Summary
Overview
Work History
Education
Skills
Certification
Personal Information
Disclaimer
Software
Timeline
Saurabh Suman

Saurabh Suman

Cyber Security
Gurgaon

Summary

A challenging growth-oriented position in a progressive organization, where I could contribute to the organization's success not only by my technical expertise but also through my innovative ideas and desire to achieve excellence in whatever I do and to obtain a full-time position in a progressive organization. And to establish myself as the best IT Security Professional and to help improve the overall security posture by providing and implementing innovative ideas and new technologies. Rational Senior Security Analyst with 12 years of experience enhancing operations for organizations through information systems solutions. Proven track record of transforming specific business goals related to growth and efficiency improvements into new system designs. Knowledgeable innovator known for recommending new technologies to enhance existing systems and introduce new systems.

Overview

12
12
years of professional experience
7
7
Certifications
1
1
Language

Work History

Senior Cyber Security Analyst

Expedia Group
Gurgaon
05.2022 - Current
  • Cultivated relationships with industry leaders and within company to share tips and information.
  • Researched and adopted new technologies to add value to existing offerings.
  • Content Development using Frameworks
  • SOC Process development
  • SIEM SME
  • IR T3 escalation handle
  • Creation of Playbooks on SOAR
  • EDR custom rule creation
  • Working on Sigma Rule implementations
  • Threat Intelligence operationalization
  • Threat Hunt

Cyber Security Engineer

Tower Research Capital LLC
Gurgaon
05.2021 - 03.2022
  • High Frequency trading Infosec Security, SOC and SIEM SME
  • Use Case Development by following MTTRE/Cyber Kill Chain Framework
  • SOC Process development
  • Azure Sentinel Subject Matter Expert
  • Dashboard, Alert, Correlation search Creation
  • Creation of Use-cases on ELK and Azure Sentinel
  • Good Knowledge of Kusto Query language for Azure sentinel, Log Analytics
  • Creation of the Rules/Alerts/Threat Hunting on Crowdstrike Falcon
  • Automation of Use-cases using Logic App (SOAR) & Creation of Security Playbooks
  • Knowledge of Azure DevOps, GitHUB, Terraform, Pipelines, CI/CD
  • Integration of devices, Windows and Non-Windows (Linux all flavours)
  • Log Validations of Security Devices and Custom applications (IPS, Symantec AV, Firewall etc )
  • Incident management, Forensic and L3 Monitoring Support
  • Vulnerability handling and zero-day vulnerability assessments
  • Participating in table top exercises
  • Onboarding new application logs on SIEM for monitoring after complete assessment
  • Weekly meeting, reports and presentation updates with CISO
  • Security Tools POCs
  • Incident management
  • Leading Complete Security Monitoring and Admin team.
  • Cloud Security Understanding
  • Basic knowledge of Python Scripting and Powershell
  • Automation knowledge
  • Static and Dynamic malware analysis using sandbox and custom python tools

Vice President

MSCI Inc. Mumbai
Mumbai
07.2018 - 04.2021
  • Finance Research Infosec Security, SOC and SIEM SME
  • Use Case Development by following MTTRE/Cyber Kill Chain Framework
  • SOC Process development
  • SPLUNK Component installation and App management
  • Azure Sentinel Subject Matter Expert
  • Splunk Query Language development
  • Dashboard, Alert, Correlation search Creation
  • Creation of Use-cases on Splunk and Azure Sentinel
  • Good Knowledge of Kusto Query language for Azure sentinel, Log Analytics, WDATP
  • Creation of the Rules/Alerts/Threat Hunting on Windows Defender ATP
  • Knowledge of Azure security Center
  • Automation of Use-cases using Logic App (SOAR) & Creation of Security Playbooks
  • Knowledge of Azure DevOps, GitHUB, Terraform, Pipelines, CI/CD
  • Integration of devices, Windows and Non-Windows (Linux all flavours)
  • SPLUNK admin responsibilities, automation and troubleshooting
  • Working knowledge of FireEye EDR
  • Log Validations of Security Devices and Custom applications (IPS, Symantec AV, Firewall etc )
  • Incident management, Forensic and L3 Monitoring Support
  • Vulnerability handling and zero-day vulnerability assessments
  • Participating in table top exercises
  • Onboarding new application logs on SPLUNK for monitoring after complete assessment
  • Weekly meeting, reports and presentation updates with CISO
  • Security Tools POCs
  • Incident management
  • Leading Complete Security Monitoring and Admin team.
  • Monitoring Alerts from O365, Azure and Microsoft Application security
  • Fundamentals of Azure Cloud
  • Cloud Security Understanding
  • Basic knowledge of Python Scripting and Powershell
  • Basic automation knowledge
  • Static and Dynamic malware analysis using sandbox and custom python tools

Manager

AXIS BANK, Mumbai
Mumbai
01.2018 - 07.2018
  • Banking Infosec Security, SOC and SIEM SME
  • Offense and Alert creation using Cyber kill chain framework
  • Build Block creation and Use of DSM and CEP
  • Experience in Flow devices implementations for QRadar
  • Content development
  • Integration of devices, Windows and Non-Windows (Linux all flavours)
  • PCAP implementation
  • Troubleshooting on SIEM health monitoring
  • Incident management
  • Deep knowledge on Security attacks and threat hunting
  • Forensics on incident to find out the RCA using Volatility
  • Handling escalated incidents
  • Presenting reports to management and CISO
  • Vendor management
  • Security Tools POCs

Deputy Manager

Reliance JIO, Mumbai
mumbai
10.2016 - 01.2018
  • Telecom Infosec Security, SOC and SIEM SME
  • Responsible for Incident investigation, incident management, change management and Problem management.
  • Correlation Rule Creation with internal device log and multiple device correlation based on kill chain framework
  • Analysing logs from respective security logs to drill down the investigation
  • Experience in log analysis from Firewall, HIPS,NIDS,Symantec AV, DHCP, DNS , WAF, Load Balancer logs sources
  • Gathering information and rectifying false positives
  • Coordinating with respective application owner/stakeholder/architect to understand the custom application behaviour and pin point the node for SOC monitoring by creating Correlating rules
  • Responsible for creating and following the SOC processes for different types of APTs
  • Awareness of latest vulnerabilities and threat
  • Good Network understanding
  • Malware Analysis and threat hunting
  • Participating in Cyber Drill conducted quarterly by RBI
  • Creation of Reports on SIEM performance, device integration, correlation rule effectiveness, incident tracking and presenting to APEX
  • Integrated Security tools, Unix servers, Windows servers with all different methods after learning the performance impact and business needs
  • Identification of un-supported data sources with SIEM, log analysis and custom parser deployment.
  • Extensive experience on McAfee Nitro SIEM, ELM management, Receiver configuration, data source on boarding with SIEM, troubleshooting SIEM issues, content development such as co-relation rules, dashboards, alarms, reports, ELM queries, etc. for Security Operations monitoring, monitoring threats and enforcing policy compliance, End device configuration and troubleshooting of SIEM.
  • Experience on Remedy ticketing tool
  • Responsible for SLA closure and RCA
  • Experience on POCs and sandboxing
  • Have experience in SOC L1 and L2 monitoring in past organisations
  • Hands on experience under client/server technology, web based applications, windows operating system administration, MS office 2007, 2003 suite and Unix/shell scripting.
  • Work effectively independently or/and as a part of team with minimum supervision have experience on shift roster management, on boarding new team members.
  • Managing team and assigning KPIs to individual and evaluating the performances
  • Experience in working 24*7
  • Currently learning Data Analytics on Plantir and SPLUNK and python script for automation

Senior Engineer

Happiest Minds, Mumbai
Mumbai
04.2016 - 10.2016
  • SOC and SIEM SME
  • Worked on SIEM (McAfee ESM)
  • Device management: Adding new log sources, device upgradation, creating correlation rules, writing parser, running reports.
  • Correlation Rule creation
  • Coordinating with clients on various SOC processes.
  • Operations and procedures relating to security events
  • Monitoring and analyzing different types of logs.

Systems Engineer

TCS, Pune, India
Pune
08.2014 - 03.2016
  • Security Analyst and security tool SME
  • Was part of transition team, responsible for taking the transition (understand all the process and procedures followed)
  • Responsible for creating SOC operation by coordinating with Client.
  • Cyber Investigation
  • Exposure to interact with clients round the globe
  • Provide daily SOC status update directly to the client
  • Analyzing and providing remedies for the vulnerabilities reported in vulnerability scan.
  • Knowledge of vulnerabilities
  • Worked on SIEM
  • Device management: Adding new log sources, device upgradation, creating correlation rules, writing parser, running reports.
  • Operations and procedures relating to security events
  • Monitoring and analyzing different types of logs.
  • Worked on URL Filtering (McAfee Web Gateway)
  • Configuring URL Filtering rule set.
  • Configuring SSL scanning.
  • Daily health checkup.
  • Allowing user access to specific URL’s.
  • Working closely with TRA’s to help them understand the risk.
  • New rule set creation
  • Upgradation of device
  • Troubleshooting
  • Worked on Antivirus (Symantec End Point Protection)
  • Experience on working on Malware analysis through ATD
  • Continuous monitoring of the entire system and rectify the defects pro-actively.
  • Evaluate and implement security software tools.
  • Functional creation of various daily, weekly and monthly reports.
  • Device Management and upgradation of ePO
  • Knowledge of DRM tool, Gigatrust
  • Knowledge of implementing LogRythm tool

Senior Systems Engineer

Infosys Limited, Pune, India
Pune
02.2012 - 08.2014
  • Security Operations and Compliance
  • Vulnerability scanning using Qualys scanning tool.
  • Experience on baselines policy review.
  • Analyzing and providing remedies for the vulnerabilities reported in vulnerability scan.
  • Working on multiple flavors of UNIX.
  • Worked as a part of the team, which had setup, configured LDAP server (on Linux machine) to help authenticate a windows user by a LDAP server hosted on a Linux machine.
  • Coordinating with onsite team and client to understand and gather the requirement.
  • Operations and procedures relating to security events.
  • Knowledge of vulnerabilities
  • Knowledge of tripwire.
  • Monitoring and analyzing different types of logs (e.g Syslogs, File change logs) using UNIX Shell Scripts, SPLUNK, OSSEC etc.
  • Analyzing and providing remediation for baselines logs from UNIX servers.
  • Hands on experience on Microsoft Excel, Word and Power Point.
  • Functional and Non-Functional testing of the tools developed.
  • Continuous monitoring of the entire system and rectify the defects pro-actively.
  • Evaluate and implement security software tools.
  • Single handedly looking after client portal hosted in IS Confluence Wiki.
  • User access management using OpenLDAP (users/groups creation/deletion/modification)
  • Functional Worked in Github.
  • Functional Creation of various reports.
  • Newsletter – Which gives overall security posture of a particular quarter.
  • Inventory – List of in-scope systems.
  • Reminder sheets – This is for timely remediation of risk identified on vulnerability assessments.
  • Performance Metric Sheet – Used for calculating the monthly productivity of the team.

Education

B.E Mechanical Engineer - Mechanical Engineering

Swami sarvanand giri panjab university regional center, Panjab university
  • Duration: 2007-2011
  • Aggregate: 72.88

Skills

Incident Response

undefined

Certification

CEH

Personal Information

  • Passport Number: J8511667
  • Father's Name: Narendra kumar jha
  • Mother's Name: Rekha jha
  • Date of Birth: 04/07/1989
  • Gender: Male
  • Nationality: Indian
  • Marital Status: Married

Disclaimer

I hereby declare that the above-mentioned information is true to the best of my knowledge.

Software

SPLUNK

Sentinel

Qradar

MS Defender

Crowdstrike

DarkTrace

Python

Powershell

IDA Pro

SOAR

CI/CD

Azure

Timeline

Senior Cyber Security Analyst - Expedia Group
05.2022 - Current
Cyber Security Engineer - Tower Research Capital LLC
05.2021 - 03.2022
Vice President - MSCI Inc. Mumbai
07.2018 - 04.2021
Manager - AXIS BANK, Mumbai
01.2018 - 07.2018
Deputy Manager - Reliance JIO, Mumbai
10.2016 - 01.2018
Senior Engineer - Happiest Minds, Mumbai
04.2016 - 10.2016
Systems Engineer - TCS, Pune, India
08.2014 - 03.2016
CEH
04-2014
Senior Systems Engineer - Infosys Limited, Pune, India
02.2012 - 08.2014
Swami sarvanand giri panjab university regional center, Panjab university - B.E Mechanical Engineer, Mechanical Engineering

Similar Profiles

  • Anna Ozmanova

    Anna OzmanovaAnna Ozmanova

    Account Manager at Expedia GroupAccount Manager at Expedia Group

  • Akshay Bhatia

    Akshay BhatiaAkshay Bhatia

    Software Development Engineer III at Expedia GroupSoftware Development Engineer III at Expedia Group

  • Srishti Gupta

    Srishti GuptaSrishti Gupta

    Customer Success & Partner Enablement at Expedia GroupCustomer Success & Partner Enablement at Expedia Group

  • CHANDREYI SAHA DAVIS

    CHANDREYI SAHA DAVISCHANDREYI SAHA DAVIS

    Global Vice President of Expedia Integrated Marketing, Consumer Insights, & Brand Analytics at EXPEDIA GROUPGlobal Vice President of Expedia Integrated Marketing, Consumer Insights, & Brand Analytics at EXPEDIA GROUP

  • Smriti Rana

    Smriti RanaSmriti Rana

    Technical Architect & Lead at Builder.aiTechnical Architect & Lead at Builder.ai

CREATE PROFILE
Saurabh SumanCyber Security