Oct 2021 – Mar 2023 · 1 yr 5 mos · Remote

• Deployed internal scanner managed via tenable.io, scheduled external scans, enabled cloud connectors, and managed vulnerability management portfolio for several product teams.
• Scanned AWS FSx for ONTAP pre-deployment components and builds for FedRAMP authorization.
• Implemented open-source software such as Prowler and Scout-Suite for CSPM, Trivy for container scans, Kube-scan for kubernetes risk assessment, and Cloud Custodian for cloud governance as code.
• PoC / PoV for Automox, Stacklet, and Rapid7 Insight Appsec.

Sep 2021 – Oct 2021 · 1 mo

• Promotion

Jan 2020 – Aug 2021 · 1 yr 7 mos

• Worked on Azure Security Center, Azure Sentinel, Storage ATP & SQL ATP as a support engineer
• Assisting customer's to understand the product, features and providing guidelines/best practices to implement the product
• Assisting in resolving recommendations, analysis of security alerts, creation of custom policy for security resource provider, continuous export of logs to Log Analytics workspace, SIEM (via event hub), Just in time access creation, file integrity monitoring etc. in Security Center
• Assistance in data source integration to Azure Sentinel via built-in connector as well by using workarounds, creation of simple playbooks, implementation of available rule templates etc. in Azure Sentinel
• Provide knowledge and information on preview features as and when available
• Gather customer feedbacks and update product developer teams
• Identify bugs in workflows
• Assist on Storage ATP configuration, SQL ATP and Qualys extension configuration.
• Basic understanding of NSG rules, VM extensions, event hub, Log Analytic Workspaces & solutions related to Security

Nov 2018 – Dec 2019 · 1 yr 1 mo

• QRadar:
• Expertise in incident handling & response, security incident triage & threat hunting
• Administration of security operations to identify true positives & fine tune false positive
• Integrate log sources such as on-prem AD, DNS, DHCP, Checkpoint firewall etc.
• Integrate SecureWorks portal with ServiceNow SecOps module
• Handled 25+ C1 priority security incidents and reduced impact rapidly
• RedCloak AETD:
• Package creation, deployment across servers & workstation
• Control network access of infected assets via host isolation & disrupt suspicious process by procwall module
• Track notable events and take necessary action
• Azure Security Center & Azure Sentinel:
• Created subscription, configured network security groups, installed Microsoft monitoring agent on windows workstations
• Comply recommendations, configured mail for alerts and implemented just-in-time VM to lock inbound traffic to VMs
• Involved in project to incorporate SIEM services using Azure Sentinel.
• Sandbox Implementation:
• Implemented Cuckoo Sandbox for automated malware analysis of files reported as suspicious
• SOP & KEDB creation:
• Created SOP on incident handling, categorization of incidents, spam analysis and rule fine tuning
• Established database for known errors, false positive, fine tuning, corrective & preventive actions for C1 incidents

Mar 2017 – Nov 2018 · 1 yr 8 mos

• SOC Operations & Incident Analysis (QRadar):
• Expertise in incident handling & response, security incident triage , threat detection & response.
• Administration of SOC operations to identify true positives, design new correlation rules, set up dashboards & generate reports.
• Performed security monitoring and identified security incidents by analyzing network traffic and logs data via SIEM tools like IBM QRadar
• Analyzed the security incidents based on kill chain process as part of cyber kill chain framework
• Malware Analysis (static & dynamic) in sandbox environment i.e Cuckoo.
• Coordinated with security engineering team to fine-tune rules in firewall/IPS/McAfee NSM
• Log Integration:
• Integrated various log sources network/security controls like AD, McAfee ePO, Windows Server, Cisco ASA etc.
• Integrated third party extension threat feed search engine like IPVoid, Virus-Total, etc.
• Spam Mail Analysis:
• Handle, mitigate and investigate email threats and categorize accordingly.

Oct 2016 – Mar 2017 · 5 mos

• SEPM & McAfee ePO:
• Installation of SEPM with SQL/embedded database, configuring group update provider and LUA
• Configured policy for various component like virus and spyware, firewall, IDS & white-listing hashes.
• Created feature set and packages as per requirement.
• Installation of license files
• Upgraded from version 12.x to version 14
• Configured proxy, heartbeat, live update settings, replication and backup for SEPM
• Configured policy on McAfee ePO for Threat Prevention & Web control
• Qualys, McAfee Vulnerability Manager & Tenable IO:
• Troubleshoot potential causes of scan failure (authentication failure, scanner offline, port block)
• Created asset tag & scan template as per compliance standard SOX, PCI DSS
• Security Team Operations & Risk Management:
• Provided evidence for audit requirement (SOX, PCI DSS)
• Resolved multiple C1 incidents & provided RCA.
• Connect on multiple calls related to change management, problem management & infrastructure improvement.
• Identification of risks and updated in risk register with impact and urgency score, plans to mitigate etc.
• TrendMicro Server Protect:
• Install and configure information server, normal server & management server
• Add filers to NS and IS , initiate scans & configure rules/policies.

Jun 2015 – Oct 2016 · 1 yr 4 mos

• SEPM & Vulnerability Management:
• Health monitoring of SEPM/McAfee servers across multiple business domains expanded across 35 global regions.
• Ensure timely updates of definition and other content (SONAR/amcore etc.) in Symantec endpoint protection manager & McAfee epo.
• Analyse and customize health & compliance report.
• Troubleshoot SEP at servers.
• Weekly report & remediation of unhealthy clients.
• Vulnerability assessment and closure.