UTHAPPA B S

• Perform Phishing Email Analysis with SOC end to end Process (categorization to Quarantine emails)
• Hands on Experience in handling cloud security alerts generated from the source AWS Cloud trial , Cloud watch and amazon S3 buckets based on investigation about the activity.
• Monitoring and handing alerts related to DNS , Active directory , Trend Micro deep security , Threat connect domains , AWS alerts , Firewall and VPN etc on SIEM tool Splunk
• Hands on Experience in analysis of logs from FireEye HX EDR solution and Analyze logs using Redline tool.
• Perform Insider Threat Analysis of data leakage to external environment via online storage applications , Web Mail and USB transfers using Infotrace Mark Analyzer and Lanscope tools
• Experienced in Raw log Analysis and Drill Down for alerts investigation on Splunk
• 24x7 on-call support with the team in handling incidents and implementing security methodologies
• Managing the security incidents created and follow up till closure of security incidents on JIRA ticketing tool.
• Perform Incident response and management and carry out the life cycle of a incident by understanding the severity and analyzing the risk involved in the activity and followup the incident until closure.
• Good knowledge on Dashboard creation and Report Visualization on Splunk
• Preparing SOC report on weekly and monthly basis and creation of playbook (documentation) on confluence.
• Good basics with Red-Hat Linux Command line , working towards learning more in coming days.

Roles & Responsibilities

• Monitoring and analyzing security alerts generated by SIEM tool Splunk and IBM Qradar
• Perform Phishing Email Analysis.
• Ensure to identify potential true and false positives.
• Expertise in security incident handling .
• Monitor/Tune/Support several security monitoring platforms IPS/IDS, Next-Gen Firewall, Anti-Virus, WAF, DDOS, DNS , Active directory.
• Experience with incident response and process.
• Managing real Time log analysis, incident management and preparing internal incident tracker .
• Generation of reports to report to higher management.
• Delivering Managed Security Operational Services to customers and take technical ownership to deliver Security services and meet customer related SLA.
• Experience in Identity and access management , performing user provisioning and de provisioning , password management , Active Directory mail box creation etc.
• Preparing SOC report on daily basis, which includes all the security events and incidents.