Heenakousar Mattikatti

•Monitoring security incidents from various SOC entry channels such as SIEM,shared email, IDS, IPS, Firewall, SPLUNK,Qradar, Sophos AVXG, Sophos EDR. •Continuously monitor the alert queue, either via dashboard, or the ticketing tool or the shared mailbox. •Perform intel-based Threat hunting and share the IOCs with clients for preventive actions. Analyze and investigate security events from various sources. • Conducting in-depth analysis of the incidents by correlating data from differentsources. •Understanding of Windows , Operating system ,Group Polices ,Networking concepts and security infrastructure(Anti-Virus , Anti-Malware, DLP , Firewalls ). •Participate in weekly meetings like weekly ticketreview, attending in house process related training.. •Monitors health of data sources, check for allthe tools and report any shortcomings immediately to the concerned team. •Identify obvious false positives and close them,should not be closing cases as False Positive •Writing internal blogs/security advisories on various threats, attack for internal purpose •Escalate incidents to Tier 2, make sure allthe steps and process has been followed, this will help reduce time wastage. •Worked with different clients and their security applications •Basic packet capture and analysis using Wireshark. •Submitting the reports to the nextshiftto look after the raised incidenti.e.shift handover