May 2023 – May 2024 · 1 yr · Pune District, Maharashtra, India · Hybrid

• Oversaw the projects with 7 different tracks and shared SOC services consisting of 30+ engineers for shared security services and responsible for managing 24*7 Soc BAU operation.
• Responsible for defining and maintaining the project tracker for different streams and ensuring their timelines are being met for all the major/Minor activities along with subtask as agreed with Client.
• Responsible for defining and presenting the CISO Dashboard and including the necessary KPI's and metrices that represent the overall compliance status and health of the project.
• Responsible for providing weekly service report and front leading in monthly governance meeting with customer and security status from SOC perspective to the stakeholders.
• Executing ongoing, operational BAU tasks to meet Delivery management - defined KPIs and SLAs and deliver security projects in line with management-defined priorities and deadlines.
• Driving the daily meetings with different security tracks with clients and presenting the Weekly service report to them and ensuring response and resolution SLAs are met as agreed with them.
• Providing tactical support as needed for major incidents impacting clients and acting as IR Lead/Commander for triaging and bridge calls initiation.
• Responsible for conducting tabletop exercises with clients and demonstrating the playbooks are aligned as per the process and the team is adhering to it.
• Ensuring SIEM Content development and Implementation teamwork in sync and providing the necessary custom use cases to the client as agreed in MSA and ensuring all the SOW items are covered by SOC team.
• Helping SOC team in Performing passive threat hunting and review, triage, investigate and escalate security alerts raised by security tools, technologies, and services.
• Ensuring that GRC team is meeting the quarterly compliance target of the CIS top control as given by the CISO.

Jan 2022 – Apr 2023 · 1 yr 3 mos · Gautam Buddha Nagar, Uttar Pradesh, India · Hybrid

• As a SOC Manager led a team of 15 Engineers and worked closely with clients for their cloud based SIEM solution and ran the SOC operations by providing 24*7 BAU support with curated focus on Incident handling and management.
• Provided L4 SME Investigation of triaged events and incidents to the client using SIEM (MS Sentinel), MS Defender for endpoints and office 365, MCAS and utilizing different vendor tools for threat intelligence.
• Responsible for mentoring and providing technical training of the client tools to the new hires L1/L2/L3 for handling sentinel incidents and providing a roadmap and tracking the individual training progress as per Wipro standard.
• Performed regular/random audit of Incident tickets of all the analysts to discover areas of weaknesses and gaps in the investigations analysis and fortify them by providing the technical sessions for grooming.
• Handled all p1 alerts coming from L3’s that require higher Security access roles on sentinel/Defender/MCAS and providing detailed and curated Investigation with defined time frame as needed to the Client.
• Acted on the DLP alerts for exfiltration of the data for disgruntled employees and personally handling alerts for Director and above level and providing the curated report for confirmed incident submission as per policy.
• Guiding/Mentoring the team for all types of phishing attacks and putting focus on the active campaigns and providing all the timeline history for the action performed on end user machines using MS defender EDR for all the P1 alerts.
• Working closely with the service delivery team and ensuring the agreed KPIs with customers are met and providing the daily KPI matrix report to the L1 manager.
• Worked with Different Units of the SOC towers for Threat Intelligence, use case development along with Implementation team to improve overall detection & response capabilities and eliminating the False +ve alerts.

Jun 2016 – Jan 2022 · 5 yrs 7 mos · Noida, Uttar Pradesh, India · Hybrid

• Skills and Technology : ArcSight ESM and logger, Azure Sentinel, GuruCul (UEBA), Code-42, Proofpoint, MS Defender ATP, Cisco Umbrella, Intercept-X, Palo Alto wildfire, Symantec endpoint protection, Tripwire, Cisco IronPort, Verizon Network Detection and Response(NDR)
• Worked as a SOC Lead for India region and provided 24*7 support to the client as well as worked with their EMEA and APAC Engineers in different shifts and distributed daily task among Junior Analysts to cover each tool and process of the client
• Engaged in investigating a variety of alerts using SIEM (ArcSight) and escalated the cases which were beyond the scope of the SOC Team, or which required multiple team intervention; worked closely with DFIR (Digital Forensic) and TVM (Threat Vulnerability Management) Teams for day-to-day operations
• Provided assistance to the SecOps Engineer for use cases development and created as well as distributed the customized rules and filter for various alerts handling in the ArcSight specially for IOC's artifacts
• Conducted daily review of the client tools dashboards (Cisco Umbrella/GRA/Cisco Umbrella/CrowdStrike Falcon/MS O365/Azure AD identity protection/MS Defender/ArcSight Daily Dashboard graphs) and took necessary steps for remediating the alerts; assessed daily reports of Symantec and Malwarebytes risks which were not handled by the module and require engineers' inspection
• Analyzed the phishing email using Cisco Iron Port and Proofpoint as reported by the end user & paying special attention for the VIP /Directors
• Conducted Static Malware Analysis using client Sandboxing tool Intercept-X, Damballa, Anomaly Threatstream and open platform Hybrid analysis and others
• Utilized Cyber Kill Chain Framework and Hypothesis based Threat Hunting methodologies by using client tools to mitigate and lower the attack vector

Jul 2014 – May 2016 · 1 yr 10 mos · Noida

• Conducted Logs Analysis through ArcSight for Infrastructure Devices and checked the admin & generic ID daily activity on all the devices as well as reported incident for Non-Compliance behavior.
• Worked on the P3 and above tickets and escalating to senior lead for L3 Escalations and triage.
• Daily checking of listed high priority accounts for abnormal behavior for sign in logs and phishing emails check.
• Engaged in checking the Symantec Logs via ArcSight logger and creating the tickets for the identified risk as well as unauthorized attempts done through generic accounts
• Published daily & Weekly Report of the incident and high privileged account activities and Symantec out of DAT non compliance devices.
• Performed vulnerability scan through Qualys Guard for the client network and shared the report to Senior Engineers for vetting.
• . Performed Passive Hunting based on the OSINT.
• . Daily Cyber News Feeds checking and checking with internal tools for any exploited vulnerabilities.

Dec 2013 – Mar 2014 · 3 mos · Gurugram, Haryana, India

• Provisioned Vlan on Switches, configured F5 Load Balancer for customer servers for applications
• Configured F-5 using GUI interface for customer PROD/DUTT/TRN/UAT environment and ensured application packet load was equally distributed on all defined Virtual servers of F5 Load Balancer
• Troubleshot all L1 Load balancer issues using GUI till L-1 Level for customer environment
• Configured Client Secure VPN Webpage through Juniper secure pulse device and creating user roles and realms and configuring sign-on Page

Dec 2011 – Jan 2013 · 1 yr 1 mo · Noida, Uttar Pradesh, India

• SOC/NOC Monitoring
• Monitored critical servers and network devices of the client environment using WhatsupGold
• Supervised a team of 5 Engineers and assigned tools as well as daily activity for them and conducted pre and post meeting after shift hours
• Created Service tickets using Remedy 7.6 for incidents and defined the severity of the incident as per the defined procedure and routing to concerned track
• Worked on Number of Monitoring tools (Network Node Manager, Hp open view, BEM Console, BMC Patrol, Autosys, HP-SIM)
• Ensured to give special attention to Firewall and Appgate server with expert understanding on client concept of zone level access permission for intra/extra/internet client and transferring ticket to different stakeholders based on Zone Diagram
• Performed patch-fix activity with Server Team every Sunday through GSR tools

Mar 2011 – Nov 2011 · 8 mos · Noida, Uttar Pradesh, India · On-site

• Engaged in providing support to the campus environment and monitoring complete site independently as well as managing Cisco switches (2960, 4500) and router (1800, 2811)
• Supervised the device through WhatsupGold and provided daily utilization report through MRTG Graph
• Escalated issues related to leased line circuit to MTNL Engineers and ensured to take strong follow up till closure
• Created Vlan for the different projects as well as segregated them based on their defined Vlans and hardened the new switches as well as configured them before putting them in production
• Responsible for taking backup of config files for switches and router after each activity and placed them in TFTP Server
• Engaged in installing and configuring HP ML-350 Server 2003 for Test Environment and created User accounts as well as managed Active Directory Services

Jul 2010 – Dec 2010 · 5 mos · Manesar, Haryana, India

• Gained experience of working on Info Vista and generating weekly and monthly internet bandwidth utilization reports
• Collected the report from ISP, related to internet & MPLS of Regional offices and compared the same with actual internal report
• Conducted preventive maintenance of Network Equipment with Senior Engineers for upgrading and taking backup of switches as well as preparing the knowledge base Article on Iron Port s-16 and cisco switches
• Rolled out the MAC-Address filtering on DHCP Server and PGP-Encryption in whole plant for securing the USB ports and Bluetooth services and worked over IRON-PORT S-160 for Web filtering