Anmol Singh

· Shift lead in the monitoring team and providing L2 support to stakeholders/clients on handling security incidents.

· Performing client engagement and conducting discussions on several threat scenarios, upcoming trends in security.

· Active involvement in threat research around various open- source tools and portals.

· Involved with the content team at client location in investigating and probing False Positives and work with them to whitelist/fine-tune current processes.

· Triaging, reporting for the logs flowing through the event sources and event traffic patterns.

· Mentoring the L1 analysts on monitoring, investigating through the tools available and other operational activities.

· Perform risk assessments on Microsoft Defender for cloud.

· Perform detailed investigation and response to security alerts in Microsoft Security Stack, RSA SA and several High priority security incidents i.e., attacks like DDoS, Data leakage, APT etc.

· Analysis of IOCs and providing end to end investigation on zero-day security incidents.

· Analysis of Spoofed Emails/malicious attachment/malicious URLs.

· Perform threat hunting and creation of detection rules on Sentinel through KQL (Kusto Query Language).

· Create Process and Procedures for Handling High Priority Incidents (Data Leakage, DDoS etc.).

· Troubleshooting in log parsing and log quality checks.

• Working as an Information Analyst Specialist in MSSP Environment
• Handling Multiple Clients for day-to-day SOC Operations
• Responsible for Administration of SIEM Solutions ArcSight, Q Radar
• Also responsible for L2 Operations for multiple clients
• Patch Management for the assets of multiple clients
• Responsible for Vulnerability Scanning for Asia region (9 countries) including Server and workstation
• Generating Vulnerability report and customization of reports and uploading
• Managing health of ArcSight ESM Manager
• Analyzing client ‘s existing network and security setup for Enhancements and Improvements
• Responsible for Change raise under SNOW and BMC Remedy by following proper change management process.

• Working as an Information Analyst Specialist in MSSP Environment
• Handling Multiple Clients for day-to-day SOC Operations
• Responsible for Administration of SIEM Solutions ArcSight, Q Radar
• Also responsible for L2 Operations for multiple clients
• Patch Management for the assets of multiple clients
• Responsible for Vulnerability Scanning for Asia region (9 country) including Server and workstation
• Generating Vulnerability report and customization of reports and uploading
• Managing health of ArcSight ESM Manager, troubleshooting Issues related to SIEM
• Also responsible for L2 Operations of McAfee IPS (Network Security Manager)
• Analyzing client ‘s existing network and security setup for Enhancements and Improvements
• Responsible for Change raise under SNOW and BMC Remedy by following proper change management process