Education - BE/B.tech/MTech Graduate Certification: CISSP or CISA or PMP certified
Hands-on experience on security operations centre. SIEM monitoring by using near real time correlation devices for effective incident response. Ø
Building Advanced use cases for all event sources to closely monitor all assets in banking environment.
Configuration of UEBA Profiling for Infrastructure users across organization. Ø Involved in Reconstruction of session for Forensic analysis.
Analysis of Bank Threat Hunting across all IT assets and Providing Trend analysis on monthly and quarterly basis.
Preparing reports on daily basis and monthly basis to customer.
Preparation of SOP’s for (Forensic Analysis,Backup,Incident response,BCP, Troubleshooting,)
Providing flexible, around-the-clock (24x7x365) expertise to pre-emptively protect our Clients Infrastructure against known and Emerging Threats through rigorous monitoring of security incidents generated by diverse security devices followed by timely review and assessment of the situation, and possible escalation to the client.
Coordination with support team to define various Use-cases and fine-tune existing correlation rules to reduce false positive tickets and configure the various Log sources/multiple devices, s etting up Dashboard with SIEM and Flex Connector creation for un-supported devices.
Creation of correlation & UEBA use cases in ESA engine w.r.t environment Traffic.
Log Parser creation by mapping raw log and missing meta fields in Log Decoder & concentrator XML files.
Troubleshooting experience on Cisco Stealth Watch Management Console (SMC)
Solution recommendation for vulnerabilities Implementation of patches and secure Configuration of servers Manage security devices
Follow up with concerned departments/vendor on the remediation steps taken
Integration of Cyber Threat intelligence through API.
Typical Years of Experience
8 to 10 years of working experience in SOC/Enterprise
B.E /B.Tech - Regular
Configuration/troubleshooting experience on SIEM Tools (RSA/ArcSight/Qradar)
- Strong experience of SIEM, Firewall, Cyber, ArcSight, LogRhythm, RSA
- Strong security knowledge