SHAHEEN BASHEER PV

Worked with multiple clients on Real time threat management using SIEM (EventTracker) and solutions.  Working on a SIEM solutions based on customer's requirements to secure the clients network infrastructure.  Real Time log Monitoring, Incident Management and Reporting.  Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents.  Monitor the security of critical systems (Mail, Web and Database servers etc.) and changes to highly sensitive computer security controls to ensure appropriate systems administrative actions, investigate and report on noted irregularities.  Work closely with the assigned managed services SIEM resources to ensure client’s customized solution is functioning optimally and continuously tuned to the client’s need.  Identify vulnerabilities and recommended corrective measures.  Investigating causes, analyzing and diagnosing the problem are repairing or providing detailed alternate solutions.  Analyze logs from various devices (Firewall, IDS, IPS, Servers, etc.) over the network for any security breaches using SIEM tool (EventTracker).  Security incident monitoring and depth analysis of critical and major security incidents (internal and external) using SIEM tool EventTracker.  Investigate potential or actual security violations or incidents in an effort to identify issues and areas that require new security measures or policy changes.  Analysis of the Network Attacks, detects and regular Health Checkups in the real Environment  Monitor security violations and investigate security incidents.  Responsible for Incident management, attack methods, viruses and other forms of malware.  IDS rules - based security standard monitoring and remedial action taking.  Integrated events from different network devices like IDS, IPS and Firewalls for analyzing them for possible threats.  Post implementation; monitor the network with the help of SIEM solution. Create daily, weekly summary report on the events for audit/compliance purpose.  Configuration of Alerts, Reports and compliance dashboards for auditing.  Conduct network Vulnerability assessment using tools like, ETVAS and Nessus

Responsible for working in a Security Operation Center (SOC) environment.  (SIEM Operations) Monitoring Operations: 24x7 SOC monitoring and responding to alerts according to established policies, making sure the events are treated under SLAs and incidents are resolved or escalated within SLO and continuous security incident ticket follow up.  Provide analysis and trending of security log data from large number of heterogeneous security devices.  Attending client calls weekly and fine-tuning the correlation rules based on client needs.  Work closely with other teams (IAM, Network, Wintel, AD, AV and Vulnerability Team) to assess risk and provide recommendations for improving our security posture.  Anomaly detection by using a baseline of events over time to find deviations from expected or normal behavior & comprehensive view into an environment based on event types, protocols, log sources etc.  Define & create SIEM rules considering business needs as per the client.  Helps reduce risk to business partners and customers by detecting data loss and fraud.  Research threats and vulnerabilities, and where appropriate, take action to mitigate threats and remediate vulnerabilities.