Yogesh babu

Hands on experience in installation and configuration of DLP suite in order to meet the needs of large, small and medium sized enterprises. Experience in generating Daily, Weekly & Monthly Reports from Splunk, Qradar and Sourcefire IPS. Familiar with Networking Concepts. Good communication, problem solving skills and the ability to acquire new skills in a timely manner. Experience and knowledge in AWS- Cloud Practitioner level. Run threat monitoring/hunting activities across a large environment with distributed providers, log sources, and assets. Leverage Threat Intelligence (TI)tools and techniques to hunt for threats. Participate in SOC and Threat Intelligence efforts by providing secure software analysis to determine threat impact and risk. Provide technical assistance to owners of the impacted systems and applications to remediate and mitigate vulnerabilities. Web Application Penetration Testing, targeting applications to detect and exploit common vulnerabilities such as the OWASP top 10. Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools. Knowledge in Threat hunting using TTP’s. Good knowledge in networking concepts including OSI layers, subnet, TCP/IP ports, DNS, DHCP. Knowledge in McAfee DLP – Endpoint, Email. Knowledge in Email analysis using Proofpoint. Creating policies, Analysing, Monitoring, Preventing in Endpoint using McAfee endpoint & Endgame and Crowdstrike EDR. Intrusion analysis investigation and Administration using IPS McAfee. Analysing & Identifying Host Based Indicators, Network Based Indicators. Creating policies, Analyzing, Monitoring, Preventing in Endpoint using Microsoft Defender, Crowd strike. Basic knowledge in Malware Analysis using Sysinternal tools. Knowledge in Vulnerability Management using Nessus and Qualys Guard. Real time monitoring for Network security components and devices such as Firewall, Routers, System Application, Windows devices, Web servers.

Experience in Information Security with emphasis on security operations, incident management, intrusion detection, and security event analysis through Splunk, Qradar SIEMs. Experience in Monitoring & Investigating the incoming Events in the Splunk, Qradar and Crowdstrike & Sentinel one. Cloud Security AWS- Shield, inspector, WAF, Guard Duty, AWS KMS, Cloud trial, Cloud Watch and Trust Advisory. Integrated automated security testing tools into CI/CD pipelines, such as OWASP ZAP and Nessus, to identify and address security vulnerabilities early in the development process. Knowledge on security controls using tools like Terraform and AWS Security Groups, ensuring secure and compliant cloud environments. Knowledge on Cloud Native Solutions using Dome9, Laceworks. Experience in Incident response and DFIR . Analyze malware for functionality as well as extraction of indicators that can be used as detection methods Work with other teams to leverage extracted IOCs and IOAs to enhance security posture of the organization Hunt for and identify threat actors tools, tactics and behaviors Good understanding of log formats of various devices such as Websense, Vulnerability Management Products, IDS/IPS, Firewalls, Routers, Switches, OS, DB Servers, and Antivirus. Good knowledge in Firewall and analyzing traffic, updating Signature sets, call-back detectors on weekly basis in IPS. Knowledge in Azure Sentinel Log Analytics.