Aman Singh
About Candidate
Education
Work & Experience
Job Responsibilities: ● Working in a 24x7 Security Operations Center● Monitoring the customer network using ArcSight and Splunk SIEM● Act as first level support for all Security Issues● Analyzing real time security incidents and checking whether its true positive or false positive● Performing real-time monitoring, investigation, analysis, reporting and escalations of securityevents from multiple log sources.● Raising true positive incidents to the respective team for further action● Creating tickets on service now and assigning it to the respective team and taking the follow-upuntil closer● Escalating the security incidents based on the client's SLA and providing meaningful informationrelated to security incidents by doing in-depth analysis of event payload, providingrecommendations regarding security incidents mitigation which in turn makes the customerbusiness safe and secure.● Contacting the customers/stakeholders directly in case of high priority incidents and helpingthem in the process of mitigating the attacks.● Work closely with business units to ensure that they know what and how to feed data into the SIEM● Co-ordinate with networking teams to maintain and establish communication to remoteArcSight Connectors● Investigate malicious phishing emails, domains, and IPs using Open-Source tools and recommendproper blocking based on analysis● Installation of ArcSight Connectors● Upgradation of ArcSight Connectors● Integration of new devices with ArcSight such as Windows, Linux, CISCO Firewall, Routers,Switches etc.● Troubleshooting if any device is not sending the logs to the ArcSight.● Basic understanding on creation of ArcSight content like Correlation Rules, Query, Report,Dashboards etc.● Maintain keen understanding of evolving internet threats to ensure the security of clientnetworks. ● Troubleshooting SIEM dashboard issues when there are no reports getting generated or no dataavailable● Basic knowledge of Splunk Distributed cluster Architecture● Working experience in Splunk SPL queries● Installation of universal forwarders to integrate Windows and Linux devices● Create inputs on Splunk Enterprise to receive the logs● Integrate FortiGate Firewall with Splunk● Installation of Splunk apps and Add-on on the Splunk● Monitoring Realtime Incidents in Splunk Enterprise Security
