Rahul Bhople

Conduct proactive monitoring and triage of security events. Investigate all security alerts received by making use of all tools and log files possible to determine if the alert is a false positive or security incident. Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information. Monitor security events and logs such as Proxy, IPS/IDS, Firewall, Email, Anti-Malware events, Endpoints Security, Web Application Firewall to maintain situational awareness. Investigate all reported suspicious emails and determine whether the emails are malicious, non-malicious or legitimate and reply to the user who reported the suspicious email with a message reporting the findings and any recommendations. Collect threat intelligence feeds like IOCs from different Intelligence platforms and review IOCs, investigate on identified potential indicators of compromise (IOCs). Identify and ingest indicators of compromise (IOCs) into applicable security controls. Review detection coverage of IOCs and if no coverage then submit it for coverage to relevant vendor/Internal Teams. Writing SOC monitoring use cases to detect new threats. Fine-tune SIEM rules to reduce false positive and remove false negatives. Monitors health of security sensors and SIEM infrastructure. Worked in a 24x7 Security Operations Center.