Summary
Overview
Work History
Education
Skills
Certification
Timeline

Kalesh Goudar

SECURITY DELIVERY SENIOR ANALYST
Bagalkot

Summary

Cybersecurity professional with over 5 years of experience in incident response, investigation, threat hunting, and security incident containment. Proven track record of elevating organizational security measures and implementing effective changes. I am skilled in utilizing security tools to manage operations, monitor/respond to alerts, and identify emerging threat tactics. Adept at recommending enhancements for improved security protocols and decision making. Dedicated to continuous improvement and staying updated on the latest security trends and technologies.

Overview

6
6
years of professional experience
4
4
Certifications

Work History

SECURITY DELIVERY SENIOR ANALYST

Accenture Solution Private Limited
01.2024 - Current
  • Providing initial-level investigation into the above-mentioned tools. Connecting with L1s and discussing incidents or sharing the knowledge on the tools/tickets.
  • Implementing change task (CTASKSKK) and ServiceNow task (SCTASKSK) in scheduling timings, also working on incidents that we received from the users.
  • Attend a weekly call with the customer and share weekly inputs or discuss issues that we observe that week.
  • Creating the tickets for the firewall/IPS down devices in ServiceNow and assigning them to the firewall team for a further level of investigation.
  • As per the user's proper request, put the host or server into troubleshooting mode to check whether CrowdStrike is causing the issue or not.
  • Moving the server to update/enable mode via Trellix and manually verifying the accounts in CA PAM.
  • Working on renewing/revoking or replacing certificates.
  • Connecting with the user, whether the user is facing any issues with Zscaler or sometimes the user cannot access the applications/websites and analyze those issues in the ZPA portal.

ASSISTANT MANAGER SOC MONITORING

L&T; Cloudfinity
03.2023 - 08.2024
  • Monitoring the customer network using Splunk SIEM.
  • Act as first level support for all Security Issues.
  • Analyzing Realtime security incidents and checking whether its true positive or false positive.
  • Performing Real-Time Monitoring, Investigation, Analysis, Reporting and Escalations of Security Events from Multiple log sources.
  • Raising true positive incidents to the respective team for further action.
  • Creating tickets on service now and assigning it to the respective team and taking the follow-up until closer.
  • Escalating the security incidents based on the client's SLA and providing meaningful information related to security incidents by doing in-depth analysis of event payload, providing recommendations regarding security incidents mitigation which in turn makes the customer business safe and secure.
  • Contacting the customers directly in case of high priority incidents and helping the customer in the process of mitigating the attacks.
  • Work closely with business units to ensure that they know what and how to feed data into the SIEM.
  • Co-ordinate with networking teams to maintain and establish communication to remote ArcSight Connectors.
  • Investigate malicious phishing emails, domains, and IPs using Open-Source tools and recommend proper blocking based on analysis.
  • Good knowledge of Splunk Distributed cluster Architecture.
  • Detail knowledge of the working functionality of various components of Splunk such as Indexer, Search head, Heavy forwarder, deployment server etc.
  • Experience in onboarding of data sources with Splunk such as Windows, Linux, Fortinet Firewall etc.
  • Installing Splunk apps and Addon on the Splunk.
  • Experience in installation of Universal forwarder on the servers for logs collection.
  • Responsible for upgrading the Forwarders to the newer versions.
  • Doing the troubleshooting incase any device is not reporting to the Splunk.
  • Knowledge of Creating dashboard, Reports in Splunk.
  • Knowledge and experience in creating Correlation Searches/Rules in Splunk.
  • Working experience searching and Reporting in Splunk having good SPL knowledge.
  • Working in a 24x7 Security Operations Center

SYSTEMS ENGINEER

Tata Consultancy Service
08.2018 - 07.2021
  • Deep dive analysis of triggered alerts using SIEM and other analysis tools like IPVoid, Virus Total, MXToolbox etc.
  • Acknowledging and closing false positives and raising tickets for valid incidents.
  • Escalating critical alerts to L2 analyst for further analysis.
  • Follow up with incident response team for remediation.
  • Assist IRT/SME in incident information by providing supporting data and recommendation.
  • Creating reports and monitoring dashboards in Arcsight and Sentinel.
  • Monitoring silent log sources.
  • Participating in weekly SOC meetings to discuss about raised incidents.
  • Assist SOC lead in reporting.
  • Creating the guest user access in the fortigate firewall.
  • Creating address groups, services and adding the interface details in the firewall.
  • Maintaining and improving playbooks and process.
  • Drafting shift handovers.

Education

BACHELOR OF ENGINEERING - ELECTRONICS AND COMMUNICATION ENGINEERING

Basaveshwar Engineering College, Bagalkot
05.2018

Skills

SIEM: Splunk

Certification

Fortinet NSE1 and NSE2

Timeline

SECURITY DELIVERY SENIOR ANALYST - Accenture Solution Private Limited
01.2024 - Current
ASSISTANT MANAGER SOC MONITORING - L&T; Cloudfinity
03.2023 - 08.2024
SYSTEMS ENGINEER - Tata Consultancy Service
08.2018 - 07.2021
Basaveshwar Engineering College - BACHELOR OF ENGINEERING, ELECTRONICS AND COMMUNICATION ENGINEERING
Kalesh GoudarSECURITY DELIVERY SENIOR ANALYST