Akhilesh Singh Rathore

BAU activities:

• Developed and maintained incident response protocols to mitigate damage and liability during security breaches.
• Continuously checking PII data, use logins and file permissions to monitor data safety and end-user efficiency.
• In charge of designing, building, transformation, transition, and running managed Security Operations Center (SOC) with all its components: People, Processes, and Technology.
• Lead investigations and response teams to assist in containing and remediating incidents.
• Cross-Functional team co-ordination, Communication, and reporting.
• Weekly Reporting on KPI and technical data, trending metrics.
• Responsible for Post Incident reviews and Preparation of Reports, Dashboards, and documentation.
• Ensure Compliance to SLA, Process adherence and process improvisation.
• Reviewed violations of computer security procedures and developed mitigation plans.
• Developed plans to safeguard computer files against modification, destruction or disclosure.
• Monitored use of data files and regulated access to protect secure information.
• Recommend improvements in security systems and procedures.
• Designed, installed and configured email encryption gateways with data loss prevention.
• Monitored computer virus reports to determine when to update virus protection systems.

• Improved operations through consistent hard work and dedication.
• Participated in continuous improvement by generating suggestions, engaging in problem-solving activities to support teamwork.

• Monitoring threat occurring in network and acting against them. Working in CSIRT team in 24*7 monitoring environment.
• Leading a SIRT & Engineering team by performing L3 analysis of SIEM alerts monitored by team members for Saxo Bank (Complete Europe, APAC Region & Australia) and Japan Based Bank Clients.
• Maintaining and improving standard operating procedures and processes along with quality checks.
• Monitoring all security alerts – Review the alerts and handle them as per the process. This involves working with different groups and ensuring that all the alerts are closed in a timely manner.
• Maintaining and improving/ tuning security events along with the Technology team
• Investigating, analyzing, and remediating Security Incidents via Elastic SIEM & Microsoft Security Solutions.
• Basic knowledge of Solar winds, Kibana required for troubleshooting the security events.
• Analysis of malicious attacks, Security incidents, vulnerabilities, Fraud Detection.
• Ability to determine false positives and effectively communicate security issues
• Responsible for Handling and mitigating attacks related to Malware, Viruses, Spoofing, Phishing, Whaling, Vishing, Spam, Brand Abuse and Email Monitoring.
• Familiar with emerging security threats, malware & their attack vectors.
• Follow MITRE ATT&CK & Cyber Kill Chain Model to detect and react to Security Incidents
• Forensics analysis via Wireshark & Redline
• Worked on Risk Alignment with use cases based on Cyber Kill Chain & MITRE ATT&CK.
• Creating Queries, Reports and Basic Rules (Testing environment) in Elastic.
• Creating Monthly RISK Reports, Quality Audit Report & Threat Intel Reports.
• Trend Analysis of security events.
• Provide forensic analysis of network packet captures, DNS, proxy, malware, host-based security and application logs, as well as logs from various types of security sensors.
• Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting-edge security technologies.
• Creating Hunting rules based on TTPs for new malware and Threat actors.

• Analyzed network traffic from IDS/IPS/DLP events, packet capture, and Firewall, Proxy logs from various SIEM tools (Qradar & LogRhythm)
• Worked on FireEye HX (Host Based) and NX (Network Based) and McAfee EPO orchestrator for malware, trojans, worm’s infections on the computers in FIS network.
• Worked on Carbon Black’s Bit9(Application whitelisting tool) Consoles for tracking the malicious files on network using SHA256 and MD5 checksum hashes.
• Worked closely with SIEM Engineering team and providing inputs for creating new security alarms as per the organization risk assessment and fine tuning of existing alarms based on the logs investigation in LogRhythm, QRadar SIEM Consoles.
• Raised security incidents and change requests CR with firewall and network team to block suspicious and malicious IP addressed on the network.
• Met the SLA with highest level of accuracy and quality benchmarks.
• Worked on IBM ISS site-protector appliance for organization.
• Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.
• General SIEM monitoring, analysis, content development, and maintenance.
• Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts
• Compile detailed investigation and analysis reports for internal SOC use and delivery to management
• Analyze malicious campaigns and evaluate effectiveness of security technologies.
• Anti-virus software-McAfee
• Email Gateway-Proofpoint, Fortinet
• IPS/IDS- IBM Proventia ISS, McAfee IPS
• Firewalls and content filtering-Cisco, Juniper, Checkpoint, Palo Alto, Fortigate
• Proxy-Bluecoat
• Whitelisting Technology-Carbon Black’s Bit9
• SIEM administrator- LogRhythm, ArcSight, Qradar, RSA Security Analytics
• Endpoint monitoring Technologies-FireEye HX, FireEye AX, McAfee, Bit9

Tech Support for Sprint Telecom Provider United States