VARAPRASAD

➢ Working as Security Analyst for 24*7 SOC environment. ➢ Monitoring and analysis of events generated by various security and network tools like Firewalls, Proxy servers, AV, IPS/IDS, Cloud (Amazon, Azure, and Google) Windows and Linux servers ➢ Following end to end Incident Investigation and Incident Response process, ensuring to close the investigation within defined SLA ➢ Responsible for monitoring of security alerts, analysis of logs generated by appliances, investigation, and assessment based on the incidents generated. ➢ Use SIEM tools (IBM Q Radar& LogRhythm) to detect possible signs of security breaches and perform detailed investigation to confirm successful breach. Perform root cause analysis (RCA) and appropriately handle the incident as per defined Incident Management Framework. ➢ Escalation of security incidents to concerned teams and their management and follow-up for closure. ➢ Recommendations provide for Proactive of Threat hunting and Threat detection of all the attacks. ➢ Creating tickets using the ticketing tools like Servivenow & Jira ➢ Analysis of daily and monthly reports for incident management using the Microsoft Excel &Word 2 ➢ Coordinating with Network team, Server team regarding activities and technical issues. ➢ Creating vulnerability and remedy reports and reporting them to users. ➢ Finding the Critical servers and application inventory from respective business owners and scheduling the scan weekly, monthly and Quarterly basis. ➢ Knowledge sharing session with the team members whenever complex incident issues are raised and lessons learned from other team members. ➢ Scanning the environment using Nessus tool and finding the vulnerabilities based on the business units and sending the report to respective business owners. ➢ Attending calls with business owners, Windows, and Linux team for scheduling the Vulnerability Management patching and remediation part without business disruptions.

➢ Continuously monitor 24/7 SIEM Console (Dashboards, Offences, Log Activity and so on) for security alerts and incident ➢ Monitoring and analysis of events generated by various security and network tools like Firewalls, Proxy servers, AV, IDS/IPS. ➢ Security Incident Response: Responsible for monitoring of security alerts. Analysis of logs generated by appliances, investigation, and assessment on whether the incident is False positive or True Positive ➢ Use SIEM tools (QRadar) to detect possible signs of security breaches and perform detailed investigation to confirm successful breach. Perform root cause analysis (RCA) and appropriately handle the incident as per defined Incident Management Framework. ➢ Following end to end Incident Investigation and Incident Response process, ensuring to close the investigation within defined SLA ➢ Escalation of security incidents to concerned teams and their management and follow-up for closure. ➢ Creating tickets in Service now and tracking the status of the incidents. ➢ Analysis of daily and monthly reports for incident management and compliance. ➢ Coordinating with Network team, Server team regarding activities and technical issues. ➢ Protect the network from malicious entities such as hackers, viruses and spyware. ➢ Determine, Document and report false positives events/alerts ➢ Suggest filtering to suppress recurring false positives ➢ Analyze and determine threat impact. ➢ Categorize the incidents into appropriate categories. ➢ Document the security incident with required details. ➢ Provide recommendation on mitigation of security incidents. ➢ Take actions based on incident severity such as: o Notifying System owners o Notifying the SOC Remediation/Response Specialist (SRS) to provide resolution steps or workaround. o Follow incident response plan ➢ Threat profiling and new use case recommendation for organization environment ➢ Adherence to SOC SLAs, Communication protocols and policies Update Threat intelligence data. ➢ Trending of security events and incidents, Monitoring of Dashboards. ➢ Developing of IOC’s after security incidents ➢ Threat Research and analysis ➢ Update SOC knowledge Base-Process, Procedures, Incident Tracker.