MOHIT KUMAR MISHRA

Key Responsibilities:  Part of the SOC Team, responsible for monitoring and protecting the Client’s network through endpoint security management tool like Microsoft SCEP AV & Sophos AV.  Responsible for all clients (Server/Workstations) are having AV agent are healthy and running with Latest virus definition.  Scheduling the Weekly, Monthly and on demand scan for threat detection.  Creating the security policies for Exclusion/Inclusion to avoid the network conflict.  Part of the SOC Team responsible for the client Email Security.  Perform Daily, Weekly and Monthly proactive housekeeping and monitoring activities.  Harden the Windows and Linux servers to make more robust.  Conducting vulnerability assessment on time through Nexpose Rapid 7 scanning tool to find out Server/Network level hidden vulnerability and mitigate them.  Worked on ticketing tools like BMC Remedy, Jira & Service Now tool used for logging cases and incident handling.

Key Responsibilities:  Establishing standard procedures and guiding team resources to handle and analyze SOC incidents to prevent cyber threats.  Creating Dashboards, Reports and Alerts in Splunk SIEM for proactive and reactive threat monitoring.  Monitor/Investigate all the security incidents through Splunk.  Handling endpoint malware incidents through TrendMicro endpoint protection and act upon to protect client network against malware attacks.  Analyzing suspicious web-traffic logs, intrusion events detected by firewall, Zscaler cloud proxy and IDS/IPS respectively.  Handling on premise and cloud DLP incidents to prevent data leakage across the organization.  Experience on Slash NEXT to handle network security incidents like C & C server communication.  Threat hunting through Hexadite AIRS, Tanium.  Conducting vulnerability assessment through Qualys guard to prevent attacks due to vulnerabilities.  Phishing and malicious email analysis to prevent email threats accordingly

Key Responsibilities:  Part of the SOC Team, responsible for monitoring and protecting the Client’s Endpoints & Network against malware attacks. Handling endpoint malware incidents Detected by EDR tools.  Taking Care of all Security incidents escalated by L1 engineers and making sure that IR process has been followed correctly while triaging the Incidents.  Worked on different -2 type of security incidents like Malware Infection MFA fraud alert, Suspicious traffic, Privileged Access related, Phishing attacks, Brute force & DDOS attack incident,  Performing Active monitoring for the alerts, to investigate proactively and suggest recommendation for any suspicious activity.  Using SIEM Tool Splunk for Alert/Notable notifications.  Performing the Vulnerability Assessment on timely bases to find out the Security flaws/Vulnerabilities in customer environment.  Creating new rules/patterns, & Dashboards (SIEM perspective) to have a view of the real time activities on the network.  Establishing standard procedures so team can handle the security incidents on time, and we can recover easily in case of any security outbreak.  Part of the SOC Team, responsible for the client Email Security also  Analyzing all the reported emails very carefully and educate the team members & Customers how to prevent email threats & Phishing attacks.

Key Responsibilities:  Being a Technical Lead, actively monitoring all the triggered alerts/incidents and make sure all Alerts/incidents handled as per agreed process on time by my time.  Helping Splunk admin to make new rules for monitoring suspicious activity from different log sources and Performing Fine tuning of the Use cases/Rules time to time to reduce the False positive Alerts/incidents.  Providing end to end investigation report with RCA to client for all high/Critical & True positive alerts/Incidents.  Taking Care of all Security incidents escalated by L1& L2 engineers and making sure that IR process has been followed correctly while triaging the Incidents/Alerts.  Having rich experience in triaging security incidents like Malware Infection, MFA fraud alert, Suspicious IDS/IPS traffic, Privileged Access & lateral movement related activities, Phishing attacks, Brute force & DDOS attack incidents.  Having good knowledge of OWASP top 10 Vuln & MITRE Framework.  Documenting & escalating all the process gaps & risks timely to client & management and make sure all such gaps & risks are remediated in planned way.  Preparing & presenting the Daily/weekly/Monthly executive report with client & management and documenting all the improvements & suggestions from client.  Process documents, Inventory, Fine tuning sheet, training & tool access tracker reviewing & updating periodically.  Performing vulnerability scan on weekly/monthly basis using Nexpose and make sure all high/critical vuln being remediated on time by respective teams.  In case of any newly(0day) threat/vulnerability detections, proactively collects IOCs from different open-source tools & News Feeds and continue the hunting in Splunk & Microsoft Defender tool to prevent such attacks.