Supervising Associate - Cyber Threat Intelligence (CTI)
Ey - India
Total years of experience :12 years, 6 Months
Track, collect and analyse Advanced Persistent Threat (APTs) and other cyber-criminal
activity observed in-the-wild.
Use both OSINT and other paid sources to discover threat data, identify new tactics,
techniques and procedures (TTPs) and methods employed by threat actors and coming up with
possible new detection rules.
Static & Dynamic analysis of malicious documents and files using various tools & sandboxes
to understand its behaviour and disseminate potential indicators of compromise (IOCs).
Monitor Deep/Dark web forums (manually and with the help of proprietary technology) to find
threat actor(s) chatters containing client data and malware signatures.
Track top exploited vulnerabilities in-the-wild and see if the company has any exposure and
possibly provide recommendations.
Perform Intrusion Analysis using various Structured Analytic Techniques including Diamond
Model, Cyber-Kill Chain and identify/create activity clusters.
Discover, gather and evaluate threat data from multiple OSINT sources.
Maintain an understanding of the overall threat landscape (cyber, malware, botnets, phishing,
DDoS). Collect, analyse, store, and disseminate (IOCs) and its enrichment.
Regularly develop and produce written threat intelligence reports.
Provide support to the Security Incident Response Team and SOC in the effective detection,
analysis, and containment of attacks, as well as researching potential IOCs and linking to
intelligence.
Strong understanding of security fundamentals, of cyber threat landscape, of current state of
attack (TTP) - from amateur to (APT) and how to conduct successful intelligence collection
and mapping with existing analytical models (E.g. MITRE ATT&CK).
Working in a In-House SOC environment. Perform real-time monitoring, security incident handling, investigation, analysis, reporting and escalations of security events from multiple log sources.
Handling IPS/IDS alerts that are purely based on Cyber Kill Chain Model.
Real Time Packet analysis from different Security devices such as - SourceFire, Cisco ASA, BlueCoat Proxy, Tanium, ExaBeam, Varonis, Forescout.
Monitoring and Analysis of user's sessions via ExaBeam (UBA) as part of the Insider Threat Program.
Analyse possible Phishing e-mails to find bad actors, Embedded malicious URL's, Header analysis via PhishMe and ProofPoint.
Responsible to do 3rd Party Information Security Assessments for all Vendors and Contractors. Ensure all are NIST, IS0 27001 compliant.
Managing Security Monitoring Team-Noida. Monitoring Splunk Enterprise security ES 4.5.1 & Arcsight 6.8c
Managing & installation of Arcsight ESM 6.8c, console, applying filters, active channel's, notifications, reports, Dashboards, Data monitors etc.
Configuration of new smart connectors and it's troubleshooting. Conducting logger searches for any suspicious outbound traffic.
Importing malicious IP & domains list from FS-ISAC to Arcsight blacklist active list for threat Intelligence. Doing manual vetting process via VirusTotal & urlVoid.
Preparing Quality Artefacts for CMMI Internal audit.
Identifying Typosquatting domains with MarkMonitor feeds. Monitoring & escalating Symantec DLP incidents.
Organization: Raqmiyat LLC
Duration: (Aug. 2012 till present)
Designation: Network Administrator
Roles: • Network Implementation, design & placing quotations.
• Cisco device configurations, solution-provider.
• Data Center design and implementation.
• Handling different vendors and ISP's.
• Connecting multiple sites together with HQ with BGP & OSPF.
• Creating Vlan design and Implementation.
• Configuring Wireless architecture, using Wireless Controller 5500 & Access Points.
• Configuring the Cisco Call Manager CUCM 8.6 with Voice Gateway, Unity, Mobility.
• Configuring Security devices like Cisco ASA & Palo-Alto Firewalls.
Organization: STICKMAN CONSULTING - Bangalore
Duration: (Nov 2011 till May 2012)
Designation: Associate Network Security Specialist
Roles: • Responsible for Network/Network Security implementation on company offices in India and Sydney.
• Creating a Reliable Network design & implementation of Network devices with Cisco 2600, Cisco ASA 5510, Linux Router using Shorewall firewall configuration. Creating Firewall change management procedures, Incident Management procedures, Password Policy Document.
• Implementation & Monitoring NIDS.
• Setting-up Virtual computing environment with-in branch offices using a Virtualization Vendor like
N-computing.
• Creating & managing Virtual machines using VmWare Esxi for our different product development processes.
• Keeping the Network design & infrastructure in compliance with the PCI standards, Cloud-computing requirements with all necessary security requirements.
• Scheduling Vulnerability/Penetration test scans on Internal/ External Networks to check for possible network vulnerabilities.
• Accessing a Organizations Network for making them compliant with PCI payment gateway standards.
• Periodic upgradation of Network devices against network vulnerabilities.
Organization: Royal Bank of Scotland Groups
Duration: (Aug. 2010 till Feb. 2011)
Designation: FMS Engineer - Telecom & Networks, Security, Projects
Roles: • Design & Implementations of Telecom Networks with Cisco Routers, Switches.
• Design and implementation of VLAN's, LAN Port Security, L3 Switches and Routing includes OSPF, EIGRP, BGP. Configuration of Cisco Routers 3600, 2600, 2800, 1800.
• Voice setup Cisco Unified IP phones 7975G, 7965G, 7942G, IP Phones 7911G, 7916, Conference station 7937G, PRIs, BRIs.
• Installation & configuration of ASA Firewalls both State full Fail over & LAN based fail over.
• Cisco TACACS+ Implementation on Windows Platform, Installation of ASA 5510, FIREWALL MODULE, IDSM MODULE, at Datacenter.
• Enabling VPN on ASA 5510 Appliance.
• Monitoring / Bringing ISP's to the datacenter through redundant paths, WAN Network connectivity using leased lines on Cisco products.
• Large Scale monitoring for IDS Management, Signature updates, Custom signatures.
• Coordinating with UK team for escalations, attending weekly con-call meetings.
Telecom & Networks Design
Project 1: RBS Business Service Pvt Ltd, Delhi IT Park, Shastri Park, New Delhi- 2800 Users -Long term
CCIE Security Theory -Certified (Cisco Certified Internetwork Expert -Theory)
MCSE (Microsoft certified Professional) Windows Server 2008, Enterprise Administrator
Organization: TNS Networking Solutions Pvt. Ltd.
Duration: (Nov.2009 to Aug.2010)
Designation: Network/System Administrator
Roles:
• Designed and deployed networks as per the company requirement.
• Handled different tasks such as network address assignment, assignment of routing protocols etc.
• Handled network infrastructure devices and equipment.
• Created documents on network architecture, its design criteria, performance metrics, etc.
• Troubleshooting network connectivity issues.
URL removed due to policy violation. Please contact support for further information.