Summary
Overview
Work History
Education
Skills
Websites
Certification
Disclaimer
Timeline
Generic

JYOTHIPRAKASH P.B

Bangalore

Summary

  • Security Engineer with 9.10 year of experience in Information Security with emphasis on security operations, incident management, intrusion and OWASP top 10 vulnerabilities detection, threat hunting with Attack MITRE Framework, Falcon Crowd strike EDR and security event analysis through RSA Envision, MacAfee SIEM, SPLUNK Enterprise, Sumo Logic, Alien Vault , MDATP, Azure Sentinel, Crowd Strike.
  • Experience of working in 24x7 operations of SOC team, offering log monitoring, security information management, global threat monitoring.
  • Experience in monitoring Smokescreen, RSA WEB Threat Detection, PIM CyberArk and Arco's, Symantec DLP/ End Point
  • Good understanding of log formats of various devices such as Websense, Vulnerability Management Products, IDS/IPS, Firewalls, Routers, Switches, OS, DB Servers, and Antivirus etc.

Overview

11
11
years of professional experience
1
1
Certification

Work History

Associate Manager

Temenos
03.2021 - Current
  • Managed a Team of 6 Members of SOC Analyst/SOC Engineers and ensuring smooth running of 24
  • 7 shift.
  • AS a part of Threat management security program done a POV for Threat intelligence Tool that includes visibility, detection, investigation and response and On-boarded enterprise version of Threat intelligence Tool and performed POV's for Open Source SIEM Tools.
  • Creating an Azure Sentinel use case involves integrating various data sources, applying MITRE ATT&CK framework techniques, and leveraging advanced hunting queries to detect and respond to threats effectively.
  • Develop advanced hunting queries to detect suspicious activities. You can use KQL (Kusto Query Language) on MDATP, Falcon Query Language (FQL) on Crowd Strike, SPLUNK query Language (SPL) on Splunk.
  • Implementing Recorded Future Diamond Model to analyzing cyber threats, focusing on the relationships between key elements (Adversary, Infrastructure, Capability, Victim) of an attack and adversary behavior, and developing use cases in SIEM and Develop and Implement Response Playbooks.
  • Recorded Future Intelligence Platform is used cover across adversaries and conduct pivoting analysis on Threat Intelligence to identify current impact or proactively process mitigations for defense through security technologies and proactive mitigations including zero-day patching identification, anomalous behavior, and recommendations of remediations actions.
  • Process both internal and external Cyber Threat Intel for determination of potential threat and impact, hunting to determine potential scope, and implementation of mitigations to defend Temenos, this includes reports from law enforcement, security researchers, industry leaders and governmental agencies.
  • Processes both internal and external Cyber Threat Intelligence for determination of impact, hunting to determine scope, and implementation of mitigations to defend Temenos Network.
  • As a part of Computer Security Incident Response Team (CSIRT) involved in Cyber Security Incident Response Process, Incident Handling, Incident Management and actcing like Forensic Analysts and Triage Analysts.
  • I have experience in incident response worked in different phase of incident life cycle like Preparation, Detection and Analysis, Containment, Eradication, and Recovery; and Post-Event Activity i,e we will alerted from a staff member or a third-party or via SIEM. After identifying incident, severity and category will be mapped.
  • As a part of containment, we will isolation portion of the network that is under threat and Remove malware from all infected devices, acknowledging the root cause of the attack, and take steps in the future to avoid similar attacks.
  • Developing Incident Management Lifecycle report involving Identification, Incident Logging, Categorization, Prioritization, Response.
  • Ensuring the smooth running and maintenance of a comprehensive internal audit and External audit by engaging with ISO, PCI DSS auditor for evidence collection.

IT security specialist

Temenos
05.2019 - 03.2021
  • Security Event Monitoring and Threat Hunting Detection by using on the NIDS and HIDS is used SIEM (AlienVault - USM). SPLUNK, Sumo logic, Z-scaler Web proxy.
  • Z-scaler used to enforce Web Filtering policy and to Analyze the policy action, URL category, URL class, Client IP, Server IP and response code to find any malicious activity.
  • Symantec Anti-Virus - RISK / Network and Host Exploit Mitigation Logs will be monitored. Management server used to enforce daily definitions updates and periodic active and full scans on client computers.
  • Proofpoint, O365, CAS tool is used to monitor threat details having potential risks and Phishing mail campaign and enforce IOCs accordingly.
  • Microsoft Azure used to monitor web apps, databases, virtual machines, virtual networks, storage for multiple subscription and Directory.
  • Experience in Azure Sentinel, Microsoft Defender, Cloud App Security to monitor and identify cloud related Threat in PaaS, IaaS , Saas cloud computating environment.

Information Security Analyst

Happiest minds Technology IMSS
04.2016 - 01.2018
  • Working as an Information security analyst on Real time threat management using McAfee SIEM.
  • Monitoring McAfee NSM, HP NNM for finding Malware threats, Network Connection Issues, and other suspicious activities.
  • Creating Watchlists, Alarms, and Reports based on new threats and vulnerabilities.
  • Analyzing McAfee epos and McAfee DLP on periodic basis and escalate to concern team for any suspicious activities.
  • Monitoring Symantec End Point Manager (SEPM)logs and troubleshooting SEP related Issues.
  • Real Time Log analysis from different network devices such as Firewalls, IDS, IPS, router, switches Operating Systems like Windows, UNIX, Windows Servers, Web Servers, Antivirus and Domain controllers.
  • Performing Real-Time Monitoring, security incident handling, Investigation, Analysis, Reporting and Escalations of Security Events from Multiple log sources.
  • Handles malware incidents, analysis and investigating to reach to the core. Take the necessary steps to remove the malware.

Senior Security Engineer

NTT Communication Net-magic
01.2018 - 03.2019
  • Working as an Information security analyst on Real time threat management using McAfee SIEM.
  • Monitoring McAfee NSM, HP NNM for finding Malware threats, Network Connection Issues, and other suspicious activities.
  • Creating Watchlists, Alarms, and Reports based on new threats and vulnerabilities.
  • Analyzing McAfee epos and McAfee DLP on periodic basis and escalate to concern team for any suspicious activities.
  • Monitoring Symantec End Point Manager (SEPM)logs and troubleshooting SEP related Issues.
  • Real Time Log analysis from different network devices such as Firewalls, IDS, IPS, router, switches Operating Systems like Windows, UNIX, Windows Servers, Web Servers, Antivirus and Domain controllers.
  • Performing Real-Time Monitoring, security incident handling, Investigation, Analysis, Reporting and Escalations of Security Events from Multiple log sources.
  • Handles malware incidents, analysis and investigating to reach to the core. Take the necessary steps to remove the malware.

Information Security Analyst

Paladion Networks
10.2014 - 04.2016
  • RSA administration including health checks, database, and cross check all NIC services.
  • Login to all security device and check system load, CPU utilization.
  • Cross verifying VPN status in each shift by VPN concentrator.
  • Troubleshoot NIC services and restarting NIC services to determine log-stoppage.
  • Running specific RSA reports in case of port scan or web- application attack for analyzing and check reputation of IP to block perimeter ASA.
  • Produce documentation on content and use-cases developed.
  • Responsible for 24x7 SOC Operations including Log monitoring through RSA.
  • Experience in log monitoring, filtering, and report generation as per client's requirement.
  • Managing customer SLAs for real time alerting and response.
  • Real-time Phishing detection and follow-up with anti-phishing service providers for site takedown.
  • Configure the firewall to permit and deny traffic based on user-defined policies.
  • Maintaining timely backups of Firewalls.
  • Configuration of Access policies in Websense URL Filtering device.
  • Monitoring and troubleshoot the flow of email, detecting and handling unwanted spam in IronPort (Cisco).
  • Performed security incident detection, detailed investigation of incidents and managing Service Level Agreements (SLA) for real time alerting.
  • Experience with SIEM tool 'RSA Envision and MacAfee ESM'.
  • Experience with log management and security information management tools Nmap, Cisco IronPort, TRITON Websense.
  • Takes information from the vulnerability management team about vulnerabilities found and opens incident tickets against the appropriate assets.
  • Raising SR/CR tickets after analyzing Monthly/Weekly/Daily reports, and real time alerts.
  • Assigning tickets to specific teams and coordinating for resolving the tickets.
  • Maintaining escalation procedures.

Education

Bachelor of Engineering - Electronics and Communication Engineering

Visvesvaraya Technological University
01.2012

Skills

  • Information Security
  • Security Operations
  • Incident Management
  • Intrusion Detection
  • OWASP Top 10 Vulnerabilities Detection
  • Threat Hunting
  • Attack MITRE Framework
  • Falcon Crowd Strike EDR
  • Security Event Analysis
  • RSA Envision
  • MacAfee SIEM
  • SPLUNK Enterprise
  • Sumo Logic
  • Alien Vault
  • MDATP
  • Azure Sentinel
  • Crowd Strike
  • Log Monitoring
  • Security Information Management
  • Global Threat Monitoring
  • Smokescreen
  • RSA WEB Threat Detection
  • PIM CyberArk
  • Symantec DLP
  • End Point Security
  • Log Formats Understanding
  • Websense
  • Vulnerability Management Products
  • IDS/IPS
  • Firewalls
  • Routers
  • Switches
  • Operating Systems
  • Database Servers
  • Antivirus

Websites

Certification

  • CEH V9
  • McAfee 9.6 ESM
  • Qualys VM
  • Recorded Future Certified Analyst

Disclaimer

I hereby declare that the above furnished details are true and correct to best of my knowledge and belief., 2023-10-01, Bangalore

Timeline

Associate Manager

Temenos
03.2021 - Current

IT security specialist

Temenos
05.2019 - 03.2021

Senior Security Engineer

NTT Communication Net-magic
01.2018 - 03.2019

Information Security Analyst

Happiest minds Technology IMSS
04.2016 - 01.2018

Information Security Analyst

Paladion Networks
10.2014 - 04.2016

Bachelor of Engineering - Electronics and Communication Engineering

Visvesvaraya Technological University

Similar Profiles

CREATE PROFILE
JYOTHIPRAKASH P.B