Apr 2021 – Jul 2021 · 3 mos · On-site

• Part of Microsoft Cyber Defence operations Centre Working as Security Architect responsible for critical incident handling leveraging Cyber Kill Chain and Mitre Attacks.
• Helping external customers (200+ million $) to build
• Developing use cases in Q-radar based on MITRE ATT&CK/Kill Chain framework.
• Documenting use cases/Playbooks for onboarding to monitoring.
• Collaborating with all the Microsoft product development groups to provide product-related vulnerabilities/feature requests/logic changes.
• Working on almost all the security tools developed by Microsoft such as MDATP, AATP, Azure Sentinel, Office ATP, MCAS, Sysinternals, MTP, etc.
• Performing threat hunting based on the anomalies/IOCs/ or any other indicators provided by any of the Microsoft teams.
• SME of Azure Sentinel, Azure Security for Infrastructure, Databases, Networking, Virtual Machines, Azure Monitor and Azure Log Analytics, Azure Security Centre, Azure Key Vault, Microsoft Defender for Identity, Office 365, or Endpoint, Troubleshooting of data logging and audit, security monitoring, Azure Governance and Compliance
• Security Principles (Advanced Hunting, Simulation Training, Threat Analytics, Investigations)
• Doing an assessment of the Microsoft Corp network related to vulnerabilities and deploying the proper security solution/guidelines.
• Developing signals for the security operations center to monitor the PCI-DSS, SOX 2, and ISO27001 controls.
• Preparing and presenting the Weekly/monthly/quarterly cyber security report for the consumption of senior leadership.
• Technically handling tier-1 team and assigning tasks based on the requirements.

Apr 2018 – Mar 2021 · 2 yrs 11 mos · On-site

• Working on all Microsoft Security Stack products like MDATP, MCAS, AATP, OATP, MTP, Azure Sentinel etc.

Feb 2021 – Apr 2021 · 2 mos · Pune, Maharashtra, India · Remote

Apr 2017 – Apr 2018 · 1 yr · Noida, Uttar Pradesh, India

Sep 2015 – Apr 2017 · 1 yr 7 mos · Noida, Uttar Pradesh, India

• Enterprise security architectures and security components that implement these architectures including SIEM (Qradar), DLP, IAM and leading security products.
• Writing multiple Scripts in Python to automate the processes of scanning and malware sample collection and IR process.
• Enterprise network architectures, topologies and components that implement these networks including TCP/IP, firewalls, proxies, and routers.
• Using tools to prevent client from DDOS/DOS.
• Client/server architectures and, server and end point component and technologies including Linux and Microsoft servers, computers, and mobile devices.
• Conduct open-source and classified research on emerging/trending threats and vulnerabilities.
• Collaborates with the watch floor to ensure continuity of fusion analysis.
• Handling a team for VAPT for Web and Network. Doing VAPT based on OWASP top 10.
• Performs analysis related to the detection, characterization, monitoring and warning of suspected unauthorized network activity and relationships that may pose a threat.
• Initiates projects and plans leveraging broad research and analysis that affect cyber network defense.
• Using different types of malware analysis/reversing tools (IDA Pro, Ollydbg) to find out the root cause and analyzing the malware samples.
• Provides rapid response to ad hoc requests from decision makers (e.g., special intelligence analyses or personal briefings).
• Reviews reported tips and leads for threat information and situational awareness, including determining location, activity, severity and reporting trends.
• Compares and contrasts new data with information already in intelligence databases; seeks corroborative data; assesses individual pieces of information in the context of broader assessments or operations; and disseminates significant intelligence as appropriate.
• Creating releasable products and reports for the IC as well as IC Senior Leadership

Nov 2014 – Aug 2015 · 9 mos · Greater Chennai Area

• Deploying SOC for the client Lennox international.
• Using tools like McAfee ESM, Nexpose, McAfee EPO, and UTMs.
• The responsibilities include Monitoring and analyze network traffic and IDS alerts.
• Investigating intrusion attempts and performs in-depth analysis of exploits.
• Providing network intrusion detection expertise to support timely and effective decision making of
• when to declare an incident. Conducting proactive threat research.
• Reviewing security events that are populated in a Security Information and Event Management (SIEM) system.
• Analyzing a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.
• Independently following procedures to contain, analyze, and eradicate malicious activity.
• Documenting all activities during an incident and providing leadership with status updates during the life cycle of the incident. Creating a final incident report detailing the events of the incident
• Providing information regarding intrusion events, security incidents, and other threat indications and warning information to US government agencies.
• Assisting with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.

Jul 2014 – Nov 2014 · 4 mos · Pune/Pimpri-Chinchwad Area

• Working in GSOC of Vodafone, doing malware remediation, VAPT of Applications and Network. Also involved in IT Auditing.
• Monitor Bluecoat gateway and configure SIEM systems. Design security systems, including NIPS/HIPS
• Perform internal security audits / penetration testing, Source code review.
• Server / Network Device Hardening
• Doing internal auditing based on ISO27001, PCI-DSS, and HIPPA.
• Produce security reports for internal and customer systems
• Help department maintain network accreditation
• Configuration of SIEM systems, Protective Monitoring, GPG13
• IP Networking, e.g. Cisco routing, firewalls, VPNs
• Window/Linux System Administration, Basic scripting: Python
• IP/Ethernet equipment and principles log Monitoring
• Log Analysis. Monitoring through Tripwire, Incident Analysis, Malware analysis, Security Advisories

Apr 2013 – Jul 2014 · 1 yr 3 mos · Greater Chennai Area · On-site

• Working as a team member of ISOC (Incident response team) for World Bank group.
• Performing Real-Time Monitoring, Investigation, Analysis, Reporting and Escalations of Security Events from Multiple log sources.
• Developing and testing new correlation content and use cases using ArcSight filters, rules, data monitors, active lists, and session lists.
• Monitoring the IDS alerts, mitigating the alerts for resolving the problems.
• Working with McAfee, BrightCloud, SecureWorks, and submitting the latest Signatures, DATs, to increase their protection for WB network.
• Monitoring IDS and Taking reports from ArcSight and Splunk.
• Doing Malware Analysis, Analyzing the Files, rar, zip, doc, pdf, xls, and jpg.
• Creating Daily, Monthly reports of various devices for WBG.
• Manage Information Security Operations Center 24x7x365 basis
• Monitor multiple security alert sources, identify and triage significant security events,
• Determine impact and threat severity, escalate according to established procedures, and open.
• Trouble tickets using the Case Management System.
• Review & Monitor IDS, EPO, ArcSight, FireEye, Palo Alto and SecureWorks.
• Conduct thorough investigative actions based on security events and remediate as
• Dictated By standard operating procedures.
• Participate in all the phases of incident response process, including detection, containment.
• Monitor corporate anti-virus infrastructure security alerts and reports.
• Confirm threat classification of case assignments; escalate according to standard operating procedures.
• Where appropriate, submit malware from investigative work to anti-virus vendor for new Anti-virus signatures, follow-up with vendor.
• Provide ongoing analysis and review for indications of attacks, Response, Triage and Repair.
• Working on Iron port to provide controlled access.
• Conduct through dynamic analysis of the EXEs and other packages.

Sep 2012 – Mar 2013 · 6 mos · Greater Delhi Area

• I was responsible for monitoring the entire network with the help of SNORT as IDS/IPS. Also have work on some Gov. and private projects and done vulnerability and assessment testing on the web technologies. Here I have done security audit of some websites remotely and some of the sites physically. I have also prepared myself for the CERT exam to represent my organization.
• Here I have done the following testing and assessments manually and with some applications.
• # I have done VAPT with the help of NESSUS and ACUNETIX WEB VULNERABILITY
• SCANNER 8.
• # Scanning and running services on the remote machine I have used NMAP and some
• port scanners as Advanced IP Scanner.
• # Have to SQL injection manually and also with help of applications as HAVIJ, PANGOLIN,
• SQL POIZON, POWER SQL INJECTOR.
• # CROSS SITE SCRIPTING (SCC or XSS) manually.
• # Packet and protocol analysis with the help of WIRESHARK.
• # Worked on the virtualization with VMWARE, VMWARE ESXI AND ORACLE
• VIRTUAL BOX.

Feb 2012 – Aug 2012 · 6 mos · Pune Maharashtra

• Paid diploma course where learn System Administration (Windows and
• Linux), Cyber security, programming languages(C, C++) and scripting language as
• PYTHON. Here I have made my foundation of networking and cyber security
• Concepts. Also learn cyber laws and ITIL, IT AUDITING. I have done some hands on
• Work on hardware and software firewalls.

Apr 2011 – Feb 2012 · 10 mos · Greater Delhi Area · On-site

• I was managing the MIS and developing, uploading the website updates.
• Updating security patches and also working as security administrator.
• Monitoring using tools like BMC Patrol, Site Scope.