RAHUL DHALI

Currently working as an Endpoint Security Lead and EDR administrator to ensure endpoint protection across all regions of the Organization.
Ensuring process oriented Compliance and Coverage of sensors with latest versions.
Configuring Sensor update, Prevention and response policies as per company requirements.
On-boarding/Off-boarding Users and Devices on the Console.
Automating process via Workflows, Scheduled reports, API configurations.
Helping SOC team with Incident Response and remediation activities.

• Endpoint detection, monitoring, investigation and content creation in complex and dynamic environment. Managed detections for customer organization and 20+ globally distributed operating companies (opcos) across a variety of industry verticals from hardware production in factories to SAAS offerings. Monitored alerts, created and tuned content across multiple tenants in a fast moving MSSP like environment, constantly adapting to the needs of individual opcos to address specific threats, differing areas of concern and geographical or industrial obligations.
• Responsible for ensuring version compliance and coverage of endpoint protection agents which includes coordinating with agent deployment teams to install and update the sensors in endpoints.
• Experience/Expertise on all modules of Proofpoint Email Security (PPS, TAP, TRAP, Isolation, EFD). Built email alert investigation processes and phishing investigation dashboards to help SOC in their analysis and remediation activities.

Senior SOC Analyst responsible for following:

• Incident Response [IR] on small scale to large scale
  attacks and Security Incidents involving Phishing and
  Malware Threats.
• Classifying Threat/Attack (Commodity, Targeted
  or APTs) on a basis of severity, Impact, Spread and
  vulnerability.
• Mapping of events, vectors, attributes and TTPs
  to campaigns, Threat Actors[TA] and Identifying IOCs,
  IOA.
• Building SIEM rules and use cases based on above
  and Fine Tuning them to avoid False Positives as much as possible.
• Creating Rules as per requirements, maintaining
  dashboards, ensuring log flow to SIEM and other
  relevant checks as a part of SOC Operation.
• Dark Web monitoring on tools such as Flashpoint and
  Anomali and monitoring compromised credentials, cards and other related information.
• Managing EDR, SIEM, Azure AD, Mail Gateway, Web gateway and
  other Tools and creating policies and rules.
• SOC Operations [from L1 to L3] and handling queries
  and incidents from users and clients.

Helped a renowned American Banking company to form a baseline of security policies and best practices.

Educated customer about application security and its methods and delivered artifacts related to application security.

• Started the journey in cybersecurity as an Endpoint Protection Administrator for an IT-modernization project of Indian Government. Responsible for implementation and deployment of anti-virus solution in more that 100k endpoints including servers of DC and DR sites. And ensured compliance by continuous monitoring, reporting, troubleshooting and fixing operational issues. Also visited sites for training local site-IT with basic security practices.
• Had hands-on experience in management of Web gateway and Email gateway technologies. Involved in monitoring emails and web traffic for spam and internet threats.
• Gradually moved to being the administrator of Privilege Access Management and Multifactor authentication technologies in the same project. The solutions involved agent installation, application maintenance and integration with other products. Ensured secure login and privileged access of servers, assuring the compliance of defined security policies.
• Also responsible for timely upgrade of all solutions with latest version as and when released by OEM.
• Involved in performing Vulnerability Assessment checks and Server Hardening with security policies.

Initial Learning Program to follow the TCS Code of conduct and acquiring skills and knowledge.