Professional Documents
Culture Documents
Abhilash Maroju
Abhilash Maroju
Mob: (831)288-5535
Email: abhilash9.soc@gmail.com
Profile Summary:
WORK EXPERIENCE:
Developing and testing new correlation content and use cases using ArcSight filters,
rules, data monitors, active lists, and session lists.
Monitoring the logs of Bluecoat and analyzing it.
Monitoring the IDS alerts, mitigating the alerts for resolving the problems.
Working with McAfee, BrightCloud, SecureWorks, and submitting
The latest Signatures, DATs, to increase their protection for WB network.
Monitoring IDS and Taking reports from ArcSight and Splunk.
Monitoring database-using Imperva also managing Imperva.
Doing Malware Analysis, Analyzing the Files, rar, zip, doc, pdf, xls, and jpg.
Creating Daily, Monthly reports of various devices for WBG.
Manage Information Security Operations Center 24x7x365 basis
Monitor multiple security alert sources, identify and triage significant security
events,
Determine impact and threat severity, escalate according to established procedures,
and open.
Mobile applications (Android, iOS) security testing.
Monitoring through BMC Patrol, Site Scope.
Trouble tickets using the Case Management System.
Review & Monitor IDS, EPO, ArcSight, FireEye, Palo Alto and SecureWorks.
Conduct thorough investigative actions based on security events and remediate as
Dictated By standard operating procedures.
Participate in all the phases of incident response process, including detection,
containment.
Used data security tools (CyberArk, Cloakware, Guardium, PKI, RSA Secure ID, DLP,
digital signature) for securing the sensitive data.
Monitor corporate anti-virus infrastructure security alerts and reports.
Confirm threat classification of case assignments; escalate according to standard
operating procedures.
Where appropriate, submit malware from investigative work to anti-virus vendor
for new Anti-virus signatures, follow-up with vendor.
Worked on Cloud Security Products to ensure security of customer from cyber
attacks.
Working knowledge of HTTP(S), TCP/IP , DNS
Knowledge of various DDoS attack types (UDP/ICMP Flood, SYN Flood, HTTP Get
Flood, TCP Connection Attack, TCP Flag-based Attacks)
Participated in the product selection and installation of Qradar Security
Information Event Manager SIEM consisting of multiple collectors and a high-
performanceMS SQL database
Designed and implemented enterprise SIEM systems: centralized logging, NIDS,
alerting and monitoring, compliance reporting, based on IBM/ Qradar 7.0 SIEM.
Responsible for IBM Qradar SIEM monitoring and configuration aligned to internal
PCI and SOX controls
Working in 24 X 7 SOC operations in different shifts.
SYMANTEC, CA Sep 2014 - Dec 2015
Security Analyst
Used many tools like Imperva SecureSphere, Tripwire Novel sentinel, ArcSight,
eRetina, McAfee Foundstone, Source fire, McAfee Intrushield, Securesphere, Source
fire.
Learn Concepts Of Information Security That Covers Cyber Security, System
Administration, IT Auditing, Cyber Forensics, Data Center Management,
Cryptography, Scripting, Network Defense & Countermeasures (NDC).
Real time monitoring of Network Security components and devices such as
Firewall,IDS,IPS and windows server to correlate the logs as per client's
requirement.
Development of various co-relation Rules,Reports,Alerts,Active
Channels,Dashboard.
Building of rules in Arcsight based on client's use-cases.
Initial set-up, installation and implementation of new SIEM solution (IBM Qradar
Migrating existing Reports and Alerts from RSA envision to IBM Qradar.
Aggregate, correlate, and analyze log data from network devices, security devices
and other key assets using Qradar
Created SIEM dashboard for Qradar and reconciliation with Storage, Database
Server, Workstation and Server and Network Devices.
Assist multiple security projects with the goal of exceeding compliance objectives.
Qradar SIEM and Web Sense - Proxy
Responsible for maintenance, administration and configuration of the log
aggregation solution.
Along with creating custom views, reporting and automated alerting for both
operational and security use using Qradar.
Assisted with management and tuning of our perimeter Intrusion Prevention
Solution.
Network traffic visualization to facilitate monitoring and trending analysis.
Responsible for maintaining availability, reporting and communication of the SIEM
between it, its event-sources and the endpoints.
Analysis of various use cases in the Qradar console like Malware, AD related issues.
Managing Phishing Incidents from detection to takedown and providing analysis of
phishing.
Reporting malwares and blacklisted link and providing threat advisories of
malwares and patch.
Part of the SOC - 24x7 monitoring for Targeted phishing Sites using SIEM TOOL-
ArcSight, Watermark, Domain analysis, Brand Abuse websites and Abuse mail box.
I was managing the MIS and developing, uploading the website updates.
Updating security patches and also working as security administrator.
Monitoring using tools like BMC Patrol, Site Scope.
PROJECTS CARRIED:-
CERT-IN (Computer Emergency Response Team) Empanelment.
I was an active team member for CERT-In VA/PT to get CERT-In empanelment for
the organization.
ENTERPRISE SECURITY ARCHITECTURE.
Design a DMZ, And Implementing a Secure Environment with the Help of IDS
(SNORT), Firewalls, WHATSUP GOLD Tool, Tripwire, Imperva SecureSphere,
VMVARE ESXI and WSUS.
Email Security: -
Providing anti-spam, antivirus solution for Client. All the mails for the Client domain
and the legacy domains pass through these screening before reaching the exchange
servers for delivery. We block the spam mails at the gateway level and pass the
genuine mails only.
VAPT (Vulnerability Assessment and Penetration Testing).
Tools Used: Nmap, Nessus, GFI LAN Guard, Acunetix, Grendel, W3af, VEGA,
Metasploit Framework, SNORT, Havij, IPSEC, eRetina, McAfee Foundstone, PPTP,
L2TP and Wireshark,
Methodology: OWASP (Open Source Web Application Security Project)
Dos Attack and Prevention with the Help of Snort.
We have made a system as server and done DOS attack with the help of LOIC, and
see SNORT was working as IDS also used some other tools like Source fire, McAfee
Intrusion shield.
Website Security Audits.
Tools used: Nmap, Nessus, Webscarb, Hydra, Acunetix, Grendel, W3af
Methodology: OWASP (Open Source Web Application Security Project).
EDUCATION:
CERTIFICATIONS ACCOMPLISHED:
TECHNICAL TRAINING: