Ankit Kumar

My responsibilities at Synaptics included wide range of tools and technologies with Information Security domain. Some areas of work:

EDR- Crowdstrike

• Crowdstrike Administrator - Deployment and management of crowdstrike EDR from scratch to all corporate machines (Linux/Windows/MAC) for approx. 7000 machines
• Policy creation related to prevention, sensor update, response, USB and local firewall.
• Playbook creation via fusion SOAR.
• Crowdstrike Incident Responder- Worked on security related incidents and played a role of Senior Incident responder in the team
• Troubleshooting agent issues like high CPU, agent crash during installation/uninstallation
• Crowdstrike Identity Specialist - Set up Crowdstrike Identity from scratch from onboarding domain controllers to policy and rules creation. Set up MFA and blocking rules wherever required.
• Compliance

Privilege Access and Identity Management- CyberArk PAM

• Deployment of CyberArk Privileged Cloud for Synaptics privileged users.
• Responsible for deployment and upgrade of PSM and CPCC servers.
• Responsible for creating and maintaining Privilege cloud components like RDP, SSH, web, data bases etc. for privileged session management.
• Windows group policy and server hardening compliance w.r.t. CPCC and PSM servers
• Responsible for privilege accounts discovery and periodic password rotation for privileged accounts.
• Responsible for accounts tiering classification and creating multiple platforms.
• Driving project meetings and leading until completion of project.

SIEM - Exabeam

• Exabeam Cloud and Advanced Analytics administrator responsible for logs integration, parser updates and new parser creation.
• Security and correlation rules creation
• Security analyst for SOC related Exabeam Incidents
• License management and tuning. Trimming logs that do not add any values and at the same time increase our consumption.

PT findings, mitigations and remediation

• Time to time external and internal penetration testing happens with the help of different vendors
• Responsibilities include remediating findings relating to Pentest such as misconfigurations related to Active Directory, unaddressed vulnerabilities to systems and applications.

DLP - Digital Guardian

• Managing policies and DLP violations w.r.t users
• Responding to violations

Email Security - Proofpoint TAP

• Investigating email alerts relating to different threats such as BEC, phishing and malware.
• Responding to email threats

CASB- Bitglass

• Managing and onboarding new policies
• Monitoring logs and rules via Exabeam for policy violations and responding them

Vulnerability Management - Nessus and Crowdstrike

• Running unauthenticated and authenticated scans for new and existing servers/machines with nessus and crowdstrike respectively.
• Coordinating with different teams for remediation

Asset Management - Axonius

• Configuring adapters and creating dashboards for asset management and tracking security compliance

DNS Security - Umbrella

• Working on logs and alerting related to Cisco umbrella

Worked for one of the biggest Investment banking company Goldman Sachs.

Work profile at my role with company included:

1. Email security: Area1 & ProofPoint.

2. Endpoint protection: Microsoft Defender and Crowd strike EDR.

3. SIEM: Splunk and Azure Sentinel

4. Cloud security: AWS, GCP

• Experience in triaging Phishing and Endpoint detections.

• Enterprise Incident Response on the firm Network, Endpoint, cloud and data leakage scenarios

• Worked on developing use-case on Microsoft MTP /Advance Hunting for detecting the successful delivery of threats via email. Used Kusto Query Language(KQL) to query the schemas.
• Created internal Threat Intelligence platform for detecting suspicious email patterns.
• Worked on containing and remediating email threats by purging emails, blocking URLs and tracking the URL clicks(safelink encoded)
• Worked on security incidents from various sources. Using SUMO CSE and Splunk as the SIEM platform.
• Worked on SentinelOne EDR platform to set up policies, queries. Fine-tuned the platform and also completed SentinelOne Incident Response course(By SentinelOne university). Gave training to company resources.
• Worked on regular expressions to develop queries and also to extract required information from the logs.
• Worked on Cloud Security and Compliance for AWS. Used Dome9/Cloud Guard Security(Checkpoint) to track the compliance and work with stakeholders to close the security lapses such as exposed S3 buckets, open ports, exposed keys etc.
• Worked on malware events for AWS servers. Used Trend Micro Deep Security Manager to analyze and detect the threats.
• Worked on Palo Alto XDR and alerts coming from our own on-premises endpoints.
• As a part of the team, i have worked on security tools as Microsoft Azure, Dome9/Cloud Guard Security, SentinelOne, Office365 ATP, , Splunk, SumoCSE, Sumologic, Cloud App Security from MS, Firepower IPS, Cortex XDR and TrendMicro DSM.

• Experience in working on SIEM and a part of Cyber defense team.
• Specialist in email threat hunting activities and managing spam reporting email mailbox and their response, trying to cut the bridge from threat actors on daily basis.
• Involved in development of security use cases on splunk.
• Have worked on managed security services from two different vendors: Symantec and secureworks, thus enabling exposure to wide range of security use cases.
• Have worked on fine-tuning of secure works security incidents for Dell Secureworks MSS.
• Detect, defend and remediate different malware's which tries to invade our network.
• Developed searches to look up integrated VT within splunk to be able to detect and query multiple AVs.
• Thus, removing the dependency to only depend on single EPP vendor for detection.
• Created splunk dashboards for real-time monitoring of security infrastructure, acting promptly to any log delay alarms or devices which are sending logs.
• Proficient in carrying out end to end troubleshooting of log flow.
• Work on incidents created out of splunk notables‐ Newly created account that has joined any administrative group, short lived accounts, unsolicited emails,Data and credential Leak activities, Domain Impersonation,Brand tempering etc Promptly taking action on blocking of malicious URLs on proxy, Whitelisting and blacklisting of file hashes, IP and URL on EDR, creating requests for blocking of malicious senders while taking utmost care that no business is affected(i.e.
• After conducting a full review) Password leakage and submission investigation, mostly from digital shadow.
• Sand-boxing and researching around file hashes Experience in analyzing malware's and conducting basic static and dynamic analysis.
• Experience in Cyber Threat Intelligence and its different frameworks such as Diamond Cyber Kill Chain and MITRE Having basic level of experience on working with DLP(Symantec).
• Experience in working on logs from firewalls and NGFW, ATP,HIPS, NIPS, Cisco Web Security Appliance﴾Proxy Logs﴿, PPSmessage logs, Proofpoint TAP , Active Directory, access combined, IIS, DNS, DHCP, Windows security and application logs, Linux Security logs, Symantec SEPM and ATP, Microsoft Azure Authentication Directory, Azure ActiveDirectory, cisco sourcefire 3D, cloudflare WAF, O365 trace,O365 management logs, Microsoft graph security and others.
• Experience in Working with cyber defense tools such as: Symantec MSS, Secureworks MSS, Symantec EDR, Splunk Enterprise Security, Proofpoint TAP, Proofpoint Threat Response, Threat Connect, Digital Shadow, Netskope,Symantec DLP, and a variety of malware analysis tools and sandboxes.
• Delivering Cyber Security Training to Company resources.

Melbourne, Victoria |October 2019 - December 2019

• Involved in understanding log flow architecture for client.
• Involved in figuring out the efficient way to triage log stoppage reports from different devices such as firewalls, proxy, SEP and others.
• Involved in creating and publishing different splunk dashboards for saving time required for investigating log delay issues and creating an alert out of it, thereby automating most of the manual work efforts.
• This also reduced the downtime to a greater extent for which logs were not reaching MSS where correlation rules exist.
• Dashboards created – To track the flow from log source to Splunk heavy forwarder, track the log flow from splunk heavy forwarder to Symantec Log collector platform and from LCP to final SIEM, created heartbeat dashboard to track if any of security device went down.
• Did daily job of security incident triage and threat hunting.

• Worked as SOC analyst on various security incidents from Symantec MSS and incidents from splunk notables Monitoring dashboards created for security logs activity monitoring.
• Provided DLP support as a part of DLP team and handled incidents related to data loss on Symantec DLP portal Cyber Security mailbox monitoring and investigating around user's security incident.
• Worked of different categories of malware threats and engaging endpoint team to scan and remediate malwares.
• Responsible for managing spam reporting mailbox and investigate emails that are reported by users as malicious/spam.
• Responsible for collecting details from user for stolen laptop to issue poison pill.
• Security device health monitoring through splunk.

• Worked on an e-commerce project where the job was dashboard creation using splunk.
• Developed a sales flow splunk dashboard for showing the live status of more than 300 jobs that were involved in e-commerce end to end cycle.
• Enabled drill-down feature and customized to deep dive to exactly know when and which job had failed.
• Worked in the area of application monitoring usually done via splunk and HP Sitescope.
• Part of incident and event management group thereby supporting big number of applications, responsibility was to quickly determine and escalate if any application was facing any issues.
• Data gathering and application availability reporting.