VALABOJU SANTHOSH

Working in Security Operation Centre (24*7), monitoring of SOC events, Detecting and Preventing the Intrusion attempts. • Real time monitoring of Network Security devices such IPS, Firewall, End point Security, Operating system, and Email security etc. to correlate the logs as per client's requirement and also notifying for log stoppage. • Recognize successful and attempt of cyber intrusions and compromises through log review and analysis of relevant event detail information. 2 • Working on Nexpose for vulnerabilities assessment on servers. • Working on Acunetix for vulnerabilities assessment on Web-Applications. • Development of Reports and Dashboards in Arc Sight & Splunk. • Recognizing attacks based on their signatures. • Performing VA on both Web-applications and servers. • Understanding phases of ArcSight ESM event life cycle and describe the functional processing which occurs during each phase. • Development Testing and Deployment of Flex Connectors to integrate application logs with ArcSight SIEM. • SIEM ArcSight End to End Administration. • Configuration of ArcSight as per best practices and ensuring the tools 100% compliance to Security standards (ISO, PCI etc.) • Upgrade all the SIEM components (ESM, Logger, Connectors, and Console) to the latest version. • Daily SIEM Health check and troubleshooting the issues. • Content creation as per requirement, new threats and proactively developing use cases matching client environment. • In-depth log analysis to create use cases based on anomalies. • In-depth Incident analysis and escalation to concerned team. • Implementation of the new networking, hardware, operating systems and infrastructure applications for ArcSight Platform • Flex development for in house/custom applications/non-standard devices etc. • Automate / perform the configuration backup of ArcSight components (Logger, ESM, etc) • Regularly check & take the logger Event Archives backup to NAS and to TAPE. • Conduct recurring interaction with SOC team to Monitoring Enhancement. • Conduct regular false analysis on the existing content. • Non Complaint Incidents – Raise incident for non-compliant cases observed. • Define monthly/quarterly reports/trends as per internal team requirement. • Develop and enhance security device rules, queries, filters, dashboards, reports, channels, and custom active lists • Run refract packages to collect evidence from the suspicious endpoints