PITTA ANURAG
About Candidate
| Having 5 years of experience in Information Security and currently working as Security Analyst (Security Operation Center team) •Experience on SIEM (Security Information and Event Management) tools like Monitoring real- time events using Splunk, ArcSight, QRadar and Azure Sentinel. •Preparing daily, weekly, and monthly reports as per client requirement. •Investigating and creating a case for the security threats and forwarding it to the Onsite SOC team for further investigation and action. •Good Knowledge on OSI Models, Protocols, security concepts, WAN and LAN concepts, Routing protocols, Firewall security policies, VPN. •Experience on performing log analysis and analysing the crucial alerts at immediate basis through SIEM •Handling critical alerts from Symantec Endpoint Protection and working for resolution. Handling alerts from Crowdstrike EDR and investigation. |
Education
Work & Experience
Responsible for first level incident response and incident management in •Managed SOC for different industries. •Responsible for performing daily health checks of SIEM (QRadar) •Responsible for performing investigation of the incidents captured in the PITTA ANURAG SOC ANALYST [email protected] 9492103665 Bangalore 1990/02/14 Indian married male •SIEM and notifying clients with all the findings. •Good experience in handling various variants of incidents across multiple clients •Hands-on experience in fine tuning of Use Cases and creating/updating reference sets in QRadar. •Hands-on experience in handling various SIEM solutions like QRadar, Splunk. •Good experience in handling Phishing emails, performing Header analysis •to identify the integrity of the email & Body analysis for any IOC presence. •Good experience in handling IOC’s by performing malware analysis. •Good experience in handling EDR detections (both file based, and process based) from Crowd strike & Carbon Black. •Good understanding of MITRE ATTACK framework. •Knowledge in understanding TTP’s detected by EDR solutions. •Good understanding of OWASP, IDS, IPS, Threat modeling and Cyber Attacks like DOS, DDOS, MITM, SQL Injection, XSS and CSRF. •Experience in performing Ad-hoc AV scans on hosts whenever required. •Closely working with Hunt team & identifying latest attack vectors & latest •IOC’s and performing IOC sweep activities across various clients. •Responsible for client calls & their requests like IOC sweep, Ad-hoc request •or Hunting. •Hands-on experience in handling incidents and ensuring SLA’s to be met. •POC for the shifts, managing shift roster, client bridging, managing and •updating client updates and managing shifts as per requirement. •Work closely with clients for the follow-ups and understanding client requirements and updating the same with analysts. •Performing peer reviews of the investigation on incidents before notifying •the clients. •Responsible for responding and managing the intrusions for multiple •clients using respective SIEM solutions in a managed SOC environment. •Performing Trend analysis of the Use Cases to identify the aspects for high •count of False positives and performing fine tuning of Use Cases. •Creating & updating Runbooks for the newly created/existing UC’s. •Coordinating with the SDM and Client SOC team for any configuration activities. •Active participant in Buddy programs and BrownBag sessions. •Collaborating with Engineering team, Hunt Team, Threat Intel team for •ticket/process improvements. •Experience in creating incidents in various ticketing tools like ServiceNow,Jira. •Creating Bi-weekly reports for client reference. •Responsible for performing monthly audits of L1 alerts for process improvement
