RAVI VARMA

Experience in a 24/7 Security Operations Center (SOC) involving: Nov 2020–Till date • Monitoring SOC events and promptly detecting and preventing intrusion attempts. • Real-time monitoring of various network security devices like IPS, Firewall, Endpoint Security, Operating System, and Email Security to align with client requirements and ensure uninterrupted log monitoring. • Identifying successful and attempted cyber intrusions through in-depth log analysis. • Creating reports and dashboards in ArcSight, QRadar ,Splunk ,LogRhythm for comprehensive insights. • Recognizing attacks based on their unique signatures. • Conducting Vulnerability Assessments (VA) on both web applications and servers. • Proficient understanding of the ArcSight ESM event lifecycle and associated processing stages. • Employing antivirus and other analysis tools for Malware Analysis and thorough malware removal from client environments. • Distinguishing false positives from actual intrusion attempts and aiding in their resolution. • Collaborating with stakeholders and supporting escalation procedures. • Maintaining detailed documentation of actions taken during incident investigations. • Coordinating with other teams to facilitate incident management processes. • Providing engineering teams with recommendations for tuning and filtering. • Fulfilling data requests from customers and other teams, and analyzing daily, weekly, and monthly reports. • Conducting research, analysis, and responses to alerts, including log retrieval and documentation. • Monitoring and conducting secondary-level analysis of incidents. • Analyzing SOC monitoring tool alerts to report abnormal behaviors, suspicious activities, traffic anomalies, and more. • Performing analysis of network traffic and host activity across various technologies and platforms. • Assisting in incident response activities, such as host triage, malware analysis, remote system analysis, end-user interviews, and remediation efforts. • Expertise in recognizing cyber-attacks based on their signatures and aiding in remediation and prevention. • Analyzing malicious campaigns and evaluating the effectiveness of security technologies. • Developing advanced queries and alerts to detect adversary actions. • Leading response and investigation efforts for advanced/targeted attacks. • Identifying IT infrastructure gaps by simulating attacker behaviors and responses. • Offering expert analytic support for large-scale and complex security incidents.