VINAYAK

ROLES & RESPONSIBLITIES: • Observe security solutions; SIEMs, firewall, analysis tools. • Investigate all security alerts received, by making use of all tools and log file possible to determine if the alert is false positive or actual attack. • Investigate incident, remediation, and follow-up for incidents. • Create and track investigation to the resolution. • Remediating the incidents if possible otherwise will gather information then raise a ticket and write the description then escalate to the next level. • Maintaining the timely delivery of reports. • Responsible for shift handover at the end of every shift to provide updates to the incoming shifts. • Knowledge of security best practices and concepts. • Generate daily reports, weekly and monthly reports on time.

ROLES & RESPONSIBLITIES: • Observe security solutions; SIEMs, firewall, appliances, intrusion prevention systems, analysis tools. • Real time monitoring, Investigation, Analysis, Reporting and Escalations of security events from multiple log sources. • Investigate malicious phishing emails, domains and IPs using open source tools and recommend proper blocking based on analysis. • Investigate all security alerts received, by making use of all tools and log file possible to determine if the alert is false positive or actual attack. • Communicate with the customers regarding detected incidents and suspicious activities. • Preparing latest security Advisories for the newly reported/identified vulnerabilities using various open sources. • Remediating the incidents, if possible otherwise will gather information then raise a ticket and write the description then escalate to the next level. • Escalating tickets to the appropriate groups. • Create and track investigation to the resolution. • Assisting L2 team for fine-tuning of reports. • Maintaining the timely delivery of reports. • Responsible for shift handover at the end of every shift to provide updates to the incoming shifts. • Knowledge of security best practices and concepts. • Preparation of daily, weekly and monthly reports.

ROLES & RESPONSIBLITIES: • Real time monitoring, Investigating, Analyzing, Reporting and Escalations of security events from multiple log sources. • Handling model breaches in Darktrace Treat Visualizer and provide resolution for each model breach using the advance search. • Proficient with Darktrace Email Antigena, monitoring all the emails that were sent from the network and investigating the mails that were held by darktrace to make sure that it is not blocking any mails that were supposed to be released. • Investigating the malicious phishing emails, domains and IPs from Darktrace Email Antigena Console, with the help of using sandboxing tools & open-source tools to recommend proper blocking based on analysis. • Investigating the scripts that were blocked by Blackberry Cylance protect from endpoint including servers, laptops and provide remediation as per the investigation. • Communicate with the customers regarding detected incidents, suspicious activities and taking follow ups for the escalated incidents. • Hands on Microsoft Defender, Advanced Hunting using KQL queries, Defender for endpoint. • Evaluated and analyzed the employees Off-Boarding reports generated by team members from various Data Loss Prevention (DLP) solutions. • Worked on vulnerability management like Scheduled scans, generating reports and informing the clients about the existing vulnerabilities with high severity scores and impacted device/applications in the environment. • Fine Tuning of alerts, creating automated rules and built conditional access policies. • Remediating the incidents by providing proper recommendations for the triggered security incidents. • Adding latest identified/reported Indicator of compromise (IOC’s) to the deny list. • Detailed Understanding about the cybercrime and related analytical models such as cyber kill chain and MITRE ATT&CK framework. • Strong understanding of cyber security threats and counter measures, including malware, phishing and social engineering attacks. • Mentor, training & supported SOC team members in tool usage, alert analysis and enhancing team proficiency. • Created and upgraded processes and escalation templates. • Prepared Standard Operating Procedure (SOP) or Work Instruction Manual (WIM) for Various tools. • Preparation of daily weekly and monthly reports.