Responsible for conducting information security investigations as a result of security incidents identified by the SOC-Analyst L1. And Use Virtual Security Operation Center for further investigation • Manage Cyber Threat Advisories and take effective follow-up with relevant technology team• Follow Incident Management lifecycle process including identification of security incidents, their root cause analysis and provide recommendations for preventing future occurrences• Act as a point of escalation for SOC-Analyst L1 in support of information• Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks in support of technologies managed by the SOC• Participate in evaluating, recommending, implementing, and troubleshooting security solutions and evaluating IT security of the new IT Infrastructure systems• Provide recommendations in tuning and optimization of SIEM• Other responsibilities and additional duties as assigned by the security management Team• Also work on Carbon Black EDR

• Deployment & Configuration of QRadar including integration with log sources, parser writing, customization of rules and dashboards and reports
• Implementation, configuration, and Managing IBM QRadar Security Information & Event Management (SIEM)
• Implementing customer-specific use cases and fine‐tuning offenses and rules
• Building the use cases for every Foreseeable Security Threat
• Experience in SOC operational activities such as network traffic monitoring, real-time security event, and log monitoring, offense analysis, and reporting
• Incident Triage of QRadar SIEM – Filter out false positives & watch for potential intrusions
• Monitoring network traffic for security events and perform triage analysis to identify security incidents.

- Implementation, configuration, and Administration of LogRhythm Security Information & Event Management (SIEM) Solution and Trend Micro- Act as a point of escalation for other Engineers (Associate Engineer) and provide guidance.- Perform analysis on logs produced by network devices utilized such as firewalls, content filtering, Syslog from various sources/devices, assorted Intrusion Detection capabilities, substantiating vulnerability scanner results, directory services, DHCP logs, and Secure Email Gateway logs.-Integration of supported and non-supported log sources.- Regex writing/parsing for custom reports and dashboards.-Identify and design use cases that address specific enterprise needs.-Maintain SIEM workflow infrastructure.-Trend Micro, Kaspersky, Remote Administration (putty, SSH), Fortinet firewall, Autopsy, TCPdump, Windows and Linus OS, • Support activity and progress reports ensuring issues are properly escalated and resolved to maintain delivery schedule, project cost, and desired results-Trend Micro ( Deep Security, ApexOne, Vulnerability, Deep Discovery Inspector, Mobile Security, and IMSVA), Firewall Logs, Remote Administration (VNC, Putty, SSH), Fortinet Firewall, Linux and Windows OS, Wireshark, TCPdump, and various tools for Malware and Packet analysis

-Online & Onsite Support for Trend Micro, Kaspersky, and Carbon Black Fortinet, etc).- Experience with endpoint security solutions for application whitelisting; application blocking, HIPS; antivirus, DLP- Responsible for planning and coordinating all the activities required to perform, monitor, and report on the Incident process- Experience in security scanning, vulnerability management- Monitor the incidents to ensure that the Service Level Agreement are respected- Experience managing Incident Management or other large command center organizations- Participate in training, educational opportunities, and personal network with other professionals.- Existing customers’ quarterly health check-ups (online). Any other task assigned by the management- Could work on-call hours that would include 24/7 coverage per the SOPs- Good collaboration skills, confident and structured when dealing with conflict

-Experience in Installation of all types of Microsoft Windows Operating Systems (2008/2012 Servers), Application Software under multi-platform environments, deployment & monitoring Servers.--Experience with Active Directory Administration, Disaster Recovery Planning, Remote Access, Office Products, Routers, Switches, and Backup devices.-Experience with Virtualization technologies like Installing, Configuring, and Administering VMware ESX/ESXi. Created and managed VMs (Virtual Server) and also involved in the maintenance of Virtual Servers.- Practical work experience in Installing, Maintaining, Monitoring, Troubleshooting, and Managing Blade Center server, Configuring and Zoning Storage Area Networks and SAN Switches and VMware ESX Server Administration.- Experience in Active Directory, GPOs, DNS, DHCP, File & Print Server, IIS (Web Server), FTP, Terminal Server, NAT, Microsoft, and Clustering in Windows-based server environment.- Knowledge about SAN Configuration and Implementation, Storage Components like Internal storage, Attached storages, SAN Switches, HBA, LUN & Mapping, RAID groups, Volume Groups.- Experience in Network LAN/WAN deployment, including IP Addressing and Troubleshooting.

- Successfully put together and configured new desktop computers for clients.- Successfully installed Windows 7 Professional operating systems on a number of desktop computers as well as downloading and installing software off of department servers.- Provided technical support, including password resets & server backups. Responded to inquiries.-Diagnosed and troubleshot hardware and software issues- Assisted in Network Connection issues, printer related issues, and Hardware Diagnoses/Repair.- Assisted with technical documentation of systems and processes