Perform security monitoring, event analysis, and incident response activities acrossleveraging a variety of SIEM tools (ArcSight, LogRhythm, DNIF) in 24X7 environment.Follow detailed operational processes and procedures to appropriately analyse, escalate,and assist in the remediation of information security events and incidents.Integrate devices to Security Information and Event Management platform.Analyse logs from different security devices such as Intrusion Prevention System,Intrusion Detection System, Web Application Firewall, Perimeter and Internal Firewalls,Anti-Virus, Data Loss Prevention, Privileged Identity Management, Email Gateways, Userand Entity Behavior Analytics and Endpoint detection & response.Document the Playbooks and Standard operating procedure documents for SecurityIncident handling.Prepare the daily/weekly/monthly Security Operations Center reports.Act as a single point of contact for delivering all the Information security services given tocustomer by Tata Communications Ltd including, Proxy, Data Loss Prevention, Anti-Virus,Phishing Simulation, Brand Monitoring, Dark Web Monitoring, Vulnerability assessmentand Penetration testing services.Conduct regular meetings with customers for regular updates and new requests.Develop and improve Security Information and Event Management (SIEM) contentsincluding use cases, dashboards, and reports.Check and Feed the Manual Threat Intelligence IOCs on the SIEM solution.Provide technical and functional support to L1 Security Analysts.Assist customer with security incident response policies, procedures, and plans.Ensuring adherence to all the compliance and processes as laid in the Service levelagreement with the customer.Assisting customer for internal and external information security audits and compliance.

Perform security monitoring, event analysis, and incident response activities across leveraging a variety of SIEM tools (ArcSight, LogRhythm, DNIF) in 24X7 environment.Follow detailed operational processes and procedures to appropriately analyze, escalate, and assist in the remediation of information security events and incidents.Integrate devices to Security Information and Event Management platform.Analyze logs from different security devices such as Intrusion Prevention System, Intrusion Detection System, Web Application Firewall, Perimeter and Internal Firewalls, Anti-Virus, Data Loss Prevention, Privileged Identity Management, Email Gateways, User and Entity Behavior Analytics and Endpoint detection & response.Document the Playbooks and Standard operating procedure documents for Security Incident handling. Prepare the daily/weekly/monthly Security Operations Center reports.Act as a single point of contact for delivering all the Information security services given to customers by Tata Communications Ltd including, Proxy, Data Loss Prevention, Anti-Virus, Phishing Simulation, Brand Monitoring, Dark Web Monitoring, Vulnerability assessment and Penetration testing services.Conduct regular meetings with customers for regular updates and new requests.Develop and improve Security Information and Event Management (SIEM) contents including use cases, dashboards, and reports.Check and Feed the Manual Threat Intelligence IOCs on the SIEM solution.Provide technical and functional support to L1 Security Analysts.Assist customers with security incident response policies, procedures, and plans.Ensuring adherence to all the compliances and processes as laid in the Service level agreement with the customer.Assisting customers for internal and external information security audits and compliances.

• Real time Monitoring and Analysing SIEM logs of security alerts generated by network hardware and applications in Arcsight and LogRhythm.• Modifying and creating new rules, dashboards and reports as per the client need.• Analyse and investigate security events from various sources.• Managing security Incidents through all phases of the incident response process till closure with analysis and team coordination. • Updating tickets, write incident reports and document actions for false positive reduction.• Incident triaging and forensics on Incidents.• Analysing WAF logs to find attacks on client web portals and plan mitigations.• Monitoring suspicious user activities like failed authentications, access to harmful websites, abnormal bandwidth usage.• Ensuring 100% adherence to all the compliances and processes as laid in the SLA.• Coordinating with different teams like Server Administrators, Application Developers, Database Administrators and executives. • Assisting Client infrastructure team to investigate and analyse network infrastructure activities for performance monitoring.• Assisting Client for internal and external audits and compliances.• Preparing Daily Threat Dashboard and update the client with network security status.

• Monitoring Data Loss Prevention logs (Endpoint printing, HTTP, Endpoint External Storage, Email) to prevent loss of critical and confidential data.• Real time Monitoring and Analysing SIEM logs of security alerts generated by network hardware and Web applications in Arcsight console.• Vulnerability management by coordinating with different stakeholders.• Generating monthly, weekly and quarterly reports, also conduct Service Delivery Review meetings, and other meetings for process improvement.• Raising Problem tickets in order to white list false positive alerts and taking follow-ups with L3 and L2 team for proper implementation of resolutions.• Patch management to ensure devices and applications are up to date with recent secure version updates.• Helping clients with proper logs in case of system failures and in investigations.• Assisting Client for internal and external audits and compliances.• Manual Log Analysis and Monitoring to find critical and unauthorized activities performed on the devices.• Monitoring all the activities performed by UNIX or SAN team to ensure that proper and valid actions are done on servers to avoid any security threat.• Ensuring 100% adherence to all the compliances and processes as laid in the SLA.• Giving and taking proper Handover to next and from previous team members respectively.