· Served as Analyst in SOC operations for real-time monitoring, analyzing logs from various security/Industrial appliances by using Splunk,and phantom, L2 connectivity and troubleshooting of logging issues.
· Analyzing various incidents/security alerts triggered in SIEM tool.
· Carrying out log monitoring and incident analysis for various devices such as Firewalls, IDS, IPS, database, web servers and so forth.
· Monitoring 24x7 for Security Alerts and targeted phishing sites by using SIEM tool with the help of technologies such as Watermark, Referrer, Abuse mail box and similar sounding domains.
· Maintenance of Products (ESM and Logger) like its Health checks which also includes rules,Reports and dashboards.
· Performing Real-Time Monitoring, Investigation, Analysis, Reporting and Escalations of Security Events from Multiple log sources.
· Maintain keen understanding of evolving internet threats to ensure the security of client networks.
· Escalating the security incidents based on the client's SLA and providing meaningful information related to security incidents by doing in-depth analysis of event payload, providing recommendations regarding security incidents mitigation which in turn makes the customer business safe and secure.
· Troubleshooting SIEM dashboard issues when there are no reports getting generated or no data available.
· Creation of reports and dashboards and rules fine tuning.
· Security event analysis and intrusion detection by review and analysis of events generated by various components including IDS/IPS, firewalls, Routers, DB, OS and various types of security devices.
· Understanding the incident based on to determine whether it’s false or true positive.
· Troubleshooting SIEM dashboard issues when there are no reports getting generated or no data available.
· Monitoring, analyzing and responding to infrastructure threats and vulnerabilities.
· Handling multiple customers globally analyzing the customer networks for potential security attacks