Assistant Vice President (AVP)
Deutsche Bank
Total years of experience :16 years, 10 Months
16 Nov 2015 - Present
Profile: AVP - Cyber Threat Analytics
TECHNICAL: SIEM specialist - ArcSight/Splunk
Responsibilities:
• Lead the SIEM content Migration project ArcSight to Splunk ES for security operations.
• Develop threat-driven use cases to detect cyber threats on detection platforms e.g. Splunk, NIDS etc. that would be monitored and handled by SOC.
• Use Splunk platform for Threat Analysis, detection rule onboarding and alert investigation.
• Manage Cisco umbrella to detect and stop DNS based attacks on a network while maintaining DNS integrity.
• Threat discovery to identify relevant indicators of compromise(IOCs) and searching environment to determine if impacted.
• Provide analytical support to teams across on incident investigations.
• Hunting of unknown threats through analytical processing while operational support is provided in detection of threat with known indicators of compromise
• Data integration and aggregation leverage analytical tools to automate threat detection workflows.
• Proactive use case development with new data sources to enable threat detection on multiple threat surfaces.
• Timely detection of cyber threats that have evolved into potential incidents through the use of specific environmental and contextual data and external intelligence.
• Work closely with SOC /Threat Intel/Malware teams & drive the IOC management program.
• Fine tuning false positives to reduce noise an enhance monitoring for SOC.
• Alert investigation activities based on an initial suspicion of a cyber-attack may be a request from soc/malware/forensics team to assist in an ongoing incident investigation
Target Corporation 16 JAN 2012 - Currently working
Responsibilities
• Responsible for implementing Global ISMS across Target.
• Gain management support, define ISMS Scope, BIA, Risk methodology, Risk Assessment, SOA
• Report to Enterprise Information Security Officer (EISO)
• Consulting & Implementation of ISO27001/27002 ISMS
• Leader in Business Management, IT infrastructure & Information Security, Governance & Risk Management, Business Continuity & Disaster recovery, Strategic Policy Formulation, Implementation & Maintenance.
• Extensive exposure to Core Security consulting, Vulnerability Assessment, Surveillance audits, Law & Regulatory Compliance Consulting, Security Advisor, CERT, Project & People Management & regulatory requirements of ISO27002, PCI DSS
• Develop & implement Risk Assessment Framework, Policy Management Framework (as per ISO27001 standard) and Information Security Governance Framework
• Evaluate various emerging technology, operational threats, control weakness and suggest suitable remedy to safeguard Organization information assets and systems from them
• Develop, implement and enhance security baselines for the Operating systems, Databases, Network devices, patch management process etc
• Proactive decision maker & results oriented, Business Management Professional, Review new business proposals, consulting & Implementation. Proven Project and People Management skills coupled with professional competencies.
• Educate users and customers periodically about the latest security threats and countermeasure and relevant security practices.
• Identify controls, risk management methodologies & implementation
Affiliated Computer Services Inc. (ACS) 24 Jun 2010 -6 Jan 2012
Profile: Information Security Analyst
Responsibilities
• Conducting client IT systems security assessments and reviews for compliance with established security standards, policies, procedures and guidelines
• Conduct management review meetings, interviews with business heads to identify critical business functions & dependencies.
• Implementing management reporting and metrics for security compliance.
• Implement Data privacy technology, whole disk encryptions, emails encryptions, date in transit to prevent data leakage.
• Strong understanding of security mechanisms, experience in the determination of security vulnerabilities, weaknesses, threats and related risks that exists within an IT Infrastructure or business processes
• Strong understanding of security mechanisms, experience in the determination of security vulnerabilities, weaknesses, threats and related risks that exists within an IT Infrastructure or business processes.
• Conduct road shows & Information Security awareness program.
• Work closely with the Incident Response coordinator(s), Information Security Management, the Investigations/Forensics team, as well as many other IT and application teams to form a cohesive monitoring and response function
• Created Incident response & crisis management (IRCM), which was utilized to respond to several security breaches within our infrastructure.
• Designing security policy, procedures, security architecture & technical standards & documentations
• Disaster recovery planning/Business continuity testing and execution as well as manage the definition and implementation of new hardware and software requirements to meet contractual requirements
WIPRO TECHNOLOGIES 18 Sept 2006 - 22 Jun 2010
Profile: Global Security Operations Centre (SOC): as Sr. Project Engineer in the Enterprise Security Services vertical.
Global Information Assurance (GIA)
Worked for one of the major US retail giant as a Senior Security Analyst for their GIA team. Highly skilled in Managed Security services and Part of the Global Information Assurance team that supported the audits for 2 successful PCI DSS audit for North America's #1 specialty retailer (a Fortune 100 company)
Technologies worked on: ➢ Security Events and Incidents Management (SEIM)
➢ File Integrity Management (FIM)
➢ Host based Intrusion Detection and Prevention Systems (HIDS / HIPS)
➢ Network based Intrusion Detection and Prevention Systems (NIDS / NIPS)
➢ Enterprise Vulnerability Management.
➢ Firewall Compliance Auditing
➢ Log Analysis
Associated Products
➢ SEIM - ArcSight 3.5, 4.0 and 4.5
➢ NIDS/ NIPS - Sourcefire 4.9 Snort based, ISS Site Protector.
➢ HIDS - Symantec Critical System Protection 5.2& Trend Micro's Deep Security 6.0
➢ FIM - Tripwire 7.1
➢ Vulnerability Management - QualysGuard 6.2.
Job Responsibilities: Arcsight Console/ Admin Activities
• Integration of new log sources with SIEM Solution
• Define rules, customized and scheduled reports as per requirements
• Fine tune SIEM Solution to reduce false alerts, improve the performance etc.
• Ensuring health of SIEM Solution Devices & Conducting periodic maintenance activities.
• Database performance monitoring
• Troubleshoot common connector issues & issues specific to connector types
• Manage Arcsight Logger & infrastructure specific issues.
• Maintaining list of devices / servers managed by SIEM solution on regular basis and publishing reports on monthly basis
• Administration of Arcsight Loggers such as factory resetting of Arcsight Logger Appliances, rebuilding Arcsight Loggers (Partitioning, creating new Storage Groups and Storage Volumes)
• Customized and scheduled reports as per requirements.
Network & Host Intrusion Detection System
• Network Intrusion Monitoring using IDS/IPS -Sourcefire / ISS Site protector also.
• Host Intrusion monitoring using Deep Security (SCSP as well)
• Configuration of Sourcefire Policies/Rules & fine tuning of signatures to avoid false positives in the N/W intrusion detection system for the client.
• Analyzing Security alerts like virus activity, network security events, application compliance, asset monitoring & Firewall alerts.
• Threat Analysis (Virus, Worm, and Vulnerabilities), Checking latest Threats and Risks related for the day, including technical details & giving awareness to the team.
• Understanding current vulnerabilities, threats and countermeasures
• Respond to security events by initiating and coordinating emergency actions to protect company and its clients
Sept 2005 - Sept 2006
Slash Support Pvt Ltd as Application Engineer
Role and Responsibilities: Description: The project involves in Enterprise Network Support Services.
• Nortel's enterprise server technical support and troubleshooting OTM Products Network systems maintenance.
• Diagnose and resolve software application and network issues with customers and partners
• Troubleshoot IP related connectivity issues related to L2/L3Provide level technical support for client networks.
• Provides input during client strategic planning as required as part of technical expertise.
• Experience in working in a remote service delivery environment, providing technical support and assistance to customers across the globe
• Interfaced with Hardware/software engineers to provide permanent solutions to recurring issues.
• Maintain expert level industry/technical knowledge base and facilitates/maintains industry relationships.
• Streamlined successful integration of networks and systems.
• Train IT contacts within Company to resolve basic IT issues.
.
• Master of Computer Application: Manipal University of Health Medical & Technological Sciences - 2005
• Bachelor of Computer Science: Madras University - 2002
• XII th: Ideal Indian School -Doha Qatar
• Xth: Ideal Indian School -Doha Qatar