Information Security Monitoring Senior Analyst
CISCO SYSTEMS
Total years of experience :14 years, 0 Months
• Information Security professional with over 7 years of experience .
• Skills include Threat management, Incident handling, Log Analysis, Basic malware forensics, Vulnerabilty Accessment, Client handling, Team management…
• Expertise in Tools SIEM-Arsight & Splunk, Mandiant MIR, Fireeye, Symantec AV, Mcafee IDS/IPS, Sourcefire, WSA-Ironport, Bluecoat
• Team management:
Co-ordinating with HR for hiring of employees managed a team of 5 members -performance evaluation, Reporting to management .Brainstorming, Team meetings assigning task based work etc
• Threat Management:
Analysing the infected systems for the source of infection and RCA, Tools Mandiant for APT MIR, SEPM, Fireeye. Responding on virus outbreaks and network outbreaksSpam mail handling and content filtering on Iron port.Co-ordinating with AV vendors for any FP or New threat detectionGuiding LTS -techincal support teams on Virus issues, training Employees on Information Security Awareness
• IDS/IPS:
HP Tipping point Management and monitoring.Reviewing logs and raising incidents for any abnormal/Malware/outbreak traffic and co-ordinating with system/device owners.
Device management for any faults or outage reaching vendor for any serious issues.
• Symantec Endpoint Protection manager/Symantec DLP:
Creating SEPM Exceptions based on organisational requirements.. Policy management for allowing/blocking any application based on MD5 values.DLP monitoring for any confidential data flowing out of organisation.
• Arcsight SIEM:
Fine tuning of rules.Creating dashboards, Active channels, etc.. based on requirement.
• Client facing:
Creating Monthly/Weekly reports for customer.Handling Client meetings, presentations.Training Employess and team members.
• Tools:
Arcsight, Tipping point, Ironport, Mandiant, Symantec, Fireeye.
• Threat management:
o To research on new viruses/worms and their impact on our network. Co-ordinating with AV vendors for FP, Responding to virus outbreak before it can impact the whole network.Handling Spam incidents and working for remediation.Helping LTS in outbreak situations & doing investigations on reported samples.Taking pro-active actions to stop and contain the malware from spreading.Working with multiple security teams for incident resolution and virus/worm containment.
o Reviewing the virus response documents as and when required.Co-ordinating with Symantec TAM for issues/technical cases regarding Symantec AV Guiding the local teams on virus/worm remediation steps.Working on new threats and tracking out system which is infected from logs available.
• Malware Forensics:
Colletion of logs from infected systems with help of manadiant toolFinding the root cause for any malware infection using Mandiant, Symhelp and Home build tools .Performing Sweeps, Building-running scripts and building IOC’s in Mandiant as- per investigation Needs .
• IDS/IPS:
Planning and Implementing new deployments of IDS/IPS sensors.Reviewing the existing sensor deployments for any issues or faults.Incident handling (IDS/IPS), co-ordinating with Operations Team for proper investigation on incidents and taking them to closure.Keeping the updated repository of document on IDS/IPS inventory/escalation contacts/deployment processes.
• Log Analysis
Working on Arcsight SIEM as a analyst on checking various logs Creating rules
Fine tuning of alerts Creating Reports, Dashboards
MOB:9900621929 Page-2
• Incident Handling, Incident management, Problem Management and Change mangement :
Tier3 Support for all Security incidents and any network outbreaks.Tracking the system in network with available logs like proxy, DHCP, Wi-fi Or with help of network devices .Creting monthly reports of incidents.
Participating in change mamgment cab meeting to represent for changes in IDS/IPS infrastucture
• Audits & Trainings:
Handling external audits
Have trained juniors on Arcsight and information security
• Tools:
Arcsight, Mcafee Intrushield, Ironport, Mandiant MIR, Symantec, Fireeye, Symhelp and other Home build tools
• Experience in Network traffic and log analysis: identifying and classifying attempted compromises to client networks through suspect traffic using ArcSight SIEM. Symantec Endpoint Protection management.Skilled in identification of emerging security threats, intrusion investigations, Vulnerability assessment and troubleshootingInstallation of Arcsight Consoles, connectors.
• Real time log monitoring in the Security Operations Center from different devices such as Firewalls, IDS, IPS and Windows Servers received from the client and segregating and correlating the logs of that devices. Configuring Reports, Dashboards, Notifications and Real time alerts.
• Preparing daily reports, trends, notifications and security advisory for customer devices
• Alert Management of network devices using tool Nagios.Reviewing and Analyzing different security advisories to provide recommendation for latest emerging threat in context of the Client infrastructure
• Patch analysis from different vendors like Microsoft, Cisco and to suggest the one which requires deployment within the infrastructure as per criticality or usage
• SEP server management ( Updation of clients report scheduling…)
• Bluecoat device console monitoring, generating reports
➢ Roles and Responsibilities
• Worked on ArcSight Security monitoring tool in SOC(Security Operation Center)
• Performed real-time monitoring, investigation, analysis, reporting and escalations of security events from multiple sources including events like Network intrusion detection, Host based intrusion detection, Firewall logs (e.g. Checkpoint & Cisco ASA), Proxy Logs, System logs (UNIX & Windows)
• Installation of Arcsight Consoles, connectors.Creating Active Channels, queries, Rules, Data monitors, Filters.Providing logs required to clients as requested with there needs.Monitoring security devices like CISCO ASA, PIX.., JUNIPER NETSCREEN, Windows and Unix Servers.Generating reports, alerts.
• Have been deployed as Onsite Engineer for leading Bank.