Cheryl George Varghese
Sydney,Australia
Summary
Over a decade of experience in Cybersecurity, specializing in SIEM and Detection Engineering.
Extensive experience with ArcSight, QRadar, ELK stack, Splunk, and Cortex XSIAM in setup, maintenance, development, and incident management of these tools.
Overview
9
9
years of professional experience
1
1
Certification
Work History
SIEM Specialist
Optus Pty Ltd - Wipro Technologies
02.2016 - Current
- Working on capacity planning with PaloAlto for migration to XDR and XSIAM
- Working on Detection Engineering program to write rules in Sigma format with a DevSecOps approach, using MITRE ATT&CK framework to guide use case development
- Setup auto deploy ability to have the Gitlab runners create rules in the different SIEMs present in the environment - ELK, Splunk, Defender and Sentinel
- Over 5,000 log sources integrated to Elastic, Logstash, Kibana (ELK) cluster
- Configured and managed input, filter, and output pipelines across 16 Logstash servers
- Index management, Rules and Dashboards maintained in Kibana
- Splunk used to ingest 500+ log sources, creating dashboards and to monitor incidents
- Creating rules in Kibana, Elastalert, Splunk, Microsoft Defender for Endpoint and Microsoft Sentinel
- Working with Google’s Security Center and PA Cloud Security Posture Management (CSPM)
- Established a separate ELK cluster for ingesting logs from 2,000+ network devices and hosts
- Worked with other teams for Observability, Vulnerability Management, PIAM, Forensics etc
- Incident creation and management for Phishing, DDoS attacks, Network issues and many others
- Conducted a FortiSOAR proof of concept and created four playbooks after integration with required devices
- Maintain comprehensive documentation, including solution design documents, configuration documents, use case documents and a centralized knowledge base on Confluence
- Collaborate in the creation of Business Continuity Planning documents
- Completed a project to onboard 350 priority Databases in record time
- Managed onboarding of 30+ critical web and cloud based applications in another project
- Migrated to ELK from ArcSight which had around 3,000 log sources reporting including capacity planning and rule migration
- ArcSight included 9 Connector servers running SmartConnectors for File, Database, Cloud (AWS,GCP), Unix and Windows event logging including network devices Firewalls, Proxies etc
- FlexConnectors created for unsupported log sources
- 4 Loggers were maintained to ingest a combined 8,000 EPS
- Set up and maintenance of 2xESM
- Built 140+ use cases in ESM.
Administrator
Daimler India Commercial Vehicles - Wipro Technologies
- Set up ArcSight Express and Logger out of the box
- Performed integration of log sources
- Created ID based database flex connector used for multiple sources
- Created rules and reports as per customer requirements
- Completed handover to client’s SOC team.
L2 Admin
Incident Response Center - Wipro Technologies
- Assigning offences to be handled by L1s
- Creating and modifying rules in QRadar
- Analyzing offences triggered
- Using all the tools at our disposal to examine, mitigate, neutralize and document security threats
- Created and utilized multiple dashboards to monitor for threats.
Senior Engineer
SOC - Mobily Infotech
- Created and reviewed daily, weekly and monthly reports
- Developed Use Cases and SOPs for new rules, dashboards and reports
- Held weekly meetings with onsite team for discussing modifications to rules, integrating new devices etc
- Coordinated with various teams for closure of escalated tickets
- Created regex log file flex connector for an in-house application
- End to end management of Symantec Endpoint Protection Manager
- Regular vulnerability assessments using Nessus and OpenVAS
- Move/Add/Delete/Change (MACD) for IP Phones and end user profiles
- Enable/Disable ports on switches for entries/exits
- Administering Bluecoat Proxy.
IPCC Support Engineer
IPCC - Telelogix
- Upkeep of all Cisco equipment in use at the call center
- Troubleshooting issues with all Cisco hardware including appliances and IP phones
- Troubleshooting issues with CTI OS and Globitel’s Speechlog
- MACD of IP Phones and agent profiles
- Generating monthly reports.
Education
Certified Information Security Manager
ISACA
07.2024
Bachelors of Technology - Electronics And Communications Engineering
Vellore Institute of Technology
2008
Skills
- Team Collaboration
- ArcSight Expertise
- Splunk Expertise
- AWS Security
- QRadar Expertise
Certification
- Certified Information Security Manager, ISACA
Additional Information
Nationality: India
Timeline
SIEM Specialist
Optus Pty Ltd - Wipro Technologies
02.2016 - Current
Administrator
Daimler India Commercial Vehicles - Wipro Technologies
L2 Admin
Incident Response Center - Wipro Technologies
Senior Engineer
SOC - Mobily Infotech
IPCC Support Engineer
IPCC - Telelogix
Certified Information Security Manager
ISACA
Bachelors of Technology - Electronics And Communications Engineering
Vellore Institute of Technology
Similar Profiles
Cheryl VargheseCheryl Varghese
SIEM Specialist at Optus Pty Ltd - Wipro TechnologiesSIEM Specialist at Optus Pty Ltd - Wipro Technologies
Alicia PattisonAlicia Pattison
Billing Team Leader at Optus Pty LTDBilling Team Leader at Optus Pty LTD
Rohit BhandariRohit Bhandari
Program Manager, Digital Networks - OSS at Optus Pty LTDProgram Manager, Digital Networks - OSS at Optus Pty LTD
James RussoJames Russo
Student at Full TimeStudent at Full Time
Gary McMurrayGary McMurray
Head of Property at County Property GroupHead of Property at County Property Group