Over a decade of experience in Cybersecurity specializing in information security management, systems support and administration. Committed to contributing to a cyber-resilient environment.
Overview
15
15
years of professional experience
Work History
SIEM Specialist
Optus Pty Ltd - Wipro Technologies
02.2016 - Current
Migrating current SIEM solutions to PaloAlto Cortex XSIAM
Working on a Detection Engineering program to write Sigma-based rules using MITRE ATT&CK framework in a DevSecOps approach
Integrated over 5,000+ log sources into the Elastic, Logstash, Kibana (ELK) cluster, covering diverse OS, DB, Network, Cloud and Application logs
Onboarded cloud services, including GCP, Azure, and Salesforce, into the SIEM environment
Configured and managed input, filter, and output pipelines across 16 Logstash instances, ensuring continuous monitoring and error management
Managed indexing, lifecycle policies, mapping, rules, and dashboards for two different ELK clusters in Kibana
Implemented Elastalert for alerting with Elastic, integrated with Gitlab for version control
Utilized Splunk to ingest 500+ log sources, create dashboards, and monitor incidents
Conducted a FortiSOAR proof of concept, developing four playbooks post-integration
Played a key role in support and investigations during major security incidents
Engaged with internal and external auditors annually to ensure compliance with security standards
Fostered positive working relations with Project Managers, SMEs, Observability, DevOps, and Infrastructure teams (Unix, Windows, Databases, Citrix, VMware)
Created extensive documentation in Confluence, including 30+ guides, playbooks, and configuration documents aligning with security requirements
Collaborated with various teams to develop Business Continuity Plans (BCP) and corresponding documentation
Completed a project to onboard 350 priority databases in record time
Led the onboarding of 25 critical internet-facing application logs within a 3-month deadline and developed dashboards in Splunk specifically to monitor these applications and their alerts
Migrated SIEM from ArcSight to ELK, managing 3,000 log sources, capacity planning, and rule migration
Managed ArcSight infrastructure including 9 Connector servers handling diverse log sources like File, Database, Cloud (AWS & GCP), Unix, Windows, and network devices, 4 Loggers ingesting 8,000 EPS and built 40+ use cases in ESM
Trained 10+ interns and graduates on various aspects of cybersecurity and the environment who all turned out to be excellent collaborators
L2 Admin
Incident Response Center - Wipro Technologies
08.2015 - 01.2016
Working as part of the Incident Response Center which is responsible for monitoring and securing Wipro's extensive internal network spanning 5+ states in India, encompassing over 40 offices
Utilized QRadar SIEM along with various other security tools like FireEye, Sourcefire, Bluecoat etc. for proactive monitoring, detection and investigation of security incidents
Handled incident management and utilized multiple tools to analyze and mitigate threats including assigning offences for resolution based on severity and impact
Worked on refinement of rules in QRadar by incorporating insights from incident feedback and demonstrated initiative by creating multiple dashboards
Administrator
Daimler India Commercial Vehicles - Wipro Technologies
08.2015 - 10.2015
Successfully planned and executed the setup of ArcSight Express and Logger for a client
Successfully planned and executed the setup of ArcSight Express and Logger for a client, integrating 450+ devices within two months
Created flex connectors for seamless database integration, developed 10+ client-specific rules, and set up auto reports as per client expectations
Provided actionable insights into the client's security posture, aiding decision-making, and completed comprehensive documentation, including setup procedures and best practices
Completed a successful handover to the client SOC team, ensuring effective knowledge transfer for ongoing operations
SOC Engineer
Mobily Infotech
08.2012 - 06.2015
Worked as part of the Incident Response Center, monitoring and securing Wipro's extensive internal network across 40+ offices in 5+ Indian states
Utilized QRadar SIEM and tools like FireEye, Sourcefire, and Bluecoat for proactive monitoring, detection, and investigation of security incidents
Managed incidents, analyzed and mitigated threats, and assigned offenses based on severity and impact
Refined QRadar rules using insights from incident feedback and demonstrated initiative by creating multiple dashboards
IPCC Support Engineer
IPCC - Telelogix
10.2010 - 07.2012
Responsible for upkeep of all Cisco hardware in use at the call center, ensuring seamless operations and minimizing downtime
Troubleshooting issues with Cisco IP Phones 7941 and 7942, resolving hardware and connectivity problems promptly
Identified and resolved errors with CTI applications and Globitel Speechlog on desktops of agents, ensuring smooth and uninterrupted call center operations
Maintained a comprehensive stock and database of Phones/IDs in use, optimizing resource allocation and facilitating efficient hardware management
Administered Cisco Unified Communications Manager (CUCM), handling tasks such as adding, removing and maintaining the database of call center agents
Collaborated with vendors to troubleshoot and upgrade components in the server room, including HP MCS 7825 Servers