Rushikesh Kamble

• I have worked on the three tools below.

SentinelOne, Microsoft Defender Advanced Threat Protection (EDR), Trend Micro Deep Security

SentinelOne Endpoint Detection and Response (EDR)

• Pre-deployment: Managed setup tasks, including policy creation, integration with SIEM/XOAR, URL allowances, and configuring firewall rules.
• Deployment: Deployed SentinelOne agent on endpoints and servers for both UAT and production environment, troubleshooting issues during the process.
• Support Collaboration: Worked closely with SentinelOne support to resolve deployment issues.
• Incident Management: Monitored, investigated, and coordinated responses to alerts and incidents.
• Visibility and Rules: Created rules to trigger alerts based on deep visibility features.
• Additional tasks include tool integration, tenant migration, and handling tasks such as Cymulate and application-based grouping.

Microsoft Defender Advanced Threat Protection (EDR)

• Incident and Alert Management: Monitored, analyzed, and managed the full lifecycle of alerts and incidents, collaborating with relevant teams.
• Threat hunting: Created custom queries to detect potential threats, and utilized API features for fetching large datasets.
• Device Onboarding: Addressed issues with offboarded, inactive, or misconfigured devices, and ensured successful onboarding.
• Collaboration: Worked with the SCCM and GP teams for EDR deployment on new machines.
• Vulnerability Management: Focused on improving the secure score and managing vulnerabilities in the MDATP console.
• Coordination with Microsoft Support: Collaborated with Microsoft EDR support for case resolution from start to finish.

Trend Micro Deep Security

• Deployment and Policy Management: Managed DSM console, including policy creation, agent deployment, and upgrades. Coordinated with application owners for policy maintenance.
• Intrusion Prevention: Analyzed and managed intrusion prevention events from the console.
• Alert Handling: Addressed critical and low-severity alerts on agents.
• Integration: Worked on integrating DSM with SIEM, and Active Directory.

Roles and Responsibilities:

• Managing the McAfee EPO console, installation, and update of McAfee agents and its products, VSE, HIPS, and DLP agent.
• Performed configuration testing of antivirus software in a networked environment.
• Handling host and server-based security concerns with virus outbreaks.
• Experience with tools for pushing McAfee Antivirus to endpoints and servers.
• RF Link Reports Management and Basic Troubleshooting with the Installed Device, RADWIN.
• Creating a ticket for a user issue related to Windows and Mac operating systems, USB and network printers, and network in the HP ticketing tool.

Roles and Responsibilities:

• Install, upgrade, support, and troubleshoot Windows OS, authorized desktop applications, hardware, and peripheral equipment.
• Monitor, operate, manage, troubleshoot, and restore service to terminal service clients, and PCs with authorized access to the network.
• Monitor the performance of the computer systems, and address issues as they arise; install computer hardware and software on desktops to keep versions current.