Ajay Sonawane

• Leading a SOC team of five associates in Abu Dhabi.
• Security monitoring and analysis of Tech Mahindra Corporate and Client network.
• Monitoring and reviewing tickets created by L1 and L2.
• Collaborated with SOC analysts and threat hunters to validate and refine existing use cases based on incident feedback and evolving threats.
• Performed periodic rule audits and tuning exercises to ensure relevance and effectiveness of detection logic in tools like Splunk, QRadar, Sentinel, arcsight
• real-time monitoring, investigation, analysis, reporting, and escalations of security events from multiple log sources.
• Ensuring appropriate criticality is assigned to events and working closely with Information IS Managers.
• Adherence to documented security incident policies and procedures, along with the creation of Sops.
• Acted as the single point of contact during critical incidents, ensuring timely communication between technical teams, stakeholders, and executive leadership.
• Conducted root cause analysis (RCA) and post-incident reviews (PIRs) to identify issues and implement preventive measures.
• Maintained and improved incident management processes aligned with ITIL best practices, increasing incident resolution efficiency.
• Collaborated with cross-functional teams including operations, development, and support to resolve complex system outages and service disruptions.
• Monitored incident trends and generated reports for senior management to drive service improvements and reduce recurring incidents.
• Led the response and coordination of cyber security incidents, including malware infections, phishing attacks, data breaches, and insider threats.
• Acted as the primary point of contact for all security incidents, ensuring timely communication between technical teams, stakeholders, and executive leadership.
• Conducted forensic analysis and collaborated with IT, and other business teams to investigate root causes and impact.
• Developed and maintained incident response playbooks, processes, and escalation procedures.
• Monitored security alerts and threat intelligence feeds to proactively detect and respond to potential threats.
• Supported compliance and audit activities by maintaining detailed incident documentation and metrics.
• Driving Incident response enhancement by Providing training and tabletop exercises to increase incident readiness across technical and non-technical teams.

• Executed real-time monitoring and analysis of ZS Corporate Network security events.
• Led comprehensive incident response for cybersecurity threats, including malware, phishing, and DDoS attacks.
• Served as primary contact for managing security incidents, ensuring swift detection and containment.
• Collaborated with cross-functional teams to effectively triage and manage security incidents.
• Oversaw security event monitoring utilizing SIEM tools, including Splunk and QRadar.
• Developed incident response playbooks aligned with NIST and MITRE ATT&CK frameworks.
• Conducted post-incident reviews to improve detection and response capabilities.
• Generated executive reports to convey trends, metrics, and risk posture.

• Managing a team of eight L1 analysts as acting shift lead, reviewing tickets and incidents closed and escalated by L1, and providing timely feedback on their performance.
• Leading the onboarding of new devices with the SIEM tool Qradar.
• Coordinating with the SOC manager to escalate security issues to other business units, including solutions development, customer hosting, and corporate IT.
• Collaborating with business units to prioritize vulnerability remediation and execute planned activities.

• Supporting the ISOC 24/7/365 through shift rotations.
• Leading efforts to enhance rule sets and optimize tools to automate reporting and reduce false positives.
• Assisting the SOC manager with dashboards and business reporting.

Monitored customer networks 24/7 in SOC to detect security breaches.

Tracked events for suspicious activity across multiple systems.

Reviewed NIDS, network firewall, SCSP, and web application firewall logs.

Responded to security alerts by analyzing incidents and escalating as necessary.

Created incident tickets in USM for critical issues; assigned to regional IT team.

Communicated with regional contacts via email, including USM incident details.

Collaborated with on-call escalation teams to resolve incidents efficiently.

Provided production support and coordinated with teams to stabilize applications.

Monitoring of Idera Session Monitoring.

Review of weekly & monthly alert reports that have to send to customer.

• Provided first-level support for server-related issues, including login problems, access requests, and basic connectivity troubleshooting.
• Monitored server performance and uptime using tools like Nagios, PRTG, or SolarWinds, escalating alerts to L2/L3 teams when needed.
• Handled routine maintenance tasks such as user account creation, password resets, and permissions management in Active Directory.
• Logged and tracked incidents in ticketing systems (e.g., ServiceNow, Remedy) ensuring timely response within SLA.
• Performed health checks and supported patching schedules by coordinating with senior teams.
• Maintained accurate documentation of issues, resolutions, and processes for knowledge sharing.

• Managed high-volume inbound technical support calls for Virgin Media customers, addressing wired and wireless network issues.
• Diagnosed connectivity problems, including router configuration, signal loss, and DNS issues.
• Guided customers through troubleshooting steps for modems and home networking devices to achieve first-call resolution.
• Escalated unresolved issues to Tier 2 support while documenting all interactions in CRM systems.
• Delivered clear communication to non-technical users, ensuring satisfaction and effective issue resolution.
• Educated customers on Wi-Fi optimization and secure network practices for enhanced performance.