Cheryl Varghese
Security Analyst
Sydney
Summary
Over a decade of experience in Cybersecurity specializing in information security management, systems support and administration. Committed to contributing to a cyber-resilient environment.
Overview
15
15
years of professional experience
Work History
SIEM Specialist
Optus Pty Ltd - Wipro Technologies
02.2016 - Current
- Migrating current SIEM solutions to PaloAlto Cortex XSIAM
- Working on a Detection Engineering program to write Sigma-based rules using MITRE ATT&CK framework in a DevSecOps approach
- Integrated over 5,000+ log sources into the Elastic, Logstash, Kibana (ELK) cluster, covering diverse OS, DB, Network, Cloud and Application logs
- Onboarded cloud services, including GCP, Azure, and Salesforce, into the SIEM environment
- Configured and managed input, filter, and output pipelines across 16 Logstash instances, ensuring continuous monitoring and error management
- Managed indexing, lifecycle policies, mapping, rules, and dashboards for two different ELK clusters in Kibana
- Implemented Elastalert for alerting with Elastic, integrated with Gitlab for version control
- Utilized Splunk to ingest 500+ log sources, create dashboards, and monitor incidents
- Conducted a FortiSOAR proof of concept, developing four playbooks post-integration
- Played a key role in support and investigations during major security incidents
- Engaged with internal and external auditors annually to ensure compliance with security standards
- Fostered positive working relations with Project Managers, SMEs, Observability, DevOps, and Infrastructure teams (Unix, Windows, Databases, Citrix, VMware)
- Created extensive documentation in Confluence, including 30+ guides, playbooks, and configuration documents aligning with security requirements
- Collaborated with various teams to develop Business Continuity Plans (BCP) and corresponding documentation
- Completed a project to onboard 350 priority databases in record time
- Led the onboarding of 25 critical internet-facing application logs within a 3-month deadline and developed dashboards in Splunk specifically to monitor these applications and their alerts
- Migrated SIEM from ArcSight to ELK, managing 3,000 log sources, capacity planning, and rule migration
- Managed ArcSight infrastructure including 9 Connector servers handling diverse log sources like File, Database, Cloud (AWS & GCP), Unix, Windows, and network devices, 4 Loggers ingesting 8,000 EPS and built 40+ use cases in ESM
- Trained 10+ interns and graduates on various aspects of cybersecurity and the environment who all turned out to be excellent collaborators
L2 Admin
Incident Response Center - Wipro Technologies
08.2015 - 01.2016
- Working as part of the Incident Response Center which is responsible for monitoring and securing Wipro's extensive internal network spanning 5+ states in India, encompassing over 40 offices
- Utilized QRadar SIEM along with various other security tools like FireEye, Sourcefire, Bluecoat etc. for proactive monitoring, detection and investigation of security incidents
- Handled incident management and utilized multiple tools to analyze and mitigate threats including assigning offences for resolution based on severity and impact
- Worked on refinement of rules in QRadar by incorporating insights from incident feedback and demonstrated initiative by creating multiple dashboards
Administrator
Daimler India Commercial Vehicles - Wipro Technologies
08.2015 - 10.2015
- Successfully planned and executed the setup of ArcSight Express and Logger for a client
- Successfully planned and executed the setup of ArcSight Express and Logger for a client, integrating 450+ devices within two months
- Created flex connectors for seamless database integration, developed 10+ client-specific rules, and set up auto reports as per client expectations
- Provided actionable insights into the client's security posture, aiding decision-making, and completed comprehensive documentation, including setup procedures and best practices
- Completed a successful handover to the client SOC team, ensuring effective knowledge transfer for ongoing operations
SOC Engineer
Mobily Infotech
08.2012 - 06.2015
- Worked as part of the Incident Response Center, monitoring and securing Wipro's extensive internal network across 40+ offices in 5+ Indian states
- Utilized QRadar SIEM and tools like FireEye, Sourcefire, and Bluecoat for proactive monitoring, detection, and investigation of security incidents
- Managed incidents, analyzed and mitigated threats, and assigned offenses based on severity and impact
- Refined QRadar rules using insights from incident feedback and demonstrated initiative by creating multiple dashboards
IPCC Support Engineer
IPCC - Telelogix
10.2010 - 07.2012
- Responsible for upkeep of all Cisco hardware in use at the call center, ensuring seamless operations and minimizing downtime
- Troubleshooting issues with Cisco IP Phones 7941 and 7942, resolving hardware and connectivity problems promptly
- Identified and resolved errors with CTI applications and Globitel Speechlog on desktops of agents, ensuring smooth and uninterrupted call center operations
- Maintained a comprehensive stock and database of Phones/IDs in use, optimizing resource allocation and facilitating efficient hardware management
- Administered Cisco Unified Communications Manager (CUCM), handling tasks such as adding, removing and maintaining the database of call center agents
- Collaborated with vendors to troubleshoot and upgrade components in the server room, including HP MCS 7825 Servers
Skills
- SIEM - Cortex XSIAM, Elastic ELK, Splunk, Arcsight, Qradar
- Other tools – Microsoft Defender, Sentinel, FireEye, Phisme, Nessus
- Detection engineering
- Sigma rules
- Familiar with cloud environments AWS, GCP, Azure
- Incident response and management
ADDITIONAL INFORMATION
Visa: TSS 482
Timeline
SIEM Specialist
Optus Pty Ltd - Wipro Technologies
02.2016 - Current
L2 Admin
Incident Response Center - Wipro Technologies
08.2015 - 01.2016
Administrator
Daimler India Commercial Vehicles - Wipro Technologies
08.2015 - 10.2015
SOC Engineer
Mobily Infotech
08.2012 - 06.2015
IPCC Support Engineer
IPCC - Telelogix
10.2010 - 07.2012
Similar Profiles
Cheryl George VargheseCheryl George Varghese
SIEM Specialist at Optus Pty Ltd - Wipro TechnologiesSIEM Specialist at Optus Pty Ltd - Wipro Technologies
Alicia PattisonAlicia Pattison
Billing Team Leader at Optus Pty LTDBilling Team Leader at Optus Pty LTD
Rohit BhandariRohit Bhandari
Program Manager, Digital Networks - OSS at Optus Pty LTDProgram Manager, Digital Networks - OSS at Optus Pty LTD
Pujari UthpalaPujari Uthpala
Lead Consultant at Capgemini, AustraliaLead Consultant at Capgemini, Australia
Isabella FogartyIsabella Fogarty
Football Referee at Canterbury District Football AssociationFootball Referee at Canterbury District Football Association