May 2021 – Apr 2024 · 2 yrs 11 mos · Greater Bengaluru Area

• 1. Conducting threat and risk analysis and analyzing the business impact of new and existing systems and technologies to eliminate risk, performance, and capacity issues.
• 2. Implementing vulnerability assessments and configure audits of operating systems, web servers, and databases and detect patterns, insecure features, and malicious activities in the infrastructure.
• 3. Investigating using Endpoint tools Fidelis, Crowd Strike and Carbon Black, which includes Administration, Implementation in multiple environments, and Integration of various log sources, Enterprise Security App management, and Correlation rules / dashboards / reports / alerts creation, creating correlation rules in Log Rhythm and prepared use cases.
• 4. Running diagnostics on any changes to data to verify any undetected breaches.
• 5. Conducting counteractive protocols and report incidents. They offer customized risk ratings for vulnerabilities based on company policies and maintain IT security controls documentation.
• 6. Managing the pay-per-click (PPC) system from threats and identify and manage incidents to mitigate risks.
• 7. Performing research, testing, evaluation, and deployment of security technology and procedures.
• 8. Analyzing the file for its malicious behavior by performing static and dynamic analysis etc.
• 9. Configuring anti-virus systems and consoles and conduct software upgrades. Identifying malicious domains and blocking them. Finding vulnerable domains related to organization.
• 10. Running diagnostics on any changes to data to verify any undetected breaches.
• 11. Developing custom systems for specialized security features and procedures for software systems, networks, data centres, and hardware. Handling Phishing E-mail and Endpoint security tasks for alerts triggered in various security tools.

Apr 2019 – May 2021 · 2 yrs 1 mo · Thiruvananthapuram, Kerala, India

• 1. Analyzed and investigated security events from various sources Triage security events and incidents, detect anomalies, and report remediation actions.
• 2. Managed security incidents through all phases of the incident response process through to Closure.
• 3. Monitored real-time security events on SIEM Splunk and LogRhythm and Azure console and Event analysis and investigating using Endpoint tools Fidelis, CrowdStrike and Carbon Black, which includes Administration, Implementation in multiple environments, and Integration of various log sources, Enterprise Security App management, and Correlation rules / dashboards / reports / alerts creation. Created correlation rules in LogRhythm and prepared use cases.
• 4. Created playbooks to implement SOAR, worked on Azure Sentinel and KQL and defended malware threats.
• 5. Conducted initial analysis assessing severity and depth of security incidents. Ability to identify and classify malware families based on standard taxonomy
• 6. Analyzed collected media for defensive cyber operations and understand adversary technical capabilities, Tactics, Techniques and Procedures and methods of employment.
• 7. Conducted RCA to fine tune detection and mitigation measures of alerts.
• 8. Worked in SOC, SIEM tools, interfaced with multiple clients for resolving issues in different IDS/ IPS Devices.

May 2018 – Apr 2019 · 11 mos · Bengaluru Area, India

• 1. Characterized and analyzed network traffic, logs and endpoint activity to identify anomalies, malicious or potential threats.
• 2. Performed event correlation using information gathered from a variety of sources (network and endpoint logs) to gain situational awareness to detect, confirm, contain, improve, and recover from attacks.
• 3. Responded to attacks found , interacting with users to remediate systems or repair damage caused.
• 4. Performed detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
• 5. Analyzed identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
• 6. Determined tactics, techniques, and procedures (TTPs for intrusions. • Isolate assets and remove malware; Reconstruct a malicious attack or activity based on malicious samples seen on endpoints, phishing emails or in network traffic; Perform root cause analysis.
• 7. Worked at Operation Centre (SOC) environment on Splunk.
• 8. Worked on incidents and reviewing the alerts and do detailed analysis on alerts. Good understanding on different types of attacks.
• 9. Worked in 24x7 operational support.
• 10. Monitored real-time security events on SIEM (Splunk) console and Event Analysis and investigating and mitigation.
• 11. Handled incident Response activities like malware analysis, phishing analysis. Working on assign ticket queue and understanding exceeding expectations on all tasked SLA.

Dec 2017 – Apr 2018 · 4 mos · Cochin Area, India