Cyber Security Specialist
Schneider Electric
Total years of experience :8 years, 0 Months
Client: Qatar Energy (Government Oil & Gas)
Roles and Responsibilities:
• Helped the customer in seting up OT SOC by defining Procedure, SOC operational activities, SOC Roles and Responsibilities, SOC Monitoring.
• Successfully started a 24x7 security operation centre (SOC) environment for the OT SOC Operations.
• Monitoring and analysing logs for threats from various Industrial appliances in OT using LogRhythm, Microsoft Security Tools (Sentinel, MCAS, M365 defender, Azure AD), EDR and SOAR.
• Incident reporting and management for various OT incidents triggered by OT SIEM tool.
• Excellent understanding of Industrial networking protocols security such as Modbus, DNP3, Profinet, ZigBee, OPC, ICCP, etc.
• Conducted Red Team or Penetration testing exercise to detect and get the logs in SIEM solution which will enable us to create rules based on the MITRE ATT&CK framework to detect and alert.
• Conducting weekly and monthly vulnerability scanning and submiting the reports for mitigation.
• Collaborates on critical IT/OT projects to ensure that security issues are addressed throughout the project life cycle.
• Worked across a variety of security products including firewalls, URL filtering, WAF, switches, router, IDS, servers, and virus protection.
• Works with IT/OT department and members of the security team to identify, select and implement technical controls.
• Efectively coordinating with clients and keeping them informed by preparing performance reports and communicating system status.
• SOAR playbook development, SOP creations for Daily Operational activities, runbook, and KB articles.
• Performs malware analysis, threat hunting and threat modeling activities.
• Email Gateway Analysis: Analysing the Fraudulent/Phishing Emails and blocking the blacklisted domains.
• Assist with the creation, maintenance, and delivery of cyber security awareness training for colleagues.
Designation: Senior Security Analyst
Roles and Responsibilities:
• Monitored for atacks, intrusions and unusual, unauthorized, or illegal activity test and evaluate security products in MDR & MSSP services for multiple industries like Banking, Insurance, and Healthcare, etc.
• Performed data extraction and analysis, utilizing various search queries in ArcSight & Sentinel.
• Provided detailed reporting of the incident to the client with the proper artifact and necessary recommendation.
• Worked on EDR as Sentinel, where expertise in KQL query to identify the threats in huge raw logs and investigate accordingly.
• Schedule the running of vulnerability scans and compliance scan of client environment as well as the creation of scheduled and adhoc reporting in Qualys Guard.
• Oversight of Endpoint Detection and Response (EDR) - overall ownership and maintenance of agents, creation of exception rules, etc.
• Analysed and mitigated malicious files identified in the systems using Cisco AMP
• Managed Varonis alerts which are user behaviour analytics that identifies abnormal behaviour from cyberatacks.
• Monitoring and analysing phisher alerts using various thread feeds.
• Coordinated internal Operations support for compliance activities and ensure compliance with Security standards and SLAs.
• Understanding root causes and work with various service owners to improve the workflow by suggesting remediation based on the findings.
Designation: Threat Analyst (GSOC)
Roles and Responsibilities:
• Log monitoring and Incident analysis for various devices such as Firewalls, IDS, IPS, Windows Servers, webservers etc using ArcSight ESM, ArcSight Logger, RisqVU ADR, MDR.
• Investigate security alerts and provide incident response.
• Manage queries, reports, Filters, Connectors, Active Channels, Rules, and Dashboards in ArcSight for referrer security logs monitoring of multiple clients.
• Perform trend analysis \[daily/monthly basis\] to check for any advanced persistent threats.
• Created rules, filters, Active Channels, Dashboards, Active Lists based on customer requirements.
• Part of the SOC - 24x7 monitoring for Targeted phishing Sites and Brand Monitoring using SIEM Tool ArcSight, Watermark.
• Preparing daily, weekly, and monthly and ad-hoc reports along with their complete analysis.
• Performing ESM arb backup, configuration backup, system table backup and trend backup.
• Reporting malwares and blacklisted link and providing threat advisories of malwares and patch.
• At Paladion Networks serving prestigious customers from banking sectors and telecommunications (ISP provider). Successfully delivered standard and eficient results in all kinds of situations, handling pressure and satisfied demanding customers with all their needs.