Vivekraj Urs BJ

• Worked as a Security Operations Lead (SOC); consulting & architecting the infrastructure security design &
implementation project; managing Cloud IT Operations for 200+ customers & escalations
• Managing all aspects of projects including planning, engagement & administration
• Understanding and knowledge of industry standards and industry frameworks (e.g., ISO 27001, MITRE ,NIST).
• Attending technical meetings, Change Control Boards, Technical Review Boards, and System Security Working Group meetings.

To address issues related to cyber security and vulnerabilities

• Lead Incident Response for high impact security Incidents.
• Driven a project to enable Threat Intelligence in Palo Firewalls and Web Application firewalls for the applications to secure
  the environment.
• Spearheading entire gamut of Information Security Operations including assessing the effectiveness of change management
  approach, managing incidents/problems related to the services offered and updating the incident/problem periodically with
  the actions/RCA to be undertaken throughout
• Providing consultancy on vulnerability findings and policy non-compliance remediation to relevant teams and distributing
  vulnerability status for necessary actions
• Participated in information gathering for forensic investigation for ransomware attacks. Helped Digital Forensics and Security
  Engineering
• Developed, documented, playbooks and executed threat hunting operations to detect known adversary TTPs.
• Monitoring the performance of multi-skilled work force and conceptualizing need-based training programs to enhance their
  efficiency & productivity.
• Take accountability to ensure adherence with Security and Compliance policies and procedures within Security Operations service scope.
• Using SIEM tools, security devices (firewalls, routers, servers, etc.) real-time events are monitored, analyzed and managed.
• Define deadlines, assign responsibilities, track project progress, and summarize results.
• Having extensive experience with EDR solutions like SentinelOne and CrowdStrike.
• Create reports on the state of the project for management.
• Actively investigate latest security vulnerabilities,incidents and advisories. Alerting the clients on identified threats either by sending advisories or by creating tickets in ticketing tool.
• Vulnerability data discovery and Validation.
• Prior experience Rapid 7 .
• Maintaining the compliance.

• Was the point of contact as Incident Response Lead looking at security Incidents.
• Attended ISO 20001-27001 certification, renewals, and IT security audits successfully
• Followed Incident Response process for all the Security Incidents.

EDR Management:

⮚ Installing, configuring, and deploying EDR endpoint agents.

⮚ Integration with SEIM leveraging the EDR App and syslog.

⮚ Executing POCs on the most recent agent version across multiple OS platforms.

⮚ Examining the performance challenges seen during POCs.

⮚ Validate whether the EDR Agent has been successfully installed and is reporting.

⮚ Preparing plans for agent upgrades.

⮚ Management of EDR Host and Host Group.

⮚ Working on threat hunting queries.

⮚ Defining exclusions based on the requirement.

⮚ Management of applications using an EDR solution.

⮚ Troubleshooting on Agents not communicating to console.

⮚ expertise in threat analysis and malware.

⮚ Defining Policy for Detection and Prevention.

⮚ Monitoring of Incident and Detection.

⮚ Defining policies on Real Time Response and Network Containment.

⮚ Defining device control policies in accordance with ISO and organization requirements. Review of EDR clients and identify rogue system without agents.

⮚ Incident Investigation

DLP Management

⮚ Attending Client Meeting for DLP requirement.

⮚ Implementation of DLP policies as per client requirement

⮚ Reviewing the policy as per the schedule and fine tune the policies for data in use and data in move.

ATP Management

⮚ Implementation & Integration of Advance threat protection tool.

⮚ Working on regular critical security incidents based on ATP report.

⮚ Ensuring and remediating the endpoints and ensuring infrastructure is secured.

Web Filtering Management

⮚ Managing multiple location server.

⮚ Creating policy based on the project/user requirement.

⮚ Random audits on internet access.

⮚ Roaming profile policy for laptops.

⮚ Software download restriction for license compliance.

⮚ Monthly configuration backup.

⮚ Time based policy for online trading sites.

⮚ Regular upgrades of patches and new release.

Vulnerability assessment

⮚ Monthly scanning of infra server for VA and Missing MS and application patches.

⮚ Generating reports of VA and Missing patches.

⮚ Co-ordination with respective team for patch deployment.

⮚ Find the gaps of VA and closing the same. ⮚Collecting,analyzing,interpreting,evaluating and integrating vulnerability data from multiple sources.