About
IT professional with over 5 years of experience and proficiency in performing Real-Time Monitoring, Upgradation of SIEM components, Investigation, Analysis, Reporting and Escalations of Security alerts from various log sources. Good understanding of security solutions like VPN, Firewalls, WAF, IPS, IDS and hands-on knowledge of networking concepts like Protocol, IP, Network Architecture, Networking Devices, OSI model, TCP, UDP, DHCP, DNS, Ports and few more.
Skills & Expertise (41)
Work Experience
Sr.CS Engineer
CCS Computers
09-2022 - 02-2023
Act as admin level for all security issues related to SIEM at Govt. client site. To check whether all the devices such as ESM, Logger, Log collector and ArcMC are running or not. Handle about 350+ devices and servers related to SIEM. Monitoring the real time logs and resolve them according to their priority. Troubleshooting of all devices like ESM, Logger, Log Collector and ArcMC. Insuring the security of the client’s networks and systems. Upgradation of all devices related to the SIEM and also OS through putty and GUI.
SOC Engineer
Augmentus Tech Pvt Ltd
09-2015 - 08-2016
Monitoring firewall at first level. Lowered malware threats by use of antivirus. Worked with superiors to minimize the risks and how to implement in a cost effective way. Conduct Security Monitoring on services including SIEM, IDS/IPS, Firewall, Web Application Firewalls, and Data Loss Prevention (DLP). Discuss roadblocks and challenges that affect the company’s ability to support clients effectively both in the short-term and long-term by participating in department meetings and taking notes for the IT Team Lead.
SOC Analyst
Inbey Global Technology Services Pvt Ltd
05-2019 - 09-2022
Act as first level support for all Security Issues. Monitoring and analyzing Real-time security incidents and checking whether it’s true positive or false positive. Identify false positive and work with appropriate team members for alert tuning. Raising true positive incidents to the respective team for further action. Creating tickets on service now and assigning it to the respective team and taking the follow-up until closure. Monitoring security systems and networks for anomalies. Installing ArcSight Connectors. Integration of new devices with ArcSight such as Windows, Syslog devices, etc. Basic troubleshooting of log sources; if any device is not sending the logs to the ArcSight. Creation of ArcSight content like Correlation Rules, Query, Report, etc. Maintain keen understanding of evolving internet threats to ensure the security of client networks.
Security Engineer
ESDS Software Solution Ltd.
03-2023 - Present
Review all overnight security events, alerts, and incident reports. Coordinate with the incident response team or other stakeholders on ongoing incidents. Monitor and analyze security event logs, alerts, and system health status. Analyze network traffic and system logs to detect anomalies or indicators of compromise. Coordinate with other teams (e.g., network security, system administrators) to address incidents. Document incident details, actions taken, and outcomes in the incident management system. Communicate incident status and progress to management, stakeholders, or customers. Documenting weekly reports for IOC’s reported. Blocking of malicious IP’s, Domains, Hashes, URL’s in SEPM and squid proxy server by network and system admins. Directly coordinate with NCIIPC and Cert-In related to malicious activity and solutions. Documenting and forward action taken reports for the common vulnerabilities to the NCIIPC. Serving as a primary point of contact for ISO certification which include liaising with certification bodies, ensuring compliance with ISO standards, and managing documentation and audits related to certification.
Education
B.E in Information Technology
2009 - 2013 · India
12th
2009 - 2009 · India
10th
2007 - 2007 · India