Prajwal R
About Candidate
| • 2+ years of experience in Information Security. • Solid understanding of common network services and protocols. • Good knowledge on cyberattacks and attack vectors. • Working level knowledge on security solutions like Antivirus, Firewall, IPS, Email Gateway, Proxy, IAM, TI, VA Scanners, WAF etc. • Strong hands-on experience in security management tools like ArcSight and Splunk Security Incident and Event Management (SIEM) • Good knowledge on skills like Malware Analysis, Threat Hunting, Dark Web Monitoring • Exposure to using frameworks and compliances like MITRE ATT&CK. CIS Critical Controls, OWASP, PCI-DSS, ISO 27001 etc. • Exposure to related areas of cybersecurity including Host Security, Network Security, IAM, Vulnerability Management, Penetration Testing, Compliance etc. • Experience of Integrating tools with SOAR and designing incident response workflows in SOAR platform. • Intermediatory knowledge on Python and Regular Expressions. • Capable of independently learning new technology by utilizing available documentation and vendor support resources. |
Education
Work & Experience
Job Responsibilities: • Deep dive analysis of triggered alerts using SIEM, SOAR and other analysis tools. • Acted as the first-level support for all security issues. • Investigating incidents, remediation, tracking and follow-up for incident closure with concerned teams, stakeholders • Advise incident responders on the steps to take to investigate and resolve computer security incidents. • Perform root case analysis of incidents/breaches. • Build weekly and monthly reports as per SOC Manager and CISO requirements. • Onboarding log source using different collection methods. • Develop content for SIEM by writing custom parsers, correlation rules, dashboards, reports and alerts. • Maintain up-to-date documentation of designs/configurations. • Co-ordinate with auditing and compliance team by providing requested report and data • Actively involved in threat hunting activities from building hypothesis to finding evidence and enhancing security controls and detection logic • Periodic upgradation/creation of correlation rules based on emerging threats and requirement following MITRE Attack US-Cert and other TTP sources. • Participate in case review meetings to walk through the handled incidents to peers, SOC Manager and CISO.
