Home

Rishi - Information Security Analyst (SOC)

[email protected]

Location: Hedley, Texas, USA

Relocation: YES

Visa: H1B

SUMMARY: With over 9 years of experience, I have served as a Cybersecurity Consultant & Engineer, specializing in critical areas such as SIEM monitoring, threat analysis, incident response, and vulnerability management. Proficient in Security Operations Center (SOC) and Cyber Security Incident Response Team (CSIRT) roles, with a strong track record in incident handling, escalation management, and digital forensics. Demonstrated ability to safeguard organizations in a rapidly evolving cybersecurity landscape through the implementation of adaptable, comprehensive security measures. Proficient in incident response, ensuring swift and strategic actions that minimize potential damage during security breaches and safeguard organizations' assets and reputation. Proficient in SIEM monitoring and investigation, with a focus on fine-tuning and optimizing a wide range of security tools, including SIEM, endpoint, and proxy solutions, to enhance security incident monitoring and response capabilities. Skilled in proactively identifying and assessing threats, conducting comprehensive threat evaluations, generating detailed reports and incident documentation, correlating threat intelligence with open-source information (OSINT), conducting root cause investigations, collaborating with cross-functional teams, contributing to group efforts, and ensuring comprehensive threat operations coverage. Proficient in creating content and processes in SIEM systems. Compliance with industry standards and regulations is a top priority in my work. I've successfully guided organizations to meet and exceed requirements, including NIST, PCI-DSS, HIPAA, and FISMA, ensuring a robust security posture. Additionally, I'm dedicated to vulnerability management. By identifying, assessing, and mitigating vulnerabilities across systems and networks, actively coordinating with the Vulnerability Management team to expedite patching and resolution of identified vulnerabilities, aligning with industry best practices for proactive risk mitigation. TECHNICAL SKILLS: SIEM Tools: QRadar, Splunk , ArcSight EndPoint Security: Crowdstrike, Windows Defender ATP, Carbon Black, Symantec. Email Security: Proofpoint, Microsoft 365 Data Security: Box, Onedrive , Code42, Guardium Forensic Tools: FireEye, FTK Forensic Tool Kit Ticketing Tools: Cortex XSOAR, Service Now, IBM Qradar SOAR . IDS/IPS Tools: Snort, Sourcefire, Suricata Languages: C, Java, JavaScript, XML, Python, .Net, Perl, Shell Scripting Regulatory Compliance: NIST, PCI-DSS, HIPAA, FISMA Vulnerability Management: Metasploit, Nessus, Nmap Operating Systems: Windows, Unix, Linux, Mac OS PROFESSIONAL EXPERIENCE: Client: Kyndryl Inc Sep 2021 Present Senior Information Security Analyst Job duties: Member of an advanced threat detection and response team, proactively identifying threats within the organization Rapidly respond to security incidents, monitoring user activity, network events, and signals from security tools to identify events requiring attention, prioritization, and investigation. Hands-on experience in Windows, Linux, and network security, with a focus on identifying live intrusions and triaging security events in real-time. Proficient in handling alerts from various security systems, including: - Proofpoint alerts, ensuring email security and threat detection. - Azure alerts, monitoring and responding to security events in Microsoft Azure. - AWS alerts, securing cloud environments and detecting anomalies. - Defender alerts, protecting endpoints and responding to threats. - CrowdStrike alerts, managing endpoint security and threat hunting. Specialized in advanced sandbox analysis and malware deconstruction, effectively identifying, and dissecting complex malware to trace threat actors. Utilized sophisticated tools and techniques to analyze malware behavior, extract indicators of compromise (IOCs), and uncover the tactics, techniques, and procedures (TTPs) of adversaries. This critical analysis directly contributed to enhancing the organization's threat intelligence and bolstered defense mechanisms against sophisticated cyber threats. Played a key role in designing playbooks and process diagrams for day-to-day operations in the CSIRT (Cyber Security Incident Response Team), streamlining incident management and response workflows. Utilized XSOAR for security orchestration, automation, and response, ensuring efficient and standardized incident management. Proficiently managed and configured Splunk SIEM to analyze security data and detect anomalies. Led knowledge sharing and training for new recruits, enhancing team capabilities in cybersecurity. Conducted focused training sessions, effectively bridging knowledge gaps and fostering a collaborative learning environment to seamlessly integrate new team members. Proficient in applying advanced security frameworks including the Cyber Kill Chain, MITRE ATT&CK, and NIST standards for threat identification, analysis, and mitigation. Skilled in employing the MITRE ATT&CK framework for comprehensive threat modeling and adversary emulation, enhancing organizational security posture. Demonstrated expertise in aligning cybersecurity strategies with NIST guidelines to ensure robust security infrastructure and compliance. Other responsibilities include: - Reviewing security alerts and evaluating urgency and relevancy. - Performing initial security investigations and triage. - Following incident escalation playbooks. - Implementing and communicating security policies and procedures. - Requesting or running vulnerability scans and reviewing assessment reports. - Ensuring compliance with SLAs, process adherence, and process improvement to achieve operational objectives. - Ability to backfill other security roles as required. Environment: Splunk, Defender ATP , Crowdstrike, Recorded Future, Proofpoint, Microsoft 365, Onedrive, Code 42, Cortex XSOAR. Client: IBM Sep 2016 Aug 2021 Information Security Analyst Job duties: Working with Qradar "no signature" Investigations, Analyst Findings, and Development in threat analysis team protecting over large assets in a global cyber operations group across US infrastructure. Led a diverse team of cybersecurity professionals based in India, focusing on collaborative threat analysis and response strategies, resulting in a 25% increase in threat detection accuracy and a significant enhancement in team productivity. Fine tuning the SIEM and EDR consoles based on the threats detected and eliminating False positives. Utilizing Qradar and EDR for log collection, analysis, risk mitigation, and thwarting hacking attempts against the organization. Successfully prevented data leaks and protected the firm's reputation on numerous occasions. Demonstrated expertise in operating within diverse security environments, including Qradar, Symantec, Malwarebytes, Blue Coat, Carbon Black, CrowdStrike, Windows ATP, Recorded Future, and Resilient. Skilled in leveraging these platforms for effective threat detection, analysis, and mitigation. Excelling in hunting for prudent threat discovery, conducting threat evaluation (including variability analysis), drafting incident reports, performing OSINT and threat intelligence correlation, investigating root causes, making group contributions, collaborating across groups, providing comprehensive threat operations coverage, and creating Splunk content and processes. Played a key role in the implementation and optimization of Windows ATP in the organizational environment, leading to improved endpoint security and threat intelligence. Proficient in conducting advanced incident response activities using tools like ATP, Carbon Black and CrowdStrike, leading to a reduction in response time significantly. Leveraged Recorded Future for proactive threat intelligence gathering and analysis, resulting in enhanced predictive capabilities and preemptive threat mitigation strategies. Detecting Locky ransomware, zero-day attacks, and other threats without known signatures while reducing the attack surface. Monitored and analyzed Guardium alerts to identify potential security breaches, leading to a 30% reduction in false positive rates and enhancing the overall efficiency of the threat detection process. Managed Box Shield alert configurations and response strategies, successfully preventing data leaks by proactively addressing over 200 advanced threat scenarios, thereby safeguarding sensitive organizational data. Played a key role in integrating multiple security platforms (e.g., Qradar with Carbon Black and CrowdStrike) for a unified and robust security posture. Participating in one-on-one knowledge transfer sessions to discuss the context of threat-based results, pivoting techniques, enhancing analysis, and improving team accuracy, thereby streamlining escalation procedures. Collaborated teams in India, US and Europe by setting up interactive global work environment and mitigating the threats based on the priority. Environment: Qradar, Symantec, Malwarebytes, Blue Coat, Carbon Black , Crowdstrike, Windows ATP, Recorded Future, Box, Resilient. TCS, Hyderabad, INDIA. July 2012 July 2014 Systems Security Engineer Job duties: Facilitated the coordination of technical projects by acting as a liaison between the business users and various technology groups. Exchange Administrator and Active Directory Engineer Performed T2/T3 Exchange duties as required, including service outage response. Drafted SOP policy and troubleshooting manual for engineers and administrators to expedite resolution, diagnose Exchange system failures, and address SLA issues. Triage to root-cause analysis and network forensics on servers to dispute ticket resolution, management conflicts, and create in-depth understanding for fellow admins and create analysis reports to deconflict management-to management resolution across service departments. Implement and maintain security measures to protect computer systems and data from unauthorized access. Certifications: CASP+ Microsoft Security Operations Analyst CCFR CCNA Education: Master of Science in Information Systems | University of Texas at Dallas, Richardson, TX. Keywords: cprogramm Texas