escalating it to CERT whenever necessary for containment and detailed malware analysis.• Works with various solutions like FireEye, NextThink, HIDS, IPS/IDS, Cuckoo Sandbox, Guardium and ATIC (DDoS) for incident analysis/alerting.• Write scripts (Bash shell & Perl) in a UNIX environment to automate download/format of logs and feeds to facilitate SIEM integration.• Identify and hunt for related TTPs and IOCs across all internal/external repositories.• Preparing various procedures and other documents as a part of SOC process.

•Responsible for handling security incidents that is reported via SIEM tool and Security Incident management portal.•Initiating computer incident handling procedures to isolate and investigate potential network information system compromises.•Perform malware or forensic analysis as part of the incident management process.•Creating security alerts, correlation rules, dashboard, graphs and reports in SIEM based on requirement.•Integration of various devices/applications with SIEM module.•Implemented Network IPS and IDS infrastructure across multiple gateways.•Implement and manage Wireless IPS (Airtight) infrastructure.•Responsible for determining the security policies, such as IDS/IPS, review all new vendor-released updates (signatures) and make recommendations whether they need to be turned on for alerting. When/if custom signatures are needed to find specific threats or issues, create new signatures and recommend for deployment.•Handling and troubleshooting DLP Enforce and the different detection components.•Expand DLP capabilities for the client within existing Infrastructure and business Process, Creating content policies, stabilize and optimize DLP system performance, including rules and reports, assist with upgrades, installations and configuration.•Perform vulnerability assessments using tools and analyze the output of vulnerabilities, risks, mitigation, and provide a technical briefing of the findings.•Understand project requirements and client’s business related to information security.•Conducted POCs for Splunk ES, IBM Proventia IPS, Juniper IDP and McAfee Client proxy (SaaS). Performed pilot implementations as per request.•Troubleshooting issues by logging in to bridge calls. Providing root cause analysis within 48 Hours of occurrence.•Follow Change Management and Executing Change Management requests raised by various L1/L2 teams as per ITIL process and handle escalations.•Executed various projects as a part of service improvement plan.