SURYA BHAGAVAN

•Responsible for first level incident response and incident management in managed SOC for different industries. •Responsible for performing daily health checks of SIEM (QRadar). •Responsible for performing investigation of the incidents captured in the SIEM and notifying clients with all the findings. •Good experience in handling various variants of incidents across multiple clients. •Hands-on experience in fine tuning of Use Cases and creating/updating reference sets in QRadar. •Hands-on experience in handling various SIEM solutions like QRadar, Splunk. •Good experience in handling Phishing emails, performing Header analysis to identify the integrity of the email & Body analysis for any IOC presence. •Good experience in handling IOC’s by performing malware analysis. •Good experience in handling EDR detections (both file based, and process based) from Crowd strike & Carbon Black. •Good understanding of MITRE ATTACK framework. •Knowledge in understanding TTP’s detected by EDR solutions. SKILLS SKILLS •Good understanding of OWASP, IDS, IPS, Threat modeling and Cyber Attacks like DOS, DDOS, MITM, SQL Injection, XSS and CSRF. •Experience in performing Ad-hoc AV scans on hosts whenever required. •Closely working with Hunt team & identifying latest attack vectors & latest IOC’s and performing IOC sweep activities across various clients. •Responsible for client calls & their requests like IOC sweep, Ad-hoc request or Hunting. •Hands-on experience in handling incidents and ensuring SLA’s to be met. •POC for the shifts, managing shift roster, client bridging, managing and updating client updates and managing shifts as per requirement. •Work closely with clients for the follow-ups and understanding client requirements and updating the same with analysts. •Performing peer reviews of the investigation on incidents before notifying the clients. •Responsible for responding and managing the intrusions for multiple clients using respective SIEM solutions in a managed SOC environment. •Performing Trend analysis of the Use Cases to identify the aspects for high count of False positives and performing fine tuning of Use Cases. •Creating & updating Runbooks for the newly created/existing UC’s. •Coordinating with the SDM and Client SOC team for any configuration activities. •Active participant in Buddy programs and Brownbag sessions. •Collaborating with Engineering team, Hunt Team, Threat Intel team for ticket/process improvements. •Experience in creating incidents in various ticketing tools like ServiceNow, Jira. •Creating Bi-weekly reports for client reference. •Responsible for performing monthly audits of L1 alerts for process improvement.