Pradeep Hurkadle
Security Analyst (SOC)
Bengaluru
Summary
- Around 4+ Years of hands-on Experience in Security Operations. Incident Response, Endpoint Security, Phishing analysis, Threat Intelligence, Network Security.
- Good understanding of log formats of various devices such as Web sense, Vulnerability Management Products, IDS/IPS, EDR, Firewalls, WAF, Proxy, Routers, Switches, OS, DB Servers, and Antivirus.
- Experience in Information Security with emphasis on security operations, Log monitoring, Log management, incident management, and security event analysis through Sentinel, IBM Qradar & Splunk SIEMs.
- Analyzing the detections and incidents from EDR solutions like Crowdstrike, Microsoft Defender and containing the machines and providing real time response.
- Having experience in handing incident response in Linux OS and troubleshooting accordingly.
- Having experience in developing Security content like rules, reports, dashboards in SIEM.
- Experience in generating Daily, Weekly & Monthly Reports from Sentinel and Splunk and communicating to stakeholders.
- Exposure to Ticketing tool like Service Now , Jira.
- Agile in investigating security threats such as Malware Outbreaks, DDOS, OWASP T-10 and Phishing Analysis on the network.
- Having good understanding of Mitre Attack Framework, and Cyber kill chain to effectively respond and mitigate the threats proactively.
- Having knowledge in integrating log sources along with SIEM and parser creation.
- Identifying emerging threat tactics, techniques and procedures used by malicious cyber actors and publish actionable threat intelligence for business and technology management.
- Creating playbooks according to NIST IR framework.
- Providing the Knowledge transfer to the newly joined team member.
Overview
7
7
years of professional experience
4
4
Certifications
3
3
Languages
Work History
Security Analyst
Tata Consultancy Services
08.2018 - Current
- Working in the Security Operations Centre (24/7), monitoring SOC events, detecting and preventing intrusion attempts.
- Worked for MNC clients, interacting directly with the customers, presenting SOC status reports, and completing the action items according to client requests.
- Real-time monitoring of network security devices, such as IPS, firewalls, DLP, endpoint security, operating systems, email security, servers, VPN, etc., involves performing in-depth analysis to identify the root cause of incidents and conducting malware analysis to identify the behavior of the files.
- Analyzing the phishing emails that are reported by the employees to the SOC team and identifying whether the reported email is phishing, spam, or legitimate.
- Performing the phishing campaign, and educating the employees. Having experience in working with FortiSOAR for SOAR playbook creation and monitoring alerts.
- I have a strong understanding of analyzing the cloud logs, which come from CloudWatch, CloudTrail, and VPC flow logs.
- Development of reports and dashboards in Splunk and Sentinel, performing the vulnerability assessment, and coordinating with the patching team to remediate the vulnerabilities.
- I had performed auditing on firewalls to identify the security configuration issues and vulnerabilities using Nipper.
- Using AV and other analysis tools to perform malware analysis and complete removal of malware from the client's environment.
- Performing a daily health checkup of the SIEM solution to make sure all the log sources are reporting the logs into the SIEM platform.
- Differentiate the false positives from true intrusion attempts, and help remediate/prevent.
- Support escalation and work closely with stakeholders as required. Document all actions taken during incident investigations, create the incident report, and share it with the stakeholders.
- Provide tuning and filtering recommendations to engineering teams. Support requests for data by the customer and other teams analyzing daily, weekly, and monthly reports.
- Taking the appropriate action based on advisories, IOCs, identifying threat actors using MITRE ATT&CK, etc., and coordinating with the respective team to block the IOCs.
- Hunting for the IOCs that are provided in advisories and identifying if there are any suspicious communication attempts.
- Developing the standard operating procedures based on the NIST incident response life cycle.
- Analyze and investigate the alerts in the SOC monitoring tool to report any abnormal behaviors, suspicious activities, traffic anomalies, etc. Conduct an analysis of network traffic and host activity across a wide array of technologies and platforms.
- Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts.
- Recognize cyberattacks based on their signatures. Differentiate false positives from true intrusion attempts, and help remediate/prevent cyber-attacks.
- Analyze malicious campaigns and evaluate the effectiveness of security technologies.
- Worked closely with Red Team during purple teaming activities to identify the effectiveness of threat simulation.
Education
Bachelor of Engineering -
DR APJ Abdul Kalam University
Indore, India 04.2001 -
Skills
SIEM : Splunk, AZURE Sentinel, IBM Qradar
EDR/XDR : Crowdstrike, Microsoft Defender
Email Gateway : Microsoft o365, Proofpoint
Malware Analysis : Joe Sandbox, Wildfire
SOAR : FortiSOAR
Vulnerability Assessment : Qualysgaurd, Nessus
ITSM : Service Now, Jira Phishing Campaign : KnowBe4
IDS/IPS : Cisco Firepower, PaloAlto
Packet Analyzer : Wireshark, TCPDump
Cloud : AWS Cloudwatch, Cloudtrial, VPC, Azure, defender for Cloud
OSINT Tools: MxToolbox/Abuse IPDB/VT/URL Void/Any Run/ Cyber Chef, Sysinternals, PE studio
Certification
CEH
Timeline
Security Analyst
Tata Consultancy Services
08.2018 - Current
Bachelor of Engineering -
DR APJ Abdul Kalam University
04.2001 -