Azar Sithick

• Monitored 24×7 security events and offenses in IBM QRadar SIEM to detect, analyze,
and respond to potential cyber threats and intrusion attempts.
• Performed real-time security monitoring and alert triage, identifying false positives and
escalating confirmed security incidents in a high-volume SOC environment.
• Investigated security incidents using IBM QRadar SIEM and F5 Web Application Firewall
(WAF) including suspicious traffic, web attacks, and anomalous user activity.
• Conducted log analysis across multiple log sources including network devices, security
appliances, and application logs to identify suspicious activity and policy violations.
• Investigated alerts related to malware infections, brute-force attacks, suspicious IP
activity, TOR traffic, and abnormal authentication behavior.
• Performed proactive threat hunting for SSH brute-force attacks, unauthorized login
attempts, and suspicious authentication patterns.
• Analyzed TOR port traffic, IPS alerts, and HTTP logs to detect anonymized
communications, intrusion attempts, and malicious web activity beyond standard SIEM
alerts.
• Enriched security alerts using threat intelligence platforms including IBM X-Force
Exchange, Virus Total, and other IOC validation tools.
• Managed security incident lifecycle through ITSM ticketing systems ensuring proper
documentation, tracking, and resolution within defined SLAs.
• Performed initial and secondary-level incident analysis, escalating confirmed threats to
senior SOC teams for deeper investigation and remediation.
• Prepared incident reports and Root Cause Analysis (RCA) documentation to support
security operations and stakeholder communication.
• Supported SIEM administration activities including log source onboarding, event parsing
validation, and log flow monitoring.
• Conducted daily SIEM health checks including EPS monitoring, log ingestion validation,
and device connectivity verification.
• Generated daily, weekly, and monthly SOC reports using Excel and PowerPoint to
identify security trends and recurring threats.
• Collaborated with internal security and infrastructure teams to support incident
containment, mitigation, and recovery actions.
• Created knowledge transfer (KT) documentation and SOC playbooks to support training
and onboarding of new analysts.

• Investigation and analyzation of SIEM logs for any suspicious events from the network.
• Managed and maintained the DNIF SIEM platform, including configuring data sources,
developing custom queries, and creating dashboards for threat detection and incident
response.
• Monitored network traffic using Darktraces AI-based security solution, identifying
anomalous behavior, and responding to potential threats in real-time.
• Working with McAfee DLP, email policy management, USB access control, reporting,
dashboard creation, and agent package deployment and fine-tune alerts.
• Working with Shadow map tools to fix web application vulnerabilities and exploit
issues. Monitoring data leaks and leaked credentials, mitigate risks to ensure a secure
network infrastructure.

• Investigation and analyzation of SIEM logs for any suspicious events from the network.
• Search for IPS, email, Web or application control logs to identify and mitigate intrusion
attempts.
• Monitoring the inbound and outbound traffic from the firewall and co-relating the
events with other security tools.
• worked on Forescout non-coreporate, wannacry, and monitoring is still being updated.
• Worked on Mcafee Epo, Symantec configuration, and troubleshooting.
• Worked on Symantec AV installation, uninstallation, troubleshooting, keeping the client
system up-to-date, and monitoring suspicious activities in the client network.
• Actively monitor for new CVEs and update the document as needed.
• Knowledge sharing sessions with the team members whenever complex incident issues
are raised.

• Internet service provider (ISP).
• Responsible for configuring & troubleshooting internet issues from the clients.
• Ticket handling & fix the issues on high priority.
• Responsible for maintaining the network & troubleshooting the network related issues.