Lead SOC & IR
Gurutwa Infotech
Total years of experience :16 years, 10 Months
Was responsible to build a Security Operation Center from ground-up. Grew the team from zero to a nine-member team
Defined the entire Project Plan including Resource Plan, Procurement Plan, Deployment Plan, Acceptance Plan, Go- Live Plan
Develop security framework with ISO 27001-2013 as a baseline and NIST 800-53 security standard.
Develop security scope, workflows, KPIs, policies and procedures for various SOC activities.
Define categories of security incidents and associate severities and SLAs for each category.
Participate in security design discussion with various teams (technical and management) and provide advice on how McAfee SIEM can be used effectively.
Assisted with the development, configuration and deployment of security tools as needed.
Develop and provide Information Security Awareness Training and education initiatives to end users and IT staff
Participates in strategic and tactical objective meetings to propose new security solutions to keep in line with the IT security strategy.
Client - State of Indiana | Team Size - 8
• Build the SOC from scratch using McAfee SIEM as main monitoring and analysis tool.
• Work as a focal point for all application/system/infrastructure security related requirements and liaise between different teams including business, technology, audit and compliance.
• Develop security scope, workflows, KPIs, policies and procedures for various SOC activities.
• Define categories of security incidents and associate severities and SLAs for each category.
• Participate in security design discussion with various teams including technology teams and provide advice
• Assist with the development, configuration and deployment of security tools as needed.
• Maintain up-to-date documentation of designs/configurations.
• Hire and train SOC Analysts
• Ensure timeline, scope, quality & resource is managed accordingly with committed deliverables.
• Develop and implement a plan to automate the quarterly IT compliance requirements.
• Build 200+ correlation rules over a period of time to cover broad spectrum of security incidents. Further fine tune those rules to reduce false positives
Clients:
• National Emergency Crisis and Disaster Management Authority - Abu Dhabi, UAE
• Supreme Council for Family Affairs - Doha, Qatar
• Saudi Arabian Monetary Agency - Riyadh, KSA
• Mobily - Riyadh, KSA
• Petrokemya - Al Jubail, KSA
• Royal Jordanian Airlines - Amman, Jordan
• Gulf Bank - Kuwait
• AlAin Municipality Corporation - Al Ain, UAE
• Eskan Bank - Manama, Bahrain
• International Bank of Qatar - Doha, Qatar
• EQUATE Petrochemical - Kuwait
• Meeza (MSSP) - Doha, Kuwait
• Tasweeq - Doha, Qatar
• Abu Dhabi Marine Operating Company - Abu Dhabi, UAE
Part of vendor extended team responsible for interacting with client for architecting, designing and implementing security solutions to customers, supporting various activities that include:
• Provisioning of McAfee SIEM infrastructure and migration of Windows and Linux servers, network devices and various security solutions to McAfee SIEM.
• Configuration of data source using different collection methods like syslog, agent, WMI, CIFS, FTP etc.
• Troubleshoot issues with log sources or systems with vendor, and report system defects.
• Configure backups, verify custom reports, manage log source groups, and validate log sources with client.
• Develop content for SIEM by writing custom parsers, correlation rules, dashboards, reports and alerts.
• Planning the phases of migration to ensure the services quality is not degraded.
• Build and fine tune custom correlation rules which were used to define the security incident alerts with various priorities.
• Generate weekly and monthly reports to show a high level security posture to the upper management.
• Provide on-call and remote support during off-business hours and weekends.
• Training Tier 1 and IRT on SIEM and develop the Knowledge Base on share point for communication, collaboration and knowledge transfer.
• Engage actively with customers and vendors, share and implement Solutions Roadmap, architect for various requirements/standards end to end.
• Be able to identify gaps in existing architecture setup and recommend strategies using a combination of industry-standard security best practices, software controls and other necessary changes to promote a higher level of information security practices.
• Write formal engagement reports, architecture designs, optimization guides and best-practice covering a variety of solutions within portfolio.
• Provide technical expertise through technical and product presentations, product demonstrations, Pilot implementations, beta program administration, consistent communication, and on-going technical consultation
• Participate in conference calls, onsite meetings and roundtables with customers, sales, internal product development and support to gather data, scope new and existing work, evaluate or suggest new product features and assist in resolving existing product issues.
• Recognize and generate potential product and consulting services sales leads when appropriate and necessary.
• Take ownership of the prime technical relationship with customers to drive customer satisfaction by proactively managing and delivering technical information to our customers both onsite, online, and via telephone
• Own and respond to RFP/RFIs
• Prepare HLDs and LLDs for implementation
• Deliver corporate trainings to customers and partners
Product Exposure: SIEM, IPS, Firewall, Email/Web Security, Vulnerability Management, DLP, Anti-virus, Encryption, HIPS, Mobile Security, ePO
• Deploy comprehensive SIEM architecture to support real-time security monitoring operations
• Provide level 2 SIEM support to manage SIEM components, IDS/IPS, parsing/normalization of logs, rule engine, log storage, data sources, log collection and event monitoring
• Creation and fine tuning of event correlation rules.
• Create filter rules in SIEM to reduce false-positive alerts.
• Assist with the design, deployment, and configuration of the firewall infrastructure in adherence with the organizational information security policies, and industry best practices.
• Monitor firewalls and analyze firewall log data
• Document and maintain current firewall infrastructure design documentation.
• Adhere to firewall change management procedures.
• Assist troubleshooting firewall related technical issues
• Deploying brand new sensors (I1400, I3000, I4010, M2850, M8000) and establishing their trust with Network Security Manager (NSM)
• Creating ACL Groups or ACL Rules to block or allow traffic based on IPs, protocols and direction
• Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
• Deploying and configuring EWS in different modes depending on the client’s network infrastructure and requirement.
• Configuring web and email policies based on client’s requirement.
• Integrating the appliance with AD along with Kerberos or LDAP authentication to allow or deny web access to users.
• Install MVM on a single server or distributed architecture based on customer requirements
• Assist clients in network vulnerability testing and security assessments
• Running baseline scan against a machine to set it as a benchmark
• Assisting customers in meeting SOX/FISMA/HIPAA/PCI quarterly scan requirements.
• Integrating MVM with Remedy tool to automatically assign tickets to technicians.
• Escalate necessary issues to Engineering for resolution.
• Training new hires and sales team on SIEM technology and McAfee SIEM
• Handle sales escalations for APAC and EMEA region for SIEM
• Perform hands-on setup, configuration, administration, maintenance, and troubleshooting of McAfee IDS/IPS, and Check Point Firewalls and other security controls to mitigate or minimize risk.
• Implement various security systems dealing with authentication, encryption, high availability, identity management, etc.
• Use various tools to perform security functions as needed - open source, hacking, forensic tools, vulnerability assessment, pen testing, etc.
• Conduct ongoing operational maintenance, such as firewall password resets, operating system (O/S) upgrades, and alignment of IP routing on an as needed basis.
• Provide 24x7 support for web service security infrastructure and participate during security incidents and events to protect company assets
• Assist with and oversee departmental projects and provide technical support for junior team members
• Establish and manage system configuration, diagnostics, and hardening standards
• Document and maintain security standards, guidelines, and procedures
• Build Visio Diagram
• Assist troubleshooting firewall related technical issues
• Major responsibility is to attend the networking related problems and solve the issues at the earliest.
• Configuration and Troubleshooting Cisco Routers and switches
• Daily maintenance and problem resolution, operating system patches and software upgrades, and routine hardware configuration
• Remotely Monitoring, Maintaining and Troubleshooting Corporate Network for a Client
• Configuring, issuing, re-synchronizing software tokens from RSA Ace Server.
• IP Route optimization, route filtering, security by implementing Access-lists.
• Configuration and Troubleshooting of VLAN with 3550 and 2950 Switches.
• Coordination with the NOC Telecom department like BSNL & Reliance for new line/circuit & maintenance of existing lines/circuits
2003 - 2007 Bachelor of Engineering (VTU) | 70.52% DayanandSagar College of Engineering; Bangalore