SOC Analyst | SIEM |EDR |Threat Analysis|Email Security

Email: siemshyam@gmail.com
Phone: 9492736457
Summary:

Experienced IT Professional with 4.8 years of overall experience, in which Security

operations Center Analyst with 4.8 years of working in Incident Response and SIEM, IDS/IPS, Firewall
Log Analysis, Monitor System and Network Inspection tools, Administering and monitoring security
profiles, Threat analysis. Skilled in investigating Security Incidents and coordinating with teams to
contain a compromise situation, finding root cause for incidents, making/suggesting changes to
improve Security measures in an organization.

Work Experience:
Currently working as SOC Analyst in Suwin Software Solutions pvt. Ltd
From November 2016- Present
Daily Operations:

• My key role was to Perform Real-Time Monitoring, Investigation, log Analysis, Reporting and
Escalations of Security Events from Multiple log sources generated through Splunk and
Sentinel
• Create, modify, and tune the SIEM rules to adjust the specifications of alerts and incidents.
• Assist with the development of processes and procedures to improve security operations
functions, incident response times, analysis of incidents, and overall SOC functions
• Investigating and creating Quick searches and Reference Sets in Qradar for the security
threats and forwarding it to Onsite SOC team for further investigation and action.
• Having knowledge on creating Use cases and Fine tuning of rules in Qradar and Splunk for
triggering the offense.
• Determine the scope of security incidents and its potential impact to Client network by
recommending remediation steps all information and supporting evidence of security
events.
• Administrating variety of alerts with regards to IDS, Next Generation Firewalls, Anti-Virus,
Malware, Cnc Communication, Vulnerabilities, abnormal behaviours, suspicious activities,
traffic anomalies, malicious activities, unauthorized access triggered in SIEM tools
• Carrying out log monitoring and incident analysis for various devices such as Firewalls, IDS,
IPS, database, web servers and IDS/IPS, and Network Devices, Authentication Devices,
Endpoints, Email Gateway and other cloud hosted devices to make sure all the company
assets are free from external attacks.
• Work closely with business units to ensure that they know what and how to feed data into
Qradar and to create network hierarchy, classify Log Sources within the Splunk SIEM.
• Create, modify, and tune the SIEM rules to adjust the specifications of alerts and incidents.
• Maintain keen understanding of evolvinn5yg internet threats to ensure the security of client
networks.
• Analyzing the Network traffic in Cisco Sourcefire using the packet text and bytes and looking
for any external entity based on the snort rule
• Escalating the security incidents based on the client's SLA and providing meaningful
information related to security incidents by doing in-depth analysis of event payload,
 providing recommendations regarding security incidents mitigation which in turn makes the
customer business safe and secure.
• Handling DLP and Data exfiltration incidents on Symantec DLP and closing them with
appropriate categorization for different policies
• Monitoring the Exabeam alerts related to activities performed by users when accessing
suspicious Domains or Hosts and if there is unauthorized access including Insider threats,
credential-based attacks with the help of risk score
• Reviewing URL’s and categorizing them in Zscaler proxy to prevent users from accessing
malicious websites
• Expert in identifying and handling phishing attacks and Spam Emails by analyzing the
message headers, Attachments, URL’s through Cofense triage and taking actions
appropriately to block Sender, IP, Domain on firewall and email gateway and security tools
like Proofpoint and Cisco Umbrella
• Performing vulnerability Assessment and Management through Nexpose of complete assets
of the customer and coordinating with various team to mitigate the risk associated with the
assets based on CVSS score and other factors and ensure timely remediation of identified
vulnerabilities and Perform trend analysis to capture and highlight repetitive critical
vulnerabilities in environment.
• Working on CrowdStrike by evaluating them to identify risks and track findings for mitigating
risk and remediation of Threats and Malware by analyzing the detections with the help of
Hash, executed Application, File behavior, purpose of the file, Network information of the
file and then blacklisting the hash of the file based on the Reputation
• Performing threat Analysis in Crowdstrike by deep diving for threats, anomalies, IOC’s and
cyber-related disruptions on endpoints based on the tactic and technique.
• Determining IOC’s while threat hunting by correlating and analyzing a variety of application,
network and host-based security logs and determining the correct remediation actions and
escalation paths for each incident
• Work with the customer designated personnel to provide continual correlation rule tuning,
incident classification and prioritization recommendations.
• Creating and regularly updating the Standard Operating Procedure (SOP) documents
as per security incidents investigation.
• Preparing the metric reports for events generated by each tool and appropriate statistics
sending it to the client on weekly, monthly, and quarterly basis.

Skills:
•SIEM: Splunk,USM Alian Vault,Qradar
•Endpoint Detection and Response: Crowdstrike and Carbon Black
•Antivirus: Symantec Endpoint protection
•User Behavior and Analytics: Exabeam
•Email Security: proofpoint and Proofpoint Tap
•IPS: Cisco Sourcefire
•Packet Analysis: Wireshark, RSA Netwitness
•DLP: Symantec DLP
•Open-Source INT Tools: Virus Total | URLvoid | Abuse IPDB | Browserling | Cisco Talos |
IBM x- force | MX toolbox | Palo Alto | Cyberchef
Education:
 • B. Tech from Swami Vivekananda Institute Of Technology (JNTUH), EEE, Secunderabad in
2014.
• Board of Intermediate Education (M.P.C) from Narayana Jr. College, Kukatpally, in 2006
• Secondary School Certificate (S.S.C) from ZPHS School, Tallapudi(w.g Dist) in 2004
Declaration:

I hereby declare that the information furnished above is true to the best of my knowledge.

Date:
Signature: T ShyamKumar