AITHABATHULA SIDDHARDHA

Monitoring 24x7 for P1, P2, P3 alerts in SOC operations for real-time monitoring, analysing logs from various security/Industrial appliances by using Splunk, QRadar.  Working in SOC (24x7), monitoring SOC events, detecting and preventing intrusion attempts  Filling the Daily health checklist. Create, Modify and Update Security Information Event Management (SIEM) Tools  Working in GSOC (Global security Operation centre) with multiple clients  Generating tickets on ticketing tools (Service Now) and taking the necessary follow-up.  Triage of O365 Alerts.  Hands on experience on EDR tools (Crowd strike, Microsoft Defender, Fortinet.  Investigating and creating case for the Security Threats, Threat analysis and forwarding it to Onsite SOC team for further investigation and action.  Monitoring the DLP and Email and web logs and NIS Malware, Spam mails & investigate and escalating to the L2 and closing the incidents.  Creating the tickets in ticketing tool and Updating the Trackers once it closed.  Carrying out log monitoring and incident analysis for various devices such as Firewalls, IDS, IPS, database, web servers and so forth.  Experience in analysing large amounts of data.  Experience and knowledge in investigating incidents, remediation, tracking and follow-up for incident closure with concerned team. Strong capabilities in Microsoft products like Office’s Excel, Word, and PowerPoint.  Working knowledge on TCP/IP model and co-relating with real-life scenarios good communication and collaboration skills.  Good understanding of ITIL processes, including Change Management, Incident Management and Problem Management Preferred.  Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents  Work with the customer designated personnel to provide continual correlation rule tuning, incident classification and prioritization recommendations  Report query adjustments, and various other SIEM configuration activities  Created, maintained, and updated detailed design documents, diagrams, and Standard Operating Procedures (SOPs) to ensure clarity and consistency in security operations.  Work closely with the assigned Managed Services SIEM resources to ensure client's customized solution is functioning optimally and continuously tuned to the client's needs  Collaborate with a variety of customers in a polite, positive and professional manner  Resolve problems related to Network, Device, Policy, connectivity issues etc  Collecting the logs of all the network devices and analyze the logs to find the suspicious activities.  Prevention System, Security information and event management, Vulnerability management,  Incidents, reported findings. Blacklisting/Whitelisting of IP’s.  Monitor the Network level traffic, profiling over the network traffic and establishing base value and threshold values. Blacklisting/whitelisting of IPs at network level and  Create, maintain and update documentation of detailed design documents, Sop's, for client requirement.  Initiating cloud mitigation estimating impact of DDOS-Analysing Phishing and Spam related activities.  Creating Reports alerts and investigate issues identified during monitoring the live traffic.  Preparing RCA document and daily/weekly/monthly Reports.  Handling multiple customers globally analysing the customer networks for potential security attacks.  Support security incident response processes in the event of a security breach by providing incident reporting.  Troubleshooting basic errors identified in QRadar and fixing those errors.