SATYA SURYA MEDISETTI

Working on the Splunk and Qradar providing operations support at the Security Operations Center for different member firms. • Monitoring alerts (SIEM, IPS, wireless devices, tripwire and other security devices). Performed threat analysis through research and examining log data • Monitoring & analyzing incoming Events in a network. • Monitoring AV logs in ESM & raising case for malware infections. • Monitoring Windows logs & raising cases for login failures & lockouts based on defined thresholds. Monitoring Tripwire logs for critical file modification on windows servers. SATYA SURYA MEDISETTI SOC Analyst satyasuryamedisetti@gmail.com 8374964729 Bangalore Indian 10/11/2000 • Monitoring database logs & raise cases for suspicious login failures, DB shut down activities, critical commands execution etc. • Monitoring IPS logs & Firewall to identify external threats. • Experience in creating Filters and applying Filters to Active Channels. • Integrating the Commands, Applying the Inline Filters in an Active Channel to make the investigation process reliable. • Exposure to Ticketing tool like Service Now. • Collecting the logs of all the network devices and analyze the logs to find the suspicious activities. • Investigate the security logs, mitigation strategies and Responsible for preparing generic security incident report. • Monitoring, analyzing and responding to infrastructure threats and vulnerabilities in Splunk and Qradar. • Phishing and Spam Email Analysis. • Monitor alerts generated in the security analytics solution includes intrusion detection/prevention systems, firewalls, routers, switches, servers, databases, applications and other devices. • Working on SIEM tools providing operational support for preventing of Cyber Attacks. • Identifying potential information security incidents like security attacks and anomalous activities. • Validate and confirm potential security incidents through detailed investigation of logs. • Create incidents for all alerts/findings and regular updates on overall analysis as per the defined SLA’s. Displaying the event data in different layouts by defining Dash Boards & Data Monitors. • Checking the overall system health, Connectors health & reporting it to the Admin. Team on daily basis. Providing daily, weekly and monthly reports of incident activity. • Security Incident Response and closure of Incidents within SLA using Service Now & Service Desk Performing Health check of network security devices. • Analyzing Phishing and Spam related activities and notifying to the users. • Preparing daily and weekly dashboard on the security threats and trends on the network. • Working on Real time network traffic by analyzing the logs from IDS and Firewalls through SIEM Tool. Handling the complete incident management framework cycle right from incident identification, • incident containment, performing root cause analysis, suggestion and implementation of preventive and corrective controls and perform network analysis as needed on a case to case basis. • Correlate system information with known vulnerabilities • Lessening the likelihood and/or impact of a vulnerability being exploited. • Good understanding of MITRE ATTACK framework. Knowledge in understanding TTP’s detected by EDR solutions. Good understanding of IDS, IPS, SQL Injection, DOS and DDOS. • Proficient in configuring and maintaining network security devices, including intrusion detection systems(IDS), and intrusion prevention systems(IPS). • Good experience in handling Phishing emails, performing Header analysis to identify the integrity of the email & Body analysis for any IOC presence. • Good experience in handling IOC’s by performing malware analysis. • Good experience in handling EDR detections.