Cyber Security Lead(Telenor Project)
Tech Mahindra
Total des années d'expérience :20 years, 11 Mois
o Implementation of new Security Tools and upgradation process responsibility.
o Responsible for matrix-managing resources from multiple LOBs and disciplines in order to collectively achieve the goal of the project on time and on budget
o Defining and documenting project scope and resource requirements.
o Setting timelines for deliverables.
o Review of all threats related to perimeter level solutions
o Creation of Information Security blueprint for classification of critical data
o To review and ensure that all assets are integrated with CSOC
o Ensuring 100% compliance of SOC alert closure.
o Review and ensure new rules that are in place to detect new threats.
o Ensure and highlight the Bank’s overall InfoSec Operations posture to CISO.
o Defining and managing priorities against the available capacity of team members.
o Facilitating and leading daily ‘stand up’ meetings.
o Negotiating with internal and external stakeholders.
o Creating a collaborative, innovative and efficient working culture.
o Managing a cross-disciplinary team.
o Upholding morale and team performance in challenging circumstances.
o Encouraging regular iteration on deliverables.
o Ensuring the regular delivery of projects and products in accordance with Agile methodologies.
o Endpoint Security with TrendMicro Apex one approx. 21000 user and Force point DLP.
o Force point DLP for Endpoint security with DC and DR setup.
o SOC in DC and DR setup with Event collector and Flow Collector- IBM Q-radar with 200 uses cases.
o RBI ISC meeting for CSOC and RMCB meeting with Top management.
o RBI security framework policy implementation as an IT Security operation Head.
o Understanding of computer forensics, malware analysis and reverse engineering.
o Experience with various security monitoring and endpoint security tools
o Carbon Black EDR integration policy implementation and Dashboard creation.
o XSOAR playbook, integration with SIEM and automation process.
o Vulnerability and threat analysis experience(Cloud & On-premises)- Qualys, Nessus.
o Working knowledge of cybersecurity principles, techniques and technologies
o Work with the Threat Intelligence, Malware analysis and Incident Response teams to identify threats,
o Tools like DAM, PAM, WAF support.
o More than 120 Group International Company IT Governance & IT Security
o NIST/ISO27001 Guide Line Implementation of all group company.
o Azure Platform WAF and AD security support.
o Azure Security Center with Security policy, Workflow automation,
o Establish service assessment framework based on information security risks
o Azure AFD for web application enable WAF for SQL-injection protection, DDOS Protection
o Establish and manage integrity and confidentiality security measures.
o Build a continuous phishing scenarios and report findings to leadership
o Establish and manage integrity and confidentiality security measures.
o Establish, maintain and continuously evaluate Data classification policies & controls
o Develop, maintain and continuous evaluate company’s IT information Security Policies
o Build a vulnerability management program
o Azure Endpoint Security ( Antimalware extension real-time protection, Schedule Scan, Definition Update)
o Cloud Security with Qualys Vulnerabilities Assessment Process.
o MFA for Azure Active Directory for Secure Cloud Infra.
o McAfee ePO and EDR for Threat detection and Threat overview
o IT security patch update and periodically check and report generate.
o SIEM tools installation and configured for SOC environment
o NetSparkar, Nessus Tools use for Vulnerabilities scan and report generate
o Open source Kali Linux tools for VAPT assessment.
o QRadar EPS management (Event management), Log Source Management, use case management, Report and Dashboard management.
o Integrating new data source with SIEM using wincollect agent, syslog, database, SNMP etc.
o Coordinating and conducting event collection, log management, event management and identity monitoring activity using the QRadar, ArcSight ESM/LogRhythm.
o Research, analyze and understand log sources utilized for purpose of security monitoring, particularly security and networking devices (such as firewalls, routers, anti-virus, proxies, and operating systems.
o Provide real-time guidance to clients on network configuration, security settings and policies, and attack mitigation procedures.
o Creates, develops and fine tuning the correlation rules.
Reporting to Project Director in the organization
Working on:
o Strong understanding of industry trends in all areas of Cyber security
o Implementation of ISO 27001 for Cloud Infrastructure Security.
o Severity Process Status for Information Security with Medium, High or Low.
o Web Application Security Test with NASSUS Tools and Vulnerable Scanner
o MacAfee SIEM Tools for Security Alert, Incident Responds Process.
o Analyzing network/computer threats and mitigates vulnerabilities while limiting operational impact
o Working knowledge of file formats such as PE, doc, pdf, msi etc.
o Conduct advanced computer and network tests relating to various forms of malware analysis, computer intrusion, theft of information, denial of service, multi-national organized criminal groups, and Advanced Persistent Threats (APT)
o Create, Modify, and Update Security Information Event Management (SIEM) Tools.
o Malware analysis, reverse engineering, Brut Force attack analysis
o Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program
o Endpoint Detection and Response McAfee/Trend Micro
o Development, fine-tuning, and implementation of threat detection analytics
o Follow Implementation Guideline for Web Application Change.
o Capacity Management for Cloud Base Server and Application run.
o intrusion-detection, IDS/IPS, DLP, vulnerability-scanning, Web gateway, proxy appliances and antivirus tools
o LogRhythm SIEM security platform
o Threat Hunting with Firewall (NGF, WAF).
o Network Security, Network Hardware Configuration, Network Protocols, Networking Standards, Supervision, Conceptual Skills, Decision Making, Informing Others, Functional and Technical Skills, , Information Security
o Deep Understanding of Risk Management Framework
o Experience With Intrusion Prevention Systems
o Familiar with Security Regulations and Standards
o Install Firewall and Data Encryption Programs
o Maintain Security Records of Monitoring and Incident Response Activities
o Provide Timely and Relevant Security Reports
Mixed Windows/Linux, Database and Virtualized and Physical Server environments.
•Chippers, SSLv2, SSLv3, AAA security Implemented in Trusted Zone
•Symantec Endpoint Protection Manager 14 support for End User.
•Very good understanding of security incidents, networking and common protocols
•Work with security team to perform tests and uncover network vulnerabilities.
•Fix detected vulnerabilities to maintain a high-security standard
•Internet access from LAN/WAN security protection filter, policy creation, log checking, 100d, 110c, 40c, 60c devices installation and configuration. Maintain for all Internet users and load balance IP Sec, SSL vpn.
•Endpoint Detection and Response McAfee
•Microsoft Azure ERP server implementation and security setup.
•Microsoft Windows Server 2008 Active Directory implement IT policy to Secure LAN
•Hardware Firewall (forty Gate 100D, 110C, 40c, 60c) maintain for all Internet users and load balance IP Sec, SSl
•Fire Wall Daily Basic Monitoring for Log & Report. Monitor Forward Traffic, Local Traffic, Security Log
•Monitor IPSec /SSL-VPN Check Web Filter
•Followed procedures, change management best practices, ensured network availability and maintenance of disaster recovery stance
•Understand Application Security service and tooling needs and gather technical requirements
•Manage the implementation and configuration of patch assurance tooling.
•Strong Technical Background in Data Loss Prevention
•Trend Micro and MacAfee admin Server configuration setup for windows server security from outside attack.
•Ensured that IT systems, applications, and communication equipment within the organization were managed and maintained in accordance with documented processes, procedures, guidelines, and instructions
•Supported and monitored the existing infrastructure, supervised preventative maintenance and backup as well as performed other regular support activities to ensure effectiveness
•Managed the successful installation of storage services and onsite assignments for Nass clients across industries with Firewall Security
o Maintained network and systems by managing product and capability roadmaps, establishing maintenance
o Endpoint protection McAfee Anti-virus scan
o Installation, Configuration MacAfee Anti-Virus SBI Bank user
o Domain Controller - User Create, Join Group, Setup server 2000
o Installation of OS - PC & Server windows 98, windows xp
o Payroll Software, Attendance Software - Install Setup, Backup Process.
o Daily Basis Check all user scan report. Patches update.
o Opened and updated Request for Action (RFA) problems
MCA
Graduation - Full Time