Skills
● Cyber security SIEM & SOC:Splunk, Azure Sentinel
● Email Security :Office 365
● Network Security & NGFW : FortiGate, IDS/IPS
● System Security : Windows and Linux servers’ patches and security updates, Performance and
Capacity
Analysis
● End Point Security : MS Defender, Crowd Strike
● Vulnerability Assessment : Rapid7
● Ticketing Tools : Jira , Service Now
About
Working as Security Analyst for SOC 24*7 environment.
● Monitoring and analysis of events generated by various security and network tools like Firewalls, Proxy servers, AV, IPS/IDS, load
balancer’s database , System Application, Cloud (Amazon, Azure, and Google) Windows and Linux servers etc.
● Working on P1,P2 Incidents and SC Tasks. Creating RCAs for P1/P2 tickets
● Security Incident Response: Responsible for monitoring of security alerts. Analysis of logs generated by appliances, investigation,
and assessment on whether the incident is False positive or False Negative.
● Use SIEM tools (Splunk, Azure Sentinel, Ueba & Qradar) to detect possible signs of security breaches and perform detailed
investigation to confirm successful breach. Perform root cause analysis (RCA) and appropriately handle the incident as per defined
Incident Management Framework.
● Following end to end Incident Investigation and Incident Response process, ensuring to close the investigation within defined SLA.
● Working on Integration of the Service Now, Jira
● Worked on email analysis (Header, URL, and attachment analysis) for detecting threats such as phishing and other social
engineering attacks.
● Participation in the preparation of SOC monthly cyber security incident reports .
● Monitoring endpoints by using D
● Defender for Endpoint and escalating to users for suspicious activities.
● Conducting security Research and Intelligence gathering on Emerging Threats and Exploits.
● Escalation of security incidents to concerned teams and their management and follow-up for closure.
● Creating tickets in Service now and tracking the status of the incidents.
● Analysis of daily and monthly reports for incident management and compliance.
● Coordinating with Network team, Server team regarding activities and technical issues.
● Creating vulnerability and remedy reports and reporting them to users.
● Finding the Critical servers and application inventory from respective business owners and scheduling the scan weekly, monthly,
and Quarterly basis.
● Knowledge sharing session with the team members whenever complex incident issues are raised and also lessons learned from
other team members.
● Attending calls with business owners, Windows, and Linux team for scheduling the Vulnerability Management patching and
remediation part without business disruptions.
Accenture Solutions Pvt Ltd, Jan 2022 to Aug 2023
Security Delivery Analyst
● Working as Security Analyst for SOC 24*7 environments.
● Monitoring and analysis of events generated by various security and network tools like Firewalls, Proxy servers, AV,IPS/IDS, load
balancer’s database, System Application, Cloud (Amazon, Azure, and Google) Windows and Linux servers etc. Security Incident
Response: Responsible for monitoring of security alerts. Analysis of logs generated by appliances, investigation, and assessment
on whether the incident is False positive or False Negative.
● Use SIEM tools (Splunk, UEBA) to detect possible signs of security breaches and perform detailed investigation to confirm
successful breach. Perform root cause analysis (RCA) and appropriately handle the incident as per defined Incident Management
Framework.
● Following end to end Incident Investigation and Incident Response process, ensuring to close the investigation within defined SLA.
● Working on Integration of the Service Now, Jira
● Working on P1,P2 Incidents and SC Tasks. Creating RCAs for P1/P2 tickets
● Participation in the preparation of SOC monthly cyber security incident reports .
● Escalation of security incidents to concerned teams and their management and follow-up for closure.
● Creating tickets in Service now and tracking the status of the incidents.
● Troubleshooting of Sev1, Sev2 and Sev3 incidents within SLAs and prepared.
● Analysis of daily and monthly reports for incident management and compliance.
● Monitor the Network Security devices like Tipping Point IDS/IPS, Paradigm, Fire Eye, SIEM Receiver, Network bypass devices,
Basics of F5 LB, monitoring the Splunk services etc.,
● The L1 Team will create the Priority tickets which will be assigned to us, and we are performing the troubleshooting to fix the issue.
● Vendor management for Security devices like Paradigm physical disk failure, warranty related and faulty sSdrives/disk parts
replacement with Dell support.
● For tickets tracking we used Jira Application, SNOW and Monitoring the Security Appliance by centralized application called
Opsview.
● To perform TOS upgrade for Tipping Point devices (IPS/IDS) to update the license and versions using Tipping Point SMS.
● Defining the Reports usingQueries, & Report Template & running thereports.
● Checking the overall system health & reporting it to the admin team on a daily basis.
● Checking Connectors health status & reporting it to the admin team.
● Updating SOPs as per modifications.
● Providing 24x7 L-2 on-call support & coordinating with required Teams to resolve the high severity issues.