BHARGAV CHOWDARI 9740247890

• Provide 24/7 security event monitoring analysis, triage incident alerting and report using SIEM tool and other security tools.
• Monitor security applications for potential threats, identify possible solutions, and work with different teams for remediation.
• Administrating various incidents/security alerts triggered in the SIEM tool.
• Working on CERT Advisories, to take proper action hence mitigating to risk.
• Identifying Critical Zero-day vulnerability and tracking accordingly with the Support team for Patch upgrade or work around for fixing the flaws.
• working on Deep drive Diamond model on Threat intelligence .
• Identifying the vulnerability flaws and we will fix remediation to coordinate with VAPT Team
• working on CERT Advisories , and proactively we will recommend fixing the patch.
• Monitoring alerts related to Brand risk, cyber reporting , credential monitoring , Dark web forums ,Vulnerability affecting tech stack ,Domain abuse , Inskit noted related to industry , Potential Typo squatting etc. all aspects we are handling the alerts .
• Adding Domains , IP's on Watchlist in Threat intel platform (Recorded Future )
• Deep Level of Phishing mails investigation.
• Performing Real-Time Monitoring, Investigation, Analysis, Reporting, and Escalation of Security Events from multiple log sources.
• Conduct thorough investigative actions based on security events and remediate as dedicated by standard operating procedures .
• Monitoring data movement through DLP solution and take actions wherever required.
• Participate in all the phases of security incident response process, including detection, containment, eradication, and post-incident reporting.
• Hands on experience of analyzing email security threats and security controls, phishing, spam emails including investigation on email headers, attachments and URL’s and taking appropriate action to block the URL, IP at Proxy, and Firewall and to block sender, domain in email gateway tool Proofpoint and O365.
• Design, develop and create correlation rules within the Security Information and Event Management SIEM platform.
• Handling CrowdStrike endpoint Detections & Exposure Management alerts and proactively to triaging Advanced event search for timeline Analysis .
• Handling SIEM Tools (Splunk ,Azure sentinel )for triaging the alerts on this platform.
• Handling Azure alerts and enhancing to triage the KQL query for deep drive investigations.
• Handling Microsoft Cloud APP security Alerts and Handling on Microsoft 365 Defender Alerts .
• Support security incident response processes in the event of a security breach by providing incident reporting.

§ Reviewing, analyzing, and responding to security events triggered through the security

§ Monitoring systems according to internal security procedures for cyber events.

§ Performing Incident Management Level and find out alerts end-end life cycle

§ Working on cloud app security alerts

§ Working on 0365 alerts

§ Working on security exception requests.

§ Monitoring azure alerts.

§ Working on service Desk tool for creating tickets &generating reports.

● Reviewing, analyzing, and responding to security events triggered through the security
● Monitoring systems according to internal security procedures for cyber events.
● Investigating phishing Mails.
● Understanding of TCP/IP networking fundamentals: ports, protocols, and infrastructure
● Details along with knowledge of the cyber threats, exploits, and vulnerabilities.
● Providing proactive feedback to senior personnel and management as required.
● Handling of Security Incidents to ensure they are resolved on time.
● Events/Logs Analysis, Monitoring, Investigation (SIEM - Log rhythm).
● Threat Hunting on the basis of Events/Logs received at SIEM.
● Analyzing malicious Phishing emails.
● Critical Incident Handling.
● Suggestions for Fine tuning of existing use-cases for SIEM alerts detecting and preventing cyber- attacks.
● Informing of log sources/devices that are in error state and not receiving logs Log rhythm end.
● Monitoring of SOC Mailbox for all the issues related to SIEM and Incident Handling.
● Coaching, guiding the newly joined resources.
● 24x7 on-call support during incidents where required.
● A strong understanding of cybersecurity concepts.
● security monitoring tools (intrusion detection prevention systems IDS/IPS
● Firewalls & Log Analysis, SIEM, Network Behavior Analysis tools, Antivirus, and Network
● Working on supporting teams with (cyber-Ark, EDR, SEP)
● Monitoring threats using various threat intelligence tools integrated with Log Rhythm.
● Strong analytical and troubleshooting skills.
● Incident Handling, follow-ups & Closure for escalated incidents. Track New Threats and Vulnerabilities
● Creating SOPs, processes documentation, support, and efficiency
● Intrusion Analysis, Incident Analysis & Validation, Incident recommendation.
● Preparing Monthly Schedule –L reports and weekly Reports for IPS /WAF weekly basis.
● Proactively perform monitoring, investigation and analysis of SIEM alerts received from multiple devices which includes Servers, IDPS, WAF and Laptops/Workstations.

● Monitor SOC/SIEM security alerts on SIEM tool –Log rhythm and raise incidents related to Security alerts triggered.
● Update and closure of SOC - Security incidents/tickets under Service Level Agreement.

● Raising proactive tickets for those issues doing L1 analysis and taking following up with the concerned teams for resolution.

● Management, creation & maintenances of SIEM dashboard.

● Updating and maintaining SOC monitoring processes.

● Experience in log monitoring, filtering and report generation as per client’s requirement.

● Managing customer SLAs for real time alerting and response.

● Troubleshooting of various issues with McAfee and logging ticket with OEM for major issues.

● Performing health check for all security devices handle be sharing Report to the client

Performing Real-Time Monitoring, security incident handling, Investigation, Analysis, Reporting and Escalations and triaging Events from Multiple log sources

Raising proactive tickets for those issues doing L1 analysis and taking following up with the concerned teams for resolution.
● Management, creation & maintenances of SIEM dashboard.
● Updating and maintaining SOC monitoring processes.
● Experience in log monitoring, filtering and report generation as per client’s requirement.
● Managing customer SLAs for real time alerting and response.
● Troubleshooting of various issues with McAfee and logging ticket with OEM for major issues.
● Performing health check for all security devices handle be sharing Report to the client
● Performing Real-Time Monitoring, security incident handling, Investigation, Analysis, Reporting and Escalations of Security Events from Multiple log sources