SAI RAM

Roles and Responsibilities:• Heading SOC operations and continuous SIEM (Security Information Event Management) monitoringand Investigating security events using SIEM platforms like Spunk and IBM QRadar reported by networksecurity tools (Firewalls, IDS/IPS, Proxies, WAF, AD, Malware AV's, EDR).• Experience on working with Vulnerability assessment and Splunk Enterprise Security tasks.• Experience in detecting, analyzing the log data and/or responding to security incidents and analyzinguser reported phishing emails.• Experience on working common security threats, client Ad-hoc requests, attack vectors, vulnerabilities,and exploits.• Conducting initial triage of security events and incidents.• Tuning of rules, filters, and policies for detection-related security technologies to improve accuracyand visibility.• Understanding current vulnerabilities, attacks, and countermeasures.• Involved in CISRT table top meeting to mitigate the attack on the organizational environment.• Experience in performing log analysis from different log sources and EDR, Investigate and escalate incidents to L2 or L3 Team Members.• Strong knowledge on fundaments of Cyber Kill Chain and MITRE ATTACK.• Understanding of TCP/IP and Net Flow traffic analysis.• Performing daily activities, creating documents for technical reference, report templates development, and trend report configuration, creating reports for daily, weekly, monthly - Preparing of Executive metrics report, Meeting the SLA, and time frame.• Managing vulnerability scanning activities and preparing vulnerability report.• Experience in handling customer queries and escalations.