Sudhir Kumar Goswami

Experience

• 

  Bharat Sanchar Nigam Limited

  Apr 2011 - May 2011

  Engineering Intern Student

  Mobile Communications :- CDMA and GSM2G, Edge InfrastructureNetworking ConceptsBroadband TechnologiesPCM PrinciplesFibre optic TechnologyIntroduction - Digital SwitchesInternet & Email – Visit to NIBGSMIntelligent NetworksLatest trends in CommunicationBroadband Multiplay LabBSNL MuseumTelecom Power PlantLatest BSNL Products

• 

  Defense Institute of Advanced Technology (DIAT), DU, DRDO

  Jul 2013 - Jun 2015

  CyberSecurity Researcher

  CyberSecurity Researcher, Ethical Hacking,Digital Forensic,Network Security, Information Security,Business Continuity Plan, Disaster Recovery Plan, Risk Assessment, Backdoor OS,Kali Linux OS,Metasploit, VAPT, Footprinting and Reconnaissance tools practical, Scanning Networks,Enumeration, System Hacking, Trojans and Backdoors, Viruses and Worms, Sniffing ,Social Engineering, Denial of Service, Session Hijacking, SQL Injection, Hacking Wireless Networks, Hacking Mobile Platforms, Evading IDS, Firewalls and Honeypots, Buffer Overflows, Cryptography, Penetration Testing,Risk Management,Security Audits, Show less

• 

  Jumbo Systems & Solutions Pvt. Ltd

  Jun 2015 - Nov 2015

  Cyber Security Consultant

  I was working as Security Consultant for auditing Security framework like PCI DSS, ISMS, HIPAA, and COBIT. I have handled AWS and Non AWS infrastructured clients both auditing PCI DSS.My responsibilities include following.-Scoping -Gap Assessment-Gap Assessment Report Writing-Provide full Remediation-Configuration Check-Evidence Collection-ROC Preparation-Policy Preparation-Procedure Preparation-Forms Preparation-Business DevelopmentTool Knowledge:-• AWS Infrastructure• Ossec• Snort • CryptDB Show less

• 

  Tata Consultancy Services

  Dec 2015 - Nov 2017

  CyberSecurity Senior Analyst

  I was working as L2 level Security Analyst for Security operations Center (SOC) domain with Security Information & Event Management (SIEM) at Cyber Security Practice, TCS in Enterprise Security & Risk Management (ESRM).Tool Knowledge:-• SIEM (Splunk)• Skybox Security• BlueCoat• McAfee ePO• VMS Tripwire 360 nCircle• Juniper Firewall SRX• Cisco IronPort• Cisco Meraki• Juniper IDP• Snow Software: Software Asset Management (SAM)• Security Exception ToolMy Responsibility includes :-• Firewall Approval/Rejection• Manage security incidents and thereby minimizing the Number and Severity of Security Incidents.• Analyze and develop new technologies for minimizing security vulnerabilities and risks• Provide security consulting services.• Routinely assess vulnerabilities and coordinating with security specialist • Routinely monitor and analyze network traffic and system performance.• Responsible for analysis and reporting• Learn about new vulnerabilities and attack strategies employed by attackers.• Monitor firewall, IronPort and IDP logs.• Threat and vulnerability detection.• Handling SOC operations vulnerability assessment tools • Involved in risk analysis of major threats and vulnerabilities detected at client’s network.• Monitoring of Multiple Security Incidents using SIEM tool (Splunk).• Analyzing the offenses for Botnet, P2P activity, Virus threat, Trojan, Malwares, Brute force attack, vulnerability and policy violation activities.• All security events, network transactions and additional contextual information (derived from correlation tests) observed during an attack or violation.• Identify anomalies and possible threats or to review network usage and performance to help meet IT service-level responsibilities.• Finding out the false positive/negative offenses, modifying the rules to ignore the legitimate traffic and reducing the offense count.• Search across logs on different nodes and time periods based on specific criteria. Show less

• 

  Accenture Czech Republic

  Nov 2017 - now

  Working with Accenture around for 6 years in Cyber Fusion Center (Accenture CFC) in Prague, Czech Republic. Being part of Cyber Defense Team for CyberSecurity engineering role performing SIEM Administrator task. UseCase Creation for CyberOps Team. SOAR Admin Tasks. SIEM platform management end to end. Onboarding of New security tools and devices.CyberUse Cases Creation/Tuning, DataSource Onboarding, Mapping and Parsing, BAS Activity Validation, Purple Activity Validation SIEM Management.Also working on for CyberSecurity UseCase Creation on :IoT Security (Internet of Things)OT Security (Operational Technology)IoMT Security (Internet of Medical Things)ICS Security (Industrial Control System) Show less Associated with Accenture Security around 5 years and now designated at Level 9 as CyberSecurity Engineering & Development Specialist.Currently Part of CyberSecurity Engineering Team handling SIEM Admin Task using Securonix, SNYPR Data Lake, Big Data Platform Hadoop supported by Cloudera for Data source Troubleshooting.Tools and Device Integration, SIEM Platform Handling, UseCase Creation.Newly Data source Onboarding and Continuous tuning of existing datasources.RegEx Writing for new event type and parser creation of various datasources.Define & Building SIEM custom use cases, content development for various data source.Finetuning of the existing Use cases to reduce false positive and noise. Parsing, mapping and remapping of the attributes. Checking Health check of Hadoop HDFS nodes for memory, cpu, disk utilization for smooth functioning. DR Implementation for Various datasources.Playbook Creation using SOAR.Playbook monitoring and troubleshooting for smooth functioning.RIN (Remote Ingestion Node) and syslog servers monitoring and implementing configuration for datasources.Configuring and updating the SYSLOG server for receiving the logs and forwarding the logs to various SOLR cell using SYSLOG NG config files.Creating Threat Models.Working within current change management processes to apply patches and provide first-line support for supported security tools.Feed intelligence and indicators of compromise to security incident management during P1 and P2 incidents to support the incident management process via triage on security events.Produced actionable intelligence for colleagues and business areas in the form of threat advisories, briefings, a threat attribution database and tactical data feeds.Provided technical governance, oversight and direction for the overall security service, solution design and implementation compatible with the target state operational security architecture.SNYPR Datalake, FortiSOAR, Cloudera, Apache Spark jobs Show less Currently Part of CyberSecurity Engineering Team handling Admin Task using Securonix, SNYPR Data Lake, Big Data Platform Hadoop supported by Cloudera and various data sources for Data source Troubleshooting, Data source Onboarding, RegEx Writing, Define & Building SIEM custom use cases, content development for various data source, Finetuning of the existing Use cases to reduce false positive and noise. Parsing, mapping and remapping of the attributes. Checking Health check of Hadoop HDFS nodes for memory, cpu, disk utilization for smooth functioning. Cofniguring and updating the SYSLOG server for receiving the logs and forwarding the logs to various SOLR cell using SYSLOG NG config files.Creating Threat Models.Using following Hadoop Component:HDFSSOLRSPARK (12 Jobs)ZookeeperHBaseYARNHIVEIMPALAKAFKASentryHueOozie Show less I was part of Cyber L2 Team for Securonix SIEM Team handling below tasks using SNYPR tool with multiple native tools for investigation.- Fine tuning suggestion- Working on Top violators, violations and multiple Threat Models to capture high severity violators.- handling Client call and expectation- Weekly, monthly Report Preparation- Handling multiple High priority P1 and P2 issues- Datasource health check report preparation- Dashboard creation in SNYPR- KT to Team and junior resource- Brown Bag session to team as in when required for new cyber threats.- Preparing Baseline Report for Clients.- Directly Investigating with the users for Audit Frameworks like GDPR, HIPAA, PCI DSS etc and taking it to resolution.Also Handled Splunk Admin Task in previous project in Accenture for Handling Splunk components like Search Head, Deployment server, Forwarders, License Master, Indexers etc for SIEM functioning, Define & Building SIEM custom use cases, Full platform support to Splunk v6.4.2 solutions, Splunk health monitoring and maintaining.Managed Splunk configuration files like indexes.conf, inputs.conf, outputs.conf, props.conf, savedsearches.conf etc.Experience with monitoring and operating SIEM, EDR and IDS/IPS solutions alongside other critical monitoring toolsets.Experience with Incident Response methodology in investigations, and the groups behind targeted attacks and tactics, techniques, and procedures (TTPs).Monitoring security devices for server and workstation in various sites across globe and Routinely assess vulnerabilities and coordinating with security specialist. Routinely monitor and analyze network traffic and system performance. Also handling below tools.--------------SplunkSecuronix SNYPRFireEye HX & NXTaniumCybereason (EDR)AirwatchInfoblox IPAMAlcatel-Lucent VitalQIP DNS/DHCP IPAMPalo Alto Network (PAN) FirewallPAN MineMeldiDefense® Security IntelligenceAmazon Web Services (AWS)RSA Archer for Ticket ManagementService Now Show less

  • CyberSecurity Engineering Associate Manager

    Dec 2023 - now

  • CyberSecurity Engineering & Development Specialist

    Dec 2022 - Nov 2023

  • CyberSecurity Engineering & Development Lead

    Dec 2020 - Dec 2022

  • CyberSecurity Senior Development Engineer

    Apr 2019 - Dec 2020

  • CyberSecurity Delivery Senior Analyst

    Nov 2017 - Aug 2019