To pursue a highly challenging career, wherein I can apply my knowledge, acquire new skills and work closely with a team of highly experienced professionals.
Overview
18
18
years of professional experience
1
1
Certification
Work History
Information System Security Officer (VP / SOC-IR Head)
AXIS BANK LIMITED
Navi Mumbai
09.2018 - Current
Management of day-to-day SOC & IR Operations comprising of various tools & technologies i.e., SIEM, SOAR, Threat Intelligence, Threat Hunting, Digital Risk Monitoring, Sandboxing, Advanced Threat Protection, DNS Security, EDR/XDR, etc.
Defining and implementing IS Security policies as per ISSP, Market standard and GRC.
Development of Cyber Defense strategy.
Deployment of Threat Detection Framework @ India's Financial backbone.
Development of SOC & IR to fulfill IS, IT, TI and Business use cases.
Conduct Red/Blue team exercise internally and cyber drills with regulators.
Conduct POCs for new technologies in the market for essential use cases while performing compare & contrast with current deployment.
Perform vendor comparison for various services based on requirement along with day-to-day calculations of billability against POs.
Successfully established Cyber IR plan for enterprise by 100%.
Cyber IR drill for enterprise with success ratio of 85%.
Improved SOC detection capabilities by 80%.
Improved visibility on security controls by gap analysis in turn improved detection by 70%.
Hunting through EDR resulting in a success ratio of 90% of true positive.
Log Assurance project resulting in 90 % improvement of visibility across enterprise logging.
Senior Technical Lead - Cyber Security
HAPPIEST MINDS TECHNOLOGY PVT LTD
Mumbai
12.2014 - 08.2018
Client 1: Axis Bank (Onsite)
Department: IR Team
Roles & Responsibilities: a) SIEM (QRadar) I was a part of SIEM integration and Operation team responsible for the following tasks at Axis Bank
Understanding the business needs to the devices to be integrated on SIEM.
Preparing a POA for integration of these data sources.
Getting needed approvals for integration.
Integration activity.
Fine-tuning the content and parsing unknown events from data sources.
Writing correlation rules and reports for known and unknown threats.
Simulation of attack to test rules.
Trouble-shooting SIEM for issues.
Auditing data sources for application assurance activity.
Active participation in IDBRT drill activity and RBI tabletop exercise.
B) IRP (Incident Response Platform) Handled IRP project including the PoC and executed according to direction of CISO.
C) TIP: Threat Intelligence Platform Handled IRP project including the PoC and executed according to direction of CISO.
Roles & Responsibilities: a) Implementation of SIEM tool (Reliance Jio) Responsible for the management, design, and dissemination of relevant data from the global security information and event management (SIEM) system [McAfee Nitro].
Understanding the whole network & requirement of the organization and preparation of HLD/LLD.
EPS calculation and storage calculation as per compliance requirement and accordingly designing the architecture and plan daily activity and schedule for implementation.
Implementation of McAfee nitro (SIEM Tool) in the organization.
Client 3: Shoppers Stop Limited Roles & Responsibilities: Implementation and device integration Responsible for the management, design, and dissemination of relevant data from the global security information and event management (SIEM) system [McAfee Nitro].
Business Process Lead - Information Security Management
TATA CONSULTANCY SERVICES
Mumbai
01.2014 - 12.2014
Client: TCS BFS
Department: ISA -SOC Team
Roles & Responsibilities: Migration and Implementation
Migration plan of SIEM from RSA Envision to RSA Security Analytics.
Creating a fraud monitoring rule for daily report by writing SQL and Hive script.
Migrating complete network, Servers and enterprises solution to RSA SA.
Creating a Parser's for multiple in-house application.
Verification of created rules on daily basis for false positive.
Creating correlation Rules based on new attack vectors from attackers.
Daily Checklist and daily incident analysis report.
Weekly/Monthly incident analysis report.
Daily trend analysis report for incidents and alerts.
Roles & Responsibilities: a) Implementation of SIEM tool SIEM Tools Used - Security Information Manager (Symantec SIEM)
Understanding the whole network & requirements of the organization.
Accordingly designing the architecture and plan daily activity and schedule for implementation.
Implementation of Symantec Security Information Manager (SIEM Tool) in the organization.
Integration of Symantec Security Information Manager Product in the complete network with different Products (Firewalls [Checkpoint, Juniper, Cisco], Switch, Router, IPS, VPN, TACACS, NESSUS, SEP Server, DNS Server, AD Server, Exchange server, Solaris IBM Aix, Red hat, Mail Servers etc). Trouble shooting of various issues in SSIM Appliance.
Creating correlation Rules based on raw logs from various security product.
B) POC for Multiple applications FireEye Application a) Web Proxy Gateway Design the network & Mounted the FireEye Web Gateway in bank Environment and passed the traffic of Web through offline mode i.e. mirror the traffic and passed to web gateway to check the behaviour of traffic.
B) Email Gateway Design the network & Mounted the FireEye Email Gateway in bank Environment and passed the traffic of Web through offline mode i.e. copy of the traffic has been passed through FireEye gateway for detecting a malware.
C) SIEM Administration and Security Monitoring 24
7 Onsite Incident Monitoring using SSIM, Analysis, Notifications and Escalations.
Doing VA (Vulnerability Assessment) using Nessus tool for Servers.
Monitoring Symantec Brightmail Gateway & Symantec Antivirus for day to day Activities.
Configuring Standard and Extended types of Access List in Websense.
Help Platform & Application Particular Security Service Components as the Security Analyst. Carry out risk review surveys to recognize security needs.
Incident Response - Detection, first response and handling the incidents, participation on incidence response team Administers security policies to control access to systems.
Security Analyst
ALLIED DIGITAL SERVICES LTD
Mumbai
01.2010 - 05.2010
Roles & Responsibilities: SIEM Tool: E-Cop
Help Platform & Application Particular Security Service Components as the Security Analyst. Carry out risk review surveys to recognize security needs.
Incident Response - Detection, first response and handling the incidents, participation on incidence response team Administers security policies to control access to systems.
Monitoring the company's firewall Logs. Provides information to management regarding the negative impact on the business caused by theft, intrusion, destruction, alteration, or denial of access to information.