Administration:•Configuring and troubleshooting cloud proxy solutions to ensure secure and efficient access to web resources.•Developed expertise in email security gateway solutions, including configuring spam filters and blocking malware.•Managing Data Loss Prevention (DLP) solutions to prevent sensitive data from leaving the network.•Management and monitoring of anti-virus and endpoint protection software.•Managing Web Application Firewall (WAF) solutions, including configuring security policies, monitoring traffic, and reporting.Security Assessment:•Managing and conducting external and internal vulnerability assessment programs.•Gained proficiency in using vulnerability scanning tools such as Nessus, to identify vulnerabilities in the network infrastructure.•Conduct source code & configuration reviews to ensure best practices.Research and Development:•Staying up-to-date with the latest security trends and threats and incorporating this knowledge into research and development activities.•Skilled in conducting research and development to bring security solutions, best practices, and suggestions to improve the overall security posture of the organization while ensuring that it remains cost-effective.•Research on creating security dashboards to timely identify security weaknesses, threats, and anomalies.•Establishing and improving Digital Forensics skills to enhance incident response of the team.Documentation:•Knowledge sharing and continuous learning, creating SOPs/Play books and training materials to reflect new information and best practices.•Create and maintain SOC reports for management to highlight security issues and blockers (if any) to expedite the processes.

Team Management and SIEM Administration:•Perform lead role in internal and third party audit activities as a point of contact person to fulfill audit requirements related to Security Operations Center.•Point of Contact to different vendors during POC of security tools.•Point of Contact to external SOC vendor and internal teams to fulfill SOC requirements and audit observations•Resolving various SIEM issues as an administrator to optimize its performance.•Performed weekly analysis of SIEM to maintain durability of SIEM in terms of performance.•Analysis of expensive custom properties, rules, and event pipelines to avoid the loss of visibility in terms of logs.Research and Development:•Searching for latest security vulnerabilities Exploitation related to organizational infrastructure.•Exploring remediation steps to prevent being encountered.•Acquiring knowledge base regarding Security Patches of software/tools on every Month’s 2nd Tuesday released by different IT vendors of whose products are being used within the organization.•Assisting GRC in creating security awareness advisories.•Running Phishing Campaigns within the organization for awareness.•Perform risk assessment scenarios to enhance efficiency of security controls.Documentation:•Creating Reports to demonstrate the analysis of a threat indication.•Weekly Progress report of SOC team consisting Operational/Project tasks initiated by SOC.•Involves in building strategies to defend emerging cyber threats.•Developed Standard Operating Procedure documents for existing and fresh analysts.

Monitoring of Infrastructure:•Monitoring/Analysis of endpoints, vulnerability information revealed by vulnerability scanners, security intelligence feeds, Intrusion prevention (IPS) and detection (IDS) systems.•Creating/Refining rules to get alerts incase of anomaly.•Integration of the newly discovered assets of the organization with the SIEM for better visibility and monitoring.•Configuration of Sysmon (in Windows), Audit Daemon (in Linux) to gather Advanced Logs.Identification of Threats:•Tracking anonymous authentications from log source events.•Detecting misconfigurations and suspicious flow of traffic to get it properly configured.•Detection and removal of malware based on known malware signatures from the endpoints detected by EDR.•Performed ATM risk assessment and testing to avoid scenerios like ATM jackpotting.•Conducted Vulnerability assessment activities and suggested best security practices.Investigation:•Co-relating events based on research and past experiences.•Using multiple threat intelligence platforms to compare malicious/suspicious Sources.•Analyzing malicious/suspicious behaviors on sandbox.•Performing reverse engineering to understand the workflow of malicious/suspicious payloads.•Performed threat hunting on OS and network architecture level via advanced logs.•Performed deep analysis of suspicious/malicious executables by decompiling source code.Incident Management:•Managing the incident management portal.•Creating, managing trouble tickets as incident responder till its remediation on the incident management portal.