Israel Avidi
About Candidate
| Having 2 Year’s of hands on IT Experience in securing the network environment. Experience in Information Security with emphasis on security operations, incident management, intrusion detection, and security event analysis using SIEM tool azure sentinel, Splunk andQradar. Experience inMonitoring & Investigating the incoming Events. Experience of working in 24×7 operations of SOC team, offering log monitoring, security information management, global threat monitoring. Experience in generatingDaily, Weekly& Monthly Reports. Experience on performing log analysis and analyzing the crucial alerts at immediate basis through SIEM Handling critical alerts from Symantec Endpoint Protection and working for resolution. Handling alerts from Crowd strike EDR and investigation. Responsible for triage of a variety of alerts stemming from Malware Responsible for monitoring the Phishing attempts. Exposure to Ticketing tool like Service Now. Strong knowledge on Incident management life cycle. Good communication, problem solving skills and the ability to acquire new skills in a timelymanner. Strong in team coordination and managing tasks. |
Education
Work & Experience
Working on the logrhythm, Splunk, Qradar Arc Sight ESM, Azure SIEM (console & web console) providing operations support at the Security Operations Center for different member firms. Monitoring alerts (SIEM,IPS, wireless devices, tripwire and other security devices). Performed threat analysis through research and examining log data Monitoring & analyzing incoming Events in a network. Monitoring AV logs in ESM & raising case for malware infections. Monitoring Windows logs & raising cases for login failures & lockouts based on defined thresholds. Monitoring Tripwire logs for critical file modification on windows servers. Monitoring database logs & raise cases for suspicious login failures, DB shut down activities, critical commands execution etc. Monitoring IPS logs & Firewall to identify external threats. Experience in creating Filters and applying Filters to Active Channels. Integrating the Commands, Applying the Inline Filters in an Active Channel to make theinvestigation process reliable. Exposure to Ticketing tool like Service Now. Collecting the logs of all the network devices and analyze the logs to find the suspicious activities. Investigate the security logs, mitigation strategies and Responsible for preparing generic security incidentreport. Monitoring, analyzing and responding to infrastructure threats and vulnerabilities in logrhythm, Splunk, Qradar. Phishing and Spam Email Analysis in logrhythm,O365 Defender. Monitor alerts generated in the security analytics solution includes intrusion detection/prevention systems, firewalls, routers, switches, servers, databases, applications and other devices. Working on SIEM tools providing operational supportfor preventing of Cyber Attacks. Identifying potential information security incidents like security attacks and anomalous activities. In addition, perform analysis by observing deviations from normal behavior to uncover activities that could undermine security of information assets. Validate and confirm potential security incidents through detailed investigation of logs. Create incidents for all alerts/findings and regular updates on overall analysis as per the defined SLAʼs. Displaying the event data in different layouts by defining Dash Boards & Data Monitors. Checking the overall system health, Connectors health & reporting it to the Admin. Team on daily basis. Providing daily, weekly and monthly reports of incident activity.
