Aug 2023 – Oct 2023 · 2 mos · Remote

Sep 2021 – Aug 2023 · 1 yr 11 mos · Remote

• On boarding new logs and from different sources.
• Uploading threat intel IOCs to match with relevant log sources available in Splunk.
• Presenting weekly status / decks to CISO for undergoing projects and upcoming plans.
• Finetuning Splunk Enterprise Security use cases as per client requirements.
• Building dashboards, reports and alerts in Splunk.
• Extracting new fields to build new correlation rules necessary for security. Performing health checks like
• missing forwarders, skipped searches, long running queries, etc.
• Ensuring SOC team have relevant information in Splunk to perform the investigations.
• Building use case assessment matrix to map existing alerts with MITRE attack framework and identifying
• gaps in use cases.
• Upgrading Splunk certificates ( server certs, web certs )
• Upgrading Splunk enterprise and enterprise security.
• Engaging with application, development and project teams during integration, troubleshooting on Splunk.
• Providing training to L1 and L2 SOC analyst for investigation of alerts through Splunk.
• Upgrading Splunk forwarders agents using silent script installation.
• Maintaining compliance by ensuring application and servers are logging regularly comparing from Client CMDB.

Mar 2021 – Sep 2021 · 6 mos

Jun 2019 – Feb 2021 · 1 yr 8 mos

• SIEM:
• Finetuning splunk usecases as per organization needs and structure.
• Taking part in Splunk upgrades and finetuning calls with vendors, in accordance with the needs of the SoC team for adding usecases and splunk apps.
• Building dashboards, reports and alerts and taking care of health checks in splunk like missing forwarders, orphand searches, long running queries etc.
• ANTIVIRUS:
• Traps:(Palo alto)
• Taking care if all the security events that SOC team is receiving are relevant.
• Whitelisting false positives in Traps by adding hashes or adding new policies and groups.
• Escalating misconfugired policies/rules to reconstruct them, to palo/vendors.
• Cortex Xdr:
• investigating complex usecases in xdr for determining the network activity, registery changes, suppressions created by APT.
• Firewall:
• Palo Alto:
• Completed 40 hours of industrial training in Palo alto firewall.
• Analysing Panorma, to block cnc activites, sinkholing DNS suspicious traffic.
• Creating and Scheduling IPS reports from the firewall for early detection of emerging or live threats.
• DLP:
• O-365:
• Blocking suspicious senders, spammers to prevent phishing mails.
• Tracing bulk phishing mails, investigating headers detrmining subject lines.
• Reputation:
• BIT SIGHT:
• Taking care if any component that needs attention and bringing the repuation down by taking counter measures and analyzing the intels received.
• Shift lead:
• Guiding the L1 analysts in investigation.
• Handling escalations that comes to SOC.
• Mentoring SOC analysts, from time to time.
• Building KB, Runbooks and SOP.

Oct 2017 – May 2019 · 1 yr 7 mos

• Identifying Security events on Domain Controllers for Improper usage of Service and administrator accounts which goes out of the Security Policy.
• Identifying Configuration done on the network devices for which the change is not provided.
• Blocking any malicious Network Scanning activity which sourced from outside the organization or without intimation from Inside.
• Preventing any Intrusion activity signature based done on DMZ servers with the help of IPS device like
• Snort.
• Preventing and investigating any malware activity behavior based like botnets connecting to C&C with the help of Security Appliances i.e Fireeye. and packet analyzing tool like wireshark.
• Investigating any IOC in the environment by correlating Firewall action (Cisco asa) and Web logs, using the SIEM tool i.e RSA Security Analytics.
• Working on the reports fetched from the security tools like RSA and IPS, for identifying top intrusion as well as malware activity.
• Identifying threat events from MacAfee epo, for any malicious activity or finding out any infected file/process/dll left out in the end hosts within the corporate network. • Proactively identifying and detecting any anomalies in the network behavior patterns using CISCO Stealth Watch.
• Built web version for the Knowledge Base (KB) along with an alerting mechanism which helped to build transparency related to any change in KB, which helped the team for faster searching for the False Positives.

Jun 2015 – Oct 2017 · 2 yrs 4 mos · Chandigarh Area, India

• Increased Customer Satisfaction by integrating their ERP Bridge with ours.
• Configured and built dashboards and alerts in Splunk, as well as fine tuned the existing alerts which were faulty and not precise.
• Identified the Root Cause for the data that was not forwarding to Splunk intermittently.
• Built work instructions in Confluence to do fair capacity audits of all the SAAS servers before deploying any bigger Customer into the cloud.
• Raised multiple Suggestions in Jira for the security blips and the product bugs at platform level (e.g wrong service calls) which were recognized by R&D and Deployment teams and were worked upon later.
• Conducted and delivered RCA( Root Cause Analysis) for the degradation and disruptions that were triggered in the SAAS Production/Test.
• Worked on Platform Changes to install/update carefully any new software or configuration, after presenting them before CAB( Change Authority Board) members.
• Deployed ADFS SSO for customers and troubleshooted the same with their IT team over call which reduced pending go live dates by 20% for most of the projects.
• Managed access for external and internal users in windows Active Directory to be assured they access only what they should over cloud servers.
• Published and deployed .exe(Thick Client) applications for customers as well as internal users over Citrix farm and load balanced them on Citrix servers to help them integrate to the cloud for Application Virtualization.
• On call troubleshooting with cloud vendor Rackspace when the server loses control at OS level.
• Controlling and troubleshooting any blip in automation that occurs during an Upgrade by working closely with Devops and Product team.

Jun 2014 – Jul 2014 · 1 mo

• Successfully completed case studies in cloud computing and network managment

Jun 2013 – Jul 2013 · 1 mo · Kotdwara Area, India