Cybersecurity Engineer with SOC & SIEM Expertise
Resume:
Rahul R
Cybersecurity Engineer
Location: Ohio, USA Mail: **************@*****.*** Ph : +1-773-***-**** LinkedIn SUMMARY
Cybersecurity professional with 5+ years of experience in SIEM engineering and SOC operations, specializing in Splunk, QRadar, and Azure Sentinel for log on boarding, normalization, correlation tuning, and threat-detection dashboards.
Conducted Tier-2 Incident Response for phishing, malware, lateral movement, and insider-threat cases, leveraging EDR platforms like Crowd Strike for containment, remediation, and threat hunting.
Strengthened enterprise and financial environments through network security hardening (Cisco ISE, Firepower, SD-WAN), vulnerability management, and compliance alignment with PCI DSS and SOX.
Delivered zero-trust implementations, fraud-analytics use cases, and automated SOC workflows that reduced MTTD, improved detection fidelity, and minimized false positives. SKILLS
Security Operations (SOC) & Monitoring SIEM (Splunk, IBM QRadar, Azure Sentinel), log analysis, threat hunting, incident detection & triage (malware, phishing, brute force), MITRE ATT&CK–aligned investigations.
Incident Response & Forensics Incident response lifecycle (Identify Contain Eradicate Recover), memory/disk/network forensics (Volatility, FTK, Wireshark), static & basic dynamic malware analysis, root cause analysis, IOC development. Network & Infrastructure Security Firewalls/IDS/IPS (Palo Alto, Cisco ASA/Firepower), secure network architecture
(VLANs, VPNs, Zero Trust), protocol security (TCP/IP, DNS, DHCP, TLS/SSL), packet capture & analysis (Wireshark, tcpdump).
Vulnerability Management Vulnerability scanning (Nessus, Qualys), remediation planning & prioritization, OWASP Top 10 & secure configuration assessments.
Cloud Security AWS Security (IAM, KMS, GuardDuty, VPC Security), Azure Security (Defender for Cloud, Sentinel, Key Vault), cloud posture hardening & CIS benchmark enforcement.
Endpoint Security & System Hardening EDR platforms (Crowd Strike Falcon, Microsoft Defender), Windows & Linux hardening (GPO, CIS benchmarks), patch & configuration management. Identity & Access Management Active Directory, Azure AD, LDAP, SSO, MFA, Conditional Access, privileged access management (CyberArk or equivalent).
Governance, Risk & Compliance ISO 27001, NIST CSF, risk assessments, policy implementation, audit & compliance reporting.
Security Automation & Scripting Python (log parsing & automation), PowerShell (endpoint auditing), SOAR automation (Sentinel or Splunk SOAR).
EXPERIENCE
Fiserv – OH Jul 2024 – Present Cybersecurity Engineer Project: Financial Transaction Security & Threat Monitoring Platform
Monitored and analysed security events from payment platforms, ACH systems, and card-processing gateways using Splunk
/ QRadar / Azure Sentinel to identify high-risk activity.
Led Tier-2 Incident Response, performing deep-dive investigations on phishing, credential-stuffing, malware, insider threats, and suspicious financial transactions.
Performed log correlation, threat actor mapping, packet inspection, and endpoint triage to validate and contain security incidents.
Collaborated with fraud-prevention teams to verify abnormal banking transactions, escalating confirmed fraud patterns for rapid containment.
On boarded and normalized logs from POS gateways, payment switches, firewalls, authentication servers, and API gateways into the SIEM environment.
Developed and tuned SIEM correlation rules detecting abnormal money movement, unauthorized API access, brute-force attempts, and suspicious ACH/wire-transfer behaviour.
Secured transaction-processing servers and PCI card-data environments by enforcing MFA, patching cycles, encryption policies, and firewall/IPS configurations.
Conducted monthly vulnerability scans across PCI CDE, ATM/POS servers, and financial transaction systems; remediated TLS, IAM, API auth, and DB-access vulnerabilities.
Ensured compliance with PCI DSS, SOX, and FFIEC by preparing audit documentation, validating evidence, and reviewing compensating controls.
Integrated fraud-detection feeds and threat intel to build behavioural analytics, reducing false positives for high-risk payments through alert tuning and pattern detection.
Cisco Systems, Inc. - OH Sep 2022 – Jun 2024 Cybersecurity Engineer Project: Enterprise Network Security Hardening & Zero-Trust Implementation
Led the configuration, optimization, and ongoing management of Cisco ASA and Firepower firewalls, implementing ACLs, NAT, VPNs, IPS/IDS policies, and threat-prevention profiles for enterprise networks.
Executed network micro-segmentation using VLANs, ACLs, and firewall rules to isolate critical systems, minimize lateral movement, and improve security posture.
Hardened 300+ network devices by disabling insecure protocols (Telnet, HTTP, SNMPv2), enforcing SSHv2, NTP, syslog, and AAA security best practices.
Deployed and maintained Cisco ISE (802.1X) for wired/wireless authentication, designing dynamic access policies based on user role, device compliance, and location.
Integrated ISE with Active Directory, Firepower, and AnyConnect VPN to enable seamless authentication, device profiling, and automated access control.
Supported deployment of Cisco Viptela SD-WAN across multiple branch sites, configuring routers, IPsec tunnels, and traffic policies while optimizing QoS and routing (OSPF/BGP) for reliable application performance.
Integrated network logs into Splunk and Cisco SecureX, investigating real-time alerts related to unauthorized access, VPN anomalies, firewall misconfigurations, and IPS/IDS events, performing root-cause analysis and remediation.
Managed AnyConnect VPN, including client configuration, MFA (Duo) integration, split tunneling, and load balancing; conducted security audits and enforced encryption standards.
Created, reviewed, and executed network change plans (MOP/SOP) for firewalls, switches, and routing updates while coordinating with SOC, architecture, and infrastructure teams to minimize downtime.
Developed dashboards, automated alerting, and monitoring workflows to enhance SOC efficiency, reduce mean time to detect (MTTD), and maintain compliance with corporate security standards. HCL Tech – India May 2019 – June 2021 Junior Cybersecurity Engineer Project Title: Enterprise Security Operations & Threat Detection Modernization
Implemented and managed enterprise SIEM platforms (Splunk / QRadar / Azure Sentinel) by onboarding critical logs, tuning correlation rules, and developing advanced threat-detection dashboards for malware, lateral movement, and insider threats.
Performed Tier-2 Incident Response, investigating phishing attempts, malware infections, data exfiltration alerts, privilege misuse, and anomalous network activities; executed complete incident lifecycle from detection to post-incident reporting.
Integrated and normalized logs from firewalls, EDR, Active Directory, VPN, proxy, and cloud environments, significantly improving attack visibility and reducing false positives across hybrid infrastructure.
Administered EDR platforms (Crowd Strike / Carbon Black / Symantec) to detect compromised endpoints, isolate infected hosts, and eradicate active threats through rapid containment measures.
Strengthened network and endpoint security by tuning firewall rules, refining IPS/IDS signatures, enhancing SSL inspection and URL filtering policies, and enforcing secure Active Directory baselines through GPO hardening.
Conducted periodic vulnerability scanning using Qualys/Nessus, analysed critical CVEs, and collaborated with server/network teams to execute remediation plans and reduce overall risk exposure.
Supported and enforced cloud security controls in AWS/Azure by auditing IAM roles, MFA enforcement, network security groups, and resolving misconfigurations such as open ports, insecure S3 buckets, and excessive privileges.
Automated SOC workflows using Python, PowerShell, and SOAR platforms, reducing alert fatigue and improving incident triage efficiency; delivered weekly/monthly dashboards on security posture, threat trends, and compliance metrics. EDUCATION
Master in Computer Science:-Western Illinois University, Illinois Bachelor in Computer Science:-Kamala Institute of Technology & Sciences, India CERTIFICATION
Cisco Certified Support Technician (CCST) – Cybersecurity Certified Information Systems Security Professional
Contact this candidate