SOC/SIEM Practice Leader
3SC World
Total des années d'expérience :19 years, 11 Mois
Responsible for setup and manage the Security Operations Center (SOC) and providing the strategy and direction for the SOC.
Oversee and coordinate the activities of SOC personnel supporting the security of critical production environments.
Manage SOC schedule to ensure appropriate coverage and Implement security assessment and incident response protocols.
Review and update SOC policies and procedures as appropriate.
Identify information security risk within the enterprises and recommending priorities for risk mitigation.
Collaborating with system owners and operators, Information Security Officers, and other security personnel to ensure effective SOC monitoring is implemented for all environments.
Work closely with Incident Response Teams to perform detailed analysis and resolve security incidents.
Act as an escalation point for the Security Analysts in event of a Major Security Incident.
Run a continual service improvement program for the Security Operations Centre (SOC).
Evaluate new or improved technologies, on a regular basis, for the purpose of replacing or upgrading existing SOC tools.
Identify gaps in current monitoring system and drive to fix any gaps.
Provide input to the management on resource planning, cost estimation, budget development and cost control.
Interview, select, coach/mentor team members to cultivate a high-performing team
1. Creating business transformation & process consulting/optimization roadmap while performing business process modeling & analysis.
2. Identifying stakeholders for respective areas and discussing the controls for the areas in scope such as Security Management, Risk Management, Third Party Services, Incident Management Policy, Application Development, Personal Security, Access Control, Physical Security and Operations Management.
3. Designing optimum Enterprise solutions/ packages for business process reengineering and mapping business process as well as identifying financial drivers for media conglomerates.
4. Proposing functional solutions after thorough analysis of business requirements as well as preparing change management roadmap for enterprise transformation activities.
5. Facilitating process improvement targeting enhanced process performance/ efficiency and cost savings through implementation of six sigma methodologies.
6. Providing recommendations and detailed reporting to the respective stake holders.
1. Initiated new ways and techniques to market the program available to the students. Created new clients for the business and sourcing right people for the right job
2. Handling the day-to-day Operation of the business
3. Handled client queries and took necessary step in problem solving
4. Gathered market intelligence, tracked competitor’s activities and provided valuable inputs for fine tuning marketing strategies
5. Involved in Solution and Design Architecture, preparing Bill of Materials (BOM) and budgeting of SIEM solutions with varied SIEM vendor co-ordination
6. Led & Managed 24 / 7 team of security analysts
7. Led a team of competent executives, provided them training, guidance and motivation to make them realize organizational goal
8. Built custom correlation rules, reporting templates, monitoring views and asset mapping configurations as part of SIEM customization and fine tuning
9. Developed strategies for market penetration across various segments, for improvising the business of the organization
10. Conducted periodical team meetings to review past performance and chalk out strategies for further course of action
Wipro, Dubai May 2009-Jul 2012
Senior Engineer-Security Management
Client: One of the Leading Mobile/ISP Company in UAE
• Proactively contributed in information asset identification & classification and performed risk analysis and business impact analysis for bank's critical data center assets
• Developed Flex connector for Various Services like Payphone Integration, ERP Integration, GGCN- IGP, OGC, OGP, WinCash, HLR, DDoS ATIC, W SUS, DNS etc. across various domains and creating rules for the generation Event s/incidents
• Performed risk assessment for the identified threats
• Automated the t ask of updating AV definitions for Virtual Machines
• Regularly conducted technical risk evaluation of hardware, software and installed systems/networks.
• Drove the efforts for installation and maintenance of security infrastructure, including IDS, log management, and security assessment systems
• Designed RAW Log backup in CEF format for the logs received by Arc sight Manager - Backup Scripts to copy RAW Logs to Backup Server
• Automated scripts to automate the process of URL list s that is fed to Blue Coat proxy servers for blocking/unblocking malicious URL's
• Generated weekly and monthly Reports incorporating the top critical events, virus events, domain activity events, firewall user activity reports etc
1. Implemented Arc sight ESM suite with Standard security policies by implementing Arc sight Manager, Arc sight Database (Oracle) and Arc sight Syslog Servers
2. Found Inventory on Arc sight Servers, Checking Arc sight services and troubleshooting the services, creation of Rules, Scenarios for the utilization of logs management etc.
3. Integrated Servers, Network Devices, and Security Devices into the Arc sight ESM and also developing flex agent s for applications, databases etc.
4. Fixed the problems report end for the flex(customized) connectors which does not produce any alerts/events on the system
GIT, India Oct 2007-Dec 2008
Senior Network Engineer
• Consulted for Network Management Software, SIEM Model (Arc sight ESM) - Pre Sales and Post Sales
• Presented product features / USP's (Unique Selling Point) and proposing the best solution - Pre Sales and Post sales.
Clients Worked with: DME (Dubai Mercantile Exchange), Dubai, UAE ● Presidential Palace (DOF), Abu Dhabi, UAE ● Telelogic ICT Services, Bangalore ● MTN Telecom, Damascus, Syria ● Solf Sol, CA
DU Telecom, Dubai Jun 2006-Sept 2007
OSS Operations Engineer