Jun 2019 – May 2021 · 1 yr 11 mos · On-site

• Built & Onboarded SIEM: Architected and deployed Splunk ES (search heads, indexers, forwarders, clustering, DB Connect) and onboarded logs from Windows/Unix servers plus network infrastructure (firewalls, IPS, proxies, load balancers, WAFs).
• Threat Detection & Automation: Developed and tuned custom Splunk ES correlation rules; integrated Amazon GuardDuty findings for continuous, automated threat detection and 24/7 SOC monitoring.
• Vulnerability Management: Deployed and managed Qualys scanners on-premises and Trend Micro Deep Security on AWS EC2 to ensure comprehensive vulnerability coverage.
• Authentication & Access Control: Implemented Symantec VIP for MFA and CA Privileged Access Manager to enforce strict, auditable server access controls.
• Conducted in-depth investigations of external cyberattacks, insider threats, and potential security breaches, ensuring accurate threat identification.
• Managed escalations of high-priority cybersecurity incidents, coordinating with cross-functional teams to ensure swift containment and resolution.

Nov 2017 – May 2019 · 1 yr 6 mos · On-site

• Integrated Windows, Unix, network, firewall, proxy, load balancer, and DB logs into Splunk using Universal Forwarders and syslog servers for centralized security monitoring.
• Connected Splunk with vulnerability management tools and email security appliances to enhance visibility and automate correlation of security events.
• Built and fine-tuned custom Splunk correlation rules to detect and respond to cyber threats, supporting real-time incident response and investigations.
• Leveraged CASB solutions for log integration from proxies/firewalls and cloud apps (Snow, Salesforce, Box, O365) via APIs; implemented compliance and legal discovery policies.
• Deployed Windows Defender ATP agents for endpoint protection and advanced threat detection.

Jan 2014 – Oct 2017 · 3 yrs 9 mos · On-site

• Deployed Symantec Web DLP software on production servers for Switzerland largest bank.
• Responsible for enabling TLS interception at proxy and follow up with infrastructure team for deploying the TLS certificates on the end user machines to intercept the HTTPS traffic at proxy.
• Enabled ICAPs protocol to securely transmit user traffic from Proxy to DLP servers for inspection.
• Monitored & prevented sensitive data leakage over HTTP, HTTPS, and FTP traffic using Web DLP.
• Experienced in upgrading WEB DLP, Endpoint DLP and Email DLP from 12.5 to 14.0.
• Experienced in troubleshooting offline and disconnected DLP agents.
• Proficient in creating DLP policies for endpoint, email, web, and storage.

Jun 2011 – Dec 2013 · 2 yrs 6 mos · New Delhi, Delhi, India

• Conducted OWASP-based web application security testing, including threat profiling, manual penetration testing, and vulnerability identification for multiple clients.
• Prioritized and documented security findings with detailed risk categorizations, delivering reports and presentations to stakeholders.
• Collaborated with development teams to demonstrate vulnerabilities (e.g., SQLi, XSS, CSRF, Broken Access Controls) and guided them on mitigation strategies.
• Conducted vulnerability assessments on servers and network devices using Nessus, including asset validation, scanning profile creation, and prioritization based on risk.
• Analysed and removed false positives, communicated findings to project teams, and provided actionable remediation guidance.
• Performed rescans post-remediation to verify closure and ensured consistent reporting and compliance.