Sep 2022 – Mar 2024 · 1 yr 6 mos · Dubai, United Arab Emirates · On-site

•  Perform LogRhythm Platform Enhancement Activity and Implementation and Core development, and deployment and Content (Use case) development, perform technical account management duties for specific top-tier, strategic clients.
•  Performs all administration, management, configuration, testing, and integration tasks related to the LogRhythm, Splunk, Mimecast, RSA Net witness, TrendMicro, KAV Antivirus and associated platforms to include content creation, maintenance, and administration tasks.
•  Research, analyze and understand log sources utilized for the purpose of security monitoring, particularly MITRE framework use case creation and networking devices (such as firewalls, routers, anti-virus products, proxies, and operating systems)
•  Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/Log Management platforms and Identified, assessed, and prioritized identified vulnerabilities/ risks.
•  Creates and develops correlation and detection rules, utilizing Regex, within LogRhythm to support alerting capabilities within the Threat Management Center.
•  Oversee the integration of all customers into the MSS program so that they can be reliably handed to an operations team to conduct standard work.
•  Developed data architecture design to enable analysts to perform targeted customer analysis.
•  Lead a five-man team of highly skilled LogRhythm engineers through tasks ranging from network testing to high availability SIEM deployment and configuration.
•  Develop content for the LogRhythm platform around current trending security events to provide real-time, relevant alarming.
•  Deep-level assessment of data for any security-related threats followed by the assignment of incident critical designations.
•  Develop and maintained Security Standard Operating Procedures (SSOP).

Apr 2022 – Sep 2022 · 5 mos · Dubai, United Arab Emirates · On-site

•  Provide custom expert security consulting services to LogRhythm customers with a security operations center (SOC), develop and maintain processes/procedures around SIEM based on environmental changes.
•  Develop content for the LogRhythm platform around current trending security events to provide real-time, relevant alarming.
•  Work collaboratively with other service and product team members to find creative solutions to our customers’ challenges.
•  Perform remote and on-site customization, installation, and integration of the LogRhythm solution.
•  Provide consulting to customers during the testing, evaluation, pilot, production, and training phases to ensure a successful deployment.
•  Has current working knowledge of various security tools, including firewalls, web proxies, DLP, IDS/IPS, WAF, etc
•  Provides direct administration and ownership of SIEM to include configuration, access control, tuning, integration, and continuous improvement activities
•  Build and tune custom cases, dashboards, searches, reports on the SIEM platform based on cybersecurity and business needs
•  Act as a point of escalation for SIEM and provide guidance and mentoring to associate security engineers/analysts
•  Developed data architecture design to enable analysts to perform targeted customer analysis.
•  Managed creative projects from concept to completion while managing outside vendors.
•  Managed and monitored upkeep of "cloud" LogRhythm SIEM environment.
•  Architect full LogRhythm SIEM solutions.
•  Monitor and analyst log data from multiple log sources (databases, firewalls, Windows/UNIX servers) that come into our LogRhythm, multi-tenant SIEM cloud environment.
•  Deep level assessment of data for any security-related threats followed by the assignment of incident critical designations
•  Responsible for configuration of current enterprise security log source types into the SIEM.
•  Work with vendors to develop partner relations, in addition, to driving new innovations for the platform.

Mar 2021 – Apr 2022 · 1 yr 1 mo · Kochi, Kerala, India

•  Perform LogRhythm product and Deployment and Core development and Onboarding of new log sources into the LogRhythm platform and perform technical account management duties for specific top-tier, strategic clients.
•  Research, analyze and understand log sources utilized for the purpose of security monitoring, particularly security and networking devices (such as firewalls, routers, anti-virus products, proxies, and operating systems)
•  Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/Log Management platforms,
•  Monitor, sustain and troubleshoot a variety of technologies as they relate to Enterprise Log Management; make these other systems "talk" to the SIEM tools. Essentially, this individual needs to be able to administer a logging solution.
•  Performs all administration, management, configuration, testing, and integration tasks related to the LogRhythm, Microsoft defender and FireEye, and associated platforms to include content creation, maintenance, and administration tasks
•  Creates and develops correlation and detection rules, utilizing Regex, within LogRhythm to support alerting capabilities within the Threat Management Center
•  Provide remote consulting services via interactive client sessions to assist with the implementation of multiple product vendors and technologies
•  Assist with client transition and onboarding serve as the primary point of contact for Managed Security Service clients
•  Act as a point of escalation for other Engineers (Associate SIEM Engineer & SIEM Engineer) and provide guidance and mentoring.
•  Develop custom content (reports, querying, dashboards, light scripting, etc.)
•  Performs a variety of routine project tasks applied to specialized information assurance problems.
•  Assist with designing and documenting work processes within the SOC.

Jul 2020 – Mar 2021 · 8 mos · Chennai, Tamil Nadu, India

•  Act as a Subject Matter Expert (SME) for incident response and forensics.
•  Manage and perform incident response activities.
•  Provides project support related tasks to integrate security platforms as well as ongoing tuning support for existing technology
•  Support ongoing internal investigations and hand over legal cases to the litigation team
•  Highly technical examinations, analysis and reporting of computer based evidence related to security incidents (intrusion artifacts/IOCs) or investigations, blocking IPs/URLs i.e. emails (Securonix, Proofpoint & Azure Conditional Access & M-365 & Cloud App Security & TrendMicro & Defender ATP & Splunk & CyberArk and Intune & Qualys).
•  Perform incident triage and handling by determining scope, urgency, and potential impact thereafter identifying the specific vulnerability and recommending actions for expeditious remediation
•  Perform hunting for malicious activity across the network and digital assets using Defender.
•  Conducts analysis using a variety of tools and data sets to identify indicators of malicious activity on the network
•  Collaborates with technical and threat intelligence analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity
•  Detonate malware to assist with threat research
•  Establishes links between suspects and other violators by piecing together evidence uncovered from a variety of sources
•  Establishes and maintains a defensible evidentiary process for all investigations.
•  Perform packet analysis to identify anomalies in protocols and payloads
•  Document incidents from initial detection through final resolution ( RCA report) for P1/P2 cases.
•  Handle security incidents ensuring containment, eradication, and recovery with proper evidence collection and documentation through to closure
•  Solid understanding of hacker techniques (TTP’s) and exploits, including current security threat landscape.

Oct 2019 – Jun 2020 · 8 mos · Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates

•  Develop content for the LogRhythm platform around current trending security events to provide real-time, relevant alarming.
•  Architect full LogRhythm SIEM solutions. Monitor and analyst log data from multiple log sources (databases, firewalls, Windows/UNIX servers) that come into our LogRhythm, multi-tenant SIEM cloud environment.
•  The candidate will drive deployments of LogRhythm while working side by side with the customers to solve their unique problems across a variety of use cases.
•  Deep level assessment of data for any security-related threats followed by the assignment of incident critical designations.
•  Responsible for working with Endpoint Management team to manage software deployment to PCs using tools such as 2008/2012 Active Directory, Microsoft WSUS patching, Anti-virus, and endpoint protection using McAfee ePO. Creation and management of PC Build Images WinXP and Win7, and application for PCI security policies
•  Developed data architecture design to enable analysts to perform targeted customer analysis.
•  Develop content for the LogRhythm platform around current trending security events to provide real-time, relevant alarming.
•  Managed and monitored upkeep of "cloud" LogRhythm SIEM environment.
•  After the threat level has been assigned work with the client towards resolving and preventing future security incidents.
•  Developed parsing rules for custom log sources (Regex)-Crafted customer-specific custom alarms.
•  Tracked changes in the SIEM environment through custom-created reports. Reviewed, analyzed, and alerted on security events generated by multiple SIEM environments (LogRhythm and Joe Sandbox) -Deep threat and malware analysis to provide additional information to the client based on signatures of activity.
•  Maintaining critical monitoring systems (LogRhythm - log management systems) measuring system errors logs performance and availability. Evaluation of log management and log edit using Kibana.

Jan 2019 – Oct 2019 · 9 mos · Saudi Arabia

•  As a part of the process, we monitor all Critical Security events from all identical network devices which are integrated with the Saudi Aramco.
•  Based on the impact of the traffic we log an Incident with a respective team with the help client tool SV E-TOUCH portal within the Saudi Aramco security standards.
•  Reporting the detected vulnerabilities & threats to respective Application / System owners to take remediation actions to mitigate the events.
•  Generating reports such as weekly, monthly and daily based on the client requirement.
•  Creating queries and generating reports such as (Botnet Infected, Client system with XP, McAfee Virus& Rouge report,).
•  First level analysis (investigating problems) and closure of known medium and high priority security incidents.
•  Close interaction with the Clients and with the (Service NXT operations center) region and globally to ensure issues are resolved in a timely manner as per the (TISM) TAMKEEN Information Security Monitoring Team standards
•  Ability to perform SIEM incidents analysis.
•  Follow-up on cases which are pending either from IT helpdesk or with respective teams.
•  Perform technical assessment and provide feedback for Network / Web Application / Host / Server.
•  Perform investigation on an incident reported /identified/occurred in the Customer environment and prepare respective IR report based on the analysis done.
•  Ensuring proper operation and maintenance of SIEM, Vulnerability management, DDoS operations.
•  Creating alerts and co-relation rules when needed and reporting any identified incident to the respective teams.
•  Fine tuning of SIEM for enhanced performance and Categorizing assets as per their criticality.
•  Post-scanning prepares vulnerability list for tracking & follow up and scanning any new system prior to rolling out asset in a production environment.
•  Interacting with an onsite and offshore team in resolving their problems.

Oct 2016 – Jan 2019 · 2 yrs 3 mos · Greater Chennai Area

•  Supporting the E-Security Operations to all the PAN India Cognizant facilities which include 12 locations across the region.
•  Worked on Arc sight SIEM tool.
•  Collecting, analyzing and preserving the evidence related to incidents.
•  Writing reports on incidents and deliver them to Business and other stakeholders
•  Creation of rules, Active List, Dashboard, active channels based on customer requirements.
•  Creation of reports, queries, and filter for the events that are generated in Arc Sight Console. Ensure application availability and SLA adherence.
•  To be able to configure and manage use cases into event aggregation and correlation systems.
•  Develop and configure SIEM reports (i.e. dashboards including daily, weekly and monthly reports)
•  Assist, coordinate with the Security Incident Handling Team (onsite projects team) in providing assistance during the investigation.
•  On-Call Support function (responding to incidents of regular working hours and weekends/ holidays)
•  Potential to bring any possible security threats or violation of Security Policy to the notice of the Information Security Manager.
•  Creation of custom parsers/connectors based on the requirements of the clients for supporting their applications/devices in Arc Sight environment
•  Integration of devices with Arc sight, Connector installation, and configuration.
•  Review, analyze and interpret the logs captured in SIEM Boolean queries on Logger as well as handling console for the real-time log monitoring and creating Dashboards for Malware, Threats and other Attacks alerts.
•  Support security incident response processes in the event of a security breach by providing incident reporting.
•  Coordinating with client Information Security Head for security incident notifications received from Client with high radars.
•  Implement and manage a security incident management process according to the Security Policy.

Sep 2013 – Oct 2016 · 3 yrs 1 mo · Greater Chennai Area

• Incident Management and analysis.
• Creating Reports, Rules, Dashboards, Correlations and Alerts configuration as per the requirements.
• Threat Hunting , Raising tickets using BMC remedy. Part of the SIEM Team, responsible for monitoring and protecting the Client’s network from attacks by using SIEM tool RSA Security Analytics.
• To perform security analysis based on alerts generated in SIEM environment for the complete organizational network.
• Establish plans and protocols to protect digital files and information systems against unauthorized access, modification and/or destruction.
• Maintain data and monitor security access.
• Anticipate security alerts, incidents and disasters and reduce their likelihood.
• Analyze security breaches to determine their root cause.
• Recommend and install appropriate tools and countermeasures.
• Troubleshooting and Risk mitigation if any risks are involved and detected in the analysis.
• Log and Packet analysis (through the investigation window) using Security Analytics.
• Report creation and analysis in RSA Netwitness.
• Hunting for the potential threats in the environment.
• Define, implement and maintain corporate security policies.
• Train fellow employees in security awareness and procedures.