• As an Associate SOC manager, I have exposure in leading MSSP and in-house security operations.• Actively involved in supervising the team, provide technical guidance.• Manage SOC staffing, including hiring, mentoring, communicating goals, and measuring performance.• Create processes, compliance reports, Assess incident reports and Support audits.• Measures SOC performance metrics.• Working experience with SIEM, EDR technologies, Vulnerability management and all End point solutions.• Accountable for driving the SLA and KPI performances, share monthly security and service reports to client and the executive team.• Prepare and implement SOPs, Run Books for L1/L2/L3 support and meet KPIs / SLAs.• Create new custom correlation rules and build playbooks.• Good understanding on End point security solutions like email gateway, Firewall, IPS/IDS, Web Proxy, EDR tools and DLP monitoring tools.• Monitoring alerts from EDR tool i.e. CrowdStrike.• Mentor L1,L2,L3 analysts.• Perform root cause analysis of incidents/breaches.• Good knowledge of Splunk Distributed cluster Architecture• Installing Universal forwarders to integrate Windows and Linux devices• Integrated JAMF Pro, FortiGate Firewall, Qualys with Splunk• Installing Splunk apps and Addon on the Splunk

* Worked in a 24x7 Security Operations Center * Monitoring the customer network using Splunk SIEM * Act as first level support for all Security Issues * Analyzing Realtime security incidents and checking whether its true positive or false positive * Performing Real-Time Monitoring, Investigation, Analysis, Reporting and Escalations of Security Events from Multiple log sources. * Raising true positive incidents to the respective team for further action * Creating tickets on service now and assigning it to the respective team and taking the follow-up until closure. * Escalating the security incidents based on the client's SLA and providing meaningful information related to security incidents by doing in-depth analysis , providing recommendations regarding security incidents mitigation which in turn makes the customer business safe and secure. * Investigate malicious phishing emails, domains, and IPs using Open-Source tools and recommend proper blocking based on analysis. * Good knowledge of Splunk Distributed cluster Architecture * Installing Universal forwarders to integrate Windows and Linux devices

• Proficient in Incident Management and Response, handling escalations.• Communicate effectively by contributing significantly to the development and delivery of a variety of written and visual documents for diverse audiences.• Develop content for SIEM by writing correlation rules, dashboards, reports and alerts.• Handling escalated alerts from L1 , L2 Security Analysts• Create new custom correlation rules and build playbooks.• Good understanding on End point security solutions like email gateway, Firewall, IPS/IDS, Web Proxy, EDR tools and DLP monitoring tools.• Monitoring alerts from EDR tool i.e. CrowdStrike.• Mentor L1 analysts.• Perform root cause analysis of incidents/breaches.• Good knowledge of Splunk Distributed cluster Architecture• Installing Universal forwarders to integrate Windows and Linux devices• Integrated JAMF Pro, FortiGate Firewall, Qualys with Splunk• Installing Splunk apps and Addon on the Splunk• Monitoring Realtime Incidents in Splunk Enterprise Security

• Performing Real-Time Monitoring, Investigation, Analysis, Reporting and Escalations of Security Events from Multiple log sources.• Co-ordinate with networking teams to maintain and establish communication to remote ArcSight Connectors• Installing ArcSight Connectors• Integration of new devices with ArcSight such as Windows, Linux, CISCO Firewall, Routers, Switches etc.• Doing the troubleshooting if any device is not sending the logs to the ArcSight.• Creation of ArcSight content like Correlation Rules, Query, Report, Dashboards etc.• Troubleshooting SIEM dashboard issues when there are no reports getting generated or no data available• Checking for Vulnerabilities using NESSUS tool (Black box and Gray Box Analysis) and creating the report.