Jitbahan Samanta

Experience

• 

  Wipro

  Mar 2015 - Jan 2018

  SIEM(QRADAR)1) Analysis of offenses and creating qualitative incidents.2) Tuning/Designing of Correlation rules to reduce the false positives and to generate the alerts/offenses/notifications for the attacks, Security Violations and any deviation in the traffic/flow.3) Use Case development, testing and documentation.4) Creating rules in Qradar.5) Identifying IT related risks throughout areas including perimeter, network, and host and application security.6) Integration of different devices/applications/databases/ operating systems with SIEM (QRADAR).7) Manage vulnerability management scans of all SOC servers for various locations monthly.8) Creation of SIEM Reports based on ad-hoc requirements of client.9) Preparing Weekly and monthly reports for Client, preparing KPI reports for client.10) Monthly patching of Windows servers to keep them up to date.11) Maintaining Qradar Infrastructure availability 100 % through regular infra check and troubleshooting non reporting devices. Show less Internship on Vulnerability Management1) Monthly and quarterly on-boarding of assets that are under the scope of vulnerability scanning. 2) Managing exclusion of assets from scanning as per request.3) Scheduling weekly and monthly scans on QualysGuard portal. 4) Analyzing scan results, removing false positives.5) Preparing and publishing vulnerability report for weekly/monthly scan with aging time of each vulnerability (time since a vulnerability is present in environment), Identify and prioritize HIGH risk vulnerabilities. Inform asset owners for urgent remediation. 6) Tracking and follow-ups with asset owners on remediation activities on a regular basis and make sure they are doing remediation within fixed business days timeline for remediation. 7) Re-scan or verification after remediation confirmation from asset owner to confirm whether the vulnerability really got remediated or not.8) Provide regular updates to client on the security status of his assets.9) Conducting reviews of specific security fixes of identified vulnerabilities as and when needed. Show less

  • Information Security Analyst(SOC/SIEM)

    Sept 2015 - Jan 2018

  • Security Analyst

    Mar 2015 - Sept 2015
• 

  IBM

  Jan 2018 - Jan 2020

  Security Consultant

  • Carrying out detailed analysis of suspicious/critical events on daily basisto hunt for potential security threats in environment.• Performing investigation using correlation of logs in SIEM solution IBMQradar and logging incidents with the respective team if any threat found inthe environment.• Finding root cause analysis of the incident, handling the incident andfollow up with end user team till incident closure.• Performing manual analysis of logs from different devices and carryingout a trend analysis with historical data and events to predict and identifyany potential threats.• Using threat intel reports and advisories, hunting for threats in theenvironment and creating rules in SIEM solution Qradar for the same.• Creating new use cases and implementing them in SIEM solution IBMQradar based on our analysis of logs to protect environment from threats• Integrating various security devices and other log sources with SIEMsolution IBM Qradar and troubleshooting of devices if a device is notsending logs. Show less

• 

  Tata Consultancy Services

  Feb 2020 - now

  Associate Consultant

   Performing triage, in-depth and root cause analysis of Security incidents, correlating events. Analyzing events to identify potential threat vectors and attack pattern. Carrying out detailed analysis of suspicious/critical events on daily basis to proactively hunt for potential security threats in environment. Threat hunting in the environment. understanding of MITRE framework Malware analysis Performing manual analysis of logs from different devices and carrying out a trend analysis with historical data and events to predict and identify any potential threats. Performed Splunk Upgrade and ES app , involved in pre and post upgrade activities. Experience of working on all set up and configuration files. Experience of installations and configuration of various Splunk components like indexer, search heads, HF’s, UF’s, deployment server, license master, indexer clustering. Health checks and troubleshooting. Worked on Splunk configuration files.  Worked on custom port creation for syslog-ng at universal forwarder and configuration of source, destination, and log folder configuration files for onboarding logs via syslog. Worked on log ingestion from cloud sources O365 management activity logs, O365 message trace logs, O365 defender logs, Azure AD sign in logs, Azure audit logs, AWS CloudTrail, AWS CloudWatch Network devices logs, VPN, proxy logs, CISCO AMP, WAF, Cisco Umbrella Proxy logs through Amazon S3 bucket, Crowdstrike, Tenable, CISCO ASA Firewall, Palo Alto firewall & IPS logs, MacAfee logs through DB Connect, Tenable IO vulnerability, asset and Plugin data, threat intelligence data. Worked on use case development and use case creation. Use Case Mapping with MITRE ATT&CK framework Worked on Splunk alerts, reports, dashboards, saved searches as per client requirements. Troubleshooting and resolving issues related to log stoppage. Worked on Various add-ons and input configurations of those add-ons. Show less