Rayomand B Irani

• Security Architecture & Design: Oversee the implementation of security controls across networks, servers, and endpoints to ensure infrastructure resilience.
• Vulnerability Management: Lead continuous scanning and prioritized remediation efforts for software and hardware vulnerabilities across on-prem and hybrid-cloud assets.
• Policy & Governance: Develop and enforce enterprise security policies aligned with global standards like NIST CSF, ISO 27001, and CIS Benchmarks.
• Compliance & Audit Support: Serve as the primary point of contact for external audits and ensure adherence to regulations such as GDPR, HIPAA, or PCI DSS.
• Vendor Management: Evaluate and manage relationships with security tool providers and managed service partners.
• Business Alignment: Translate technical security data into business risk terms for the CISO and board, framing security wins as ROI.
• Performance Metrics: Track and report critical effectiveness indicators, including Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), and True Positive Rate.
• Automation Strategy: Lead the integration of SOAR (Security Orchestration, Automation, and Response) to automate routine playbooks and minimize analyst alert fatigue, a critical 2025 priority.
• Threat Intelligence: Integrate external and internal threat feeds to proactively hunt for emerging vulnerabilities and novel attack patterns
• Incident Volume & Backlog: Review total alerts vs. prioritized incidents to ensure the team is not falling behind or suffering from alert fatigue.
• MTTD & MTTR Analysis: Evaluate the Mean Time to Detect and Mean Time to Respond for the last 24 hours to identify any significant deviations from established SLAs.
• Escalation Review: Analyze cases escalated from Tier 1 to Tier 2/3 to verify that triage was accurate and that the handover process was seamless.
• 
  

2. Threat & Alert Quality Review

• False Positive/Negative Audit: Review a sample of "closed" alerts to identify tuning opportunities for the SIEM or XDR, ensuring the team is focused on high-fidelity signals.
• High-Severity Deep Dives: Conduct a brief retrospective on any P1 or P2 incidents from the previous shift to discuss root causes and immediate remediation steps.
• Threat Intelligence Sync: Assess new indicators of compromise (IoCs) or emerging TTPs (Tactics, Techniques, and Procedures) from the last 24 hours that may require proactive hunting.

3. Tooling & Health Status

• EDR/PAM Coverage: Verify that EDR agents are active on 100% of newly provisioned assets and that no unauthorized privileged access was flagged in the PAM vault.
• Automation (SOAR) Performance: Check the success rate of automated playbooks. Identify any automation failures that required manual intervention from analysts.
• Log Ingestion Health: Confirm that critical log sources (Firewalls, Cloud, Identity) are reporting correctly to avoid visibility gaps.
• 
  

4. Strategic & Team Alignment

• Shift Handover: Facilitate a structured knowledge transfer between shifts to ensure ongoing investigations aren't dropped and priorities are clear.
• Proactive Hunting Progress: Check in on the status of ongoing threat-hunting missions that may span multiple days.
• Policy & Compliance Readiness: Ensure all daily operational logs are captured for audit trails, specifically for regulations like GDPR or SOC 2 Type II.

• Leading Network security team of 20 engineers working for one of the world’s largest stock exchange – Bombay Stock Exchange
• Managing critical infrastructure, security infrastructure and working on technologies like WAF, Load Balancers , Firewalls, SIEM, Proxy, Log collectors, IPS, Network Packet Broker
• Work with enterprise and commercial sales teams to ensure our cyber security products become the first choice for our most strategic customers
• Provide consulting support to projects during the vision and strategy, architecture, and development phases
• Presales activities for security products – part of SOC operations
• Prepare technical documents in response to requests for information (RFI), requests for proposals (RFP), SOW, etc.
• Being an excellent coordination point between organization and client

• Managing International client’s infrastructure by working Global Security Operation Centre
• Handling and working on tickets assigned during queue timings
• Working on escalations with Customers and Vendors till closure
• Acting as an SME for few clients and going on Weekly calls to understand their issues and solve them on priority
• Working with Customers and handling Weekly/Monthly/Quarterly presentations
• Working on Technologies (Firewalls Concentrators, Loadbalancers, WAF, IPS, Skybox, Qradar)

• Managing IT infrastructure of one of the leading Stock exchanges in India
• Working and troubleshooting on Security Devices like IPS, Firewalls, Load balancers, WAF, SSL-off loader of vendors like Radware, Checkpoint, Fortinet, IBM IPS. Demonstrated success in dealing with firewalls, IDS/IPS, SEIM, access control and load-balancing.
• Updated shift logs and produced daily reports outlining security activities and specific incidents.
• Analyzed and produced course-of-action reports and escalated issues to management when necessary.
• Worked both independently and collaboratively to resolve urgent issues, which included Level 2 and Level 1 incidents.
• Recorded incident reports with detailed accounts of occurrences.
• Manage TAC cases and take them to faster resolution
• Working with Audit team to get network and security devices compliant
• Managing team of 20 Engineers of Axis Infrastructure Team

• Worked as a TAC Network Specialist for Juniper Net screen, supporting global customer
• IT Support relating to issues with the customers’ firewall implementation and configuration
• Knowledge on ITIL framework, providing solution of Customer Tickets on network devices (Incident, Change Request, Service Request. Problem ticket)
• Troubleshooting, configuration of managed services like router, switch, VPN, MPLS links
• Handling T1, T2 Tickets of incident management, update customer, follow up with vendor/partners
• Timely and quick resolution to customers via Email, Phone or Webex meeting deadlines and TAT without compromising quality norms and adhering to SLA
• Manage customer’s fault enquires and provide quality assistance
• Troubleshooting VPN issues (Site to Site Tunnels, Remote Access VPN tunnel, L2TP Tunnel, AnyConnect remote access, Easy VPN, Gre over IPSec )
• Handling High end customer issues related to VPN
• Have worked on U.S Department of defense (DOD), NASA, IBM, Microsoft, Shell, CITI and other organization’s huge & complex setup and have successfully implemented/resolved their networking issues
• Recreate issues faced by customers in the testing LAB whenever required on cases and filed bugs/caveats if found
• Suggest clients in designing and improving their network’s security
• Coordinate with other technology vendors like Microsoft, Checkpoint, SonicWall, Juniper, WatchGuard, etc to resolve client’s issue(s) completely
• Gained fair knowledge of other vendor’s security products like checkpoint, juniper, Cyberoam and SonicWALL while troubleshooting issues
• Troubleshooting customer issues related to Firewalls, VPN (IPSec & SSL), AAA & PKI

• Reviewed violations of computer security procedures and developed mitigation plans
• Configuration and Troubleshooting LAN , WAN issues and worked on multiple vendor products like Radware load balancers, checkpoint and juniper firewalls. Worked on L-2 access switches of vendors like Dell, HP, Cisco
• Managing Data Center Network for different customers, IP and Vlan assignment for new customers and providing end to end connectivity from Data Center to Customers branch offices
• Configuring and troubleshooting VPN access ie Site-to-Site and Remote access vpn for customers