Pradeep Hurkadle - Information Security Analyst (SOC) - TCS

Summary

Having 4. Years of hands-on Experience in securing the network environment using SIEM tools like, QRadar, Splunk, Azure Sentinel. Experience in Information Security with emphasis on security operations, Log monitoring, Log management, incident management, and security event analysis through Sentinel & Splunk SIEMs.

Overview

4

years of professional experience

2022

years of post-secondary education

6

Certifications

3

Languages

Work History

Information Security Analyst (SOC)

TCS

08.2021 - Current

Provide Global Security Operations Center (GSOC) support.
Experience working with global teams across multiple time zones, cultures, and languages and mostly supported MNC clients.
Analyzing the phishing Emails which are reported by the employees and performing phishing campaign.
Analyzing the DLP related incidents and identifying any possible data leakage, taking the quick actions to mitigate data leakage.
I have actively participated in the POC of FortiSOAR solution
Monitoring and responding to Cloud infrastructure logs AWS Cloud trail, Cloudwatch, Defender for Cloud etc
Having experience in analyzing the raw logs, PCAPS and writing the regular expressions to extract fields out of it
Track and respond to all incoming alerts from the SOC, the MSSPs, and the systems monitored directly by the Security Operations team
Perform tier 2 triage of all escalations from the SOC & MSSPs, tier 1 triage of all alerts that are directly monitored, and work with Security Engineering for all escalations beyond the Security Operations team
Monitor multiple security alert sources, eliminate false positives from Splunk, Sentinel SIEM, based on the impact and nature of the Security incident triage significant security events, and escalate according to the established procedures.
Review automated daily security events, identify anomalies and escalate critical security events to the appropriate IT Team and follow up as required.
Investigate the root cause of the incident from different logs.
Monitor security devices log delay alarm to keep the device in a healthy state using SIEM
I have good experience managing the incidents from Crowdstrike, MS defender EDR
Good understanding of MITRE ATT&CK framework -Threat Hunting, Incident Detection and Response, use case engineering, Designing and implementing IR Playbooks, Curating Threat Intelligence.
Security incident response spam email analysis education Analyze event/alert patterns to properly interpret and prioritize threats with available DLP tools and other devices
Identify trends and derive requirements aimed at improving and enhancing existing data loss prevention and detection policies
Creating the incident report and send across to the management.
Conduct thorough investigative actions based on security events (Real-time incidents: SQL injection, cross-site scripting, Trojan, server attacks, etc.) and remediate as dictated by standard operating procedure
Dashboards, reporting, & KPIs Perform routine (daily, weekly, monthly, quarterly, & yearly) reporting on our security events, trends, and system hygiene & posture, such as on our IaaS environments & critical SaaS environments
Build the system & configuration components needed to capture the metrics by which security hygiene, monitoring & alerting health, and security program effectiveness are measured
Presenting daily status report to the customers and completing the action items requested by the customers
Track our KPI elements over time such that KPI trends can be determined & used as feedback to the security program design
Having good experience in analyzing the traffic in Panorama and Wildfire for file analysis

Education

Bachelor of Computer Applications -

DR APJ Abdul Kalam University

Indore, India

06-2021

Skills

SIEM : Splunk, AZURE Sentinel, Qradar

EDR/XDR : Crowdstrike, Defender

SOAR : FortiSOAR

Email Gateway : Microsoft o365, Proofpoint

Malware Analysis : Falcon Sandbox, Wildfire

Vulnerability Assessment : Qualysgaurd, Nessus

ITSM : Service Now, Jira

IDS/IPS : Cisco Firepower, PaloAlto

Data loss prevention : Symantec DLP

Packet Analyzer – Wireshark, BRIM

Cloud : AWS Cloudwatch, Cloudtrial, VPC, Azure

OSINT Tools: MxToolbox/Abuse IPDB/VT/URL Void/Any Run/ Cyber Chef, Sysinternals, PE studio

Certification

Splunk Core User Certified

Additional Information

in Monitoring & Investigating the incoming Events in the QRadar and Splunk. Analysing the detections and incidents from EDR solutions like Crowdstrike, MS defender and containing the machines and providing real time response Experience of working in 24x7 operations of SOC team, offering log monitoring, security information management, global threat monitoring. Having experience in handing incident response in Linux OS and troubleshooting accordingly Good understanding of log formats of various devices such as Web sense, Vulnerability Management Products, IDS/IPS, EDR, Firewalls, Routers, Switches, OS, DB Servers, and Antivirus Experience in generating Daily, Weekly & Monthly Reports from QRadar and Splunk. Exposure to Ticketing tool like Service Now. Agile in investigating security threats such as Malware Outbreaks, DDOS, OWASP T-10 and Phishing Analysis on the network. Hands-on Experience on various vendors of Security devices like IDS/IPS, Proxy, Endpoint, DLP etc. Monitor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation. Recognize potential, successful, and unsuccessful intrusion attempts and compromise thorough reviews and analyses of relevant event detail and summary information. Identifying and investigate/resolve data exfiltration and phishing events. Identifying emerging threat tactics, techniques and procedures used by malicious cyber actors and publish actionable threat intelligence for business and technology management.

Timeline

Information Security Analyst (SOC)

TCS

08.2021 - Current

Bachelor of Computer Applications -

DR APJ Abdul Kalam University