Kush Kumar

Experience

• 

  Wipro Limited

  Oct 2019 - Aug 2021

  Security Analyst

  - Performing detailed analysis for the incidents raised by the L1- analyst. Investigate the incident by correlating the events from different log sources (integrated in QRADAR) to find the root cause and provide a timeline view of the occurrence events leading to the incident. Along with that also recommend the steps of Mitigation in incident notification. - Performing Threat Analysis in a 24x7 SOC environment with strong dedication to meet agreed SLA.- Ensure proper integration and handover of new security services within the monitoring and detection capability of the SOC- Analyzing alerts investigating indicators of compromise - Keeping an eye on the auto discovered log sources and finding their events of interest to suggest creation of new cases. - Briefing and alerting the client on latest and upcoming threats, as shared by our internal Threat intel team, and sharing the IOC (alerts & advisories) on a regular basis to block in on their end to dodge threats. Performing Manual Searches based on IOCs and checking deployed use cases. - Continually work with the L3 Computer Security Incident Response Team (CSIRT) to discuss & potentially escalate critical incidents after triage. - Navigating the (IBM – QRadar SIEM Tool) console to effectively using Kill Chain Analysis and Real time incident response and investigate, analyze, and correlate, remediate both exposed and obscure vulnerabilities to give situational awareness and real time incident response. - Understandings of (IBM – QRadar SIEM Tool) ESM Product component which collect, process, model, prioritize, correlate, monitor, and analyze enterprise generated events. - Proficient understanding of networking and protocols and network tools. Weekly and monthly reporting of the overall production delivery (WSR and MSR) and discussing the incidents worked upon. Show less

• 

  Infosys

  Aug 2021 - Aug 2022

  Security Analyst

  - Author, support, integrate and maintain Automation, Scripts/Workflows within SOAR platform. - Design, implement, efficient reusable Python code.- Create & develop automated workflows for use cases and playbooks and custom use cases. - Handling Security Incidents from various entry channels – Email Security/User reported Phishing Emails, EDR, IPS/IDS, Firewall on Cortex XSOAR / Microsoft Defender365 [ATP] / Qradar - Analysis of triggered security Incident and detailed evaluation of escalated alerts - Conduct threat analysis, assessment, and malware triage in support of security investigations - Recognize and research attacker tools, tactics, and procedures (TTP) and indicators of compromise (IOCs) that can be applied to current and future investigations - Taking necessary actions for the containment and coordinating remediation efforts- Share advisory to the stake holders (Pro-active analysis), by going through various threat feeds - Conducting advanced threat hunting on the IOC's and advisory shared by threat intelligence team and pro-actively blocking the same - Taking necessary steps to brand the monitoring updates received from TI team like discovered typo-squat domain, credential leak etc. - Assist process development & improvement Security Operations to include creation/modification of SOPs and SOAR playbooks.- Taking the necessary actions for whitelisting or fine tuning of rules to reduce false positives. - Preparation of weekly and monthly reports (WSR, MSR, Dashboard) as well as providing analysis on the data for the month and discussing notable incidents. Show less

• 

  Quick Heal

  Sept 2022 - Oct 2023

  Software Engineer

  - Architecting and developing connectors/custom integrations for the HawkHunt XDR platform, integrating with multiple external and internal components, such as firewalls, ITSM, EPS, Email, and Threat Intel platforms, for alerting and incident response purposes.- Conducting in-depth discussions with product managers and customers to understand connector requirements and ensure successful implementation.- Researching and analyzing various third-party products to cater to different integration needs.- Configuring and integrating third-party products for development and test purpose.- Designing architecture for new requirements.- Writing implementation code using Python, Java, JavaScript, bash etc.- Creating AWS CloudFormation templates for new deployments, streamlining the setup process.- Providing valuable inputs for product and process improvements, collaborating with cross-functional teams.- Coordinating troubleshooting tasks with different teams to ensure smooth functioning of integrations.- Preparing comprehensive documentation for all new product features and integrations.- Conducting deployment and testing in QA for all new features, ensuring a seamless user experience.- Conducting demos for stakeholders and clients, showcasing new product features and integrations.- Some of the integrations I have worked on include Checkpoint Firewall, Google Workspace, Securite EPS, MISP, FortiGate Firewall, O365, Sophos Firewall, Push Based log ingestion, Event Collector agent. Show less

• 

  Right-Hand Cybersecurity

  Oct 2023 - now

  Software Engineer