it analyst
Tata Consultancy Services - Other locations
مجموع سنوات الخبرة :11 years, 8 أشهر
Managing Arcsight SIEM administration activities, analysing security alerts, creating usecases, escalating required security threats to various teams. Analysing the security incident by correlating logs from various security tools such as mail gateway, NIPS, AV solutions, EDR solutions, IPS, Firewall etc.
• Administration, Monitoring and analysis of security incidents using Logrhythm to identify false and true positives and take necessary mitigation steps.
• Interacting with client team for setting up required steps to manage vulnerabilities and malware threats.
• Responsible for determining new security threat vectors and make recommendations whether they need to be turned on for alerting.
• Real time endpoint threat monitoring and analysis using carbon black.
• Management of various security tools such as IPS/IDS, EDR, Antivirus, Proxy etc.
• Monitor and recommend improvements based on events or incidents of apparent security breaches in areas including networks, applications, databases, systems and endpoints.
• Correlate the events and implement rules for security incident notification.
• Integration of log sources and system monitor agents and creating/modifying parsers.
• Creating and providing various reports as per customer requirement.
• Recommend new use cases to the customer and implement them post approval.
• Handling incident management process via LANDesk Ticketing Tool.
• On contract for Tech Mahindra PVT Ltd
• Design, implementation and management of McAfee and HP Arcsight Security Information Event Management (SIEM).
• Vulnerability Management using Rapid Nexpose.
• Handling cyber security incidents.
• Interacting with government SOC team for setting up required steps to manage vulnerabilities and malware threats.
• Manage and monitor antivirus servers and solutions such as McAfee, TrendMicro and Symantec.
• Responsible for determining the security policies, review all new vendor-released updates (signatures) and make recommendations whether they need to be turned on for alerting.
• Responsible for handling Security Incidents and perform packet and log analysis for investigation.
• Monitor and recommend improvements based on events or incidents of apparent security breaches
in areas including networks, applications, databases, systems, and endpoints.
• Correlate the events and implement rules for security incident notification.
• Integration of various devices/applications like Firewalls, IDS/IPS, Vulnerability Manager, Antivirus, VPNs and Windows/Linux OS etc. with SIEM module.
• Creating and providing various reports as per customer requirement.
• Troubleshooting issues by logging in to bridge/conference calls along with various teams including customers and their IT Teams.
• Creation of new rules and updating patches for reducing false positive traffic and preventing newly reported virus/malware threats.
• Proactively working on the virus alerts and taking precautions for the remediation.
• Handling change management process via HPSM.
Symantec Policy management, client installation and troubleshooting, definition updates management and Malware threat detection/management.
Symantec server management and upgradation.
Ensuring compliance of Symantec definition updates for audit purposes.
Packaging and deployment of software using SCCM.
Windows patch management using WSUS.
Vulnerability Assessment using Nessus Web Service.
DLP Management.
Windows server management.
Networks, Firewalls, servers, storages and Data centre infrastructure and facilities monitoring using various monitoring tools such as Solarwinds, Microsoft SCOM and IBM System Director.
Network, Firewall and security systems management.
Load balancing with technical support teams and server health monitoring using VisualCron Client.
Interacting with the clients and vendors and initiating calls between various teams during the process of server upgrade/migration.
Corporate IT Governance- Incident, Problem and Change management, SLM.
Print server management, troubleshooting and reporting using Print Manager Plus.
Admin activities at account operator level in active directory 2008.
Managing Users/Groups, Computers A/C & OU in Active Directory.
Configuring and Troubleshooting of Desktop/Laptop and assigning to the specified project VLAN.
IT Service Management (ITSM) and Incident Management based on ITIL best practices.
First level Support for FIM tool and Right Management Suite (RMS).
SFTP Account Creation/Troubleshooting using Globalscape SFTP.
Backup and Team Folder creation and management from a Helpdesk perspective.
Blackberry administration and Airwatch configuration and troubleshooting.
Managing and providing admin level access to users based on requirement using Viewfinity.
Mailbox creation/Configuration/Troubleshooting (Outlook 2010/2013).
Microsoft Lync, Office365 Suite and Cisco Jabber Installation/Troubleshooting.
Troubleshooting of software’s, VPN clients, connectivity issues of internet and intranet services.
Utilization related (regular/ad-hoc) daily, weekly and monthly reports, Prepare/update Knowledge base document.
Windows OS Installation, Software Troubleshooting, LAN Configuration and troubleshooting, Asset Management, User management.