Siva Krishna H
About Candidate
| Having 7.5 years of experience in the IT Industry with 2.7 Years in Information Security and currently working as Security Analyst (Security Operation Centre team) . Responsible for working in 24*7 in Security Operation Center (SOC) environment at Cyber Security Fusion Center Performing Real-Time Monitoring, Investigation, Analysis, Reporting and Escalation of Security. Events from Multiple log sources. Expertise in Monitoring/analyzing and managing the real-time events for the Creating rules and Joint rules, verify Rules with events & Fine-tuned the real time rules o reduce the false positives. Creating Active list, Updating Active List and using rules to populate an Active List. Monitor of the multiple network and security devices to ensure appropriate system administrative actions, investigate and report on noted irregularities. Monitor dashboards to keep track of security events, health of SIEM devices. Leverages emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of attack. Sending SOC advisories to the clients regarding the current threat and patch on regular basis, Based on Symantec CVSS 2 base vulnerability score. Creating Incidents for different severity alerts and following up until the case is closed with proper RCA. Weekly/Monthly incident analysis report. Analyzing the events and providing solutions for the incidents. |
Education
Work & Experience
Roles and Responsibilities: • Served as Analyst in SOC operations for real-time monitoring, analyzing logs from various security/Industrial appliances • Administered various incidents/security alerts triggered in the SIEM tool. • Carrying out log monitoring and incident analysis for various devices such as Firewalls, IDS, IPS, databases, web servers, and so forth. • Security event analysis and intrusion detection by review and analysis of events generated by various components including IDS/IPS, firewalls, Routers, DB, and various types of security devices. • Performed Real-Time Monitoring, Investigation, Analysis, Reporting, and Escalation of Security Events from multiple log sources. • Real-time Monitoring of Alerts using IBM Qradar SIEM Tool. • Analyse the events and create incidents for all true positive alerts. • Validate, classify and open tickets for security incidents. • Perform Health check of SIEM Tool and its components and report the abnormality accordingly • Troubleshooting SIEM dashboard issues when there are no reports getting generated or no data available. • Worked on DLP (Symantec DLP), used to check if any confidential data was used by unauthorized person. • Updating Blacklisted IP details on daily basis based on inputs from IP-void. • Monitoring firewall and IDS/IPS systems. • Working Phishing attack email. • Create operational reports for Key Performance Indicators and weekly monthly reports. • Responding to inbound security alerts, emails, and inquiries from the organization. • Perform investigation of network and hosts/endpoints for malicious activity. • Proactively monitor, identify and analyze complex internal and external threats, Iincluding viruses, targeted attacks, and unauthorized access, and mitigate risk to the systems. • Regular review of process and support documentation and amend where necessary. • Responsible to follow the IT security incident response policies and tools. • Preparing incident reports with complete analysis for critical alerts observed in the network.
