Komalpreet K.

• Providing analytical support and insight to the enterprise in support of the business.

• Giving IRM support to multiple US, UK and APAC Customers in SOC by monitoring their devices with SIEM tool ArcSight and Splunk.

• Assist in the administration and 24x7 monitoring of SIEM tools.

• Providing daily work direction and oversaw requests with special urgency or additional involvement.

• Remotely monitoring and managing client network security devices.

• Real-Time Monitoring, Investigation, Analysis, Reporting, Escalations of Security events and Preparing Root cause analysis.

• Phishing analysis of the emails submitted by the client or identified by the tool and provide complete remediation steps to contain the situation.

• Analyse, propose, and modify rules, reports, and dashboards as per the requirement.

• Identify external threats and alert respective team regarding suspicious activity.

• Monitor logs and events to determine cause of security related events or to identify potential Security related risks.

• Timely notification to appropriate team's immediate or potential virus or worm attacks or other suspicious activity.

• To actively coordinate and cooperate with other teams, to ensure best IT Security practices and deliveries and a smooth interaction.

• Responsible and accountable for Logging incidents into Incident Management System, assist till incident closure and assist in generating reports based on security incidents.

• Daily, weekly, and monthly MIS reporting /trend analysis of security monitoring systems.

• Coordinating and communicating to Client/Onsite/Vendor and sharing sessions to team members.

• Trained newcomers during their training sessions and served as a subject matter expert on the floor as questions arose when new hires were brought on.

Roles & Responsibilities:

• Installed, configured, and maintained Splunk Add-ons and Apps.

• Managed user requests through ServiceNow.

• Created agendas and communication materials for team meetings.

• Managed and edited various .conf files such as indexes.conf, props.conf and servers.conf.

• Created and deployed deployment apps and Deployment server.

• Managed a clustered environment with multiple indexers and search heads.

• Administered both Splunk Enterprise and Splunk Enterprise Security.

• Worked closely with carious Security and Platform Engineering teams to onboard new data from various sources.

• Improved operations by working with team members and customers to find workable solutions.

• Onboard data using file monitoring, HTTP Event collector.

• Performed Splunk version upgrades and maintenance upgrades as well.

• Juggled multiple projects and tasks to ensure high quality and timely delivery.

• Implemented optimal solutions to meet technical and business requirements.

• Fine-tuning of Correlation rules and reduction of false positives.

• Health check of SIEM devices, maintaining the SIEM infrastructure for multiple clients taking SOC support.

• Created documentation for client usage and provided consolidated analysis of the data outages in the client network which helped them resolve issues.