Over 10+ years of experience in various information security domains like Compliance Audit, Security Operation center, threat intelligence and has a proven track record in the planning, designing and execution of SOC implementation, business requirement mapping, Security information and event management (SIEM) tooling. SOC governance (Including KPIs and metrics), SOC staff training and career development, SOC process and audit.
SOC Monitoring and Implementation
- Real Time Log Monitoring in the Security Operations Centre (SOC) from different devices such as Firewalls, IDS, IPS, Operating Systems like Windows, Unix, Proxy Servers, Windows Servers, System Application, Databases, Web Servers and Networking Devices.
- Technical escalation of all L1, L2 and L3 incidents in SOC.
- Project documentation.
- Delivery methodologies and skill enhancements.
- Analyze and troubleshoot delivery issues in a timely fashion.
- Manage a delivery team to ensure timely and accurate Customer Information Security deliveries.
- Oversee daily activities of delivery team and provide direction and guidance as needed.
- Design, Create and Innovate SIEM Use Cases in accordance with the UC business requirement and as per the Cyber threat surface of Customer’s line of business.
- Good knowledge on SIEM tools like Splunk, QRadar and ArcSight concept and architecture.
- Experience in implementation of SIEM Hands on Experience in Device integration with SIEM.
- Network and security analysis/assessments and security monitoring.
- Performing Real-Time Monitoring Investigation, Analysis, Reporting and Escalations of Security Events from Multiple log sources.
- Handles all end users, report Incidents, problem ticketing and change management ticketing with respect to Network Security within the agreed SLA.
- Tracking and reporting the configuration changes in Routers, Switches and Firewalls of different clients.
- Device integration, Creating Rules, Active channel, Dashboard, Filters, Reports, queries etc. in Splunk, QRadar and ArcSight to track incidents.
- Aggregating and Correlating Logs and Configuring Reports, Queries, Rules, Filters, Dashboards, Real Time Alerts and Console Resource Operations.
- Identify Customer Reporting requirements; Translate requirements into SIEM Technical Specifications.
- Assist co-ordinate with the Security Incident Handling Team in providing assistance during investigation.
Cyber Threat Hunting, Analytics and Threat Intelligence
- Knowledge of Data Science with specialize in analyzing large volume of security data and to determine patterns of interest or outliers or hidden attacks and build repeatable algorithms and machine learning models for apply on regular basis to the data.
- Experience in threat hunting to use the algorithms and tools built by data science to actively hunt of attacks in large volume of data and create alerts that is passed on to SOC L1 & L2 analysts
- Collate information from external threat sources as well as data from internal SOC and prepare actionable threat feeds and Intelligence briefs. Experience in integrating threat feeds with SIEM/ other security products of Customer as well as to active SOC Manager & SOC Engineering team. The intelligence briefs are consumed by SOC lead, Investigators and SOC Engineering Team for creating COA.
- Implementation and Administration of Splunk, QRadar, ArcSight
- Leading 24x7 SOC Team. Daily/Weekly/Monthly trend analysis report for alerts and incidents
- Perform root cause analysis on security and availability incidents producing harm charts per incident and monthly/yearly summary reports
- Tune and refine existing security filters and event rules to reduce false positives. Creation of customized reports, dash board & Preparation of compliance dashboard
- Conduct SIEM application trainings for the new hires and existing SOC employees.
- Advance SOC Setup - Orchestration and threat intelligence.