In my role as a Senior Consultant 2 at EY, I was responsible for reviewing security events in the SIEM system, managing rules to reduce false positives, and conducting proactive threat research to ensure the security of the organization. I also analyzed logs using Splunk and Crowdstrike to detect any suspicious activities and unauthorized access, providing weekly advisory reports to the management.

• Participated in multiple projects to protect Comcast projects from cyber threats, handling cases escalated from Tier-1 team.• Conducted Root Cause Analysis on high severity cases, identifying security gaps and suggesting solutions.• Developed filters and correlated rules to reduce false-positive alerts, utilizing tools like Splunk, Demisto, and Symantec ATP.

• Analyzing the suspicious files triggered by the Symantec AV and to identify whether the given sample is a malware or clean file, once determined as malware.• First level of monitoring and investigation of information security events.• Investigating alerts generated by complex network, endpoint, and log analysis platforms by using SEIMTools• Analyzing the Phishing/Spam mails and identifying the malicious content. Educating global staff aboutthe steps and precautions to be taken against cyber-attack.• Using tools such as Live-response, Pdf dump streamer, Symantec, Splunk, process explorer and scan safefor the discovery of potential malware and Threat Analysis Scan.• Analyzing pdf, email and identifying the malicious content• Checking the website and IP reputation and appropriately group them as legitimate or blacklist. Workwith application teams for sanitizing web pages for which web attack traffic has been detected.• Act as a deep subject matter expert on Intrusion Detection Systems (IDS) and Intrusion PreventionSystems (IPS).• Monitoring of the integrity, availability and health status of information security systems.• Provide high level support and guidance to the prevention and resolution of security threats.• Review Understanding the root cause of the security incident and presenting it to the top managementwith proper action plans of mitigation and remediation.• Studying about recent cyber-attacks happening in the industry and informing the organization about theprecautions to be taken.