information security engineer
Providence Global Center
Total years of experience :10 years, 4 Months
Working as Lead Engineer - Incident Response
Triaging of Alerts & Analysis
Create Play books for Incidents
Manage Deployment & Integration of SIEM tools.
Lead the Team in 3 shifts to SOC daily activities.
Create reports for alerts and document for stakeholders calls.
Alert fine tuning to reduce the false positives.
Email Analysis for Phishing.
Malware Analysis using Sandbox.
XSOAR platform to automate the ticket assignments.
Document for Monthly Business Review on Alerts escalations.
Leads a CIRT team with diverse skill sets across areas such as Security
Operations Center (SOC), Forensics, and other applicable technical Subject
Matter Expert (SME)
- Managing all aspects of an Incident Response engagement to include
incident validation, monitoring, containment, log analysis, system forensic
analysis, and reporting.
- Co-leads project scoping calls to accurately collect information from the
client concerning the incident and security threats.
- Responsible for capturing all client's expectations and objectives throughout
the engagement to ensure successful engagement delivery.
- Organize and maintain an inventory of requests sent to the client to include
at a minimum public IP range, requested information (including systems for collection), collected logs, systems Skadi or full systems, and any other
requested made of the client.
- Works directly with the client and other team members to preserve and
collect artifacts for forensic analysis.
- Engage in communication with the TA for recovery of decryption keys or
manages the ransomware specialist team,
- Co-manages the restoration team with the client for recovery of systems,
data collection and Endpoint Deployment.
- Closely monitor the SOC alerts on SentinelOne & Client facing SIEM tool. Do
triage level analysis, Remediation actions and Mitigations steps.
- Deployment of All tier SIEM tools as per the Architecture, create custom
Parsers.
- Data Collection & Log Streaming for the SIEM.
- Collect the artifacts for Foresnic Investigations related to the incident based
on Phishing Email/BEC and Malware Incident.
- Endpoint review, log analysis & relate the alert w.r.t to MITRE ATT&CK
framework.
- Relate the incident as per TTP's & other relevant threat information.
- Comfortable working in various Operating Systems.
Monitoring, analyzing and taking appropriate action against Security
Alerts/Incidents triggered by SIEM Solution
- Associate Lead responsible for SOC daily operations and provide L3 support.
- Sharing progress reports with management for critical and high incidents.
- Implementing use cases, creating rules, SOPs as per client's requirement and
security standards in SIEM.
- Engaging other teams to block the IOCs.
- Documenting work logs for all 5 CSIRP phases
- Log source management, administration, ensures SIEM functionality and
availability.
- Mentoring team technically in terms of process development, handling,
training.
- Event sources log reviewing regularly & log validation exercise as per
developed standards and guideline.
- Performing Admin activity on SIEM solution such as adding log sources,
creating use cases, monitoring SIEM performance & Troubleshooting
- Regular interaction with associated customer to update regarding security
issues being noted in the customer infrastructure and provide them daily,
weekly and monthly reports
- Creating, updating and implementing process for all security incidents in
SOC
- Conduct employee awareness campaigns, best practices that can be
followed, provide awareness against latest social engineering techniques
- Co-ordinate with CERT team on incident remediation
- Restrict malicious IOCs at all security tools which are reported for involvement
in malicious activities.
- DDOS, DOS & OWASP related attacks and appropriate actions during
incidents.
- Conduct overall incident response procedure including in-depth forensic
examination.
- Review existing security alerts on client environment and fine-tune as per the
industries best practice. Setup test environment and test alerts before
implement on production SIEM solution
- Responding to Security incidents with due diligence/care and identifying the
root cause for the incidents and fixing the flaws.
- Generating Reports from Vulnerability management solution for any reported
CVEs and following up with teams to patch those vulnerabilities.
Tools
LogRhythm, Cloud App Security, O365 Security & Compliance, TrendMicro,
Zscaler Proxy, Cisco StealthWatch, Azure Portal, Kibana, Active Directory for
IAM, ServiceNow, SentinelOne
Wavecrest Payment Technology Gateway, Hyderabad, Telangana
- Monitor the security of critical systems (e.g., e-mail servers, database servers,
web servers, etc.) and changes to highly sensitive computer security controls
to ensure appropriate system administrative actions, investigate and report on
noted irregularities
- Analyzed security incidents and presented a Daily, Monthly and Ad-hoc
report to the CISO
- Basic configurations in firewall like permit and deny traffic based on user-
defined policies, blacklisting IP, taking backup etc. - Basic configurations in
web sense, like assigning policy, blocking the website, allow/deny the user
from different websites, backup etc.
- Basic configuration in Iron port (e-mail gateway) like blacklisting spam email
ID, checking quarantine mails, message tracking etc.
- Creation of security documentation and Operation Management, and
created Standard Operating Procedures (SOP) for the team
- Performed security incident detection, detailed investigation of incidents
and managing Service Level Agreements (SLA) for real time alerting.