Subrato Kumar

• Experienced in Azure Sentinel in collecting and analyzing security logs into Log Analytics generated by Azure Active Directory, Security Events, Amazon Web Services, Office 365 and Syslog, Proof point in on-premises environments.
• Experienced in investigating the alerts to detect malicious activity in Azure Sentinel SIEM by using the
• Virus total, Abuse IPDB, IP Void, URL Void, URL Scan, MX Tool, and Hybrid-Analysis.
• Working experience on Azure Active Directory Data connectors in collecting its logs and monitoring the user's Authentication, New users created, removed, etc.
• Creating alerts based on the business requirements.
• Having knowledge of Kusto Query Language.
• Knowledge of playbooks in automation by using logic apps, and workbooks for visualization of the business dashboards.
• Perform Cyber threat intelligence operations including intelligence collection (IOCS), tracking threat actors, identifying, and tracking malicious infrastructure.
• Excellent in managing project activities and also a good team player independently.
• Working in Security Operations Centre (24*7), monitoring of SOC events, Detecting and Preventing the Intrusion attempts. Have Hands-on experience on SIEM tools like Monitoring real-time events and analyzing Security Monitoring and Operations through Splunk, QBadar LogRhythm. Analyze and investigate the alerts in SOC monitoring tool to report any abnormal behaviors, suspicious activities traffic anomalies etc.
• Using AV and other analysis tools to perform Malware Analysis and complete removal of malware from client's environment.
• Differentiate the false positives from true intrusion attempts and help remediate/prevent. Document all actions taken during incident investigations.
• Knowledge on email security threats and security controls, including experience on analyzing email headers, attachments and URL's Responsible for triage of a variety of alerts from Malware or Phishing attempts.
• Analyze and investigate the alerts in SOC monitoring tools to report any abnormal behaviors, suspicious activities, traffic anomalies, malicious activities, unauthorized access etc.
• Create formal incidents and support the investigation of such incidents to not only mitigate the current threat but also prevent future occurrence. Recognizing attacks based on their signatures.
• Monitoring DLP Incidents and escalating incidents to concern team if any Data-exfiltration happens. Generating reports based on cases triggered on Weekly, Monthly basis and providing it to the clients.
• Using various security tools to perform monitoring and analysis of security events to detect security risks and threats within established customer Service Level Agreements.
• Escalating the security incidents based on the client's SLA for real time alerting, response and providing information by doing in-depth analysis of event payload, security logs and providing recommendations which in turn makes the customer business safe and secure.
• Differentiate the false positives from true intrusion attempts and help remediate/prevent. Worked on network analysis tools, scripts, Vulnerability Assessment tools to gather logs on security incidents in the environment.
• Actively investigates the latest security vulnerabilities, advisories, incidents, and notifies clients when appropriate.
• Working on Windows Security Logs as well as logs from IDS/IPS, HIDS, DLP, Cisco ASA, Next Generation Firewalls, Anti-Virus/Malware, Active Directory Integration.
• Monitor the networks of clients using our SIEM, ensure the availability of said infrastructure and recommend solutions that would improve the security posture of the clients.
• Assist with the identification, creation and refinement of the team processes and procedures. Stay abreast of current threats and vulnerabilities, particularly those that may directly impact the Environment.
• Amazon Web Services Security
• Proficient in designing and implementing AWS Identity and Access Management (IAM) policies, ensuring granular access controls and least privilege principles.
• Proficient in designing and implementing AWS Identity and Access Management (IAM) policies, ensuring granular access controls and least privilege principles.
• Extensive experience configuring AWS Security Groups and Network Access Control Lists (NACLS) to secure network communication and enforce firewall rules.
• Implemented AWS CloudTrail for auditing API calls and tracking changes in the AWS environment, enhancing transparency and accountability
• Strong understanding of Virtual Private Cloud (VPC) security, including subnetting, routing, and the use of security measures such as Network ACLS
• Implemented robust encryption solutions using AWS Key Management Service (KMS) to protect data at rest and in transit, adhering to industry compliance standards. Utilized AWS Config for continuous
• monitoring of resource configurations, ensuring adherence to security policies and automating compliance checks. Developed and tested
• incident response plans for AWS environments, ensuring swift and effective response to security incidents, minimizing impact. Leveraged AWS Systems Manager for automated patching and maintenance tasks, enhancing the security and stability of EC2 instances.
• Coordinated and participated in penetration testing activities to identify and remediate vulnerabilities, ensuring a proactive approach to security.
• Implemented Multi-Factor Authentication (MFA) across AWS accounts, adding an extra layer of security to user authentication processes.
• Developed AWS Lambda functions for security automation, enabling proactive responses to security events and minimizing manual intervention. Conducted training sessions to enhance team members' awareness of AWS security best practices, fostering a security-conscious culture.
• Ensured AWS environments comply with industry-specific regulations and standards, maintaining a robust security posture aligned with organizational policies
• Maintained detailed documentation of security configurations, incidents, and response procedures, facilitating clear communication and knowledge sharing.
• Implemented proactive monitoring using Amazon CloudWatch for real-time visibility into AWS resources, aiding in the early detection of security anomalies.

• Azure Monitoring and Automation
• Responsible for supporting Log Analytics Workspace and Metrics for Azure monitoring
• Analysis of performance and configurations of Log Analytics Workspaces in Azure Monitoring
• Guiding them to troubleshooting and finding the root cause of the issues, suggesting mitigation steps and other responsibilities
• Working on Azure Automation and writing PowerShell script to automate different services in Azure as per requirement
• Integrating different type of resources (SQL DATABASE, SQL Server ITSM, Logic App, On prem Data gateway, Application Insights, Azure Kubernetes clusters) with Log Analytics workspace
• Collect data from different resources in Azure
• Analyze and Visualize Logs and metrics Data in Azure Monitor
• Deployment and troubleshooting of Containers using Azure Kubernetes Clusters and integrate with Log
• Analytics workspace to collect the logs
• Deployment of Virtual Machine scale sets and integrate with log Analytics workspace to collect the logs and troubleshoot it.
• Experience with Virtualization in cloud computing platforms like Azure
• Installing, Configuring and managing Virtual Machines with Windows platforms in Azure Portal
• Installing, Configuring and managing Virtual networks and implementing various network connectivity
• Configuration of Azure Virtual Networks, Subnets, DHCP, DNS, Network Security Groups, Load Balancers, application Gateway, and traffic manager
• Providing high availability for IAAS VMs and PAAS role instances for access from other services
• Implementing and managing azure back up and Disaster Recovery
• Generated monthly health checks reports of VM's in Log Analytics
• Managed different Azure policies including RBAC policies for different subscription
• Creation of Azure VM in an Availability Zone or Availability set with Portal
• Migration of Azure VM within different VNets, Resource groups, or different regions
• Created resource groups through Azure CLI and implemented Tags and logs of these resource groups
• Working with blobs, tables, queues, and file storage services
• Migrating disks from Standard storage account of same region as well as different region
• Migrating disks from One Storage account to another storage account of same region as well as different region
• Managing different types of data in Azure storage account with the help of Access tiers like Hot, Cool and
• Archive tiers Using Storage Management tools like Azure Storage Explorer or AZ copy to manage the data
• Understanding the Replication options in Storage account for data redundancy purpose
• Supports platforms to ensure a secured systems environment by researching security best practices and implementing remediation

GPA: 81.2