Dec 2023 – Present · 2 yrs 3 mos

• Part of Accenture for more than 8 years at Cyber Fusion Center (Accenture CFC) in Prague, Czech Republic enabling enterprises for cyberdefense.

Dec 2022 – Nov 2023 · 11 mos

• Working with Accenture around for 6 years in Cyber Fusion Center (Accenture CFC) in Prague, Czech Republic. Being part of Cyber Defense Team for CyberSecurity engineering role performing SIEM Administrator task. UseCase Creation for CyberOps Team. SOAR Admin Tasks. SIEM platform management end to end. Onboarding of New security tools and devices.
• CyberUse Cases Creation/Tuning, DataSource Onboarding, Mapping and Parsing, BAS Activity Validation, Purple Activity Validation SIEM Management.
• Also working on for CyberSecurity UseCase Creation on :
• IoT Security (Internet of Things)
• OT Security (Operational Technology)
• IoMT Security (Internet of Medical Things)
• ICS Security (Industrial Control System)

Dec 2020 – Dec 2022 · 2 yrs

• Associated with Accenture Security around 5 years and now designated at Level 9 as CyberSecurity Engineering & Development Specialist.
• Currently Part of CyberSecurity Engineering Team handling SIEM Admin Task using Securonix, SNYPR Data Lake, Big Data Platform Hadoop supported by Cloudera for Data source Troubleshooting.
• Tools and Device Integration, SIEM Platform Handling, UseCase Creation.
• Newly Data source Onboarding and Continuous tuning of existing datasources.
• RegEx Writing for new event type and parser creation of various datasources.
• Define & Building SIEM custom use cases, content development for various data source.
• Finetuning of the existing Use cases to reduce false positive and noise.
• Parsing, mapping and remapping of the attributes.
• Checking Health check of Hadoop HDFS nodes for memory, cpu, disk utilization for smooth functioning.
• DR Implementation for Various datasources.
• Playbook Creation using SOAR.
• Playbook monitoring and troubleshooting for smooth functioning.
• RIN (Remote Ingestion Node) and syslog servers monitoring and implementing configuration for datasources.
• Configuring and updating the SYSLOG server for receiving the logs and forwarding the logs to various SOLR cell using SYSLOG NG config files.
• Creating Threat Models.
• Working within current change management processes to apply patches and provide first-line support for supported security tools.
• Feed intelligence and indicators of compromise to security incident management during P1 and P2 incidents to support the incident management process via triage on security events.
• Produced actionable intelligence for colleagues and business areas in the form of threat advisories, briefings, a threat attribution database and tactical data feeds.
• Provided technical governance, oversight and direction for the overall security service, solution design and implementation compatible with the target state operational security architecture.
• SNYPR Datalake, FortiSOAR, Cloudera, Apache Spark jobs

Apr 2019 – Dec 2020 · 1 yr 8 mos

• Currently Part of CyberSecurity Engineering Team handling Admin Task using Securonix, SNYPR Data Lake, Big Data Platform Hadoop supported by Cloudera and various data sources for Data source Troubleshooting, Data source Onboarding, RegEx Writing, Define & Building SIEM custom use cases, content development for various data source, Finetuning of the existing Use cases to reduce false positive and noise. Parsing, mapping and remapping of the attributes. Checking Health check of Hadoop HDFS nodes for memory, cpu, disk utilization for smooth functioning. Cofniguring and updating the SYSLOG server for receiving the logs and forwarding the logs to various SOLR cell using SYSLOG NG config files.
• Creating Threat Models.
• Using following Hadoop Component:
• HDFS
• SOLR
• SPARK (12 Jobs)
• Zookeeper
• HBase
• YARN
• HIVE
• IMPALA
• KAFKA
• Sentry
• Hue
• Oozie

Nov 2017 – Aug 2019 · 1 yr 9 mos

• I was part of Cyber L2 Team for Securonix SIEM Team handling below tasks using SNYPR tool with multiple native tools for investigation.
• Fine tuning suggestion
• Working on Top violators, violations and multiple Threat Models to capture high severity violators.
• handling Client call and expectation
• Weekly, monthly Report Preparation
• Handling multiple High priority P1 and P2 issues
• Datasource health check report preparation
• Dashboard creation in SNYPR
• KT to Team and junior resource
• Brown Bag session to team as in when required for new cyber threats.
• Preparing Baseline Report for Clients.
• Directly Investigating with the users for Audit Frameworks like GDPR, HIPAA, PCI DSS etc and taking it to resolution.
• Also Handled Splunk Admin Task in previous project in Accenture for Handling Splunk components like Search Head, Deployment server, Forwarders, License Master, Indexers etc for SIEM functioning, Define & Building SIEM custom use cases, Full platform support to Splunk v6.4.2 solutions, Splunk health monitoring and maintaining.
• Managed Splunk configuration files like indexes.conf, inputs.conf, outputs.conf, props.conf, savedsearches.conf etc.
• Experience with monitoring and operating SIEM, EDR and IDS/IPS solutions alongside other critical monitoring toolsets.
• Experience with Incident Response methodology in investigations, and the groups behind targeted attacks and tactics, techniques, and procedures (TTPs).
• Monitoring security devices for server and workstation in various sites across globe and Routinely assess vulnerabilities and coordinating with security specialist. Routinely monitor and analyze network traffic and system performance. Also handling below tools.
• Splunk
• Securonix SNYPR
• FireEye HX & NX
• Tanium
• Cybereason (EDR)
• Airwatch
• Infoblox IPAM
• Alcatel-Lucent VitalQIP DNS/DHCP IPAM
• Palo Alto Network (PAN) Firewall
• PAN MineMeld
• iDefense® Security Intelligence
• Amazon Web Services (AWS)
• RSA Archer for Ticket Management
• Service Now