Senior Information Security Consultant
National Commercial Bank
مجموع سنوات الخبرة :11 years, 1 أشهر
Security Operation Centre Shift Lead:
- Developing and managing communications to key stakeholders throughout the incident life-cycle
- Managing shift service levels, adherence to processes and work flow
- Determining the severity of alarms and alerts from critical devices and take appropriate action that includes escalation and managing first responders.
- Development and execution of Standard Operating Procedures and Event Handlers as required for successful completion of all tasks within the SOC
- Working with the Incident Response team to help create RCA's for events escalated to incident levels
- Ensure compliance to Internal SLA's, adherence to processes and improvisation to achieve operational objectives
- Conduct ad hoc, daily, weekly, and monthly security briefs and reporting to management
- Handling Critical Security Incidents escalated by L1 analysts/reported from Splunk, Symantec MSS, FireEye, Archer
- Administration of multiple security devices
- Triage Analysis using Mandiant Redline/FireEye HX and also performing Malware Analysis
- Conducting Vulnerability Management in the environment
- Spam/Phishing email analysis reported by End-users/Security devices
- Performing Incident Response Activity for Security Incidents
- Providing trainings for L1 & L2 analysts/new recruit.
Splunk Administrator & Content Developer
- Administration of Splunk Indexer Cluster and Search Head Cluster.
- Creation of Correlation rules with multiple log sources based on specific threats/ SOC
requirement.
- Splunk Custom regex creation and field extraction.
- Splunk Custom Addon & App development for log sources.
Creation of alerts, dashboards, reports and other knowledge objects in Splunk.
- Optimization of Splunk Knowledge objects for enhanced performance.
- Performing backup and restore process for Splunk
- Fine-tuning and whitelisting of Splunk UseCase/Correlation Searches for enhancing NCB
monitoring capability
- Creation of SOC workflow used by L1/L2 analysts for performing investigations.
Incident Analysis & Response:
• Experience in working with global client in Real Time Incident management & Log Analysis.
• Experience in Splunk SIEM tool for incident management.
• Implementation of Splunk SIEM tool in multiple platforms like Linux, Windows.
• Creation of rules, alerts & dashboards in Splunk SIEM.
• Optimizing, managing and monitoring real time events from the devices like Firewall, Web Proxy, Antivirus, Servers, DC’s etc. using Splunk.
• Preparation of daily shift reports to the global client.
• Knowledge of Splunk implementation in clustered setup.
• Expertise in using Enterprise Security on Splunk Enterprise Edition.
• Expertise in Administration, Policies/Rule Creation and Alert Management using Fidelis XPS IPS/IDS/DLP appliance.
• Handling of Lancope Stealthwatch FlowCollector for netflow analysis.
• Network Packet analysis and Investigation with RSA Security Analytics
• Experience in ServiceNow Ticketing tool.
Threat Intelligence & Malware Analysis
• Initialized the Threat Intelligence service line incorporating Malware Analysis and Memory Forensics.
• Created work flow and process for Malware Analysis and Threat Intelligence project
• Implemented Malware Analysis lab with a wide variety of toolset.
• Expertise in using tools for Malware Analysis like Debuggers, Disassemblers, and Memory Forensic tools.
• Carried out research on threats based on malware families and variants.
• Analyzed multiple malware samples and prepared RCA reports on different sophisticated malwares.
• Expertise in both static and dynamic malware analysis.
• Carried out memory forensics using Volatility framework.
• Implementation and testing of multiple Automated Malware Analysis systems like Cuckoo Sandbox, ThreatAnalyzer.
• Created number of research papers on latest security incidents and terminologies.
• Implemented a Social Media Monitoring system for fetching latest information security news and threats.
DEGREE UNIVERSITY / COLLEGE YEAR OF PASSING PERCENTAGE B-Tech (Computer Science & Engineer
Higher Secondary Education in Computer Science