Parul Khedwal

My current role is a mix of Threat Intel SME and SOC lead. (Domain Expertise: Retail)

• Led a team of 6 cyber threat analysts in monitoring, analyzing, and responding to cyber threats, ensuring timely identification and mitigation of potential risks.
• Formulate Threat Intel program for the organization and drive it end to end.
• Developed and implemented threat intelligence strategies, including collection, analysis, and dissemination of actionable intelligence to stakeholders, resulting in improved detection and response capabilities.
• Conducted comprehensive threat analysis by leveraging premium threat intelligence feeds, open source intelligence (OSINT), and security monitoring tools to identify and assess potential cyber threats.
• Collaborated with incident response teams to investigate and respond to security incidents, perform root cause analysis, and develop mitigation strategies.
• Produced high-quality threat intelligence reports, briefings, and presentations for internal and external stakeholders, including senior management, to facilitate informed decision-making.
• Conducted research on new threat actors, malware, and TTPs (Tactics, Techniques, and Procedures) to enhance threat hunting capabilities and stay ahead of evolving threats.
• Assisted in the development and implementation of threat intelligence policies, procedures, and standards to ensure consistent and effective threat intelligence operations.
• Perform POC for different tools which helps in meeting the PIRs, onboarding most suitable tool by performing cost-benefit analysis.
• Onboarding, implementation, and monitoring of Threat Intel tools, creating use cases, finetuning, continuous improvement and automation of the same.
• Security Architecture review for Risk management and Threat hunting. (Specially for E-comm platform)
• Providing inputs for aligning the current SOC to MITRE ATTA&CK Threat Intel framework.( NIST Standard Procedures)
• Liaised with different teams like SOC, Vulnerability management etc. about the latest ongoing threats across the globe. (Publishing relevant IOCs, signatures, patch names etc.)
• Conducting Third Party Breach Security Incident Analysis .
• Publish Strategic, Technical and Tactical Threat Intelligence reports monthly.
• Cyber awareness coach for the organization and participate in creating training content and delivery.
• Continuous knowledge update of global threats to international cyber security and conversant in the tactics, techniques and procedures used by cyber adversaries.
• L2 review for Incidents created by L1 SOC analysts and provide technical review for the further actions required.
• Lead Threat hunting efforts based on intelligence requirements for dark web, fraud, ransomware, leaked credentials, and phishing investigations.
• Tracking SOC incidents/notables, performing quality analysis and ensure 100% SLA compliance and maintaining compliance on operational KPIs for Service requests, Change requests, Incidents etc.

• Real-Time Monitoring, Investigation, Analysis, and Reporting of Security Incidents via SIEM. (L2/L3 Investigation)
• Review Logs for Intrusions or any suspicious activities like Brute force, Credential Stuffing, DOS, malware download, Phishing emails etc. and report anomalies to appropriate team.
• Threat hunting via deep diving into logs and finding abnormal patterns. (UBA for e-commerce platforms)
• Creation and Modification of Dashboards, Reports and Correlation searches on Splunk. (Specialized for e-comm)
• Facilitate Device onboarding to Splunk.
• Creation and finetuning of use cases for enhanced Security Monitoring.
• Specialization of working on Akamai WAF logs analysis for detecting attacks on E-comm portals based on user behavior (UEBA)
• Effective identification of false positive and updating KEDB (Known error data base).
• Ensure all IT assets are duly monitored and keep track of device health status as well as maintaining Splunk Platform. (Splunk health checks, version upgrades)
• Timely upkeep and revisit of SOP and other documents. Releasing Daily/weekly/monthly reports in a timely fashion to keep all stakeholders aware of the ongoing business operations.
• Mentoring SOC L1 analysts in incident analysis and investigation, providing them SME support for both Splunk and Threat hunting standpoint by conducting Brown bag sessions. (SOC Team Lead)
• Participate in Client meetings, workshops and demos understanding Client requirements and converting it into tangible outcomes.
• Effort evaluation & Sprint design for Security engineering.
• End to End Cyber Incident management and Investigation.

• L1- 24x7 monitoring for MSSP SOC Setup. Detected and triaged security incidents, utilizing incident response tools and techniques to assess the severity and impact of incidents.
• Conducted initial investigations, gathered and analyzed security data, and provided recommendations for containment and eradication of threats.