Nilesh Dinkar kokate

Security Operation, Event detection & Investigation (L1): • Qradar and Gurucul - GRA(UEBA) day to day operations & perform real-time proactive security monitoring detection & response to security events & offence for Enterprise infrastructure. Threat Hunting, Recorded Future, Crowdstrike, CISCO Iron Port, DLP, McAfee–Casb, Prisma, Prisma- Casb IPS/IDS, FireEye AX, PaloAlto Wildfire, PaloAlto Cortex, Attivo, Smokescreen, IBM Guardian, Incident Handling, Internal Policies, Log analysis & Deep investigation, Presentations, Dashboards & Reports. • Recognize attacks based on their signatures/trends/patterns. • Conduct thorough investigation of security events generated by our detection mechanisms such as SIEM, UEBA, EDR, XDR, IDS/IPS, WAF, Firewall, Proxy, Database, IIS, Apache. • Incident Handling, Investigate, collaborate and report on root-cause-analysis of malware attacks. • Implementation of new rules and use cases. Review & Fine tuning of existing & recently implemented use cases. • Implementation of various ideas in current project and developed the processes. • Investigate a threat and correlate it with multiple implemented security platforms and analyze the historical to current research-based scenario to take appropriate actions. • Developed many incident managements processes and response processes to improve respond time and configured latest IOCs to detect/prevent attack on time. • Implemented best practices for incident response and investigation, correlation trainings for team to maintain the SLA. • Implemented Play-books for investigation steps & response. • Conducted sessions & trainings on Use-Case, Playbooks & Cybersecurity related topics. • Checking and implementing advisories, CVE for Windows and Linux patches, Google chrome, WordPress, etc. Responsible for creating E-mail Advisories, Screensavers, Posters which are used to make employees aware about the cyber risks associated with the organization. • Collating and blocking of the IOC’s which are received from different Threat Intel Feeds. Threat Hunting, Malware analysis & Phishing analysis: • Active malware analysis through application-level behaviors like launch of suspicious program from an unusual location, suspicious registry changes and file modifications. • Suspicious File analysis, phishing e-mail analysis, Domain analysis investigation, mitigation with the help of SIEM events, Windows events, EDR events & Proxy events.

Security Operation, Event detection & Investigation (Tier 1): • LogRhythm day to day operations & perform real-time proactive security monitoring detection & response to security events & offence for Enterprise infrastructure. Threat Hunting, Recorded Future, Tanium, Sophos Endpoint and MTR, CrowdStrike, Microsoft Office 365, Windows Defender, Microsoft Cloud App Security, IPS/IDS, Incident Handling, Internal Policies, Log analysis & Deep investigation, Presentations, Dashboards & Reports. Support the SOC Manager in the preparation of SOC management and statistical reports. • Recognize attacks based on their signatures/trends/patterns. • Support the SOC Manager in the preparation of SOC management and statistical reports. • Lead and respond to security incidents and investigations and targets reviews of suspect areas. Consult on teams to resolve issues that are uncovered by various internal monitoring tools. Identify and resolve root causes of security- related problems. • Routinely conduct thorough investigation of security events generated by our detection mechanisms such as SIEM, EDR, IDS/IPS, WAF, Firewall, Proxy, IIS, Apache. Provide feedback and work with Network Team, Operations Team, Server and Desktop Team in order to develop and harden infrastructure. • Incident Handling, Investigate, collaborate and report on root-cause-analysis of malware attacks. • Implementation of new rules and use cases. Review & Fine tuning of existing & recently implemented use cases. • Implementation of various ideas in current project and developed the processes. • Investigate a threat and correlate it with multiple implemented security platforms and analyze the historical to current research-based scenario to take appropriate actions. • Developed many incident managements processes and response processes to improve respond time and configured latest IOCs to detect/prevent attack on time. • Implemented best practices for incident response and investigation, correlation trainings for team to maintain the SLA. • Conducted sessions & trainings on Use-Case, Playbooks & Cybersecurity related topics. • Checking and implementing advisories, CVE for Windows and Linux patches, Google chrome, WordPress, etc. Responsible for creating E-mail Advisories, Screensavers, Posters which are used to make employees aware about the cyber risks associated with the organization. • Collating and blocking of the IOC’s which are received from different Threat Intel Feeds. Threat Hunting, Malware analysis & Phishing analysis: • Active malware analysis through application-level behaviors like launch of suspicious program from an unusual location, suspicious registry changes and file modifications. • Proactively 'hunt' for potential malicious activity and incidents across multiple customers using advanced threat network and host-based tools. • PHP file decoding and analysis, Suspicious File analysis, phishing e-mail analysis, Domain analysis investigation, mitigation with the help of SIEM events, Windows events, EDR events & Proxy events. • Perform investigations and analysis of network traffic, read sniffer packet logs (PCAP) with the help of Wireshark. Incident Response (Tier 1): • Investigate of Incidents raised by SOC Team, share incident with stakeholder & provide mitigation. • Maintain record of reporting & non-reporting devices on daily basis & present these reports in weekly meeting with CISO & respective stakeholders. • Co-ordinate with SOC Team regarding client queries & provide solution within SLA time. • Review reports shared by SOC Team & share report observations with respected stake holders. • Perform use-case review activity on quarterly basis. • Block IOCs on Security solutions.