Jul 2019 – Sep 2023 · 4 yrs 2 mos · Hybrid

• ● Working in Security Operation Centre (24*7), monitoring of SOC events, Detecting and Preventing the Intrusion attempts.
• ● Good understanding of security solutions like Firewalls, DLP, Anti-virus, IPS, Email Security etc.
• ● Responding to various security alerts for various clients and scanning for vulnerabilities.
• ● Monitoring real-time events using SEIM tools like Qradar, Splunk.
• ● Handling Alerts from multiple Security Log sources such as Proxy, Anti-Virus and EDR.
• ● Deep dive Investigation of EDR alerts.
• ● Monitoring, analyzing and responding to infrastructure threats and vulnerabilities.
• ● Phishing and Spam Email Analysis.
• ● Investigate the security logs, mitigation strategies and responsible for preparing generic security incident reports.
• ● Responsible to preparing the root cause analysis reports based on the analysis.
• ● Analyzing daily, weekly and monthly reports.
• ● Creating case for the suspicious issue and forwarding it to Onsite SOC team for further investigation.
• ● Website Anti-Malware and Defacement monitoring and real-time alerting based on anomalies detected.
• ● Troubleshooting SIEM dashboard issues when there are no reports getting generated or no data available.
• ● Monitor SIEM alerts, analyze events in SIEM and raise Security incidents in Ticketing tool Manage Engine.
• ● Experience in Monitoring & Investigating the incoming Events in the MacAfee DLP.
• ● Monitoring security systems and networks for anomalies.
• ● Investigating security violations, attempts to gain unauthorized access, virus infections, etc.
• ● Coordinate responses to security incidents in a timely manner.
• ● Work with various teams across the organization to improve security posture.