RAJAT KUMAR
Security Analyst
Career Objective
To associate with an innovative and vibrant organization, allowing me to put my competencies to the best use, to add
value to the organization and contribute to my overall growth as an individual.
Profile Summary
Doing training from Cryptus Cyber Security.
Cyber Security Knowledge with proficient and thorough experience and a good understanding of
information technology. Specialized in proactive network monitoring of SIEM.
Good understanding of security solutions like Anti-virus, Firewall, IPS/IDS, Email Gateway, Proxy etc.
Good knowledge on networking concepts including OSI layers, subnet, TCP/IP, ports, Malware etc.
Good Knowledge about ArcSight and Splunk SIEM tool for logs monitoring and analysis, ServiceNow
ticketing tool for incidents response.
Knowledge about Phishing Email Analysis.
Good understanding of different type of attacks like MITM, DDOs, DNS Spoofing.
Education
B.Tech in Civil Engineering from PKITM Mathura
Dilploma in Civil Engineering from PKIT Mathura.
Higher Secondary from UP Board Allahabad.
High School from UP Board Allahabad.
SIEM Endpoint Protection
ArcSight, Splunk FortiGate, Symantec, OSINT
Blue Coat, Talos Inteligence, IP Void,
Cisco IronPort, Cisco MxToolbox, AbuseIPDB
Incident Management Virus Total, URL Void.
ServiceNow
Networking (TCP/IP Model, OSI Model, LAN & WAN, Router, Switch, Protocols & Ports, TCP (Three way Handshake)
Industry Recognized analysis frameworks (Cyber Kill Chain, MITRE ATT&CK)
Security Solutions (Antivirus, Firewalls, SIEM, IDS/IPS, VPN, Cryptography, CIA Triad)
Soft Skills
Communication | Management | Analytical | Problem Solving | Work Ethics
Languages
English Hindi
�Job Responsibilities:
Knowledge about 24x7 Security Operations Center (SOC).
Monitoring the customer network using ArcSight and Splunk SIEM.
Act as first level support for all Security Issues.
Analyzing Real-time security incidents and checking whether its true positive or false positive
Performing Real-Time Monitoring, Investigation, Analysis, Reporting and Escalations of Security Events
from Multiple log sources.
Raising true positive incidents to the respective team for further action.
Creating tickets on Service Now and assigning it to the respective team and taking the follow-up until closer.
Escalating the security incidents based on the client's SLA and providing meaningful information related to
security incidents by doing in-depth analysis of event payload, providing recommendations regarding
security incidents mitigation which in turn makes the customer business safe and secure.
Contacting the customers directly in case of high priority incidents and helping the customer in the process
of mitigating the attacks.
Determine the scope of security incident and its potential impact to Client network and recommend steps
to handle the security incident with all information and supporting evidence of security events.
Monitoring security systems and networks for anomalies.
Work closely with business units to ensure that they know what and how to feed data into the ArcSight SIEM.
Co-ordinate with networking teams to maintain and establish communication to remote ArcSight Connectors.
Investigate malicious phishing emails, domains, and IPs using Open-Source tools and recommend proper
blocking based on analysis.
Phishing Email Analysis
Maintain keen understanding of evolving internet threats to ensure the security of client networks.
Declaration
I hereby declare that all the information given above is true and correct to the best of my knowledge and belief.
(Rajat Kumar)
