Mar 2022 – Jan 2023 · 10 mos · Bengaluru, Karnataka, India

• Þ Managing and mentoring the newly formed Security Operations Team for the firm.
• Þ Integrated diverse log sources into SIEM platform to improve threat visibility and detection.
• Þ Implemented zero trust for Proxy and VPN, tested and deployed Cortex XDR.
• Þ Designed incident response playbooks and onboarding frameworks for new tools.
• Þ Collaborated with engineering and IT teams to define security use cases.

May 2020 – Mar 2022 · 1 yr 10 mos

• Þ Triage security events and carry out incident response steps. Investigate incidents on on-premises infrastructure and Azure cloud infrastructure.
• Þ Facilitate static and dynamic malware analysis on endpoints with proper
• documentation and steps for remediation of infected systems.
• Þ Proactively hunt for and investigate potential malicious activity and incidents across
• multiple platforms using EDR solutions and SIEMs.
• Þ Collaborating with other enterprise cyber security teams like Threat Intel, Hunt, and
• Threat Detection.
• Þ Create/improve playbooks and procedures.
• Þ Managing and mentoring a team of L2/L3 analysts.

Dec 2016 – May 2020 · 3 yrs 5 mos · Bengaluru Area, India

• Þ Triage security events and carry out incident response steps.
• Þ Conduct senior level log analysis, proactive monitoring, mitigation, and response to
• network and security incidents.
• Þ Perform static and dynamic malware analysis on virtual servers with proper
• documentation and steps for removal on infected systems.
• Þ Host/Memory analysis using SIFT, Encase, Volatility, Magnet AXIOM, FTK imager,
• Sleuth Kit etc.
• Þ Proactively hunt for and investigate potential malicious activity and incidents across
• multiple platforms using EDR solutions and SIEMs.
• Þ Researching on advance threat actors and implementing controls in the organization.
• Þ Detect and respond Spear phishing, phishing campaigns and targeted attacks.
• Þ Collaborating with other enterprise cyber security teams like Threat Intel, Hunt, CA etc.
• Þ Creating/improving playbooks and procedures, conduct training for SOC and CIRT.

Jan 2014 – Dec 2016 · 2 yrs 11 mos · Bengaluru Area, India

• Þ Working as a L3 Technology Specialist in information security.
• Þ Detect and respond to IT security incidents using ArcSight and other tools.
• Þ Provide day-to-day support to Incident Response/Management.
• Þ Supporting the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses.
• Þ Analyzing event flow of various devices using rules, reports, dashboards, query viewers, active channels etc.
• Þ Provide optimization of data flow in agents using aggregation, filters, etc.
• Þ Integrating third party utilities to arcsight integration commands and tools to ease the event analysis.
• Þ Conducting event collection, log management, and event management with Arcsight loggers.
• Þ Tunes ArcSight performance and event data quality to maximized ArcSight system efficiency.
• Þ Installation and troubleshooting of Arcsight smart connectors and flex connectors.
• Þ Analyzing intrusion events using Tipping Point IDS and Deadend.
• Þ Monitoring DDOS traffic using Netflow.
• Þ Malware analysis using malware sandbox Fire eye, Looking glass and Tanium.
• Þ Working closely with forensic team to mitigate malware outbreaks.
• Þ Performing virus, malware, spam and phishing filtering in e-mails.
• Þ Creating Daily, Weekly and Monthly status reports and trend reports for various devices.

Sep 2011 – Oct 2013 · 2 yrs 1 mo

• Þ Worked as a Senior Security Analyst for global clients, US Bank, TJ Max and Arcelormittal.
• Þ Led a Secmon team of 6 members, for a US based client.
• Þ Detect and respond to IT security incidents using ArcSight and other tools.
• Þ Provide day-to-day support to Incident Response/Management.
• Þ Analyzing event flow of various devices using rules, reports, dashboards, query viewers, active channels etc.
• Þ Working on Arcsight content development.
• Þ Analyzing intrusion events using SourceFire IDS or Mcafee NSM.
• Þ Monitoring DDOS traffic using Arbor.
• Þ Analyzing vulnerability reports from VA tools like Nessus.
• Þ Malware analysis using malware detector tool Fire eye.
• Þ E-mail security monitoring using the appliance Cisco IronPort.
• Þ Doing content filtration, blocking spoofed E-mails. Implementing whitelisting or blacklisting for various incoming or outgoing mail domains. Performing virus, spam filtering in e-mails.
• Þ Analyzing E-mail flow.
• Þ Creating Daily, Weekly and Monthly status reports and trend reports for various devices.
• Þ Leading and coordinating weekly meeting with client and discuss about issues, challenges, escalations, process changes etc.
• Þ Conducting training sessions on SIEM, Log analysis, Network administration, etc for new joiners on Wipro ESS division.

Jun 2010 – Sep 2011 · 1 yr 3 mos

• Paladion is a global full service managed security provider committed to delivering technology solutions to ensure impenetrable security to 400+ clients in 15 countries across Asia, US and Europe.
• Support: Paladion Security Operations Centre
• Project: India ArcSight Team
• My roles and Responsibilities
• Working as a Security Analyst based on the tool ArcSight.
• Responsible for providing security support for distributed computer systems
• Handles all end users report Incidents, Problem Tickets and Change management tickets with respect to Network Security within the agreed SLA.
• Analyses security incidents as well as liaise with clients on security instructions.
• Working on various Routers, Switches, Firewalls and other network devices.
• Reporting device or interface down events to maintain maximum uptime.
• Log correlation and real time threat management using ArcSight.
• Creating Rules, Active channels, Dashboard, Filters, Reports and Queries in Arcsight to track incidents.
• Worked with ArcSight administrator to develop ArcSight rules, channels, and analysis methodology.
• Creating Daily and Monthly reports and Adhoc reports of various devices for different clients.
• Maintaining Archsight servers, by filtering noisy events, creating daily and weekly backups.

Dec 2008 – Jun 2010 · 1 yr 6 mos

• Religare Technova Limited is the holding company for the IT business of a large diversified Indian transnational business group. The group pursues aggressive business interests globally in Financial Services, Health Care, Wellness, Diagnostics and Aviation and Travel.
• Support: Religare Enterprise Level Support,
• (Support All Religare Wellness Employees and Clients)
• My roles and Responsibilities
• L1 &L2 Network support
• Configuring Network and Systems for connectivity
• Creating and managing VLANs
• Implementing port security for switches
• Monitoring network and responding to outages with the help of Whats up Gold.
• Creating and managing firewall rules.
• Implementing and supporting network for the clients.
• Administration of Servers which include multiple platforms like Windows and Linux in the Bangalore office and other offices of the company
• Creating and Managing users and groups
• Creating and Managing DHCP Scopes
• Maintain maximum uptime of Servers
• Managing, creating E-mail accounts in Mail Server (Zimbra).
• Maintain inventory of IT assets of the company.