Cheryl Varghese
Security Analyst
Sydney
Summary
Over a decade of experience in Cybersecurity specializing in information security management, systems support and administration. Committed to contributing to a cyber-resilient environment.
Overview
15
15
years of professional experience
Work History
SIEM Specialist
Optus Pty Ltd - Wipro Technologies
02.2016 - Current
- Migrating current SIEM solutions to PaloAlto Cortex XSIAM
- Working on a Detection Engineering program to write Sigma-based rules using MITRE ATT&CK framework in a DevSecOps approach
- Integrated over 5,000+ log sources into the Elastic, Logstash, Kibana (ELK) cluster, covering diverse OS, DB, Network, Cloud and Application logs
- Onboarded cloud services, including GCP, Azure, and Salesforce, into the SIEM environment
- Configured and managed input, filter, and output pipelines across 16 Logstash instances, ensuring continuous monitoring and error management
- Managed indexing, lifecycle policies, mapping, rules, and dashboards for two different ELK clusters in Kibana
- Implemented Elastalert for alerting with Elastic, integrated with Gitlab for version control
- Utilized Splunk to ingest 500+ log sources, create dashboards, and monitor incidents
- Conducted a FortiSOAR proof of concept, developing four playbooks post-integration
- Played a key role in support and investigations during major security incidents
- Engaged with internal and external auditors annually to ensure compliance with security standards
- Fostered positive working relations with Project Managers, SMEs, Observability, DevOps, and Infrastructure teams (Unix, Windows, Databases, Citrix, VMware)
- Created extensive documentation in Confluence, including 30+ guides, playbooks, and configuration documents aligning with security requirements
- Collaborated with various teams to develop Business Continuity Plans (BCP) and corresponding documentation
- Completed a project to onboard 350 priority databases in record time
- Led the onboarding of 25 critical internet-facing application logs within a 3-month deadline and developed dashboards in Splunk specifically to monitor these applications and their alerts
- Migrated SIEM from ArcSight to ELK, managing 3,000 log sources, capacity planning, and rule migration
- Managed ArcSight infrastructure including 9 Connector servers handling diverse log sources like File, Database, Cloud (AWS & GCP), Unix, Windows, and network devices, 4 Loggers ingesting 8,000 EPS and built 40+ use cases in ESM
- Trained 10+ interns and graduates on various aspects of cybersecurity and the environment who all turned out to be excellent collaborators
L2 Admin
Incident Response Center - Wipro Technologies
08.2015 - 01.2016
- Working as part of the Incident Response Center which is responsible for monitoring and securing Wipro's extensive internal network spanning 5+ states in India, encompassing over 40 offices
- Utilized QRadar SIEM along with various other security tools like FireEye, Sourcefire, Bluecoat etc. for proactive monitoring, detection and investigation of security incidents
- Handled incident management and utilized multiple tools to analyze and mitigate threats including assigning offences for resolution based on severity and impact
- Worked on refinement of rules in QRadar by incorporating insights from incident feedback and demonstrated initiative by creating multiple dashboards
Administrator
Daimler India Commercial Vehicles - Wipro Technologies
08.2015 - 10.2015
- Successfully planned and executed the setup of ArcSight Express and Logger for a client
- Successfully planned and executed the setup of ArcSight Express and Logger for a client, integrating 450+ devices within two months
- Created flex connectors for seamless database integration, developed 10+ client-specific rules, and set up auto reports as per client expectations
- Provided actionable insights into the client's security posture, aiding decision-making, and completed comprehensive documentation, including setup procedures and best practices
- Completed a successful handover to the client SOC team, ensuring effective knowledge transfer for ongoing operations
SOC Engineer
Mobily Infotech
08.2012 - 06.2015
- Worked as part of the Incident Response Center, monitoring and securing Wipro's extensive internal network across 40+ offices in 5+ Indian states
- Utilized QRadar SIEM and tools like FireEye, Sourcefire, and Bluecoat for proactive monitoring, detection, and investigation of security incidents
- Managed incidents, analyzed and mitigated threats, and assigned offenses based on severity and impact
- Refined QRadar rules using insights from incident feedback and demonstrated initiative by creating multiple dashboards
IPCC Support Engineer
IPCC - Telelogix
10.2010 - 07.2012
- Responsible for upkeep of all Cisco hardware in use at the call center, ensuring seamless operations and minimizing downtime
- Troubleshooting issues with Cisco IP Phones 7941 and 7942, resolving hardware and connectivity problems promptly
- Identified and resolved errors with CTI applications and Globitel Speechlog on desktops of agents, ensuring smooth and uninterrupted call center operations
- Maintained a comprehensive stock and database of Phones/IDs in use, optimizing resource allocation and facilitating efficient hardware management
- Administered Cisco Unified Communications Manager (CUCM), handling tasks such as adding, removing and maintaining the database of call center agents
- Collaborated with vendors to troubleshoot and upgrade components in the server room, including HP MCS 7825 Servers
Skills
- SIEM - Cortex XSIAM, Elastic ELK, Splunk, Arcsight, Qradar
- Other tools – Microsoft Defender, Sentinel, FireEye, Phisme, Nessus
- Detection engineering
- Sigma rules
- Familiar with cloud environments AWS, GCP, Azure
- Incident response and management
ADDITIONAL INFORMATION
Visa: TSS 482
Timeline
SIEM Specialist
Optus Pty Ltd - Wipro Technologies
02.2016 - Current
L2 Admin
Incident Response Center - Wipro Technologies
08.2015 - 01.2016
Administrator
Daimler India Commercial Vehicles - Wipro Technologies
08.2015 - 10.2015
SOC Engineer
Mobily Infotech
08.2012 - 06.2015
IPCC Support Engineer
IPCC - Telelogix
10.2010 - 07.2012
Similar Profiles
Cheryl George VargheseCheryl George Varghese
SIEM Specialist at Optus Pty Ltd - Wipro TechnologiesSIEM Specialist at Optus Pty Ltd - Wipro Technologies
Alicia PattisonAlicia Pattison
Billing Team Leader at Optus Pty LTDBilling Team Leader at Optus Pty LTD
Rohit BhandariRohit Bhandari
Program Manager, Digital Networks - OSS at Optus Pty LTDProgram Manager, Digital Networks - OSS at Optus Pty LTD
Natalie SciaraNatalie Sciara
Level 3 Sales Assistant at Kikki.KLevel 3 Sales Assistant at Kikki.K
Hrishi NairHrishi Nair
Exam Invigilator at CampusQExam Invigilator at CampusQ