Tukaram Satyawan Gaonkar

Real time Identification, Analysis and resolution of security events detected by SIEM tool (QRadar).  Understanding and working with Custom Rules, Reports, Queries, Filters and new Dashboards in QRadar (SIEM tool) as per business requirement.  Collect and review security logs and reports of all operational devices.  Analysis of web application attacks and other security events using QRadar (SIEM).  Preparing and sending the Monthly, Weekly & Daily reports to the management and customer.  Responsible for monitoring and analysing real time logs from network devices and identifying attacks at network, application and system level and report those attacks to the higher level management.  Creating Queries, Reports and scheduling report on Qradar.  Tracking, reporting, and controlling the flow of communications from the SOC to other departments.  Daily tracking of inbound events, alerts, and requests submitted from a variety of sources (tickets, email, telephone). Mobile : +91-9920807165; Email: [email protected]; Date of Birth: 9/11/1992;  Periodically review of logs from Security Devices for identification new incident and use cases.  Drill down investigation of security incident by analyzing logs from multiple logs sources which includes but not limited to Web Gateway, Firewalls, Mail Gateway, WAF, End Point Protection (Anti Virus), IPS, IDS, Active Directory, Load Balancer, Operating System.  Configuring, managing and fine tuning of event, flow and common rules.  Evaluating and processing client Adhoc Queries.  Creating Daily, Weekly and Monthly Trend Analysis Reports and sharing with client with proper observation and recommendation action.

Responsible for Administering, Monitoring and Investigation of SIEM & security alerts triggered via SIEM (QRadar).  Responsible for reviewing the existing and creating new Use Cases to detect possible exploits and vulnerabilities in the network. Performing Threat hunting and taking relevant action.  Creating and customizing SIEM Dashboards, preparing regex for day to day event parsing and writing customize DSM for unsupported log source.  Maintaining daily Health checks and Performing log stoppage check activity for all the configured devices on scheduled intervals. Making and managing weekly, monthly and Yearly Reports.  Managing client requirements and meetings and coordinating with respective teams to deliver targeted tasks effectively.  QRadar admin tasks included integrating new log sources, troubleshooting QRadar issues, managing issues with IBM Team, Integrating QRadar Applications with QRadar. Daily job included second level analysis and escalating the threats observed to respective client team and recommend proper action to control the threat.  Analysis of RSA Antiphishing and Anti-fraud feeds. Creating Usecase and process to monitor various feed from RSA.