Andres Pineda

Experience

• 

  Flex

  Aug 2008 - May 2013

  Provide helpdesk support to the Americas Region for Flextronics and former Solectron sites. Active Directory administration; account management, security groups, distribution lists, contacts, exchange properties. Manage security and share permissions on file servers. Atlas, Baan, Blackberry Enterprise Server, and SAP account administration. McAfee support -Office 2003, 2007 and 2010 installation and troubleshooting. Troubleshoot both network and local printers -Smartphone Support (IOS, Blackberry, Android). Show less

  • IT Helpdesk Manager

    May 2012 - May 2013

  • IT Helpdesk Team Leader

    Jan 2010 - May 2012

  • IT Helpdesk Support Engineer

    Aug 2008 - Jan 2010
• 

  Bank of America

  May 2013 - Sept 2014

  Analyst II-Sys Admin & Support Wintel

  Provide technical support for Microsoft Windows Servers (2003, 2008, 2008R2), including troubleshooting, repairing and debugging of the OS and hardware in a +10k server environment. Provide technical support to data centre personnel to troubleshoot, repair and debug hardware issues (disks, PSU, motherboard, ethernet cards, iLO and IMM) Backups and Restores using Symantec Netbackup and Legato Networker. Clustering: Failover services, load balancing VMWare VSphere 4.0, 4.1, 5.0, and 5.1 administration McAfee troubleshooting Show less

• 

  Flex

  Oct 2014 - Jul 2019

  IT Project Manager

  Merge and Acquisitions/Greenfields: Coordinate the IT infrastructure and application integration to Flex network. This includes Hardware, Servers, Network, E-mail, Antivirus, Security Policies, Telephony. IT Security projects: Coordinate and troubleshoot issues for McAfee End Point Encryption deployment across all laptops (9k) in the Americas region (US, Mexico and Brazil). Corporate initiatives: Coordinate all projects initiated by corporate and implement them in the Americas region. Projects such as: End of Life of products; Windows Server, Microsoft Office, Microsoft SQL, etc. Software Asset Management: License compliance across all sites in the Americas Region Show less

• 

  Wipro Technologies

  Dec 2019 - Sept 2021

  SOC Engineer

  Monitoring of security offenses/alerts in a 24x7 rotational shifts Handle security alerts from Microsoft Cloud Security Suite: -Azure production environment: risky sign ins, malware detections, unusual logins. Use KQL to analyze device logs to validate alerts. -Office 365 Security and Compliance: (Email security), analyzing threats such as phishing/spams, unusual activity by users. Fine tune alerts to avoid false positives. -Microsoft Defender Security Center: investigate incidents related to both clients and servers, advanced threat hunting using KQL, updating indicators for false positives. -Cloud Apps Security: investigate and fine tune alerts related to Microsoft cloud applications. QROC (QRadar on the cloud) as SIEM. Analyze and resolve offenses, finetune offenses by modifying conditions within rules, maintain reference sets, threat hunting in log activity. Triage of events, escalation of incident to customer, track incidents to closure as per SOPs. Ensure incidents are handled as per SLA. Show less

• 

  AstraZeneca

  Sept 2021 - now

  Sr. SOC Engineer

  Monitoring of security alerts in a 24x7 rotational shifts Splunk ES as SIEM. Analyze and resolve offenses, finetune offenses by modifying conditions within correlation searches. Triage of events, escalation of incident to customer, track incidents to closure as per SOPs. Ensure incidents are handled as per SLA. Handle security alerts for the following products: -Tanium: analyze and resolve threats in threat response module, configure YARA rules of known active threats. -Mimecast: (Email security), analyze threats such as phishing/spams, unusual activity by users. -Microsoft Defender for Endpoint: investigate incidents related to clients and advanced threat hunting using KQL, updating indicators for false positives. Threat intel and vulnerabilities: -Qualys: monitor and inform of active high risk vulnerabilities provided by threat intel sources.-MISP: IOC ingestion from different threat intel sources and integration to feed other systems. Show less