Analyst-SOC, Cyber Defense
News Corp (Formerly NTS).
Total years of experience :2 years, 9 Months
Designation: Analyst-SOC, Cyber Defense
Job Responsibilities:
• Worked in a 24x7 Security Operations Centre Monitored the network using Splunk Cloud SIEM Jira-Soar, Proofpoint, CrowdStrike, Assist with all security-related issues on a first-level basis
• Analysing security incidents in real-time and determining if they are true positives or false positives
• News Corp is a Product based MNC started in 1785, Covering 22 Business unit in across 80 countries.
• Real-time security monitoring, analysis, reporting, and escalation of security events from various log sources is performed.
• Creation of Correlation Alerting (DRE Detection Response Engineering Rules) with global leaders.
• Working on true positive incidents to mitigate the risk and escalating to respective team for further action.
• By escalating security incidents in accordance with the SLA, giving meaningful information about security events through in-depth event payload analysis, and making recommendations for security incident mitigation, to make all the 22 business units secure.
• Work closely with all business units to ensure that they know what and how to feed data into the SIEM
• Good knowledge of Splunk Distributed cluster Architecture
• Working experience in Splunk SPL queries
• Installing Universal forwarders to integrate Windows and Linux devices
• Integrated FortiGate Firewall with Splunk
• Installing Splunk apps and Add-on on the Splunk
• Monitoring Real-time Incidents in Splunk Cloud
• Maintain keen understanding of evolving internet threats to ensure the security of networks.
• Investigate malicious phishing emails, domains, and IPs using CrowdStrike Sandbox, Open Source tools and recommend proper blocking based on analysis.
• Advanced threat detection, investigation and response capabilities including incident data search and investigation alert triage. Suspicious activity validation, threat hunting, and malicious activity detection and containment using CrowdStrike EDR
• Daily Shift Handover
Job Responsibilities:
• Worked in a 24x7 Security Operations Centre Monitored the customer network using and ArcSight and Splunk Enterprise Security SIEM.
• Creating tickets on service now and assigning it to the respective team and taking the follow-up until closer
• Contacting clients directly in the event of high-priority issues and assisting them with the attacks mitigation
• By escalating security incidents in accordance with the clients SLA, giving meaningful information about security events through in-depth event payload analysis, and making recommendations for security incident mitigation, the customer business is made safer and more secure.
• Real-time security monitoring, analysis, reporting, and escalation of security events from various log sources is performed.
• Raising true positive incidents to the respective team for further action
• Co-ordinate with networking teams to maintain and establish communication to remote ArcSight Connectors
• Maintain keen understanding of evolving internet threats to ensure the security of client networks.
• Investigate malicious phishing emails, domains, and IPs using Open-Source tools and recommend proper blocking based on analysis
• Installing ArcSight Connectors
• Up-gradation of ArcSight Connectors
• Integration of new devices with ArcSight such as Windows, Linux, CISCO Firewall, Routers, Switches etc.
• Doing the troubleshooting if any device is not sending the logs to the ArcSight.
• Creation of Splunk and ArcSight content like Correlation Rules, Query, Report, Dashboards etc.
Designation: Intern
Job Responsibilities:
• Monitoring dashboards alerts generated by SIEM, Whatever incident were annotated we have to investigate it.
• Preparing Documentation of alerts, Assist the team lead generating weekly and monthly reports.
• Managing the Log Request if any, Generating logs document and sending to the respective team
• Analysing and identifying the root cause of incidents and follow up with SMEs for incident closure
• Resolving daily task of health check-up and checking reputation of IPs