Professional and prepared Application Support Specialist with strong focus on delivering effective solutions and ensuring optimal system performance. Experienced in troubleshooting, system administration, and user support. Known for fostering team collaboration and adapting to evolving needs. Reliable and results-driven with expertise in technical problem-solving and customer service.
Overview
14
14
years of professional experience
Work History
Advanced Application Support Engineer
IBM India corp pvt ltd
10.2021 - Current
Worked on SIEM Tools - Detect, Analyze, Triage, Investigate, Mitigate Security Incidents, Malware activities, Network security events, Application compliance, Asset monitoring, Firewall alerts & appropriately initiate Incident Response actions as per CSIRT.
Performed Event Analysis, Flow Analysis, Correlative Search, Threat Hunting, Deep Dive into Forensic Investigation of Cyber Attacks.
Involved in SIEM event logging, parsing, normalizing, building correlation rules for security incidents.
Gather Indicators of Compromise feeds, ingest into monitoring tools for further investigation and block in appropriate security tools.
Proactively hunt for potential malicious activity across multiple platforms using the tools like Qradar, Splunk.
Involved in Threat Hunting: Identify, Collect, Develop Hypotheses, analyze techniques, and execute hunts to identify threats across the environment.
Interface with security teams and business stakeholders to implement countermeasures and improve defenses.
Develop SIEM Dashboards to create alerts, to identify abnormal activities and extract meaningful insights.
Writing SIEM queries, SQL, Python queries as needed.
SOAR-Interface with engineering teams to plan, test, implement playbooks, orchestration workflows and automations.
Responsible for the Incident's Triage, Investigation, Remediation, Documentation, Communication and/or Risk mitigation tracking.
Assists with risk management documentation, including populating risk assessment templates and drafting control narrative documentation for business approval.
Develop incident analysis report and findings reports for management, including gap identification and recommendations for security improvements.
Recommend or develop new detection logic and tune existing sensors / SIEM rules.
Creating custom SIEM queries and dashboards to support the monitoring and detection of advanced TTPs against company network.
Good understanding of MITRE ATT&CK Framework, UEBA & Threat hunting concepts.
Perform custom searches for log and event correlation.
Knowledge in malware analysis and analyzing the cloud sandbox results.
Event Log analysis, Flow analysis, correlating it to find the attack patterns (IOA’s) and worked for mitigation.
Fix the vulnerability based on the cyber thread feeds and update of Command & Control, blacklisted IPs to watch list.
Perform Threat Assessment, analyze attack vectors, review security requirements, systems and software architectures from a security standpoint and provide guidance for required implementation for technology and strategic projects.
Part of Vulnerability Management team.
Analyzing the scan reports, sanitizing the vulnerabilities, report generation, risk assessment, remediation follow up, remediation & false positive tracking and closure of incidents.
Support and deliver the short and long term strategy for effective vulnerability management.
Evaluate, rate and perform risk assessments on all assets.
Drive actionable metrics, prioritization & reporting for operations and leadership transparency.
Be able to successfully partner and interact with other security & infrastructure teams to assess potential impact from vulnerabilities specific (security architecture, penetration testing, application development, internal audit).
Work with remediation groups like windows, unix, middleware infrastructure team to create the remediation and patching plan for the identified critical vulnerabilities for the business critical assets.
Analysis of known and emerging threats to determine risks.
Gather information on zero day vulnerabilities by working with SIEM vendor TAC team to resolve SIEM tool related issues.
Assist with the creation and/or maintenance of operational security metrics with dashboards and reports.
Work with internal engineering and operations teams and Program Security Organization to identify security gaps, areas of improvement, service/process enhancements related to tools use, integration, data extraction.
Cyber and Information security/risk/incident analysis to support the front line defense of networks, protecting information from unauthorized access & violations.
By analyzing and assessing potential security risks, developing plans to deal with such incidents by putting measures in place to mitigate cyber threats.
Preparation of technical reports and risk analysis reports.
Planning, coordination and supervision of external penetration testers used to carry out tests on public facing systems.
Contribute to the management, development and oversight of the enterprise wide vulnerability scanning service for business as usual and project activities.
Document vulnerability Action Plans and the Technical Remediation process.
Manager
Chithiram Enterprises
03.2021 - 06.2021
Supervised, developed and delegated tasks to employees.
Maintained a positive, professional working environment for optimal staff and customer satisfaction.
Recruited and trained new staff members and produced employee schedules.
Generated new business by developing marketing events, prospect calls and networking referrals.
Analysed financial statements and payroll through product cost, labor and controllables.
Met with each associate to establish realistic monthly sales goals.
Application Support Engineer
Island Pacific Retail Systems Pvt ltd
03.2018 - 06.2020
Worked on Incident Response -Analyze, Triage, Investigate, Mitigate Security Incidents, Falcon EDR, XDR alerts, deep dive investigation into the critical incidents of phishing, malware infection, cloud security events, defender alerts, azure changes etc.
Initiate CSIRT process for Security Incidents.
Perform host based analysis, gathering CTI (Cyber Threat Intelligence), network packet analysis & malware event analysis part of Security Incident Response.
Coordinate investigation, containment & other response activities with business stakeholders.
Analyze, Gather, Detect Security Threats using Cyber Threat Intelligence feeds, Attack Patterns (IOA’s) & User behavior analytics.
Analyze network traffic, system logs, Meta data, pattern, characteristics, anomalies to trend or baseline activity, correlate for alerts, activities and detections.
Develop Standard Operating Procedures, playbooks, Run books & checklist that aligns with organizational policy, standards and guidelines Working knowledge of Cyber Threat actor Tactics, Techniques & Procedures (TTPs), Cyber Kill Chain, APT attacks, MITRE ATT&CK Framework.
Worked on multiple security log events from security tools but are not limited to SIEM, IDS/IPS, Firewall, Web Content Filtering, Data Leak Prevention (DLP), Proxy, Security Event Correlation.
Participate in technical discussion around security events and activities with various technical groups.
Research and identify the new areas of risk and exposure where SOC team should focus.
Configure log sources and get the event logs.
Analyzing and Investigating Offenses with events/raw logs of the attack by correlation rules.
Deep dive into event-based analysis, identify and provide suggestions to fix the threats.
Analyze & detect security threats using traditional threat intelligence-based detection, attack behavior & user behavior analytics.
Data mining of log sources to uncover and investigate anomalous activity, SIEM tool monitoring, log management for network attacks and intrusion attempts.
Monitor and escalate incoming security requests and events of interest from different external and internal sources including the IT Service Desk.
Senior Customer Service Representative
Groupon India Shared Services Pvt Ltd
01.2016 - 03.2018
SIEM tool monitoring, log management for network attacks and intrusion attempts.
Analyzing the offenses for Botnet, P2P activity, Virus threat, Trojan, Malwares, Brute force attack, vulnerability and policy violation activities.
Checking unauthorized intrusions into computer systems from the external network.
Creating tickets for the valid offenses and coordinating with the corresponding teams to remediate the identified threats.
To respond to security events by initiating and coordinating emergency actions to protect company assets and its clients.
Use all of the collected data to do forensic analysis of security events along with compliance management and reporting.
Configure log sources and get the appliance collecting logs.
Installing ALE agent in the servers, pointing to the qradar collector and adding log sources to the Qradar for the log collection.
All security events, network transactions and additional contextual information (derived from correlation tests) observed during an attack or violation.
Customer-specific policy rules are easily created using the QRadar rules engine.
Creating, modifying and deleting the rules according to the requirement.
Search across logs on different nodes and time periods based on specific criteria.
Responsible for creating documentation to help the company in case there are any breaches.
Finding out the false positive offenses, modifying the rules to ignore the legitimate traffic and reducing the offense count.
Finding the false negative by analyzing the events, flow count in the dashboard and fine tuning the rules to trigger the offense.
Work with SIEM vendor TAC team to resolve SIEM tool related issues.
To respond to security alerts by initiating and coordinating emergency actions to protect company assets and its clients.
Use all of the collected data to do forensic analysis of security events along with compliance management and reporting.
Sending threat advisory feeds to the customer on the latest attacks and vulnerability.
Suggestions to fine tune rules to reduce the false positive and thus saving monitoring time.
Creating/Review the attack trend reports for weekly and monthly.
L2 Application Support Engineer
HCL Infosystems Pvt Ltd
03.2012 - 06.2015
Responsible for vulnerability management which includes but not limited to scanning, remediation, threat intelligence, and tool management.
Devise, implement, and monitor vulnerability response processes to efficiently remediate critical and zero-day vulnerabilities.
Using asset discovery data and insights to determine the baseline of vulnerability coverage.
Leveraging data to drive discussion on asset upgrades to improve vulnerability management.
Scheduling and performing reoccurring and on demand vulnerability and compliance scanning activities of both on-premise and cloud environments utilizing enterprise platforms.
Assisting with the interfacing of third- party vendors and other groups to improve the overall security posture.
Continuously investigating means of improvement for the security posture within the Enterprise as it relates to vulnerability management.
Determine overall Common Vulnerabilities and Exposures (CVE) priority when threat activity is identified; report incidents that may cause immediate and/or ongoing impact to the environment.
Review vulnerabilities' data from multiple sources (i.e. external / internal penetration testing, internal / external vulnerability scanning, etc.) across multiple technologies to determine remediation path and schedule.
Actively partnering with technology and tool steams to review vulnerabilities, plan remediation, monitor plan, schedule rescan, and report.
Providing analysis and validation post remediation, opportunities for improvements and out of the box thinking for optimizations and solving road blocks.
Developing vulnerability dashboard requirements to provide technical teams and executive leadership key data.
Tracking and reporting the status of vulnerabilities and their remediation on a weekly basis.
Developing and managing program vulnerability management standard operating procedures and processes that meet the client's vulnerability policies.
Assisting in ensuring scan results are presented in appropriate dashboards, reports, and forwarded to other data systems as necessary.
Assisting technical teams with the identification of baselines that will be subsequently scanned for compliance.
Staying current with vulnerability information across all of the technologies being used corporation wide.
Working to effectively communicate the risks of identified vulnerabilities and providing input to recommendations regarding the selection of cost-effective security controls to mitigate identified risks.
Monitor and provide periodic system owners vulnerability mitigation completion updates.
Identify, develop, and determine mitigation or remediation actions for system and network vulnerabilities.
Recommend impact / risk assessments to identify systemic security issues based on the analysis of vulnerability and configuration data.
Create and execute escalation procedures when vulnerability remediation expectations are not met.
Set up and maintain procedures ensuring relevant vulnerability management KPIs and KRIs are shared with relevant stakeholders.
Document and escalate incidents (including events history, status, and potential impact for further action); recommend mitigations that will have immediate impact to the environment.
Perform after-action reviews of team products to ensure completion of analysis.
Improving and automating the existing vulnerability management lifecycle, including but not limited to: data ingestion & normalization, compliance metrics and detections on assets, composing reports and conducting briefings on the current posture of the organization.
Technical Analyst
GEM Software Solutions
03.2011 - 10.2011
Monitoring SNMP tool - Solarwinds, respond to Network device alerts and support the L1 troubleshooting.
Serve as escalation point for Network Operations Center (NOC) and support engineers for P1 & P2 outages/incidents.
Automation Lead at Kyndryl Solutions Pvt. Ltd, IBM India Pvt. Ltd, Client: Airtel IndiaAutomation Lead at Kyndryl Solutions Pvt. Ltd, IBM India Pvt. Ltd, Client: Airtel India
Cloud Infrastructure Engineer at IBM INDIA Pvt.Ltd On Contract Of Infinite Computer Solution India Pvt. LtdCloud Infrastructure Engineer at IBM INDIA Pvt.Ltd On Contract Of Infinite Computer Solution India Pvt. Ltd