Systems Administrator Threat Intelligence
Resume:
CURRICULUM VITAE
Anil Kumar
E-***/**4 Budh Nagar, Inderpuri, New Delhi-110012
Email: ************@****.**
Professional Summary
Informational security professional with 10+ years of industrial experiences out of which 8+ year of experience in handling SOC operations as L1, L2 & Consultant positions. Have good exposure to security technologies like SIEM, Vulnerability management, Privilege Access Management, Threat Intelligence and Incident Management.
Certifications
Certified Ethical Hacker V12
Cyber Security Foundation Professional Certificate (CSFPC)
Fortinet - NSE 1 & 2 Network Security Associate
Cisco Certified Network Professional (Switch 300-115)
Cisco Certified Network Associates
Microsoft Certified Systems Administrator
Technical Skills
SIEM & Related Tools: Micro focus (ArcSight ESMv10.5 / Logger), RSA (Net witness 11.3, RSA Security Analytics 10.3, Websiem Cdac Mohalli & Seceon AI, Gurucul – UEBA.
Ticketing Tool: Service now, RSA Archer
Anti-virus: TrendMicro.
PAM (privileged access management): NetIQ Micro focus, ARCON PAM
Threat Intelligence Platform’s: IPVoid, Virus Total, Mx Toolbox, URL void, Cisco Talos, IBM XForce.
Patch Tool: Mircofocus ZENworks.
Additional skills:
Organized and dedicated worker with serious approach.
Good communication skills including delivery of security reports in plain English.
Demonstrated capacity to work effectively in teams and independently as evidenced through work history.
Displayed excellent abilities like positive outlook, Integrity, communication and commitment skills.
Hard working, self-motivated to excel professional development.
Ability to complete tasks within the specified span of time. Professional Experience with job details
Working as a Consultant – CDAC, Pune from 26th June 2023 to till. Job Responsibility:
Desired Skills:
Working on Seceon AI Siem & Websiem .
Monitoring SIEM alerts and analyzing it, triage incidents.
Creating reports for auditing.
Briefing Client about their security posture.
Observe security solutions; SIEMs, SOAR, firewall appliances, intrusion prevention systems, data loss prevention systems, analysis tools, log aggregation tools.
Technical analysis of network activity, monitors and evaluates network flow.
Threat analysis and risk assessment.
Updated Threat Intelligence and provide support in Threat resolution.
Triage and monitored incident.
Used various tools like Virus Total and Hash Identifier to analyses the malware.
Working on Fortinet Firewall.
Monitoring and resolve Fortianalyzer firewall alerts.
Working on McAfee DLP.
Monitoring and resolve McAfee EPO Incidents.
DLP and endpoint protection Management.
Used Endpoint Manager to integrate device into company's network and provide compliance policies to it.
Working on ElasticSearch EDR
Working as a Senior Engineer - Systems in SIFY Technologies Limited, New Delhi, India from 10th Oct 2022 to 23rd June 2023
Job Responsibility:
Desired Skills:
Log monitoring through SIEM tool - Innspark
Incident Handling -Investigate incident, remediation and follow-up for incidents.
Create and track investigation to resolution.
Basic trouble shooting of log source issues.
Handling a various alert related, possible phishing attack, SMB signatures, Brute force attack, Logon failure, Suspicious signatures, Recon activity, Authentication failure, failed attempt alert, Log Source not reporting, Symantec left alone, alert related to network scan etc...
Distinguishing alerts into false positive and true positive in order to raise the tickets on true positive alerts and to escalate the same for responsible team as per the given escalation matrix.
Remediating the incidents, if possible, otherwise, will gathering information then raise a ticket and write the description then escalate to next level.
Performing the follow up activities in order to send the reminders to the respective persons or team to take action on raised tickets within a stipulated time.
Performing ticket closure activities once the action taken on raised tickets.
Generate daily incident reports and monthly reports on time.
Maintain the timely delivery of reports.
Knowledge of security best practices and concepts.
Review, analyze, and respond to security events triggered through the security monitoring systems according to internal security procedures for cyber events.
Provide proactive feedback to senior personnel and management as required.
Responsible for shift handover.
Communicate with external team to resolve the queries relating to the raised incidents.
Working as a Sr.SOC Analyst in Inspira Enterprise India Private Ltd from 28th May 2021 to 07th Oct 2022.
Client: Housing and Urban Development Corporation Ltd (HUDCO) Job Responsibility:
Desired Skills:
SOC Monitor Operation (SIEM-Arcsight, WAF & PAM)
Knowledge of Trend Micro Tools (DDI, DDAN & IMSVA Proxy)
Good understanding and extensive troubleshooting of Security components
Preparing daily/weekly security reports as per client requirement
Responsible for the operations and maintenance of security devices and their related infrastructure
Working on Barracuda WAF for making policies and monitoring of internet application
Working on Arcos PAM for server management with privilege access.
Handling all client queries related to SOC operation
Working as a SOC Analyst in Motherson Sumi InfoTech design Ltd from 09th July 2018 to 26th May 2021.
Job Responsibility:
Desired Skills:
SIEM- Microfocus Arcsight
a. Monitoring of logs
b. Troubleshooting
c. Creation of Reports
Manage and configure security monitoring tools
Review alerts and determines relevancy and urgency
Create trouble tickets for alerts that signal an incident; escalate to Tier 2 for review and/or incident response.
Support vendors in conducting POC for Arcsight and Qradar.
Working on Threat intelligence feeds.
Working on Security Advisories for compliance and asset management
Maintain strong communications with the client to manage expectations, ensure client satisfaction.
Responsible for handling security incidents which are reported at our CERT Desk.
Device Integration on SIEM tool for various devices.
Creation of SOC Weekly report and sends to Stakeholders.
Creation of Monthly Threat Intelligence Dashboard and sends to Stakeholders.
Working as a Senior Engineer in HCL COMNET LIMITED from 28th April 2014 to 08th July 2018.
Client Site: Oriental Bank of Commerce.
Job Responsibility:
Desired Skills:
Experience in administration of RSA Archer GRC (ver6.1) applications 1. Assign L1 incident handlers to reviewed and assess the incident. 2. Investigation and analysis -> escalate an incident to an L2 & L3. 3. Capture the timeline of the incident.
4. Resolve the incident and track root cause analysis and security control Efficacy. 5. Daily, Weekly & Monthly Reports to customers.
6. User and account handling
SOC Monitoring of SIEM Tool (RSA SA Version 10.6.3). 1. Monitoring of logs and creating Alerts.
2. Rules, Reports, Device Configuration, and Troubleshooting. 3. Create User and Provide services as per requirement.
Knowledge of WSA Proxy iron port 10.1.0.-52
1. Backup and restoration of SOC Devices.
2. Invoke and revoke the internet access to the user IPs and websites. 3. Create identified profile, category & Access policy as per User requirement. 4. Upgrade the Devices.
Knowledge on Anti-Apt (ver. 6.2.2)
1. Health Checkup.
2. Reporting
3. Monthly Backup.
4. Blacklist and Whitelist IP as per analysis and Customer requirement.
Knowledge of ARCOS PAM (Ver 4.7.9.3)
1. Adding new Users and providing access rights, to specific services on a role basis& reporting.
2. Device and services health Check
3. Fetching the report daily, weekly wise.
4. Monthly Backup.
Knowledge of NBA (ver 6.8.4),
1. Create User and Provide services as per requirement. 2. Fetching the report daily, weekly wise.
3. Monthly Backup.
Other Experience
Employee MICROLAND LIMITED
Customer Bank of America & Honeywell International (India) Pvt. Ltd Period 1ST Oct 2009 to 25th April 2014
Role/ Responsibilities EUS Engineer – Desktop Support Engineer & Voice Support Engineer
Employee iGATE (“IMS Limited “)
Customer Matrix Cellular (International) Services Pvt. LTD Period 5th May 2008 to 30th Sep 2009
Role/ Responsibilities Field Engineer – Desktop Support Engineer Academic Qualification
Strengths
Self motivated, with good interpersonal and communication skills.
Ability to take on responsibility and work as a team member / Tech Lead.
I regard Team Spirit as an integral part of productivity. Course Institution Board/University Year of
completion
Division
MCA (Part Time)
Soft dot Hi-Tech
Educational &
Training Institute,
Delhi
Sikkim Manipal
University
2012 II
BCA
Guru Nanak
Institute of
Management,
Delhi
Guru Gobind Singh
Indraprastha University
2004 I
10+2
S.K.R SR.SEC
Public School,
Delhi
AISSCE 2001 II
High school
S.K.R SR.SEC
Public
School,Delhi
C.B.S. E 1998 III
Dedication & serious involvement in the assigned job.
Honest attitude for professional & personal life.
Highly flexible to work anywhere any time.
Innovative & Positive Attitude
Personal Profile
Father’s Name : Sh. Rajender Kumar
Languages known : English, Hindi.
Interest : Learn new technology.
Marital Status : Married
Skype Name : ************@****.**
Alternative Email id : ************@**********.***
Whatups : 987*******
Notice Period : 30 days
Place: Delhi ANIL KUMAR
Date:
Contact this candidate