Kumar Rahul Singh

Provided technical support for Avast antivirus, assisting users with inquiries related to malware removal, general technical issues, and computer security. Generated detailed reports outlining resolution steps for technical assistance requests, ensuring clarity for users and future reference. Monitored administrative server functions, managing backups and recovery processes, and overseeing upgrades to optimize system performance. Installed software applications manually and via remote assistance, demonstrating proficiency in troubleshooting and maintaining efficient desktop environments. Collaborated effectively with team members to resolve technical challenges, contributing to enhanced user experience and streamlined support services

Proficiently utilized tools such as Grafana, Iris, Velociraptor, and Jira to enhance monitoring and response capabilities. Conducted real-time log analysis from diverse endpoints, promptly identifying and mitigating potential threats. Demonstrated expertise in real-time monitoring, ensuring rapid incident response to maintain system security. Analyzed and assessed phishing domains, contributing to a proactive cyber defense strategy. Held roles in both L1 and L2 support, effectively addressing various security concerns and inquiries. Identified and ingested indicators of compromise (IOCs) like malicious IPs/URLs into network tools. Stayed updated with vulnerabilities, attacks, and countermeasures through security blogs and CISA, DHS, Akamai reports. Utilized Jira to create and track incidents and requests, streamlining workflow. Conducted domain and email analysis to uncover potential risks and threats. Investigated malicious phishing emails, domains, and IPs using Open Source tools, recommending appropriate blocking strategies. Maintained vigilant oversight of threats through IDS and SIEM tools, ensuring continuous monitoring and prompt action.

Led SOC operations, overseeing log monitoring, SIEM management, and crafting exclusion rules, while also analyzing firewall logs and integrating Suricata into Wazuh for enhanced threat intelligence. Managed a diverse suite of cybersecurity tools including Wazuh, Graylog, Grafana, Cortex, Shuffle, Praeco, and DFIR tools (IRis, InfluxDB, Suricata, Velociraptor), ensuring seamless integration and smooth log flow. Developed custom dashboards using Grafana and Wazuh using lucene query to provide clients with actionable insights. Engaged in threat hunting using Grafana and Velo, proactively identifying potential breaches, and provided rapid response through IRIS during escalated incidents. Leveraged IRIS as a case management tool for escalated incidents and efficient resolution. Collaborated closely with the team to troubleshoot and resolve log processing or tool integration issues, ensuring uninterrupted security operations. Conducted regular audits and assessments of SOC processes and procedures to ensure compliance with industry standards and best practices. Developed and implemented incident response plans and protocols to streamline the handling of security incidents and minimize their impact. Provided training and mentorship to junior team members, fostering a culture of continuous learning and skill development within the SOC team. Managed a team of 6 members ensuring shift coverage and roster effectiveness.