resm - Mahesh3535/MYrep GitHub Wiki

PROFESSIONAL SUMMARY:

➢ 3+ years of work experience as Analyst in SIEM and Enriched with knowledge in ArcSight SIEM Tool in Installation, Configuration and troubleshooting at connector level ➢ Experienced in identifying potential threats and ensuring security of network systems ➢ Analyzing problems, recommending solutions, products, and technologies to meet business objectives ➢ Basic knowledge of system, network security, log analysis, and intrusion detection technologies ➢ Basic knowledge of TCP/IP, firewalls, routers, and network protocols and technologies ➢ Cyber threat incident response and incident auditing ➢ Threat hunting in SIEM for Advanced persistent threats and targeted attacks ➢ Created the knowledge base document for the recurring incidents, and encouraged the team to follow the same in all my projects ➢ Helped with K.T and training for new recruits to learn the new technologies based on project and requirement ➢ Worked in management activities like preparing Metrics deck, Project status report etc ➢ Keen on achieving assigned targets and a quick learner.

TECHNICAL SKILLS:

➢ Security: ArcSight, RSA Netwitness, Qradar and Splunk,Symantec,Traps. ➢ Ticketing Tools: ServiceNow, SharePoint ➢ Packet Analyzer: Wireshark ➢ Networking: Knowledge of configuration and maintenance, DHCP (Dynamic host configuration protocol), VPN (Virtual Private Network), DNS (Domain Name Service), Router configuration (static routing, dynamic routing), VLAN configuration., Cisco ASA.

CERTIFICATIONS:

➢ Completed “Splunk online Course and Certification” in Splunk Education Portal at Jul’17. ➢ Completed “Certified Ethical Hacker” certification from HB Services at Dec’18.

EDUCATION:

➢ B.Tech in Electronics and Communications, Aurora college, Telangana at 2015.

PROFESSIONAL EXPERIENCE:

Organization: HCL Technologies LTD, Navallur, Chennai Aug 2016 – Oct 2019 Project: SIEM Role: Cyber Security Analyst Technology: ArcSight,RSA Netwitness, Qradar and splunk, Symantec

➢ Providing Around the clock support for security event monitoring, analysis, triage incident alerting and reporting using ArcSight Security Information and Event Management SIEM management console ➢ Troubleshooting connectivity and performing connector installation and tuning the configurations, filters, aggregations and correlation for the flow of events ➢ Creating rules and Joint rules, verify Rules with events & Fine-tuned the real time rules to reduce the false positives ➢ Technical analysis of network activity, monitors and evaluates network flow ➢ Provide real-time guidance to customers on network configuration, security settings and policies, and attack mitigation procedures ➢ Gathering and maintaining operational reports for Key Performance Indicators in Daily, Weekly and Monthly Metrics and Servers and Daily Health Check Monitoring ➢ Analyze network flow data for anomalies and detect malicious network activity ➢ Investigating indicators of compromise (IOCs like file hashes, IP addresses, domains, etc.) ➢ Updating the clients regarding the current threat and latest vulnerability patches ➢ Investigate arising incidents caused by malicious activities, and identified false positive ➢ Defining Dashboards, Trends, Rules, Customized Reports and Scheduled Reports as per requirements ➢ Creating Active list, Updating Active List and using rules to populate an Active List ➢ Maintaining system documentation and configuration data for regulatory and audit purposes ➢ Coordinate with integration team on log upload failures ➢ Identification, investigation and escalation of security breaches to the Security team ➢ Conducting network vulnerability assessments using tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures ➢ Creating new KB documents which would help the Analyst in analyzing risk events and troubleshooting methods ➢ Coordinating with other teams in order to get some updates on the tickets ➢ Identified security incidents and completed required documentation for system hardening

Declaration: I hereby declare that the above information is true and correct to the best of my knowledge and I bear the responsibility for the correctness of the above-mentioned particulars.

PROFESSIONAL EXPERIENCE:

Organization: HCL Technologies LTD, Navallur, Chennai Aug 2016 – Oct 2019 Project: End Point Security Role: Cyber Security Analyst Technology: Symantec, MacAfee.

Roles & Responsibilities: • Managing tickets of enterprise security (Symantec Endpoint Protection) and providing remote support within internal SLA for clients. • Handling host & server based security concerns with virus outbreaks. Guiding customers in designing SEP architecture, deployment of SEP clients, configuration of security policies and security event analysis.
• Experienced in Providing security fundamentals and preventing Anti-virus/malware, Spywares, Worms, Trojans, OS attack in client environments. • Hands on experience Symantec DLP in L1 level and worked on incidents management within the time period before reaching client escalation. • Incident response workflow for DLP incidents as raised through DLP tool. • Providing guidance and training for less experienced engineers on Symantec DLP. • Design and configuring Symantec endpoint protection setup in the client environment • Experience in Handling Global Customer’s environment. • Configuring Symantec endpoint protection workbench as per the client requirement. • Preparing customized Symantec applications and polices as per the client standards and settings. • Assist our clients in managing network security on critical systems (e.g., E-mail servers, database servers, web servers) Performing security monitoring and incident response activities in clients environment. • Experienced in Installing, configuring & maintaining the Symantec endpoint protection Anti-virus software, pushing the update to clients on server level. • Providing Symantec monitoring network-based IDS/IPS, Symantec Firewall, Application and device control, reporting threats, recommending security improvements in client’s environment. • Monitor Symantec environment, configuring SEPM Settings and Symantec Firewall Policies, Intrusion Prevention Policies, Antivirus & Antispyware Policies and Server Client communication policies, Replication, Live update Policies. • Following ITIL process and raising RFC’s to schedule necessary implementation plan, Tentative time to complete, Request downtime is necessary, evaluate any possible impact and get approvals for any Change requests and implement accordingly.

Organization: Transunion,DLF, Chennai Nov 2019 – Present Project: SOC Role: Analyst Technology: ArcSight,RSA Netwitness, cylance,Ecat,and splunk, Symantec

• Managing tickets of enterprise security (ArcSight,RSA Netwitness, cylance,Ecat,and splunk, Symantec ) and providing remote support within internal SLA for clients. • Hands on splunck. • Hands on experience Symantec DLP in L1 level and worked on incidents management within the time period before reaching client escalation. • Incident response workflow for DLP incidents as raised through DLP tool. • Collaborate with other Information Security and IT team members to develop and implement innovative strategies for monitoring and preventing attacks. • RSA /Symantec DLP. • Good understanding of ISO 27001:2013 framework of policies and procedures that includes all legal in TU. • Good understanding of application in TU. • Providing Around the clock support for security event monitoring, analysis, triage incident alerting and reporting using ArcSight splunk Security Information and Event Management SIEM management consoles. • Hands on ecat and cylance alerts and phishing and account creation and source fire tickets. • Ticketing tool is Resilient. • Hands on remedy. • Bitsight alerts hands on experience.

Declaration: I hereby declare that the above information is true and correct to the best of my knowledge and I bear the responsibility for the correctness of the above-mentioned particulars.

===========================================================================

Professional Experience :

Tata Consultancy Services

Designation : IT Analyst Role : Cyber Security Analyst Functional Areas : Endpoint security, Email security, Network and Cloud security Projects : Vulnerability Management, SOC, Threat Hunting, Forensics
Experience : 6 Years 6 Months Duration : June 2014 to Till date

Responsibilities :

● Security events monitoring and detailed investigation of events triggered through the SIEM tool. ● Monitored events through security tools, responded to incidents and reported findings. ● Real time monitoring and analyzing the security alerts triggered and escalating the incidents to respective teams. ● Vigilant monitoring of logs in SIEM related to the alerts (APT-C2/Exploit kit/WannaCrypt/Security Incident Response Process/Conficker/Active Directory authentication/Source Depot authentication/Remote Admin authentication) and performed the required mitigation steps. ● Came across various Malicious software’s (computer viruses, worms, Trojan horses, ransomware, spyware, adware) and the procedure to curb them down. ● Tackled and resolved various Information security incidents reported by the client. ● Research, analyze and understand log sources utilized for the purpose of security monitoring, particularly security and networking devices (such as firewalls, routers, anti-virus products, proxies, and operating systems) ● Classify the events into categories such as Social Engineering, Phishing and Spam Emails, Authentication, Malware, Unauthorized access, Network attacks and follow the complete incident lifecycle. ● Analyzing suspicious emails (Phishing, Spoofed, Spam, or other) reported by end users and finding the legitimacy of those emails to determine the impact to the users and CORPNET and performing consequent mitigation steps. ● Identifying and analyzing threats related to Network Attack, Brute force attack, Amplification attacks reported by customers and engaging the necessary parties as per requirement.

● Counter measures (such as full scan and flatten and rebuild) are suggested to users affected by technical scammers. ● Raising of incidents and closure as per the SLA. ● Extract the logs, perform real time log analysis using SIEM technologies. ● Make recommendations for mitigating identified risks. ● Administration through WDATP of approximately thousands of total assets distributed worldwide. ● Utilized WDATP in Client enterprise to detect, investigate, and respond to advanced attacks and data breaches on their networks. ● Dealing with issues related to Malware, Social Engineering Attacks, Policy violation, Authentication attempts, Network Attacks. ● Proactive monitoring of several blogs and blocking the malicious IOCs at organization level. ● Identifying misconfigured policies and suggesting necessary changes. ● Worked on Sandbox for the validating suspicious attachments. ● Executed queries on threat intelligence to identify the C2 IOC’s. ● Monitor network traffic and security alerts for potential events/incidents. ● Work with end users on issued remediation instructions based on the findings until the issue resolution. ● Analyzing the web URLs via different web reputation engines to get them blocked/unblocked at the Network level and External firewall. ● Handling L1 and L2 events for Global Microsoft Cloud (Azure Environment). ● Specializing in Network security incidents also handled events on Copyright and Trademark infringement. ● Working on Malware and Phishing complaints originating on the cloud environment. ● Performing data collection regarding malware infections from WDATP and from the end user by sending appropriate notification and validating the data. ● Provide malware status reports and dashboards. ● Analyzing all social engineering scams reported by users and taking best suitable action to mitigate those scams. ● Detect security alerts and perform end to end investigation through available resources and triage to identify the property/asset owners. ● Acting SPOC in the team, handling shift video handoff calls with client. ● Handling critical alerts like Repeated Failed Logins, WannaCry alerts. ● Honey pot alert Handling. ● Using Service Now, XR to handle and track all kinds of Incidents and tasks. ● Monthly report generation on SEP and Bluecoat. ● Maintaining a weekly and monthly Service Tracker for incidents progress. ● Tracking overall security incidents reported from all regions on monthly basis and analyzing for any specific pattern or attacker/victim. ● Vulnerability assessment, performing monthly and weekly vulnerability scans, remediating reported vulnerabilities, Scan engine update, enabling signature, Add/Remove IP address. ● Automation of reports using Splunk.

Tools :

● Security Technologies and SIEM : ArcSight, Splunk ● Firewalls : Palo Alto, FortiGuard ● Endpoint Security and Threat Intelligence : WDATP ● Operating Systems : Microsoft Windows and Linux ● Desktop Application Software : MS Word, Excel, Outlook, PowerPoint ● Ticketing Tools : SNOW, XR

Trainings & Certifications :

• Autopsy Training [Cert# ORD052084APR292020] • ZScaler Internet Access Professional [Cert# ed631a71-dd36-4cd4-a7e3-e34111d5c677] • ZScaler Private Access Professional [Cert# b295016d-8351-43d6-a932-d367b148c836] • Certified Ethical Hacker (CEH v11) [Cert# ECC5129836047]

Key competencies :

● SIEM Tool Management ● Security Incident Management ● Phishing and Spam E-mail Analysis ● Endpoint Security ● Analysis of network traffic ● Malware Analysis

Achievements :

● Star performer in the Team for handling critical priority issues. ● Won Applause Award in appreciation of outstanding performance to the organization. ● Received On the Spot Award for handling unexpected crisis situation without any issues.

Educational Qualifications :

● Master of Science in Physics from Acharya Nagarjuna University with an aggregate of 66%. ● Bachelor of Science from Andhra Loyola College (Autonomous) with an aggregate of 85%. ● +2 from Kendriya Vidyalaya, CBSE with an aggregate of 74.6%. ● 10th from Kendriya Vidyalaya, CBSE with an aggregate of 88.2%.

============================================================================

Responsibilities :

=================================

To be an integral part of a professional Information Security team for applying my knowledge and Professional skills to add value to the organization’s business and also achieve the corporate objectives whilst getting valued exposure and professional satisfaction along with personal growth. Experience: • Having overall 3.1 Years of experience in information security • Have experience and understanding on IBM QRadarand Knowledge on ArcSight SIEM • Proactively monitor the client’s IT infrastructure for security events from the various SOC entry channels (SIEM, Tickets and Emails), based on the security event severity. • Escalate the true positive incidents to the client to perform further investigation and implement the recommended security measures. • Participate in evaluating, recommending, implementing, and troubleshooting security solutions and evaluating IT security of the new IT Infrastructure systems. • Provide recommendations tuning and optimization of security systems. • Incident Analysis of potential intrusions, Coordination and Responding using ticketing tools like JIRA, ServiceNow. • Managing 24/7 Security Operations Center, where primary tasks include monitoring, analyzing and responding to Information Security incidents. • Stay up-to-date with emerging security threats including applicable regulatory security requirements. Education: B. TECH in Computer science and engineering from J.N.T.U.K (`ADITYA COLLEGE OF ENGINEERING &TECHNOLOGY), SURAMPALAM, A.P, India, passed out in the year 2014. Professional Experience: • Working as a Security Analyst in Suwin Software Solutions Pvt Ltd since Sep-2017 to present SOC ANALYST SIEM Technologies:IBM Qradar, HP Arc Sight,Splunk, McAfee Nitro, Logrhythm Security Tools & Technologies Experience

IDS/IPS – Source Fire
Threat Management - Fireeye *Firewall – Cisco , Palo Alto Firewalls ,Checkpoint *Endpoint solution - CrowdStrike
Anti- Virus – Symantec, McAfee
Vulnerability Analysis – Rapid7
Virtualization and Cloud– Amazon Cloud Administration,
Ticketing Tools:- Jira , ServiceNow . ROLES AND RESPONSIBILITIES: • Monitor the security logs and alerts from various network and security devices like IPS, IDS, firewall, switches, routers, load balancer, web application firewall. • Monitor the SIEM, mail gateway for any unusual or malicious activities. • Checking health status for all devices in ESM. • Identify, investigate & recognize security incident based on their signatures, behavior and escalate them to relevant teams and suggest related solution. • Prepare weekly, monthly reports as per client’s requirement and incident severity. ====================================================

PROFESSIONAL SUMMARY:

Technology: ArcSight,RSA Netwitness, Qradar and splunk, Symantec

➢ Providing Around the clock support for security event monitoring, analysis, triage incident alerting and reporting using ArcSight Security Information and Event Management SIEM management console ➢ Troubleshooting connectivity and performing connector installation and tuning the configurations, filters, aggregations and correlation for the flow of events ➢ Creating rules and Joint rules, verify Rules with events & Fine-tuned the real time rules to reduce the false positives ➢ Technical analysis of network activity, monitors and evaluates network flow ➢ Provide real-time guidance to customers on network configuration, security settings and policies, and attack mitigation procedures ➢ Gathering and maintaining operational reports for Key Performance Indicators in Daily, Weekly and Monthly Metrics and Servers and Daily Health Check Monitoring ➢ Analyze network flow data for anomalies and detect malicious network activity ➢ Investigating indicators of compromise (IOCs like file hashes, IP addresses, domains, etc.) ➢ Updating the clients regarding the current threat and latest vulnerability patches ➢ Investigate arising incidents caused by malicious activities, and identified false positive ➢ Defining Dashboards, Trends, Rules, Customized Reports and Scheduled Reports as per requirements ➢ Creating Active list, Updating Active List and using rules to populate an Active List ➢ Maintaining system documentation and configuration data for regulatory and audit purposes ➢ Coordinate with integration team on log upload failures ➢ Identification, investigation and escalation of security breaches to the Security team ➢ Conducting network vulnerability assessments using tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures ➢ Creating new KB documents which would help the Analyst in analyzing risk events and troubleshooting methods ➢ Coordinating with other teams in order to get some updates on the tickets ➢ Identified security incidents and completed required documentation for system hardening

                              		Resume

OBJECTIVE

Seeking a challenging profile which will provide opportunities for professional growth and advancement, where I can utilize my experience and acquired skills towards becoming a valuable team member.

CAREER SUMMERY

• Information Security Analyst with a total of 4 years of experience in monitoring, threats, unauthorized access, viruses, and a wide range of threats and Vulnerability Assessment. Well-versed in direct and remote analysis with strong critical thinking, communication, and people skills. • Able to thrive in fast-paced and challenging environments where accuracy and efficiency matter • Good written, Oral and Presentation skills. • Able to work in diverse surrounding, alone and in group settings. • Able to build successful rapport with coworkers, employees, and client.

TECHNOLOGIES AND TOOLS

 SIEM Technology Splunk and Splunk ES, NTT Solutionary FortiSIEM  Proxy and Websensors Cisco Web Security  Vulnerability Assessment and Management Using Qualys  Antivirus Solution Symantec-End Point Protection, MacAfee  Ticketing Tool Service Now and CA Service desk  Monitoring Tool FortiAnalyzer  Email Security Gateway Barracuda.

KEY SKILLS

• Vulnerability Assessment (VM, Cloud Agent, WAS) • Splunk and Splunk ES, NTT Solutionary, FortiSIEM • Security Incident Management • Phishing and Spam email Analysis • Proxy Web Sensor Analysis • Anti-virus/End point Management • Privileged Account Management. Company : Black Knight Financial Services – Bhubaneswar. Period : Dec 2018 – Dec 2019. Role : IT Security Analyst. Operations : Monitoring and Analyzing Security Events, Vulnerability Assessment. Tool Used : NTT Solutionary, Qualys Vulnerability Manager, Forti Analyzer, : Barracuda Email Security Gateway, Live Absolute, FortiSIEM Management.

PROFESSIONAL EXPERIENCE & JOB RESPONSIBILITIES

Security Information and Event Management (SIEM)

• Experience in Security Monitoring and Operations. • Investigating and creating case for the security threats and forwarding it to Onsite SOC team for further investigation and action. • Preparing documents & templates for escalations. • Performing Log analysis & analysing the crucial alerts at immediate basis. • Reporting weekly / monthly dashboards to customer. • Preparing project status report in MS Excel. • Security events monitoring. • Monitoring & Analysis of Alerts generated by the Intrusion Detection System on FortiAnalyzer Console, SIEM Solutions (SPLUNK). • Reporting Suspicious and Malicious events to the concern departments in preparing defensive action against the fraudulent hosts. • Categorizing vulnerabilities based upon the severities into different groups and ensuring the remediation with suggested solutions. • Working in SOC team. Monitoring of SOC events, detecting and preventing the Intrusion attempts. • Adhoc report for various event sources customized reports and scheduled reports as per requirements. • Collecting the logs of all the network devices and analyze the logs to find the suspicious activities. • Investigate the security logs, mitigation strategies and responsible for preparing Generic Security incident report. • Responsible in preparing the Root cause analysis reports based on the analysis. • Performing Log analysis &analyzing the crucial alerts at immediate basis. • Monitoring real-time events using SPLUNK. • Monitoring, analyzing and responding to infrastructure threats and vulnerabilities. • Preparing documents & templates for escalations. • Filling the Daily health checklist. • Preparing reports as per client request, preparing Knowledge base & use cases. • Perform analysis and corrective action for alerts that have not been reported by SOC within agreed SLA • Review and submit the Daily Operations Status report to the Lead • Review and prepare Standard Operating Procedures (SOP) for the customers. • Review of new reports/alerts added. • Review and upload the SOC shift handover report sheet PAST WORK EXPERIENCE

Worked in HSBC as an Information Security Analyst - Hyderabad in Global Cyber Security Operations from October 2014 – Dec 2017

Job Profile.

Threat and Incident Management includes log monitoring (SIEM) - violation and administration activity log monitoring services and Threat and Incident Management services - analysing various internal and external security threats, identify and mitigate them.

Network Security and Administration: • Monitoring & Analysis of Alerts generated by the Intrusion Detection System on Site Protector Console & SIEM Solutions(SPLUNK) • Reporting Suspicious and Malicious events to the concern departments in preparing defensive action against the fraudulent hosts. • Reporting to senior management on security vulnerabilities found in IDS.

IDS/IPS Analysis: • Proactively identifying malicious websites from IDS events generated in a given day and also blocking the malicious website on proxies to prevent further download of the virus if any user accessed. • All websites were tested in VMware player, which is a PC maintained off the network which will avoid downloading malware/virus on the company's network. • All the malware samples (Zero-day attack) those are identified will be submitted to McAfee platinum site for latest DAT signatures. • Monitoring Network events against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files and malware. Anti-virus Management • Monitor centralized pattern distribution (live update) identify and report for deficiencies (desktop and server). • Monitor security virus events, respond and provide mitigation/remediation on virus incidents • Ensure Updates/Signatures are latest. • Analyse and identify the source of infection and provide remedial action against that system • Alert and notify respective Teams (Internal teams, vendors, Business Partners (Global) if any abnormal activity is noticed and Coordinate/Work with them in analysing, containing and eradicating the incident • Monitoring various security advisories & vendor alerts, Notify teams of any security alerts that may affect them • Creating SOP for new medium and critical Virus and posting it on the common portal / repository • Report all viruses and worms detected on the network on a daily basis or at mutually agreed frequency • Assist in remediation for all viruses, worms, Trojans, Malware, etc. by closely working with Armstrong IT team and CSIRT (Computer Security Incident Response Team) to provide RCA. • Provide assistance and support to virus reduction initiatives.

Phish Handling: • Taking fraudulent websites (phishing websites) down reported internally or by the customers. • investigate all Phishing attack events against HSBC US, Canada, UK or against HSBC group and ensure that appropriate groups are notified • Document Phish for further investigations.

Worked in Identity and access management team from August 2010 - October 2014 into Access Management.

Responsibilities as Identity & Access management Analyst:

• Creating and managing Windows user accounts and profiling them using required template, Application groups, Shared folder access across 2 different regions in different locations spread over the US and Canada. • After making the proper authentication based on e-mails, Incidents CA application (GSD R.12) and Pega tool ( GSR's ) proceed in creations • Creation of User Accounts on AD (Active Directory / User Manager) for HNAH Domain and creating home folders for the users locating the correct Server, grant Home folder permissions. • Hands on Experience on User Manager & Microsoft AD console • Creation\Deletion\Moving of AD accounts with in the domain • Deletion of Active directory accounts\Internet\Remote Lotus Notes account as per the Exit Procedures from the HR team. • Working on Citrix (E.S.S) i.e. enterprise security station console for creating database accounts. • Involved in providing User support for the GAMR Recertification & Transfers Based Recertification through Troubleshooting, Providing Resolution, • Revalidation of the access to systems and applications of the users whether they hold the proper access or not with proper approvals.

I hereby declare all the information presented above is true to the best of my knowledge. I assure you to meet up to your expectations if given an opportunity.

===============================================================================================

Information security professional with 4.5 years of experience specializing in network and security management. Can manageIT downside risks arising from security conflicts. My greatest strengths are understanding business risks to enable deployment of efficient security systems. Enthusiastic to take exciting opportunities in a dynamic environment to further both my passion and organization’s interest

Professional Experience ● 3.5 yearsof experience across SIEM tools, Intrusion Prevention System, vulnerabilities and remediation, Anti malware and firewall. ● Familiarity with cyber security regulations, including cyber security standards and implementing best practices. ● Skilled in dealing with queries, reports, filters, and active channels in ArcSight. ● Well versed in using SQL queries for fetching logs from ArcSight Logger. Proven success in conducting IT and cyber security analysis, writing reports, reviewingfindings&recommending it to Information security manager and stakeholders. ● Agile in investigating security threats such as Malware Outbreaks, DDOS, OWASP T-10 and Brute force attack on the network. ● Intellectual in Analyzing cyber security system needs, evaluating end-user requirements, custom designing solutions and troubleshooting for complex cyber security systems management. PERSISTENT SYSTEMS,INFORMATION SECURITY ANALYST (Sept 2016 to Till Date) ● SOC responsibilities ● Handling tickets and dispatching within Security operation. ● Performing regular health checks as per the standard procedure. ● Creating incidents for Security Operation. ● Providing 24x7 event monitoring and analysis support for proactive trend analysis ofevents ● Hands on experience in Q Radar and Arc sight. ● Providing timely reports to the stake holders ● Performing regular health checks for Source fire, Juniper, Palo Alto, Check Point and Websense as per the SOP. ● Providing access and troubleshooting of Two Factor Authentication issue within Symantec VIP. ● Validating issue and revoke certificates request as per the client request from DigiCert portal. ● Monitoring Spam email mailbox and Arc sight for various clients. ● Experienced in log management focusing on simple collection and storage of log messages and audit trails. Alert identification and log verification via Arc sight console and verification of IP reputation, user legitimacy and so on. ● Experienced in client communication on potential threats and suitable recommendations. Fetching timely reports from the arc sight console and updating to customer. ● Co-ordinate with business units to determine continuity requirements. Co-ordinate with internal teams such as windows, firewall to eradicate the threat. ● Experienced in creating active channels, applying filter, creating filter in the Arc sight Console. Maintained 100% response SLA throughout my time in my experience. Experienced in managing cloud SOC and On-Site SOC. ● Ensuring timely updates to customer on the Interaction & Incident booked. ● Maintaining customer relationship, ensure customer responsiveness, improve the customer satisfaction. ● Handling repeated problems for permanent fix by coordinating with problem management team. ● Resolving and analyzing RCA (Root Cause Analysis) for incident reported to the organization.

Project: Monitoring System Perform 09/2015 to 08/2016 Role: System Administration Responsibilities: • Helped standardize and implement the scheduled maintenance plan documentation process. • Monitored system performance and diagnosed software/hardware problems. • Document and track issues via a ticketing system. • Ensured full and incremental data backups were successful. • Performed data restore for users as needed. • Responsible for applying security updates and patches on servers, desktops, and laptops. • Configured, troubleshot, and maintained Windows 2003 and 2008 Servers.

==================================================================================== CAREER OBJECTIVES

SOC ANALYST 3.2 years of information security experience in Capgemini Technologies Private Limited from January 2017 to till date. Seeking challenging and rewarding positions across IT Security.

PROFESSIONAL EXPERIENCE

• 3.2 Yrs experience working in Security Operations Center (SOC). • Security event monitoring using splunk ES and Arc sight ESM . • Analyzing each alerts on various platform triggered from SIEM solution. • Analyzing Firewall events. • Analyzing phishing and spam emails. • Working on Syxsense and Canary alerts • Working on Bitsight reports • Scanning the global and AWS servers. • Adding and removing new devices in Sites. • Creating Sites and Assets. • Working on Fireeye, Forcepoint , F5 WAF and Symantec Antivirus. • Preparing metrics weekly report. • Checking health status for all devices in ESM • Ad hoc scans as per client requirement. • Worked on PCI DSS compliance audit as per every quarter audit. • Good experience in proof point Email protection tool and Cisco web proxy. • Experience in malware analysis like Ransomware infections. • Creating new SOPs for the team for new incidents • Have Experience and understanding on Splunk, Arc Sight SIEM, Rapid7(Nexpose). • Blocking malicious domains in proxy. • Monitoring the IDS/IPS logs in ESM. • Ability to identify risks, threats and conduct detailed analysis • Analyzing daily, weekly and monthly reports. • Creating the tickets in ticketing tool. • Finding false positive, fine tuning and escalating Security events. • Working on Recent threats and Recent Vulnerabilities.

PROFESSIONAL EXPERIENCE

Project Name: Security Monitoring & operations Client: Capgemini Technologies Technologies: SIEM(Splunk,Arcsight), Rapid7(Nexpose),Bitsight, Syxsense, Canary, Malware analysis, Phishing emails,. Role: Security Analyst

PROJECT DESCRIPTION: Working on Corporate Security and Information Security to process of identifying Vulnerbilites, monitoring, recording and analyzing security events or incidents within a real-time IT environment. It provides a comprehensive and centralized view of the security scenario of an IT infrastructure.

ROLES AND RESPONSIBILITIES:

• Managing, monitoring events the active channels and dashboards. • Working on Fireeye, Forcepoint, F5 WAF and Symantec Antivirus. • Finding false positive, fine tuning and escalating Security events. • Hands-on experience Monitoring an Arc Sight SIEM and Rapid 7 tool. • Creating reports as per client requirement. • Analyzing daily, weekly and monthly reports. • Analyzing phishing and spam emails. • Working on Syxsense and Canary alerts • Working on Bitsight reports • Scanning the global and AWS servers. • Adding and removing new devices in Sites. • Creating Sites and Assets. • Creating the tickets in ticketing tool.

PROJECT 2:

Project Name: Web Application Client: Capgemini Technologies Technologies: HTML5, Pug.JS, Jade, CSS3, SASS, SCSS, Bootstrap4 Role: Frontend Developer

Responsibilities:

• Developed responsive design Single Page Application (SPA). • Maintain and improve website • Strong engineering design and development skills. • Analytical, problem solving and communicational skills. • Competency(jQuery, JavaScript,Angular2 ,HTML,CSS) • Motivated team player with ability to work under minimal supervision possessing strong • Ability to learn new technologies with result-oriented performance. • Demonstrates flexibility in day-to-day work.

EDUCATIONAL QUALIFICATION

• B.Tech from JNTUK University.

• Declaration: I hardly declare that the above-mentioned information is correct up to my knowledge and I bear the responsibility for the correctness of the above-mentioned particulars.