Veeresh Hiremath
Bengaluru
Summary
With over 4+ years of hands-on experience, successfully securing network environments using top-notch SIEM tools such as QRadar, Splunk, and Azure Sentinel. Expertise in Information Security, with a specific focus on security operations, log monitoring, log management, incident management, and security event analysis through the use of Sentinel and Splunk SIEM.
Overview
4
4
years of professional experience
1
1
Certification
Work History
Information Security Analyst (SOC)
Evolent Health
03.2021 - Current
- Provide Global Security Operations Center (GSOC) support.
- Experience working with global teams across multiple time zones, cultures, and languages and mostly supported MNC clients.
- Analyzing the phishing Emails which are reported by the employees and performing phishing campaign.
- Analyzing the DLP related incidents and identifying any possible data leakage, taking the quick actions to mitigate data leakage.
- I have actively participated in the POC of FortiSOAR solution
- Monitoring and responding to Cloud infrastructure logs AWS Cloud trail, Cloudwatch, Defender for Cloud etc
- Having experience in analyzing the raw logs, PCAPS and writing the regular expressions to extract fields out of it
- Track and respond to all incoming alerts from the SOC, the MSSPs, and the systems monitored directly by the Security Operations team
- Perform tier 2 triage of all escalations from the SOC & MSSPs, tier 1 triage of all alerts that are directly monitored, and work with Security Engineering for all escalations beyond the Security Operations team
- Monitor multiple security alert sources, eliminate false positives from Splunk, Sentinel SIEM, based on the impact and nature of the Security incident triage significant security events, and escalate according to the established procedures.
- Review automated daily security events, identify anomalies and escalate critical security events to the appropriate IT Team and follow up as required.
- Investigate the root cause of the incident from different logs.
- Monitor security devices log delay alarm to keep the device in a healthy state using SIEM
- I have good experience managing the incidents from Crowdstrike, MS defender EDR
- Good understanding of MITRE ATT&CK framework -Threat Hunting, Incident Detection and Response, use case engineering, Designing and implementing IR Playbooks, Curating Threat Intelligence.
- Security incident response spam email analysis education Analyze event/alert patterns to properly interpret and prioritize threats with available DLP tools and other devices
- Identify trends and derive requirements aimed at improving and enhancing existing data loss prevention and detection policies
- Creating the incident report and send across to the management.
- Conduct thorough investigative actions based on security events (Real-time incidents: SQL injection, cross-site scripting, Trojan, server attacks, etc.) and remediate as dictated by standard operating procedure
- Dashboards, reporting, & KPIs Perform routine (daily, weekly, monthly, quarterly, & yearly) reporting on our security events, trends, and system hygiene & posture, such as on our IaaS environments & critical SaaS environments
- Build the system & configuration components needed to capture the metrics by which security hygiene, monitoring & alerting health, and security program effectiveness are measured
- Presenting daily status report to the customers and completing the action items requested by the customers
- Track our KPI elements over time such that KPI trends can be determined & used as feedback to the security program design
- Having good experience in analyzing the traffic in Panorama and Wildfire for file analysis
- Collaborated with IT teams to ensure seamless integration of security measures into existing infrastructure.
Education
Bachelor of Engineering -
SDM College of Engineering And Technology
09-2020
Skills
- SIEM : Splunk, AZURE Sentinel, Qradar
- EDR/XDR : Crowdstrike, Defender
- SOAR : FortiSOAR
- Email Gateway : Microsoft o365, Proofpoint
- Malware Analysis : Falcon Sandbox, Wildfire
- Vulnerability Assessment : Qualysgaurd, Nessus
- ITSM : Service Now, Jira
- IDS/IPS : Cisco Firepower, PaloAlto
- OSINT Tools: MxToolbox/Abuse IPDB/VT/URL Void/Any Run/ Cyber Chef, Sysinternals, PE studio
Certification
Splunk Core User Certified
Qualysgaurd Certified
ArcSight Analyst Certified
Fortinet NSE1 and NSE2 Certified
AZ-900
Additional Information
- in Monitoring & Investigating the incoming Events in the QRadar and Splunk. Analysing the detections and incidents from EDR solutions like Crowdstrike, MS defender and containing the machines and providing real time response Experience of working in 24x7 operations of SOC team, offering log monitoring, security information management, global threat monitoring. Having experience in handing incident response in Linux OS and troubleshooting accordingly Good understanding of log formats of various devices such as Web sense, Vulnerability Management Products, IDS/IPS, EDR, Firewalls, Routers, Switches, OS, DB Servers, and Antivirus Experience in generating Daily, Weekly & Monthly Reports from QRadar and Splunk. Exposure to Ticketing tool like Service Now. Agile in investigating security threats such as Malware Outbreaks, DDOS, OWASP T-10 and Phishing Analysis on the network. Hands-on Experience on various vendors of Security devices like IDS/IPS, Proxy, Endpoint, DLP etc. Monitor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation. Recognize potential, successful, and unsuccessful intrusion attempts and compromise thorough reviews and analyses of relevant event detail and summary information. Identifying and investigate/resolve data exfiltration and phishing events. Identifying emerging threat tactics, techniques and procedures used by malicious cyber actors and publish actionable threat intelligence for business and technology management.
Languages
English
Bilingual or Proficient (C2)
Hindi
Native or Bilingual
kannada
Bilingual or Proficient (C2)
Timeline
Information Security Analyst (SOC)
Evolent Health
03.2021 - Current
Bachelor of Engineering -
SDM College of Engineering And Technology
Similar Profiles
Kimberly Kelly-BuddKimberly Kelly-Budd
Utilization Review Nurse at Evolent HealthUtilization Review Nurse at Evolent Health
Jaylah ParrishJaylah Parrish
Coordinator, UM Intake at Evolent HealthCoordinator, UM Intake at Evolent Health
Maria WolfMaria Wolf
Field Medical Director at Evolent HealthField Medical Director at Evolent Health
Kimberly StephensonKimberly Stephenson
Client Service Representative (Remote) at Evolent HealthClient Service Representative (Remote) at Evolent Health
Bharath Reddy KBharath Reddy K
Lead Securities Analyst at Wells FargoLead Securities Analyst at Wells Fargo