THUKARAM B

Cybersecurity Specialist with proficiency in online security research, planning, execution and maintenance. Skilled at training internal users on security procedures and preventive measures. Information Security Specialist with passion for aligning security architecture plans and processes with security standards and business goals. Extensive experience developing and testing security framework for cloud-based software. Versed in robust network defense strategies.

• Possess 6+ years of total experience under which having 4+ years as a SOC Analyst L1 in SOC monitoring, alerting, Incident Response and Investigation using IBM QRADAR and AZURE SENTINAL.
• A versatile, accomplished & goal-oriented professional with Cyber Security, Data Security, Infrastructure Security, Cloud Security, Networking with a leading organization of repute in IT sector with proven track record of delivering consistent business results through adept leadership and application of sound management practice.
• Hands on experience on Mitre Attack Framework.
• Responsible for managing successful resolution of Incidents within defined Service Level Agreements. This includes the escalation, communication and management of all Incidents and monitoring of other open Incidents, Service Requests.
• Monitoring all security alerts – Review the alerts and handle them as per the process. This involves working with different groups and ensuring that all the alerts are closed in a timely manner. Also contributes to the process improvements via Qradar.
• Investigating, analyzing and remediating Security Incidents via Qradar.
• Analysis of malicious attacks, incidents, vulnerabilities, Fraud Detection.
• Responsible for Handling and mitigating attacks related to Malware, Viruses, Spoofing, Phishing,Spam and Email Monitoring.
• Familiar with emerging security threats, malwares & their attack vectors.
• Follow Cyber Kill Chain Model to detect and react to Security Incidents
• Worked on Risk Alignment with use cases based on Cyber Kill Chain.
• Creating Queries, Reports and Basic Rules (Testing environment) in Qradar.
• Creating TTPs for new malware and attacks.
• Handling Cyber Threat Intelligence Emails and taking required mitigation steps
• Prepare daily, monthly and yearly reports and send to Business.
• Daily check on malicious Ioc’s shared by Cyber Threat Intelligence.
• Coordinating with On-call, Threat Intelligence for analysis of the threat related issues.
• Handling Spear Phishing Attacks, advanced fee frauds and ensuring Spam Management within SLA
• Windows Log source troubleshooting.
• Tracking, reporting, and controlling incident communications with other teams.
• Working in Security Operation Center (24x7), monitoring of SOC events, detecting and preventing the Intrusion attempts.
• Experience in understanding the logs of various network devices (Routers, IDS/IPS, Firewall), operating system (Windows).
• Experience on SIEM (Security Information and Event Management) tools like Monitoring real-time events using IBM QRADAR.
• Sound Experience in Monitoring & Investigating the incoming Events in IBM QRADAR.
• Preparing reports as per client request, preparing daily, weekly and monthly report as per client requirement.
• Recognizing attacks based on their signatures.
• Reporting weekly / monthly dashboards to customer.
• My understanding of any business requirements and implementing it from a technical stand-point converts my projects and tasks to success endeavors in a team.
• Monitoring, analyzing and responding to infrastructure threats and vulnerabilities.
• Ad hoc report for various event sources customized reports and scheduled reports as per requirements.
• Experience in cyber - attack methods, perform analysis of security logs to detect unauthorized behavior and provide daily reports to SOC Lead.
• Monitoring of SOC events, detecting and preventing the Intrusion attempts.
• Collecting the logs of all the network devices and analyze the logs to find the suspicious activities
• Investigate the security logs, mitigation strategies and responsible for preparing generic security incident reports.
• Responsible for preparing the root cause analysis reports based on the analysis
• Generating the Daily, Weekly, Monthly reports from IBM QRADAR.
• Analyzing daily, weekly and monthly reports.
• Ad-hoc reports as and when what client requires, monitoring its health etc.
• Creating the tickets using CA Service Desk.
• Creating case for the suspicious issue and forwarding it to Onsite SOC team for further investigation.
• Well versed Understanding of common network services (web, mail, FTP, etc.), network vulnerabilities, and network attack patterns
• Experience in performing log analysis and analyzing the critical alerts from a security approach.
• Investigate and create cases for the security threats while performing initial triage and escalate for further investigation and mitigation.
• Identifying the malicious URL’s and suspicious IP’s from IDS events generated and also blocking the malicious website on proxies to prevent further download of the virus if any user access.
• All the suspicious URL’s, mails files were tested in isolated machine will avoid spreading malware/virus on the company's network.
• Investigate the Phishing & suspicious E-Mail using the Email Headers and get the suspicious senders clocked at the mail filters with help of Proofpoint or reported by the users
• Analyse the virus alerts triggered by the SEPM and provide the remediation steps to client Services Team and get the suspicious issue fixed.
• Reporting Suspicious and Malicious events to the concern departments in preparing defensive action against the fraudulent hosts.
• Responsible for Handling and mitigating attacks related to Malware, Viruses, Spoofing, Phishing, Spam and Email Monitoring.