Bandela Uma Maheswari
About Candidate
| Overall experience of 2.2 years of working in the areas of Security.Information and event Management, Endpoint security and Response, Cyber Incident Response and Management.Malware and threat Analysis, Intrusion prevention system and Vulnerability Assessment. Experience of working in 24×7 operations of SOC team, offering log monitoring, security information and Event management. |
Education
Work & Experience
Responsible for first level incident response and incident management in •Managed SOC for different industries. •Responsible for performing daily health checks of SIEM (QRadar) •Responsible for performing investigation of the incidents captured in the •SIEM and notifying clients with all the findings. •Good experience in handling various variants of incidents across multiple clients •Hands-on experience in fine tuning of Use Cases and creating/updating reference sets in QRadar. •Hands-on experience in handling various SIEM solutions like QRadar, Splunk. •Good experience in handling Phishing emails, performing Header analysis •to identify the integrity of the email & Body analysis for any IOC presence. •Good experience in handling IOC’s by performing malware analysis. •Good experience in handling EDR detections (both file based, and process based) from Crowd strike & Carbon Black. •Good understanding of MITRE ATTACK framework. •Knowledge in understanding TTP’s detected by EDR solutions. •Good understanding of OWASP, IDS, IPS, Threat modeling and Cyber Attacks like DOS, DDOS, MITM, SQL Injection, XSS and CSRF. •Experience in performing Ad-hoc AV scans on hosts whenever required. •Closely working with Hunt team & identifying latest attack vectors & latest •IOC’s and performing IOC sweep activities across various clients. •Responsible for client calls & their requests like IOC sweep, Ad-hoc request •or Hunting. •Hands-on experience in handling incidents and ensuring SLA’s to be met. •POC for the shifts, managing shift roster, client bridging, managing and •updating client updates and managing shifts as per requirement. •Work closely with clients for the follow-ups and understanding client requirements and updating the same with analysts. •Performing peer reviews of the investigation on incidents before notifying •the clients. •Responsible for responding and managing the intrusions for multiple •clients using respective SIEM solutions in a managed SOC environment. •Performing Trend analysis of the Use Cases to identify the aspects for high •count of False positives and performing fine tuning of Use Cases. •Creating & updating Runbooks for the newly created/existing UC’s. •Coordinating with the SDM and Client SOC team for any configuration activities. •Active participant in Buddy programs and BrownBag sessions. •Collaborating with Engineering team, Hunt Team, Threat Intel team for •ticket/process improvements. •Experience in creating incidents in various ticketing tools like ServiceNow,Jira. •Creating Bi-weekly reports for client reference. •Responsible for performing monthly audits of L1 alerts for process improvement
