Division of Open Systems

• Microsoft Stack, Microsoft Azure, Sentinel, M365 Defender, Defender for Cloud (CSPM), Defender for Identity, Defender for Endpoints, Defender for Cloud Apps, Microsoft Entra ID (AAD), Defender for Office 365, Azure Lighthouse, and third-party resources are the main topics of this cyber advisory.• Report to the cybersecurity director advising in an Azure environment while handling duties like technical account management for an MSSP.• Setting up privilege identity management, access packages, roles, and users for clients during Azure service onboarding.• Using M365 Defender Azure to configure roles, manage devices, and apply indications, RBAC, and exclusions.• Defender for Endpoint recommended practices: ASR, EDR features, and sensor health.• Advising the customer to raise the secure score and configure other controls to secure the M365 Defender’s overall posture.• Investigating client environments to recommend improvements to the Microsoft Security Score and reducing the Exposure Score, as well as auditing the Attack Surface Reduction recommendations with M365 Defender.• Providing the customer with advice on the CSPM recommendation to improve security posture and secure score of Defender for Cloud.• Performing threat hunting on existing threats and hypotheses in order to look into threat evidence.• Sentinel cost reduction using workspace transformation rules and event analysis.• Encouraging the client to apply patch management for vulnerability management in order to reduce risk and lower the exposure score.• Utilizing KQL for event analysis and Sentinel and M365 D suite monitoring.• Using Sentinel Workbooks to track data usage, ASR, M365 Defender suite, and other metrics.• To improve detection, create and fine-tune Sentinel’s Analytics rules.• Create an automation rule to suppress recurred alerts, add tags, assign an owner, and do initial triage based on prior behavior to increase the efficiency of the SOC.

• Security Management: Splunk, ELK Stack, Firewall Logs, SentinelOne, Threat Intelligence, Checkpoint Firewall, Checkpoint EDR, Linux and Windows OS, Nessus, InsightVM, OpenVAS, Kali Linux• Management of security incidents during all stages of the incident management process including an in-depth analysis• Responsible for monitoring, detection of analysis through various input tools and systems (SIEM, IDS / IPS, Firewalls, AV, etc.), through incident handling and incident response.• Assess security and business risk associated with a security incident and coordinate containment, eradication, recovery, investigation and response measures.• Assure an appropriate tracking, documentation, closure and post-incident reporting and review of incidents• Develop and maintain incident response plans and contribute to the enhancement of the incident detection• Creating and maintaining IRP (Incident Response Playbook) creation and execution• Threat Hunting, Threat Intel and understanding of attacker technique that leverage MITRE tactics also kill chain• Maintaining and improving the security technologies deployed, including creating use cases, customizing or better configuring the tools based on previous and recent threats.• Analyzing logs (from SIEM) and other sources, to create reports and better prepareFor suspicious events or malicious efforts.• ISO 27001:2013 Policies, Procedures, Risk Register, Risk treatment plan review and implemented end to end policies at the organization level

• Incident Response Management (IRM), SIEM• Monitoring network activity to identify issues early and communicating them to IT teams• Constantly monitoring for attacks and intrusions and monitor security access and provide technical support• Researched threats, performed IT vulnerability assessments, and monitored remediation and report metrics to ensure management makes information risk aware decisions.• Manage security incident investigation and diagnosis• Developed and maintain signatures/rules to capture security incidents• Educated clients on their network security risks and advise way to remedy/mitigate existing threats.• Analyzed and investigate real-time as well historical events/logs precisely.• Validate incident containment and remediation recommendations provided to customers.• Ensure all unresolvable cases are passed to the correct team for action as appropriate.• Heighten parsing as well mapping issues to concern team for product improvement.• Provide operational and technical support to our customer• Vulnerability Management – Qualys, OpenVAS, InsightVM, Nessus• Finding for vulnerabilities and risks through vulnerability scan• Create and maintain all documents for all processes and manage all security technologies for information network• Prepare training materials and documents to increase security performance and perform various tests on all security products and systems.• Identify and resolve all problems and provide efficient training to new employees to understand all security procedures and maintain protection for all information systems.

• Network auditing and firewall compliance.• Manual auditing of firewalls• Create audit report• Remediation as per the audit report.• Device monitoring with SNMP for the services• Capturing log from each devices for SIEM solution

• Review technical issues from L1 engineer before sending to escalation.• Reproduce the issue in the back end if possible and evaluate the behavior of the issue, and work with concern team to get this resolved• POCs for various firewalls, DLP, NAS, and endpoint protections• Assist customers with deployment of various UTM network security products.• Assist customers by diagnosing problems and providing resolutions for technical and service issues.• Using troubleshooting techniques and tools to identify products that are defective and follow guidelines in issuing service calls/contacts.• Advise/educate customers within procedural guidelines to ensure a complete solution to their technical or service questions.• Recreates, identifies and provides input on unique or recurring customer problems.• Solve product and network problems of high complexity with strong knowledge in firewall technologies• Provide system/product training and intellectual property material.

Network & Security ProfessionalFirewall Experience: ( Cyberoam , Sophos, Fortinet & Sonicwall )Network Security Product Deployment and Support Services: Assist customers with deployment of network security products.• Configuration of LAN, WAN & DMZ as required.• Configuration of VLAN, 3G, WiMAX connectivity and Virtual Host (Port Forwarding).• Configuration of DCHP Server with Static and Dynamic• Link load balancing and Fail-over• Static and Dynamic Routing,• Bandwidth Management.• Configuring, and maintain VPN (IPSEC, SSL VPN) set up, as required.• Configuration of HA ( High Availability ) with Active - Active & Active - Passive• Configuration of Gateway level Anti-spam and Anti-virus solution, • Configuration of Web Filter and Application Filter Policy.• Working on IPS to block/bypassing applications from UTM as well custom IDS/IPS Signature • User authentication with local database or integration with external authentication server such as AD, LDAP, Radius Server. • Maintain the policies for user on Firewall for Internet access.• Single Sign On authentication and Thin-client (citrix) server.• Maintaining detailed user wise the reports.• Firewall rules for Stateful Packet Inspection.• Monitoring the traffic and sites visited by users I organization, creating the policies to increase the work output by restricting the unwanted sites in network. • Monitoring the network traffic.• Monitoring Network Performance, management and Optimization through SNMP.• Use packet capture to analyze and diagnose the issue.- External Reporting Tools are such as iView – Cyberoam & Sophos, Sonic Analyzer, Forti Analyzer- Hands on experience on Cyberoam, Sophos, Fortinet and Sonicwall firewall.