Summary
Overview
Work History
Skills
ADDITIONAL INFORMATION
Timeline
Generic
Cheryl Varghese

Cheryl Varghese

Security Analyst
Sydney

Summary

Over a decade of experience in Cybersecurity specializing in information security management, systems support and administration. Committed to contributing to a cyber-resilient environment.

Overview

15
15
years of professional experience

Work History

SIEM Specialist

Optus Pty Ltd - Wipro Technologies
02.2016 - Current
  • Migrating current SIEM solutions to PaloAlto Cortex XSIAM
  • Working on a Detection Engineering program to write Sigma-based rules using MITRE ATT&CK framework in a DevSecOps approach
  • Integrated over 5,000+ log sources into the Elastic, Logstash, Kibana (ELK) cluster, covering diverse OS, DB, Network, Cloud and Application logs
  • Onboarded cloud services, including GCP, Azure, and Salesforce, into the SIEM environment
  • Configured and managed input, filter, and output pipelines across 16 Logstash instances, ensuring continuous monitoring and error management
  • Managed indexing, lifecycle policies, mapping, rules, and dashboards for two different ELK clusters in Kibana
  • Implemented Elastalert for alerting with Elastic, integrated with Gitlab for version control
  • Utilized Splunk to ingest 500+ log sources, create dashboards, and monitor incidents
  • Conducted a FortiSOAR proof of concept, developing four playbooks post-integration
  • Played a key role in support and investigations during major security incidents
  • Engaged with internal and external auditors annually to ensure compliance with security standards
  • Fostered positive working relations with Project Managers, SMEs, Observability, DevOps, and Infrastructure teams (Unix, Windows, Databases, Citrix, VMware)
  • Created extensive documentation in Confluence, including 30+ guides, playbooks, and configuration documents aligning with security requirements
  • Collaborated with various teams to develop Business Continuity Plans (BCP) and corresponding documentation
  • Completed a project to onboard 350 priority databases in record time
  • Led the onboarding of 25 critical internet-facing application logs within a 3-month deadline and developed dashboards in Splunk specifically to monitor these applications and their alerts
  • Migrated SIEM from ArcSight to ELK, managing 3,000 log sources, capacity planning, and rule migration
  • Managed ArcSight infrastructure including 9 Connector servers handling diverse log sources like File, Database, Cloud (AWS & GCP), Unix, Windows, and network devices, 4 Loggers ingesting 8,000 EPS and built 40+ use cases in ESM
  • Trained 10+ interns and graduates on various aspects of cybersecurity and the environment who all turned out to be excellent collaborators

L2 Admin

Incident Response Center - Wipro Technologies
08.2015 - 01.2016
  • Working as part of the Incident Response Center which is responsible for monitoring and securing Wipro's extensive internal network spanning 5+ states in India, encompassing over 40 offices
  • Utilized QRadar SIEM along with various other security tools like FireEye, Sourcefire, Bluecoat etc. for proactive monitoring, detection and investigation of security incidents
  • Handled incident management and utilized multiple tools to analyze and mitigate threats including assigning offences for resolution based on severity and impact
  • Worked on refinement of rules in QRadar by incorporating insights from incident feedback and demonstrated initiative by creating multiple dashboards

Administrator

Daimler India Commercial Vehicles - Wipro Technologies
08.2015 - 10.2015
  • Successfully planned and executed the setup of ArcSight Express and Logger for a client
  • Successfully planned and executed the setup of ArcSight Express and Logger for a client, integrating 450+ devices within two months
  • Created flex connectors for seamless database integration, developed 10+ client-specific rules, and set up auto reports as per client expectations
  • Provided actionable insights into the client's security posture, aiding decision-making, and completed comprehensive documentation, including setup procedures and best practices
  • Completed a successful handover to the client SOC team, ensuring effective knowledge transfer for ongoing operations

SOC Engineer

Mobily Infotech
08.2012 - 06.2015
  • Worked as part of the Incident Response Center, monitoring and securing Wipro's extensive internal network across 40+ offices in 5+ Indian states
  • Utilized QRadar SIEM and tools like FireEye, Sourcefire, and Bluecoat for proactive monitoring, detection, and investigation of security incidents
  • Managed incidents, analyzed and mitigated threats, and assigned offenses based on severity and impact
  • Refined QRadar rules using insights from incident feedback and demonstrated initiative by creating multiple dashboards

IPCC Support Engineer

IPCC - Telelogix
10.2010 - 07.2012
  • Responsible for upkeep of all Cisco hardware in use at the call center, ensuring seamless operations and minimizing downtime
  • Troubleshooting issues with Cisco IP Phones 7941 and 7942, resolving hardware and connectivity problems promptly
  • Identified and resolved errors with CTI applications and Globitel Speechlog on desktops of agents, ensuring smooth and uninterrupted call center operations
  • Maintained a comprehensive stock and database of Phones/IDs in use, optimizing resource allocation and facilitating efficient hardware management
  • Administered Cisco Unified Communications Manager (CUCM), handling tasks such as adding, removing and maintaining the database of call center agents
  • Collaborated with vendors to troubleshoot and upgrade components in the server room, including HP MCS 7825 Servers

Skills

  • SIEM - Cortex XSIAM, Elastic ELK, Splunk, Arcsight, Qradar
  • Other tools – Microsoft Defender, Sentinel, FireEye, Phisme, Nessus
  • Detection engineering
  • Sigma rules
  • Familiar with cloud environments AWS, GCP, Azure
  • Incident response and management

ADDITIONAL INFORMATION

Visa: TSS 482

Timeline

SIEM Specialist

Optus Pty Ltd - Wipro Technologies
02.2016 - Current

L2 Admin

Incident Response Center - Wipro Technologies
08.2015 - 01.2016

Administrator

Daimler India Commercial Vehicles - Wipro Technologies
08.2015 - 10.2015

SOC Engineer

Mobily Infotech
08.2012 - 06.2015

IPCC Support Engineer

IPCC - Telelogix
10.2010 - 07.2012
Cheryl VargheseSecurity Analyst