MANISH KUMAR

Technology/Tools Used: Azure Sentinel, Cortex XSOAR

• Mentored automation team to surpass goals in alignment with SOAR as a service business standards.
• Gathered information from prospective customers to identify automation needs.
• Developed process to create automated playbooks according to the customer Incident Response process.
• Written custom integrations to connect customer custom security stack with SOAR for automated response.
• Developed strategic and tactical plans to structure new SOAR initiatives, growing automation share over 50%.
• Proposed new automations and integrations with SOAR, reducing manual efforts and error impact over 40%.
• Analyzed and guided the automation team for resolution of issues related to playbooks and Integration in SOAR.

Technology/Tools Used: Securonix SOAR and SNYPR

• Designed and developed playbooks for Securonix SOAR to release as Out of the Box(OOTB) content to customers.
• Integrated third party security tools with SOAR using APIs.
• Presented the demo of the Securonix SOAR for achievement of autonomous SOC to the prospective customers.
• Gather the requirements and prepare a plan to work on the custom automation requirements from customers.
• Worked closely to debug the integration issues with the required teams.
• Written manual python scripts to be used in the various playbook steps.

Technology/Tools Used: Cortex XSOAR, FortiSOAR

• Designed and implemented new playbooks to automate the incident response process using the SOAR platform.
• Integrated SIEM with SOAR to fetch the alerts/events generated by SIEM.
• Integrated the client security stack with SOAR platform using the available integrations.
• Developed custom integrations for SOAR according to the customer requirements.
• Debugged the playbook and integration issues.
• Created dashboards and reports in SOAR.
• Developed manual python scripts in SOAR to be used in the various playbook steps.
• Handle the administration activities like user provisioning, health checks of SOAR platform.
• Debug the platform issues and involve the SOAR support whenever required.

Technology/Tools Used: Splunk SOAR

• Defined SOC problems, collected data, established facts and drew conclusions to justify the automation need.
• Developed new playbooks to automate incident response process for the alerts in SOAR Platform.
• Developed a tool SOAR Querier to generate a detailed report of the incidents handled by providing options for daily/weekly/monthly report
• Applied big data techniques to get the details of already blocked malicious URLs on proxies while analyzing the alerts.
• Debug issues with playbooks and integrations.
• Created automation scripts in Bash,Powershell and C# to automate the simulation for testing the effectiveness of the rules defined in Splunk SIEM.
• Test the automation scripts in the virtual environment using Verodin for creation of test incidents.

INCIDENT RESPONSE

• Analyzed and respond to daily security incidents and alerts generated by emails and other security tools (FireEye Email, FireEye Web, Wildfire, Elevated account lockout, Cylance and Carbon Black)
• Analyzed security incidents and presented a weekly report to the higher management
• Provided detailed analysis of the incidents that targeted the higher management
• Work closely with relevant teams to ensure the highest possible level of service is provided with in Security compliance, incident response and remediation

MALWARE ANALYSIS

• Did malware analysis of a malicious file caught during incidents using Lastline and FireEye MAS.
• Tracked the traces of malware into the network using Carbon Black.
• Blocked the malware hash on the network using Cylance
• Create a watchlist for the malware hash on the network using Carbon Black