Lead Security Analyst
Netsurion Technologies
مجموع سنوات الخبرة :11 years, 5 أشهر
- Handle escalated tickets and Perform deep-dive incident analysis
- Handle EventTracker EDR on client environment and Deep Instinct EDR
- Integrating compliance devices with Splunk and EventTracker on frequent basis.
- Working with device administrators to configure the devices to enable/send the logs
- Maintain and improve the SIEM services to identify emerging threats and meet regulatory compliance.
- Monitor and report Vulnerability Assessment scans running on client environment using SAINT
- Conducting Monthly and weekly client review calls using advanced visualization tools like PowerBI and Report Builder.
- Monitoring SIEM logs, Firewall logs, Active Directory log, IDS and IPS logs.
- Creating and working with IOC and dashboards.
- Knowledge of tools like snort, Saint, Excel, Power BI, Dax Studio, Report Builder and Freshdesk as a ticketing tool.
- Analyzing alerts using Splunk Enterprise Security and EventTracker.
- Assisting the clients and Security Analysts with product and security related issues.
- Continuous monitoring, analyze security alerts and event information for all approved security feeds to include investigation of incidents using system logs, event correlation between IDS/IPS, firewall and other means of detection.
- To monitor the Status & connectivity of 3000+ Devices with SIEM.
- Handle escalated tickets and Perform deep-dive incident analysis
- Integrating compliance devices with Splunk on frequent basis.
- Working with device administrators to configure the devices to enable/send the logs
- Design and develop innovative methods of automatic event processing to satisfy compliance and operational requirements.
- Maintain and improve the SIEM services to identify emerging threats and meet regulatory compliance.
- Assessing the SIEM, Log Baselines implemented and the SOC Procedures, for finding the gaps.
- Conducting workshops to discuss Use cases and Log baselines with Clients
- Monitoring SIEM logs, Firewall logs, Active Directory logs
- Creating and working with IOC dashboards.
- Knowledge of Process Explorer and Carbon Black
- Analyzing alerts using Splunk Enterprise Security and Qradar
- Malware Analysis
- Email Phishing Analysis
•