Sudarshan Kumawat

• Led deployment and operational excellence of SIEM tools (ELK stack, Splunk). Developed impactful use cases, reports, and dashboards, improving decision-making. • Led incident response efforts, reducing resolution times within SLA parameters. Coordinated rapid responses during critical incidents, reducing resolution times. • Triaged security events and carry out incident response steps. Blocked malicious domains, Hashes of Files and IPs following company's Standard Operating Procedures. • Ensure the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices. • Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc. Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed. • Contributed to predictive algorithms, reducing false positive rates. Conceptualized robust rulesets, contributing to proactive threat identification.

• Worked in a 24x7 Security Operations Center. Monitoring and analysis of security events to determine intrusion and malicious events using ELK SIEM. • Used Vulnerability Assessment tools such as Nessus, and NMAP to perform security testing. • Continuous monitoring and interpretation of threats through use of intrusion detection systems, firewalls and other boundary protection devices, and any security incident management products deployed. • Integrated ServiceNow, Slack, and Teams with Elasticsearch alerts for effective incident response. Evaluate and adapt existing SIEM content to align with customer goals and SLAs.

• Led deployment and operational excellence of SIEM tools (ELK stack, Splunk). Developed impactful use cases, reports, and dashboards, improving decision-making. • Led incident response efforts, reducing resolution times within SLA parameters. Coordinated rapid responses during critical incidents, reducing resolution times. • Triaged security events and carry out incident response steps. Blocked malicious domains, Hashes of Files and IPs following company's Standard Operating Procedures. • Ensure the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices. • Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc. Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed. • Contributed to predictive algorithms, reducing false positive rates. Conceptualized robust rulesets, contributing to proactive threat identification.