KISHOREKODAVALI

Working on the Splunk and Qradar providing operations support at the Security Operations Center for different member firms. Monitoring alerts(SIEM, IPS, wireless devices, tripwire and other security devices). Performed threat analysis through research and examining log data Monitoring & analyzing incoming Events in a network. Monitoring AV logs in ESM & raising case for malware infections. 2022 – present KISHOREKODAVALI [email protected] 8143789635 Pune Indian 22/03/2000 Monitoring Windows logs & raising cases for login failures & lockouts based on defined thresholds. Monitoring Tripwire logs for critical file modification on windows servers. Monitoring database logs & raise cases for suspicious login failures, DB shut down activities, critical commands execution etc. Monitoring IPS logs & Firewall to identify external threats. Experience in creating Filters and applying Filters to Active Channels. Integrating the Commands, Applying the Inline Filters in an Active Channel to make the investigation process reliable. Exposure to Ticketing tool like Service Now. Collecting the logs of all the network devices and analyze the logs to find the suspicious activities. Investigate the security logs, mitigation strategies and Responsible for preparing generic security incident report. Monitoring, analyzing and responding to infrastructure threats and vulnerabilities in Splunk and Qradar. Phishing and Spam Email Analysis. Monitor alerts generated in the security analytics solution includesintrusion detection/prevention systems, firewalls, routers, switches, servers, databases, applications and other devices. Working on SIEM tools providing operational support for preventing of Cyber Attacks. Identifying potential information security incidents like security attacks and anomalous activities. Validate and confirm potential security incidents through detailed investigation of logs. Create incidents for all alerts/findings and regular updates on overall analysis as per the defined SLA’s. Displaying the event data in different layouts by defining Dash Boards & Data Monitors. Checking the overall system health, Connectors health & reporting it to the Admin. Team on daily basis. Providing daily, weekly and monthly reports of incident activity. Security Incident Response and closure of Incidents within SLA using Service Now & Service Desk Performing Health check of network security devices. Analyzing Phishing and Spam related activities and notifying to the users. Preparing daily and weekly dashboard on the security threats and trends on the network. Working on Real time network traffic by analyzing the logs from IDS and Firewalls through SIEM Tool. Handling the complete incident management framework cycle right from incident identification, incident containment, performing root cause analysis, suggestion and implementation of preventive and corrective controls and perform network analysis as needed on a case to case basis. Correlate system information with known vulnerabilities Lessening the likelihood and/or impact of a vulnerability being exploited. Good understanding of MITRE ATTACK framework. Knowledge in understanding TTP’s detected by EDR solutions. Good understanding of IDS, IPS, SQL Injection, DOS and DDOS. Proficient in configuring and maintaining network security devices, including intrusion detection systems(IDS), and intrusion prevention systems(IPS). Familiar with a wide range of cybersecurity tools Wireshark, and Burp. Proficient in using vulnerability scanners and penetration testing tools to assess and secure network and application security