Ashok Kumar
Hyderabad
Summary
Knowledgeable IT security professional with 6 years of experience designing and implementing security solutions in high-availability environments. Skilled in Security Information and Event Management, Microsoft Defender for Endpoints, Forti EDR, and Armis Security for IT/OT devices and Cyber Threat Detection and SIEM tools such as Forti, Arc Sight, Splunk, and Qradar and adept at delivering strong risk management practices.
Overview
6
6
years of professional experience
Work History
Cyber Security Analyst
Woodbridge
10.2021 - Current
ArmisS/IDS alerts by using Cisco Meraki
Monitoring Web traffic and network traffic by using tools Forti analyzer and PRTG network monitor
Responsible to find new vulnerabilities and patching management
Experience in PAM and cyber arc.
Developed and implemented security policies and procedures to protect the company's assets from unauthorized access.
Security Analyst
Cyber Information systems pvt ltd.
05.2018 - 10.2021
- Project Involves 24/7
- 365 Security Real Time Event Monitoring, Analysis, Triage Incident Alerting and Report using Different tools like ArcSight, Splunk
- Responsible in analyzing the user reported phishing emails and Proof point TAP reported phishing email and taking necessary action by checking the links/mail content and performing header analysis
- Perform AV scans in the user workstations to remove/clear any malware/virus from the machine
- Had a very good experience in the phishing email analysis and checking the consequences of the phishing emails by correlating the events using different devices and taking necessary actions
- Experience in hunting for adversaries and identifying the TTP's of threat actors and mapping them against MITRE ATT&CK framework
- Created reports and templates for daily, weekly and monthly report
- Responsible for sharing Weekly/Monthly incident analysis report
- Monitoring external threats and alert respective teams regarding Intrusions or Suspicious Activity and taking follow-ups until closures
- Real-Time Monitoring, Investigation, Analysis, Reporting and Escalations of Security Events from multiple log sources
- Reviewing and correlation of Security Events, performing root cause analysis, and escalation and Investigation of Security Incidents
- All the incident handling, Request handling is completed within the adhered SLA timings
- Received recognition and appreciation from the client, for being vigilant and reporting the vulnerabilities and driving them till the remediation
- Finding the root cause analysis of the incident, handling the incident and following up till the case is closed with proper RCA
- Created new playbooks for detection of the new alerts or incidents in Confluence
- Analyzing logs to detect any False Positive/False Negative issues
- Checking logger and connector status and rectifying if issues occur
- Basic knowledge on creating Dashboards
- Creating Active channels in ArcSight for Monitoring Critical end devices
- Modifying and creating rules
- Part of Weekly/Monthly report preparation and review with Customer
- Preparing Knowledge Repositories, SOP and reaction plans
- Tracking of all the security incidents right from monitoring to appropriate closures from all support
- Performing Realtime analysis of logs from different devices and carrying out a trend analysis with historical data and events to predict and identify any potential threats
- Involved in SOC Operations such as real time security event and log monitoring, log analysis, (Filter, dashboards, reports, rules)
- Monitoring IronPort email gateway, releasing the business email and taking appropriate action on data leakage cases or non-business email
- Monitoring the health of the tool and preparing a daily health report
- Escalation and coordination with the other domains for unresolved incidents
- Health Checkup, Incident follow up and closure.
Skills
- Knowledge on Proof point TAP and TRAP
- experience on TCP/IP, DNS and DHCP
- experience on Malware Analysis
- Threat Hunting and Security frameworks (ATT&CK MITRE Framework)
- SIEM experience on Forti SIEM and ArcSight, Splunk and log analysis using Arc Sight
- Experience on Microsoft defender endpoints, Microsoft defender for Identity, defender for cloud app security, and compliance, Forti EDR
- Experience in Armis Security for IT/OT devices
- Experience in handling IDS alerts in cisco Meraki alerts and Fortigate firewalls
- Experience in analyzing web traffic in forti analyzer and forti manager
- Experience in Cloud flare emails security
- Experience in Patch management
- Incident Response
Academics
AVR and SVR College, Nandyal, The nandyal Junior College, Nandyal, DePaul School, Atmakur
Tool Skill Set
• EDR: Microsoft defender for Endpoints and Forti EDR.
• Ticketing tool: ServiceNow
• Cloud technology: Azure, Security center, Sentinel
• SIEM: Forti SIEM, Arc sight, Q radar.
• VM: Armis
• Firewalls: FortiGate, cisco Meraki
Timeline
Cyber Security Analyst
Woodbridge
10.2021 - Current
Security Analyst
Cyber Information systems pvt ltd.
05.2018 - 10.2021
Similar Profiles
Justin AllenJustin Allen
Tutor Volunteering at WoodbridgeTutor Volunteering at Woodbridge
Carlos SanchezCarlos Sanchez
Tech Support Specialist at WoodbridgeTech Support Specialist at Woodbridge
Carlos SanchezCarlos Sanchez
Tech Support Specialist at WoodbridgeTech Support Specialist at Woodbridge
Dannard Waller JrDannard Waller Jr
Warehouse Packer at WoodbridgeWarehouse Packer at Woodbridge
PETLA VENKATA DHATRI VISWANADHPETLA VENKATA DHATRI VISWANADH
Mechanical Engineering Intern at JDK DronesMechanical Engineering Intern at JDK Drones