Ashok R

Experience

• 

  HCLTech

  Jun 2011 - Jul 2014

  Analyst

  Responsibilities:* Identified the critical IT infrastructure that required 24/7 monitoring & integrated with Arcsight.* Aggregate, correlate, and analyze log data from network devices, security devices and other key assets using SIEM technologies.* Provide guidance to security analysts and network engineering staffs on device hardening.* Create dashboards for critical assets/ events and monitor the status regularly.* Prepare device status report for all customers and provide update on daily basis.* Deploy and Manage Symantec Endpoint Protection. * Monitor client anti-virus network through Symantec & eTrust consoles.* Maintain Anti-virus compliance status * Handle virus threat outbreak, severity issues, Anti-virus software issues, Virus, Malware or suspected malware infections. Show less

• 

  INautix Technologies

  Aug 2014 - Jul 2016

  Senior Analyst

  Responsibilities:* Perform application security assessment on web applications. * Analyze application security tools’ scan result and eliminate false positives.* Perform manual assessment on the web application before it goes to production.* Prepare report with automatic/ manual test results and provide suggestions to development team.* Perform secure coding review using auto and help development team to build secured application* Monitor security events using various security tools actively.* Analyze persistent threat events using Damballa fail safe.* Analyze packet flows using Stealthwatch for abnormal activities/C&C communiation/ data exfiltration.* Analyze spam mails for embedded link, attachments and take necessary action on clickers’ machines.* Fine-tune SIEM rules from triggering false positives alerts. Show less

• 

  Tata Communications

  Aug 2016 - Feb 2018

  Assistant Manager - corporate information security

  Responsibilities:* Develop new use cases and implement in RSA Netwitness.* Conduct vulnerability assessment regularly.* Perform passive information gathering using IoT crawlers.* Perform in-depth analysis of an alert and handle incidents.* Perform malware or authenticated scan to check for malware on the remote host.* Conduct PoC and identify the right product according to the requirements* Create dashboard and Ad-hoc reports regularly.* Analyze antivirus scan results and provide suggestions.* Eliminating false positives on the use cases Show less

• 

  GAIN Credit

  Mar 2018 - Apr 2021

  Senior Lead - IT Security

  Responsibilities:* Implemented FireEye Network Security (NX) & FireEye HX (EDR) tools* Integrated security logs from various log sources (For Ex: Firewall logs, windows AD, DNS, DHCP, AWS cloudtrail, WAF etc) with SIEM for effective monitoring.* Create and fine-tune correlation rules in FireEye Helix & taking care of administrative activities of security tools* Create incident response playbook* Conduct proactive threat hunt based on MITRE framework* Perform reverse engineering on identified malicious documents\files in sandbox environment* Conduct forensic investigation and preserve the evidence for further investigation* Acquire file/ artifacts from remote system using EDR and conduct in-depth analysis of incidents using Redline* Conduct memory forensics to identify suspicious process and root kits* Conduct risk assessment and plan for mitigation with respective stakeholders* Actively involved in security incidents, documenting the incident details (what, When, How, who happened) and follow-up till remediation* Conduct periodic review of security configurations in Imperva WAF, O365, DLP policies, Anti-virus solutions, etc and implement new configurations according to the guielines* Provide security awareness to users using security awareness platform (KnowBe4) and conduct regular meetings with phished users* Guide Devops team for secure implementation of new architecture and AWS services* Created and published multiple SOPs according to the organization standard * Hardening the endpoints, servers, and firewall according to standards (CIS, NIST)* Implement multiple controls to reduce the attack surface and inside threats* Conduct regular system audits using automated script to ensure the implemented controls working fine* Follow-up with respective stakeholders for Red-team activity findings for fix Show less

• 

  Accenture

  May 2021 - Jul 2022

  Technology Security Associate Manager

  * Create Hypothesis and hunt for adversaries existence using SIEM and EDR* Conduct situational awareness based threat hunt* Identify solid evidence of cyber attacks and collect required artefacts to support the hypothesis and escalate to IR team.* Identify security risks/ gaps and provide guidance to mitigate the them* Present threat Hunt reports regularly to clients* Provide strategical guidance according to industry best practices to improve the client security posture* Improve security threat detection capabilities using SIEM use case or enhancing logging capabilities Show less

• 

  SentinelOne

  Jul 2022 - now

  MDR Security Analyst

  Monitor customers’ environment for potential cyber threats with SentinelOne EDRInvestigate alerts, triage, deep dive, and develop valuable action items and remediation plans for customers.Adhere to the defined SLA and act accordingly to handle the threats. Investigate cyber threats and suggest recommendations to customers to stop and prevent such threats in the future.Conduct root cause analysis and identify attackers’ TTP.Threat monitoring, threat analysis, and incident response of 5+ million endpoints owned by various Fortune 500 companies.Assist SOC by hunting down threat origin, initiating incident response, and providing custom remediation plans for verified threats and incidents. Implement/ suggest exclusions for recurrent false positives.Handle customer escalations through the ticketing systemImplement/ suggest policy overrides to improve threat detection/ avoid false positive alerts. Show less