Jaykishan K. Patel
Experienced Information Security Analyst with a demonstrated history of working in the Information Security industry for 5 years. Skilled in SOC & CSIRT Management, Incident Response, Network Security, Security Operations and Implementation. Seeking a position where I can utilize my skills and abilities for an organization that offers professional growth while being resourceful, innovative and flexible. Summary of Qualifications
Technical Skills: SIEM/SOC Administration and Monitoring/Analysis, Incident Response, Forensic Analysis, Threat Hunting, Network and Security Concepts, Deception, Threat analysis, Log Monitoring & Security Incident Management, Vulnerability Assessment, Security Operations, Security Implementation.
Certification and Courses: Certified Ethical Hacker, Cyber Security for Industrial Control Systems Experience
Shree Swaminarayan one LLC Baraboo WI Since January 2020 As a network security engineer of this Wisconsin based real estate asset management group, I have worked closely with the 7 hotels in the portfolio. Some work completed in the past couple months include
Firewall configuration, patch and version upgrades,
Intrusion prevention/detection to ensure utmost security in the environment HDFC BANK LIMITED Mumbai, India July 2016 to August 2019 Manager – Information Security (Information Security Analyst)
Worked as part of Information Security Solutions and Planning - SOC, CSIRT and New Security Technologies Implementation Team.
Oversaw SOC & CSIRT team of about 30 individuals within the Cyber Security Department.
Defining and Updating Security Standards of the Bank
Working with Various Departments to Improve Security Posture
Co-ordinating with other Stakeholders to make sure operation is working smoothly.
Partnering with IT and Business Departments to Identify Gaps in Procedures
Coordinating ongoing Security Improvements
Responsibilities and Activities (SOC and CSIRT):
Configuring and managing use cases including standard, correlation and anomaly based rules.
Configuring, managing and fine tuning of event, flow and common rules.
Creating complex correlation rule for identifying attacks and mapping each rule with cyber killchain phase.
Creation of custom Reports, Dashboards, Searches as per SOC requirements.
Creating Scan and Security Profile in QVM (QRadar’s Vulnerability Management) for performing and scheduling multiple different types of scan.
Creation of use cases based on the QVM data for critical vulnerabilities and servers.
Providing high level analysis of Security Incident and coordinating with multiple teams for resolution.
Creation of Security operation documents, control plan, run book, knowledge base and SOPs.
Creation of Incident Response and Closure document for each use case created.
Publishing of Security Incident reports to top executives of bank.
Evaluating and processing client Adhoc Queries.
Creation of security and compliance based use cases for newly integrated devices.
Real tine identification, analysis and resolution of Security events.
Creating Daily, Weekly and Monthly Trend Analysis Reports and sharing with senior management with proper observation and recommendation action.
Periodically review of logs from Security Devices for identification of new incident and use cases.
Drill down investigation of security incident by analyzing logs from multiple logs sources which includes Web Gateway, Firewalls, Mail Gateway, WAF, End Point Protection (Anti-Virus), IPS, IDS, Active Directory, Load Balancer, Operating System.
Manage QRadar User Profiles/Security Profiles.
Managing QRadar Extensions and fine-tuning configurations added by extension including rules, Reference table/map.
QRadar patch management and version upgrade.
Vulnerability Assessment – Tenable SecurityCenter (Nessus), QVM (QRadar Vulnerability Manager)
Creating Scan Policies, Scheduled Scan based on requirements using Tenable Security Center, QVM (QRadar Vulnerability Manager)
Performing Scheduled and Adhoc Vulnerability Scanning as per requirements received using Tenable SecurityCenter, QVM (QRadar Vulnerability Manager) Other Responsibilities and Activities:
Coordinating with internal audit team for internal compliance checks and project quality checks.
Presenting monthly project status in Senior Management Review meetings.
Conducting internal work product audit and governance meeting
Managing project risks
Collecting and maintaining incident data for internal/external audit.
Reviewing and managing raised incidents (follow ups, closing, checking evidence)
Performing monthly work audit
Conducting training and Knowledge sharing session on SIEM and cyber security
Fundamentals to team/new joiner.
Providing weekly/monthly status reports on deliverables (KPIs) to management.
Performing analysis of phishing email and attachment received by end user and taking action to manage risk associated with such emails and attachments.
Analysis malicious file received by end user for possible malware infection Tools and Technologies:
FireEye Anti -APT
NIST Framework Implementation
Received Silver Star Award
SOFTCELL TECHNOLOGIES GLOBAL PVT LTD Mumbai, India July 2014 to July 2016 Security Analyst
Validating incidents created by SOC team & add more information to incident tickets.
Investigating security incident raised by SOC team & user reported cases of potential security incidents.
Analyzing events on SIEM, security devices and systems logs, perform basic forensic analysis, analyze & reverse malware behavior
Taking system control for potentially compromised endpoints/servers
Analyzing, containing, and remediating infected systems, analyzing phishing mails & malwares as per IR runbooks to ensure a consistent approach in responding to threats
Investigating low, medium, and high severity incidents across multiple cross-functional teams leveraging various tools/applications.
Following up/escalating with teams to ensure incident closure
Acquiring IOCs & threat intelligence feeds from an incident / TI Engine & blocking them on multiple security devices
Remediate and apply lessons learned to security incidents through root cause analysis triage actions in a time sensitive environment.
Enhancing security posture by providing recommendations/learning to SOC, security appliance & updating the IR runbooks.
Creation of policies, runbooks, SoPs pertaining to incident response
Creating rules/reports on SIEM as per new requirements
Suggesting new rules for security devices
SIEM rule review (Quarterly)
Ability to work with team as a leader and as a team member.
Adaptability according to situation
Positive Attitude, Hard working, Team Player
Self – learning, Innovative thinking & problem solving abilities Education
Bachelor of Engineering in Computer Engineering from Gujarat Technological University with 67.7% aggregate. 2009-2014
Master of Technology in Cyber Security and Incident Response from Gujarat Forensic Sciences University with 83.3% aggregate. 2014-2016
References available upon request