SANDHIYA GANESAN

⮚ Monitors/detects/investigates/analyzes network intrusion threats/vulnerabilities. ⮚ Manage the SOC mailbox, monitor and analyze the emails for threats including phishing and malware, and escalates per procedure. ⮚ Responsible for monitoring, detecting, analyzing, and responding to security incidents and threats within the organization's infrastructure. ⮚ Worked as part of a team to ensure the confidentiality, integrity, and availability of information systems. ⮚ Create Ticket for SIEM Alerts and responsible for both response and Resolution SLA. ⮚ Tracking and escalating the tickets through Ticketing Tool. ⮚ Created a report with remediation's and recommendations after closing a ticket on daily and weekly basis. ⮚ Stay informed of current events in the security industry including the latest exploits and threats as well as preventative measures, remediation, and restoration techniques. ⮚ Create and maintain operational reports for Key Performance Indicators and weekly and Monthly Metrics. ⮚ Extracting the Severity 1, 2 & 3 MIM’s for ASPAC countries from ServiceNow tool to publish the same as Wellness reports to the CITI Top Level Managers across the respective countries. ⮚ To Publish 12 hrs report (GLOBAL region) to CITI management every 12 hours with all region MIM’s (MIM’s of ASPAC, EMEA, NAM and LATAM) ⮚ To health check the applications of particular Countries which are in critical stage with help of application teams. ⮚ To prepare and disseminate the daily/weekly/monthly reports to the concerned stake-holders. ⮚ To convene weekly incidents/problem management meetings with the resolver groups to assess the progress of solving the open issues.

➢ Administration and daily operation of SIEM technologies, including rule creation, reporting, correlation and performance monitoring. ➢ Provide role appropriate communication regarding threat events to Security Operations Center (SOC) as well as management in order to maintain effective communication regarding environmental concerns. ➢ Assists with security-related software and firmware (e.g., endpoint, vulnerability scanners, firewalls, IPS/IDS, DNS, proxy etc.) to maintain security and service continuity. ➢ Enforces security policies and procedures by administering and monitoring security profiles, reviews security violation reports and investigates possible security exceptions, updates and maintains and documents security controls. ➢ Configuring and troubleshooting log sources (e.g. wincollect, syslog, log source extensions, custom QID entries, event mapping, log source groups, etc.) ➢ Troubleshooting common administrative settings (e.g. configuration and data backups/restore, retention policies and buckets, routing rules, etc.) ➢ Perform SIEM performance optimization (e.g. performance limitations,network bandwidth, Disk IO, number of concurrent searches, rules for optimizing EPS, event and flow custom properties, backend scripts, etc.) ➢ Diagnosing system notifications regarding performance problems or system failures (e.g. dropping events, HA System Failed, I/O error, how to get logs for support tickets, license restrictions, etc.) ➢ Plan and Perform Upgrade Qradar upgrade activities. ➢ Should be able to interact with the IBM support team to raise and resolve PMRs for any issues ➢ Assist analyst investigation and ticket creation efforts. Provide daily monitoring and alerting of events that occur within the near real time environment. ➢ Analyze SOC functions and recommend upgrades/changes to ensure the security of the project.

⮚ Provide leadership to Security Operations Center Analysts. ⮚ Act as a first point of escalation for SOC team and assist with handing out work assignments to the team members. ⮚ Responsible for day-to-day operations of the SOC including establishing and measuring team performance and serves as a technical escalation point. ⮚ Responsible for advanced security monitoring through triage, investigation, communication, reporting and deep dive analysis of escalated incidents, threat hunting & Malware analysis. ⮚ Ensure the successful integration of cloud logging and security monitoring services with SIEM. ⮚ Manage, tune, and optimize SIEM tool (Qradar), which includes evaluating existing rules, filters, events and use cases per business requirement. ⮚ Provide Incident Response support when analysis confirms actionable incident. ⮚ Investigate, document, and report on information security issues and emerging trends. ⮚ Analyze and respond to previously undisclosed software and hardware vulnerabilities. ⮚ Knowledge and Experiencing with Cyber Threat Intelligence tools such as Recorded Future and Cisco Umbrella ⮚ Advanced Understanding of Hacktivist groups and how they operate. ⮚ Perform cyber threat intelligence operations including intelligence collection (IOCs), tracking threat actors, identifying and tracking malicious infrastructure. ⮚ Performed Vulnerability scanning on IP address using vulnerability management tool on monthly basis. ⮚ Worked with cloud team and leadership to set the direction for security monitoring and threat detection. ⮚ Perform threat hunting by searching our existing infrastructure for signs of malware and malicious events not detected by our existing security controls. ⮚ Implemented standards and procedures to ensure alerts are addressed with relevancy, accuracy and in a timely manner. ⮚ Co-ordinate with Manager for creating new operational guidelines, processes and procedures. ⮚ Perform Root Cause Analysis (RCA) and make preventative recommendations ⮚ Develop, lead and present relevant Cybersecurity tabletop exercises to SOC staff and relevant stakeholder groups for the purposes of identifying process improvement opportunities. ⮚ Manage shift schedules and lead SOC personnel, Provide guidance and mentorship to L1 and L2 analysts.