Jan 2024 – Present · 2 yrs 5 mos · On-site

• Proficient in handling diverse cyber incidents, including phishing attacks and various malware types such as ransomware, trojans, worms etc.
• Adept in utilizing the Cyber Kill Chain and Incident Response Plan (IRP) framework.
• Skilled in Splunk for creating use cases, developing dashboards, and conducting log analysis.
• Experienced in developing robust data models and lookups in Splunk.
• Collaborates effectively with Managed Detection and Response (MDR) Endpoint Detection and Response (EDR) teams.
• Proficient in conducting comprehensive digital forensics investigations using FireEye's Redline tool.
• Ensures quality of security incidents handled by Level 1 (L1) and Level 2 (L2) teams.
• Crafts detailed Incident Response Plans (IRPs) for high and critical security incidents.
• Conducts Dry Runs for new use cases and refines IRP plans.
• Collaborates with legal teams on cases related to client breaches and Personally Identifiable Information (PII) data leaks.
• Manages email security using Email Security Appliances (ESA) such as Proofpoint, Phishlabs, and Cofense.
• Implements automation of use cases using Palo Alto Cortex XSOAR platform.
• Proficient in leveraging Threat Intelligence to enhance incident response and proactively identify emerging threats.
• Skilled in conducting proactive Threat Hunting activities to detect and mitigate potential security threats before they escalate.

Oct 2019 – Dec 2023 · 4 yrs 2 mos · On-site

• Spearheaded day-to-day SOC operations, managing a wide array of incidents with agility and efficiency.
• Utilized FireEye's Redline tool for conducting comprehensive digital forensics during investigations, ensuring thorough analysis and effective resolution of security incidents.
• Generated monthly high/critical incident and vulnerability reports, with a keen focus on endpoint protection and cloud security metrics to enhance organizational resilience.
• Conducted Dry Runs and crafted detailed Incident Response Plans (IRPs) for new Use cases, ensuring readiness and effectiveness in responding to emerging threats.
• Produced detailed Email Security metrics reports to identify trends and patterns, enabling proactive measures to enhance email security posture.
• Managed AWS CloudTrail and GuardDuty alerts, as well as Defender ATP, Azure ATP, & O365 for robust threat detection and response capabilities.
• Leveraged the MITRE ATT&CK framework for comprehensive threat analysis and classification, ensuring thorough understanding and effective response to cyber threats.
• Partnered with the Threat Hunt team to assess monthly findings and develop actionable plans to mitigate emerging threats.
• Collaborated closely with the Cyber Risk team to produce Monthly Risk Mapping reports, providing valuable insights into potential threats and vulnerabilities.
• Demonstrated a commitment to continuous improvement by fine-tuning and automating use cases, leveraging the MITRE ATT&CK framework for comprehensive threat analysis and classification.
• Regularly organized Table Top activities with the team & entities to simulate real-world scenarios and enhance incident response readiness.
• Cultivated strong client relationships and collaborated closely with them to reduce false positives, noise, and prioritize critical cases effectively.
• Played a key role in developing response plans for security incidents, working closely with the legal team on client breach & PII Data leak cases.

Oct 2017 – Sep 2019 · 1 yr 11 mos · On-site

• Implemented robust monitoring of critical system security and changes in sensitive controls, promptly taking administrative actions and reporting irregularities.
• Conducted comprehensive network vulnerability assessments to identify vulnerabilities and created remediation plans to mitigate potential risks.
• Established and maintained security risk metrics to track ongoing effectiveness and ensure continuous improvement of security measures.
• Managed email security using Email Security Appliances (ESA) such as Proofpoint and Cofense to protect against email-based threats.
• Conducted thorough security assessments for new tools and applications to ensure they meet security standards and requirements.
• Orchestrated Phishing Simulation activities in collaboration with the Risk team to assess and enhance the organization's resilience to phishing attacks.
• Actively participated in Threat Hunting initiatives, leveraging threat intelligence and advanced techniques to proactively identify and mitigate potential security threats.
• Responded to basic security incidents, ensuring timely resolution and mitigation of risks to the organization's assets and data.

Jun 2015 – Sep 2017 · 2 yrs 3 mos · On-site

• Monitored all the critical assets of the firm including servers, databases, network
• devices, emails and applications and collaborated with the L2 and L3 teams for alerting and remediation.