Abhilasha Bhardwaj

· Managing and coached a team (24 members) of security analysts/IR, fostering collaboration and enhancing team performance in 24/7 SOC environment.

· Worked on Cyber security use-case requirement gathering, perform large scale data analysis and develop effective statistical and machine learning models for improving cyber security capabilities.

· Expertise in security tools such as SOAR, NIDS/NIPS, HIDS/HIPS, SIEM.

· Led strategic initiatives to drive key business KPIs and deliver actionable insights for program improvements.

· Spearheaded engineering requirements to enhance security posture through automation solutions.

· Identified and implemented automation opportunities to boost operational efficiency.

· Managed cross-company partnerships to deliver comprehensive fixes for systemic issues.

· Provided supervision for employees, technical analysis, and monitoring functions to ensure effective detection support.

· Ensured precision in alerting, triage speed, and response efficiency through continuous improvement strategies.

· Accountable for operational performance, including SLA management, metric development, and escalation handling.

· Led the design and implementation of data-driven security models, enhancing threat detection capabilities by 30%.

· Spearheaded detection engineering initiatives, developing custom detection rules that reduced false positives by 25%.

· Conducted proactive threat hunting activities, identifying and mitigating advanced persistent threats (APTs) before they impacted operations.

· Led security architecture reviews for new and existing systems, identifying potential vulnerabilities and ensuring compliance with industry security standards and frameworks.

· Utilized static and dynamic analysis tools to identify critical vulnerabilities in source code, and recommended remediation strategies to minimize risk.

· Proven leadership, strategic thinking, and problem-solving capabilities.

· Effective communicator, skilled at engaging with engineers, executive management, and customers.

· Performed penetration testing on web applications, networks, and infrastructure to identify exploitable security gaps, simulating real-world cyberattacks to assess the effectiveness of existing security measures.

· Managed incident response efforts, coordinating cross-functional teams to resolve security incidents and minimize downtime.

· Conducted vulnerability assessments, identifying potential weaknesses, and worked with stakeholders to prioritize and address security findings.

· Implemented risk management frameworks, aligning security practices with organizational risk tolerance and compliance requirements.

· Led end-to-end SIEM implementation projects, integrating various data sources and optimizing alerting mechanisms.

· Performed comprehensive data analysis to identify trends, inform security strategies, and support decision-making.

· Operate, Build Advance detections in SIEM.

· Develop models for implementation and automation and queries in Devo/Splunk.

· Experience with GitHub for query modelling.

· Managing team and training the interns with the ongoing regression models and implementation.

· Interface with other internal and external clients regarding security policy, security controls failure and incident response situations.

· Hands-on in leading and performing development work during production cycle.

· Good understanding of statistical and machine learning model and familiarity with enterprise network and systems.

· Led the team in the development and enforcement of security policies and procedures.

· Collaborated with IT teams to implement security controls and ensure compliance with industry standards.

· Provided training and awareness programs to staff on security best practices.

· Technical expertise on SPLUNK & RSA Netwitness and E2E deployment & integration.

· Incident Response management, Process documents development & improvement.

· Experience in Malware analysis, Threat hunting & Forensics.

· Developing, simulating latest Use-cases along with improvements in the old scenarios and keeping up the framework as per the latest cyber trends.

· Develop dashboards on IR capabilities, identify gaps in process and high-end analysis.

· Experience in Performance testing and engineering hands-on on the SIEM tool.

· Work with system engineering team to improve security processes and procedures.

· Improve security efficiency and streamline/automate work processes while working collaboratively with other team members.

· Strong expertise and knowledge of software testing life cycle, Agile and software testing process.

· Skilled in SIEM, Endpoint, Network intrusion and detection.

· Manage product performance and co-ordinate with team for smooth releases.

· Management of a group of people and provide hands-on trainings to team.

· Provide feedback to engineering teams for modification of tools and improvements

• Worked in 24*7 SOC environment with SIEM Splunk and QRADAR to analysis of security logs to ensure each incident is properly identified, updated and assigned to the correct Investigations Tier.

• Worked on AWS cloud platform to setup jump servers and instances creations.

• Worked with SOC documents preparations.

• Worked on AWS, Sumo Logic.

• Worked with use case (correlation rules, reports, alerts, dashboard) development.

• Worked with Resilient, CA ticketing tool

• Worked on analysis of alerts based on Fire Eye threat intelligence feeds  Worked on Investigation of Symantec DLP alerts.

• Experience in creating and implementing plans to streamline delivery of Security Compliance deliverables in adherence to company Information security policies.

• Worked with Investigation on spam/phishing emails.

• Worked on troubleshooting and event management for different SIEM components in Security.

• Worked with device integration to SIEM.

• Creating Daily, Monthly reports and Ad-hoc reports of various devices for different clients.

• Providing basic training on SIEM components and Information Security/SOC to new recruits.

• Worked with technical and process document creation in SOC.

● Worked with multiple SIEM tools to monitor alerts and system log files to ensure each incident is properly identified, updated and assigned to the correct Investigations Tier.

● Worked on troubleshooting and event management for different SIEM components in Security.

● Worked with device onboarding to SIEM.

● Worked with team management in 24*7 SOC environment.

● Worked on use case development, Dashboard, Filters, Reports, Queries etc. to track incidents.

● Creating Daily, Monthly reports and Ad-hoc reports of various devices for different clients.

● Helping SOC team in issues regarding monitoring alerts and system log files to ensure each incident is properly identified, updated and assigned to the correct Investigations Tier.

● Worked with automation of reports, Dashboard, rule creation and rule review process.

● Troubleshooting issues arising in SOC.

● Performing daily health check and other administration tasks for SIEM and related components.

● Worked with technical and process document creation in SOC.

● Worked with Indus Guard portal for Web Application Security including malware monitoring and vulnerability assessment.

● Discussed cyber security issues with management and assist in the drafting and editing of information security policies, standards, and processes.

● Drafted technical manuals, installation manuals, installation progress updates, and incident response plans to enhance system security documentation; create required system compliance reports and information requests