Sundar Ys

 Collaborate with technical and threat intelligence analysts to provide indications and warnings and contributes to predictive analysis of malicious activities  Create and track incidents and ETMS  Investigate all security alerts received by making use of all tools and log files possible to determine if the alert is a false positive, a security event, an actual attack, and/or a security incident  Monitor security events and logs such as proxy logs, IPS/IDS events, Firewall, Active Directory (user verification), Vulnerability scans, Anti-Malware events, Web Application Firewall,System log files, to maintain situational awareness  Monitoring and analysis of security events to determine intrusion and malicious events  Perform investigations and evaluations of network traffics, read, and interpret logs with RSA Security and Verizon Siem  Perform shift handoff at the end of every shift to provide situational awareness to the incoming shift.

 The main goal of this project is Monitoring of security events using a SIEM, SOAR and other feeds, looking for significant events, and processing reports of unexpected network activity.  Support ongoing tracking and remediation of security issues, ensuring that tickets are closed and issues are addressed in a timely manner.  Conduct investigations on security incidents, perform root cause analysis, and develop mitigation strategies.  Collaborate with cross-functional teams, including network engineers and system administrators, to implement security controls and enhance incident response procedures.  Create and track incidents and request using ticketing tool: (Service desk and Foresight)  On daily basis, checking the non-reporting devices and notifying platform if any device goes down( Syslog servers,etc) and Daily Checking the Health status using the tools like Grafana  Stay up to date with current vulnerabilities, attacks, and countermeasures with security blogs and internal news reportings from CISA, Alien Vault  Perform investigations and evaluations of network traffics, read and interpret logs, and PCAP analysis with Wireshark  Search firewall, email, web or DNS logs to identify and mitigate intrusion attempts  Investigate malicious phishing emails, domains and IPs using Open Source tools and recommend proper blocking based on analysis.  Continuously monitoring and interpreting threats using the IDS and SIEM tools  Stay updated with the latest threats and vulnerabilities by monitoring security advisories, vendor alerts, and industry news.  Provide timely and accurate reports on security incidents, trends, and potential risks to management and stakeholders.  Using FortiSOAR, working on cases generated from SIEM alerts based on playbook created. Cases are elevated into incident if the alert is True positive  Perform shift handoff at the end of every shift to provide situational awareness to the incoming shift. Project:1  Working on the RSA Netwitness SIEM providing operations support at the Security Operations Center for different member firms.  Monitoring live traffic using SIEM.  Participate in weekly and monthly review calls with Customer.  security technologies, including SIEM, IDS/IPS, firewalls, endpoint security, content filtering, and packet inspection  Preparing daily and weekly Reports on client requirement for security threats and trends on the network.  Escalate tickets to the appropriate group  Monitored system servers and desktop per acceptable use policy  Oversee all reports and documentation related to network equipment operations  Perform shift handoff at the end of every shift to provide situational awareness to the incoming shift.